Merge pull request #47 from i-VRESSE/remix-auth

Remix auth

.dockerignore

@@ -0,0 +1,4 @@
+/postgres-data
+/node_modules
+/public/build
+.git

.env.example

@@ -0,0 +1,7 @@
+DATABASE_URL="postgresql://postgres:postgres@localhost:5433/postgres"
+# See docs/bartender.md how to configure job submission
+BARTENDER_API_URL=http://localhost:8000
+BARTENDER_PRIVATE_KEY=private_key.pem
+# See docs/auth.md#session how generate a better secret
+SESSION_SECRET=<please replace with a better secret>
+# For social login see docs/auth.md

.eslintrc.js

@@ -1,4 +1,4 @@
-/** @type {import('@types/eslint').Linter.BaseConfig} */
+/** @type {import('eslint').Linter.Config} */
 module.exports = {
   root: true,
   extends: [

.github/workflows/ci.yml

@@ -27,6 +27,11 @@ jobs:
           cache: "npm"
       - run: npm ci
       - run: npm run build --if-present
+      - name: Generate RSA key pair
+        run: |
+          openssl genpkey -algorithm RSA -out private_key.pem \
+            -pkeyopt rsa_keygen_bits:2048
+          openssl rsa -pubout -in private_key.pem -out public_key.pem
       - run: npm test -- --coverage
       - run: npm run typecheck
       - run: npx prettier --check .

.gitignore

@@ -11,3 +11,12 @@ node_modules
 
 /sessions
 /coverage
+
+/prisma/dev.db
+
+/private_key.pem
+/public_key.pem
+
+Caddyfile
+
+postgres-data

Dockerfile

@@ -9,7 +9,7 @@ FROM base as deps
 
 WORKDIR /myapp
 
-ADD package.json ./
+ADD package.json package-lock.json tsconfig.json ./
 RUN npm install --production=false
 
 # Setup production node_modules
@@ -18,8 +18,8 @@ FROM base as production-deps
 WORKDIR /myapp
 
 COPY --from=deps /myapp/node_modules /myapp/node_modules
-ADD package.json ./
-RUN npm prune --production
+ADD package.json package-lock.json ./
+RUN npm prune --production 
 
 # Build the app
 FROM base as build
@@ -29,6 +29,7 @@ WORKDIR /myapp
 COPY --from=deps /myapp/node_modules /myapp/node_modules
 
 ADD . .
+RUN npx prisma generate
 RUN npm run build
 
 # Finally, build the production image with minimal footprint
@@ -43,6 +44,7 @@ WORKDIR /myapp
 
 COPY --from=production-deps /myapp/node_modules /myapp/node_modules
 
+COPY --from=build /myapp/node_modules/.prisma /myapp/node_modules/.prisma
 COPY --from=build /myapp/build /myapp/build
 COPY --from=build /myapp/public /myapp/public
 COPY --from=build /myapp/package.json /myapp/package.json

README.md

@@ -4,191 +4,137 @@
 [![DOI](https://zenodo.org/badge/DOI/10.5281/zenodo.7990850.svg)](https://doi.org/10.5281/zenodo.7990850)
 [![fair-software.eu](https://img.shields.io/badge/fair--software.eu-%E2%97%8F%20%20%E2%97%8F%20%20%E2%97%8F%20%20%E2%97%8F%20%20%E2%97%8B-yellow)](https://fair-software.eu)
 
+[Haddock3](https://github.com/haddocking/haddock3) (High Ambiguity Driven protein-protein DOCKing) is a an information-driven flexible docking approach for the modeling of biomolecular complexes. This software wraps the the haddock3 command line tool in a web application. The web application makes it easy to make a configuration file, run it and show the results.
+
 Uses
 
-- [bartender](https://github.com/i-VRESSE/bartender) for user and job management.
+- [bartender](https://github.com/i-VRESSE/bartender) for job execution.
 - [workflow-builder](https://github.com/i-VRESSE/workflow-builder) to construct a Haddock3 workflow config file.
 - [haddock3](https://github.com/haddocking/haddock3) to compute
 
 ```mermaid
 sequenceDiagram
-    Web app->>+Bartender: Login
+    Web app->>+Web app: Login
     Web app->>+Builder: Construct workflow config
     Builder->>+Bartender: Submit job
     Bartender->>+haddock3: Run
     Web app->>+Bartender: State of job
     Web app->>+Bartender: Result of job
 ```
 
-- [Remix Docs](https://remix.run/docs)
-
-## Development
+## Setup
 
-From your terminal:
+The web app is written in [Node.js](https://nodejs.org/) to install dependencies run:
 
-```sh
-npm run dev
+```shell
+npm install
 ```
 
-This starts your app in development mode, rebuilding assets on file changes.
+Configuration of the web application is done via `.env` file or environment variables.
+For configuration of authentication & authorization see [docs/auth.md](docs/auth.md).
+For configuration of job submission see [docs/bartender.md#configuration](docs/bartender.md#configuration).
+Use [.env.example](../.env.example) as a template:
 
-To format according to [prettier](https://prettier.io) run
-
-```sh
-npm run format
+```shell
+cp .env.example .env
+# Edit .env file
 ```
 
-It's recommended to install an editor plugin (like the [VSCode Prettier plugin](https://marketplace.visualstudio.com/items?itemName=esbenp.prettier-vscode)) to get auto-formatting on save.
-
-To lint according [eslint](https://eslint.org) run
+Create rsa key pair for signing & verifying JWT tokens for bartender web service with:
 
-```sh
-npm run lint
+```shell
+openssl genpkey -algorithm RSA -out private_key.pem \
+    -pkeyopt rsa_keygen_bits:2048
+openssl rsa -pubout -in private_key.pem -out public_key.pem
 ```
 
-To check the Typescript types run
+## Bartender web service
 
-```sh
-npm run typecheck
-```
+The bartender web service should be running if you want to submit jobs.
+See [docs/bartender.md](docs/bartender.md) how to set it up.
 
-To run unit tests (`app/**/*.test.ts`) with [Vitest](https://vitest.dev) use
+## Development
+
+You need to have a PostgreSQL database running. The easiest way is to use Docker:
 
 ```sh
-# In watch mode
-npm run test
-# or in single run mode with coverage
-npm run test -- run --coverage
+npm run docker:dev
 ```
 
-## Deployment
+(Stores data in `./postgres-data`)
+(You can get a psql shell with `npm run psql:dev`)
+(On CTRL-C the database is stopped. To remove container use `docker system prune`)
 
-First, build your app for production:
+The database can be initialized with
 
 ```sh
-npm run build
+npm run setup
+# This will generate prisma client, create tables and insert seed data
 ```
 
-Then run the app in production mode:
-
-```sh
-npm start
-```
+(You can reset database with `npx prisma migrate reset`.)
 
-Now you'll need to pick a host to deploy it to.
+The database setup should be run only once for a fresh database.
+Whenever you change the `prisma/schema.prisma` file you need to
 
-### DIY
+1. Use [prisma migrate](https://www.prisma.io/docs/concepts/components/prisma-migrate) to generate a migration and to update the database.
+2. Run `npx prisma generate` to generate the prisma client.
 
-If you're familiar with deploying node applications, the built-in Remix app server is production-ready.
+Start [remix](https://remix.run) development server from your terminal with:
 
-Make sure to deploy the output of `remix build`
+```sh
+npm run dev
+```
 
-- `build/`
-- `public/build/`
+This will refresh & rebuild assets on file changes.
 
-### Docker
+## Other development commands
 
-The web application can be run inside a Docker container.
+To format according to [prettier](https://prettier.io) run
 
-Requirements:
+```sh
+npm run format
+```
 
-1. [bartender repo](https://github.com/i-VRESSE/bartender) to be cloned in `../bartender` directory.
-2. bartender repo should have [.env file](https://github.com/i-VRESSE/bartender/blob/main/docs/configuration.md#environment-variables)
-3. bartender repo should have a [config.yaml file](https://github.com/i-VRESSE/bartender/blob/main/docs/configuration.md#configuration-file)
+It's recommended to install an editor plugin (like the [VSCode Prettier plugin](https://marketplace.visualstudio.com/items?itemName=esbenp.prettier-vscode)) to get auto-formatting on save.
 
-Build with
+To lint according [eslint](https://eslint.org) run
 
 ```sh
-docker compose build
+npm run lint
 ```
 
-Run with
+To check the Typescript types run
 
 ```sh
-docker compose up
+npm run typecheck
 ```
 
-Web application running at http://localhost:8080 .
-
-Create super user with
+To run unit tests (`app/**/*.test.ts`) with [Vitest](https://vitest.dev) use
 
 ```sh
-# First register user in web application
-docker compose exec bartender bartender super <email>
+# In watch mode
+npm run test
+# or in single run mode with coverage
+npm run test -- run --coverage
 ```
 
-## Sessions
-
-Making the login session secure requires a session secret.
-The session secret can be configured by setting the `SESSION_SECRET` environment variable.
-If not set, a hardcoded secret is used, which should not be used in production.
-
-The data of the login sessions in stored in the `./sessions` directory.
-
-## Bartender web service client
-
-This web app uses a client to consume the bartender web service.
+## Deployment
 
-The client can be (re-)generated with
+First, build your app for production:
 
-```shell
-npm run generate-client
+```sh
+npm run build
 ```
 
-(This command requires that the bartender webservice is running at http://localhost:8000)
-
-## Bartender web service configuration
-
-### Bartender
-
-The web application needs to know where the [Bartender web service](https://github.com/i-VRESSE/bartender) is running.
-Configure bartender location with `BARTENDER_API_URL` environment variable.
+Then run the app in production mode:
 
 ```sh
-export BARTENDER_API_URL='http://127.0.0.1:8000'
 npm start
 ```
 
-### Social login
-
-To enable GitHub or Orcid or EGI Check-in login the bartender web service needs following environment variables.
-
-```shell
-BARTENDER_GITHUB_REDIRECT_URL="http://localhost:3000/auth/github/callback"
-BARTENDER_ORCIDSANDBOX_REDIRECT_URL="http://localhost:3000/auth/orcidsandbox/callback"
-BARTENDER_ORCID_REDIRECT_URL="http://localhost:3000/auth/orcid/callback"
-BARTENDER_EGI_REDIRECT_URL="http://localhost:3000/auth/egi/callback"
-```
-
-Where `http://localhost:3000` is the URL where the Remix run app is running.
+The web application can be run inside a Docker container together with all its dependent containers, see [docs/docker.md](docs/docker.md).
 
-## Haddock3 application
+## Stack
 
-This web app expects that the following application is registered in bartender web service.
-
-```yaml
-applications:
-  haddock3:
-    command: haddock3 $config
-    config: workflow.cfg
-    allowed_roles:
-      - easy
-      - expert
-      - guru
-```
-
-This allows the archive generated with the workflow builder to be submitted.
-
-The user can only submit jobs when he/she has any of these allowed roles.
-A super user should assign a role to the user at http://localhost:3000/admin/users.
-A super user can be made through the admin page or by running `bartender super <email>` on the server
-
-## Catalogs
-
-This repo has a copy (`./app/catalogs/*.yaml`) of the [haddock3 workflow build catalogs](https://github.com/i-VRESSE/workflow-builder/tree/main/packages/haddock3_catalog/public/catalog).
-
-To fetch the latest catalogs run
-
-```shell
-npm run catalogs
-```
+The tech stack is explained in [docs/stack.md](docs/stack.md).