From cb8c96288298fb37d263e708505ba5ea39056452 Mon Sep 17 00:00:00 2001 From: Andrew Min Date: Thu, 18 Apr 2024 21:14:17 -0400 Subject: [PATCH] separate prod and preprod --- Dockerfile | 7 + README.md | 5 +- auth/index.preprod.html | 1047 +++++++++++++++++++++++++++++++++++++ export/index.preprod.html | 845 ++++++++++++++++++++++++++++++ import/index.preprod.html | 708 +++++++++++++++++++++++++ nginx.conf | 33 ++ 6 files changed, 2644 insertions(+), 1 deletion(-) create mode 100644 auth/index.preprod.html create mode 100644 export/index.preprod.html create mode 100644 import/index.preprod.html diff --git a/Dockerfile b/Dockerfile index 538bfa3..6333f9b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,9 +13,16 @@ COPY auth /usr/share/nginx/recovery COPY export /usr/share/nginx/export COPY import /usr/share/nginx/import +# prod EXPOSE 8080/tcp EXPOSE 8081/tcp EXPOSE 8082/tcp EXPOSE 8083/tcp +# preprod +EXPOSE 7070/tcp +EXPOSE 7071/tcp +EXPOSE 7072/tcp +EXPOSE 7073/tcp + CMD ["nginx"] diff --git a/README.md b/README.md index 5518ee0..1e586b9 100644 --- a/README.md +++ b/README.md @@ -83,7 +83,7 @@ To build: docker build . -t frames ``` -To run (mapping `[8080, 8081]` to `[18080, 18081]` because they're often busy): +To run (mapping `[8080, 8081, ...]` to `[18080, 18081, ...]` because they're often busy): ``` docker run -p18080:8080 -p18081:8081 -t frames ``` @@ -97,6 +97,9 @@ k3d cluster create frames # Deploy to it kubectl kustomize kustomize | kubectl --context k3d-frames apply -f- + +# Be able to access locally (8080 as an example) +kubectl port-forward svc/frames 8080:8080 ``` To clean things up: diff --git a/auth/index.preprod.html b/auth/index.preprod.html new file mode 100644 index 0000000..24a4cd4 --- /dev/null +++ b/auth/index.preprod.html @@ -0,0 +1,1047 @@ + + + + + + + Turnkey Recovery and Auth + + + + + +

Init Recovery or Auth

+

This public key will be sent along with your email inside of a new INIT_USER_EMAIL_RECOVERY or EMAIL_AUTH activity

+
+ + + +
+
+
+
+

Inject Credential Bundle

+

The credential bundle will come from your email. This bundle can then be used for email recovery or auth. We can simulate this locally: see instructions here. A credential bundle is composed of a public key and an encrypted payload. The payload is encrypted to this document's embedded key (stored in local storage and displayed above). The scheme relies on HPKE (RFC 9180).

+
+ + + +
+
+
+
+

Stamp

+

Once you've injected the credential bundle, the credential is ready to sign. A new RECOVER activity for example. This iframe doesn't know anything about Turnkey activity however, it's a simple stamper!

+
+ + + +
+
+
+
+

Message log

+

Below we display a log of the messages sent / received. The forms above send messages, and the code communicates results by sending events via the postMessage API.

+
+ + + + + + + + diff --git a/export/index.preprod.html b/export/index.preprod.html new file mode 100644 index 0000000..f82ba48 --- /dev/null +++ b/export/index.preprod.html @@ -0,0 +1,845 @@ + + + + + + + Turnkey Export + + + + + +

Export Key Material

+

This public key will be sent along with a private key ID or wallet ID inside of a new EXPORT_PRIVATE_KEY or EXPORT_WALLET activity

+
+ + + +
+
+
+
+

Inject Key Export Bundle

+

The export bundle comes from the parent page and is composed of a public key and an encrypted payload. The payload is encrypted to this document's embedded key (stored in local storage and displayed above). The scheme relies on HPKE (RFC 9180).

+
+ + + +
+ + +
+ + +
+
+

Inject Wallet Export Bundle

+

The export bundle comes from the parent page and is composed of a public key and an encrypted payload. The payload is encrypted to this document's embedded key (stored in local storage and displayed above). The scheme relies on HPKE (RFC 9180).

+
+ + + +
+ + +
+
+
+

Message log

+

Below we display a log of the messages sent / received. The forms above send messages, and the code communicates results by sending events via the postMessage API.

+
+ + + + + + + + diff --git a/import/index.preprod.html b/import/index.preprod.html new file mode 100644 index 0000000..fc0d552 --- /dev/null +++ b/import/index.preprod.html @@ -0,0 +1,708 @@ + + + + + + + + Turnkey Import + + + + + +
+ +
+ + + + + + + + \ No newline at end of file diff --git a/nginx.conf b/nginx.conf index 2228e20..a046f76 100644 --- a/nginx.conf +++ b/nginx.conf @@ -38,6 +38,7 @@ http { # Custom server blocks to serve auth and export frames on separate ports. # Maintain recovery and auth separately for now for backwards-compatibility. + # Prod server { listen 8080; root /usr/share/nginx/auth; @@ -64,4 +65,36 @@ http { listen 8083; root /usr/share/nginx/import; } + + # Preprod + server { + listen 7070; + root /usr/share/nginx/auth; + index index.preprod.html; + + # Health endpoint for k8s + location = /health { + access_log off; + add_header 'Content-Type' 'application/json'; + return 200 '{"status":"UP"}'; + } + } + + server { + listen 7071; + root /usr/share/nginx/export; + index index.preprod.html; + } + + server { + listen 7072; + root /usr/share/nginx/recovery; + index index.preprod.html; + } + + server { + listen 7073; + root /usr/share/nginx/import; + index index.preprod.html; + } }