gluestick/README.md

104 lines
3.1 KiB
Markdown
Raw Normal View History

2023-04-24 22:40:19 -04:00
# gluestick
2023-04-25 01:16:03 -04:00
<p align="center">
2023-04-25 16:18:35 -04:00
<img src="https://git.n2.pm/NotNet/gluestick/raw/branch/main/public/icon.svg" alt="gluestick" width="256">
2023-04-25 01:16:03 -04:00
</p>
2023-04-24 22:40:19 -04:00
gluestick is NotNet's one stop shop for authentication and account onboarding. It connects Discord and GitHub OAuth to NotNet's LDAP server (LLDAP), manages email inboxes with Migadu, and configures Tailscale ACLs.
gluestick is developed in house by [NotNite](https://notnite.com/) and [skip](https://slice.zone/), written in Next.js.
2023-04-25 14:33:16 -04:00
## Deploying
Note: gluestick is heavily designed for NotNet specific infrastructure, and as such, may require modification for your use.
You will need:
- A recent enough Node.js version
- An [LLDAP](https://github.com/lldap/lldap) server
- Ports are assumed to not have been changed from the defaults
- A [Discord application](https://discord.com/developers/applications) for authentication
- Set the redirect URL to `(your domain)/oauth/discord/redirect`
### Cloning & config
First, clone the repository:
```shell
git clone https://git.n2.pm/NotNet/gluestick.git
cd gluestick
```
After cloning, create an `.env.local` with the following contents (in `key=value` form, separated by newlines):
- `DISCORD_CLIENT_ID`: the client ID from your Discord application
- `DISCORD_CLIENT_SECRET`: the client secret from your Discord application
- `DISCORD_ALLOWED_GUILDS`: a comma separated list of guild IDs
- Users must be in one of these guilds to register with gluestick
- Enable "Advanced > Developer Mode" in your Discord client to copy IDs
- `LDAP_HOST`: the IP address or hostname of your LLDAP server
2023-04-25 16:18:35 -04:00
- `LDAP_DC`: your LDAP dc
2023-04-25 14:33:16 -04:00
- `LDAP_BIND_USER`: the bind user of your LLDAP server
- `LDAP_BIND_PASSWORD`: the password of the bind user
- `BASE_DOMAIN`: the domain gluestick is deployed on, with a protocol and trailing slash
- This domain will be used for OAuth redirects - if you are testing locally, set it to `http://localhost:3000/`
Example config:
```env
DISCORD_CLIENT_ID=1100257729844621324
DISCORD_CLIENT_SECRET=redacted
DISCORD_ALLOWED_GUILDS=986268106416611368,805978396974514206
LDAP_HOST=auth
2023-04-25 16:18:35 -04:00
LDAP_DC=dc=n2,dc=pm
2023-04-25 14:33:16 -04:00
LDAP_BIND_USER=admin
LDAP_BIND_PASSWORD=redacted
BASE_DOMAIN=https://gluestick.n2.pm/
```
### Generating code
gluestick makes use of code generation from both `prisma` and `graphql-codegen`. Before you can deploy it, you need to run their CLI tools.
First, install required dependencies:
```shell
npm i
```
Because the LLDAP GraphQL API is locked behind authentication, and of a quirk with `graphl-codegen` configuration files, we need to set a temporary environment variable to generate GraphQL code.
Run the `get-token.js` helper script and set the environment variable from its output:
```shell
node get-token.js
export GRAPHQL_CODEDGEN_AUTH=...
```
Then, generate the GraphQL and database code:
```shell
npm run graphql-codegen
npm run prisma-generate
```
### Running
Now, build and run the server:
```shell
npm run build
npm run start
```
## Developing
You'll want to run these two commands at the same time:
```shell
npm run dev # Next.js hot reload
npm run graphql-codegen -- -w # GraphQL hot reload
```