[server] add support for arangodb cert, username, password

Adding support for db username, password and ca cert will
enable users to connect arangodb cloud platform

Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.19.1-alpine as go-builder
+FROM golang:1.19.5-alpine as go-builder
 WORKDIR /authorizer
 COPY server server
 COPY Makefile .

server/db/providers/arangodb/email_template.go

@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/arangodb/go-driver"
 	arangoDriver "github.com/arangodb/go-driver"
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/graph/model"
@@ -52,7 +51,7 @@ func (p *provider) ListEmailTemplate(ctx context.Context, pagination model.Pagin
 
 	query := fmt.Sprintf("FOR d in %s SORT d.created_at DESC LIMIT %d, %d RETURN d", models.Collections.EmailTemplate, pagination.Offset, pagination.Limit)
 
-	sctx := driver.WithQueryFullCount(ctx)
+	sctx := arangoDriver.WithQueryFullCount(ctx)
 	cursor, err := p.db.Query(sctx, query, nil)
 	if err != nil {
 		return nil, err

server/db/providers/arangodb/provider.go

@@ -2,8 +2,11 @@ package arangodb
 
 import (
 	"context"
+	"crypto/tls"
+	"crypto/x509"
+	"encoding/base64"
+	"fmt"
 
-	"github.com/arangodb/go-driver"
 	arangoDriver "github.com/arangodb/go-driver"
 	"github.com/arangodb/go-driver/http"
 	"github.com/authorizerdev/authorizer/server/db/models"
@@ -22,44 +25,75 @@ type provider struct {
 func NewProvider() (*provider, error) {
 	ctx := context.Background()
 	dbURL := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseURL
-	conn, err := http.NewConnection(http.ConnectionConfig{
+	dbUsername := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseUsername
+	dbPassword := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabasePassword
+	dbCACertificate := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseCACert
+	httpConfig := http.ConnectionConfig{
 		Endpoints: []string{dbURL},
-	})
+	}
+	// If ca certificate if present, create tls config
+	if dbCACertificate != "" {
+		caCert, err := base64.StdEncoding.DecodeString(dbCACertificate)
 		if err != nil {
 			return nil, err
 		}
-
+		// Prepare TLS Config
-	arangoClient, err := arangoDriver.NewClient(arangoDriver.ClientConfig{
+		tlsConfig := &tls.Config{}
+		certPool := x509.NewCertPool()
+		if success := certPool.AppendCertsFromPEM(caCert); !success {
+			return nil, fmt.Errorf("invalid certificate")
+		}
+		tlsConfig.RootCAs = certPool
+		httpConfig.TLSConfig = tlsConfig
+	}
+	// Create new http connection
+	conn, err := http.NewConnection(httpConfig)
+	if err != nil {
+		return nil, err
+	}
+	clientConfig := arangoDriver.ClientConfig{
 		Connection: conn,
-	})
+	}
+	if dbUsername != "" && dbPassword != "" {
+		clientConfig.Authentication = arangoDriver.BasicAuthentication(dbUsername, dbPassword)
+	}
+	arangoClient, err := arangoDriver.NewClient(clientConfig)
 	if err != nil {
 		return nil, err
 	}
 
-	var arangodb driver.Database
+	var arangodb arangoDriver.Database
 	dbName := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseName
-	arangodb_exists, err := arangoClient.DatabaseExists(nil, dbName)
+	arangodb_exists, err := arangoClient.DatabaseExists(ctx, dbName)
-
+	if err != nil {
+		return nil, err
+	}
 	if arangodb_exists {
-		arangodb, err = arangoClient.Database(nil, dbName)
+		arangodb, err = arangoClient.Database(ctx, dbName)
 		if err != nil {
 			return nil, err
 		}
 	} else {
-		arangodb, err = arangoClient.CreateDatabase(nil, dbName, nil)
+		arangodb, err = arangoClient.CreateDatabase(ctx, dbName, nil)
 		if err != nil {
 			return nil, err
 		}
 	}
 
 	userCollectionExists, err := arangodb.CollectionExists(ctx, models.Collections.User)
+	if err != nil {
+		return nil, err
+	}
 	if !userCollectionExists {
 		_, err = arangodb.CreateCollection(ctx, models.Collections.User, nil)
 		if err != nil {
 			return nil, err
 		}
 	}
-	userCollection, _ := arangodb.Collection(nil, models.Collections.User)
+	userCollection, err := arangodb.Collection(ctx, models.Collections.User)
+	if err != nil {
+		return nil, err
+	}
 	userCollection.EnsureHashIndex(ctx, []string{"email"}, &arangoDriver.EnsureHashIndexOptions{
 		Unique: true,
 		Sparse: true,
@@ -70,6 +104,9 @@ func NewProvider() (*provider, error) {
 	})
 
 	verificationRequestCollectionExists, err := arangodb.CollectionExists(ctx, models.Collections.VerificationRequest)
+	if err != nil {
+		return nil, err
+	}
 	if !verificationRequestCollectionExists {
 		_, err = arangodb.CreateCollection(ctx, models.Collections.VerificationRequest, nil)
 		if err != nil {
@@ -77,7 +114,10 @@ func NewProvider() (*provider, error) {
 		}
 	}
 
-	verificationRequestCollection, _ := arangodb.Collection(nil, models.Collections.VerificationRequest)
+	verificationRequestCollection, err := arangodb.Collection(ctx, models.Collections.VerificationRequest)
+	if err != nil {
+		return nil, err
+	}
 	verificationRequestCollection.EnsureHashIndex(ctx, []string{"email", "identifier"}, &arangoDriver.EnsureHashIndexOptions{
 		Unique: true,
 		Sparse: true,
@@ -87,6 +127,9 @@ func NewProvider() (*provider, error) {
 	})
 
 	sessionCollectionExists, err := arangodb.CollectionExists(ctx, models.Collections.Session)
+	if err != nil {
+		return nil, err
+	}
 	if !sessionCollectionExists {
 		_, err = arangodb.CreateCollection(ctx, models.Collections.Session, nil)
 		if err != nil {
@@ -94,13 +137,19 @@ func NewProvider() (*provider, error) {
 		}
 	}
 
-	sessionCollection, _ := arangodb.Collection(nil, models.Collections.Session)
+	sessionCollection, err := arangodb.Collection(ctx, models.Collections.Session)
+	if err != nil {
+		return nil, err
+	}
 	sessionCollection.EnsureHashIndex(ctx, []string{"user_id"}, &arangoDriver.EnsureHashIndexOptions{
 		Sparse: true,
 	})
 
-	configCollectionExists, err := arangodb.CollectionExists(ctx, models.Collections.Env)
+	envCollectionExists, err := arangodb.CollectionExists(ctx, models.Collections.Env)
-	if !configCollectionExists {
+	if err != nil {
+		return nil, err
+	}
+	if !envCollectionExists {
 		_, err = arangodb.CreateCollection(ctx, models.Collections.Env, nil)
 		if err != nil {
 			return nil, err
@@ -108,6 +157,9 @@ func NewProvider() (*provider, error) {
 	}
 
 	webhookCollectionExists, err := arangodb.CollectionExists(ctx, models.Collections.Webhook)
+	if err != nil {
+		return nil, err
+	}
 	if !webhookCollectionExists {
 		_, err = arangodb.CreateCollection(ctx, models.Collections.Webhook, nil)
 		if err != nil {
@@ -115,13 +167,19 @@ func NewProvider() (*provider, error) {
 		}
 	}
 
-	webhookCollection, _ := arangodb.Collection(nil, models.Collections.Webhook)
+	webhookCollection, err := arangodb.Collection(ctx, models.Collections.Webhook)
+	if err != nil {
+		return nil, err
+	}
 	webhookCollection.EnsureHashIndex(ctx, []string{"event_name"}, &arangoDriver.EnsureHashIndexOptions{
 		Unique: true,
 		Sparse: true,
 	})
 
 	webhookLogCollectionExists, err := arangodb.CollectionExists(ctx, models.Collections.WebhookLog)
+	if err != nil {
+		return nil, err
+	}
 	if !webhookLogCollectionExists {
 		_, err = arangodb.CreateCollection(ctx, models.Collections.WebhookLog, nil)
 		if err != nil {
@@ -129,12 +187,18 @@ func NewProvider() (*provider, error) {
 		}
 	}
 
-	webhookLogCollection, _ := arangodb.Collection(nil, models.Collections.WebhookLog)
+	webhookLogCollection, err := arangodb.Collection(ctx, models.Collections.WebhookLog)
+	if err != nil {
+		return nil, err
+	}
 	webhookLogCollection.EnsureHashIndex(ctx, []string{"webhook_id"}, &arangoDriver.EnsureHashIndexOptions{
 		Sparse: true,
 	})
 
 	emailTemplateCollectionExists, err := arangodb.CollectionExists(ctx, models.Collections.EmailTemplate)
+	if err != nil {
+		return nil, err
+	}
 	if !emailTemplateCollectionExists {
 		_, err = arangodb.CreateCollection(ctx, models.Collections.EmailTemplate, nil)
 		if err != nil {
@@ -142,13 +206,19 @@ func NewProvider() (*provider, error) {
 		}
 	}
 
-	emailTemplateCollection, _ := arangodb.Collection(nil, models.Collections.EmailTemplate)
+	emailTemplateCollection, err := arangodb.Collection(ctx, models.Collections.EmailTemplate)
+	if err != nil {
+		return nil, err
+	}
 	emailTemplateCollection.EnsureHashIndex(ctx, []string{"event_name"}, &arangoDriver.EnsureHashIndexOptions{
 		Unique: true,
 		Sparse: true,
 	})
 
 	otpCollectionExists, err := arangodb.CollectionExists(ctx, models.Collections.OTP)
+	if err != nil {
+		return nil, err
+	}
 	if !otpCollectionExists {
 		_, err = arangodb.CreateCollection(ctx, models.Collections.OTP, nil)
 		if err != nil {
@@ -156,7 +226,10 @@ func NewProvider() (*provider, error) {
 		}
 	}
 
-	otpCollection, _ := arangodb.Collection(nil, models.Collections.OTP)
+	otpCollection, err := arangodb.Collection(ctx, models.Collections.OTP)
+	if err != nil {
+		return nil, err
+	}
 	otpCollection.EnsureHashIndex(ctx, []string{"email"}, &arangoDriver.EnsureHashIndexOptions{
 		Unique: true,
 		Sparse: true,

server/db/providers/arangodb/user.go

@@ -7,7 +7,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/arangodb/go-driver"
 	arangoDriver "github.com/arangodb/go-driver"
 	"github.com/google/uuid"
 
@@ -91,7 +90,7 @@ func (p *provider) DeleteUser(ctx context.Context, user models.User) error {
 // ListUsers to get list of users from database
 func (p *provider) ListUsers(ctx context.Context, pagination model.Pagination) (*model.Users, error) {
 	var users []*model.User
-	sctx := driver.WithQueryFullCount(ctx)
+	sctx := arangoDriver.WithQueryFullCount(ctx)
 
 	query := fmt.Sprintf("FOR d in %s SORT d.created_at DESC LIMIT %d, %d RETURN d", models.Collections.User, pagination.Offset, pagination.Limit)
 
@@ -199,7 +198,7 @@ func (p *provider) UpdateUsers(ctx context.Context, data map[string]interface{},
 	}
 
 	query := ""
-	if ids != nil && len(ids) > 0 {
+	if len(ids) > 0 {
 		keysArray := ""
 		for _, id := range ids {
 			keysArray += fmt.Sprintf("'%s', ", id)
@@ -212,7 +211,6 @@ func (p *provider) UpdateUsers(ctx context.Context, data map[string]interface{},
 	}
 
 	_, err = p.db.Query(ctx, query, nil)
-
 	if err != nil {
 		return err
 	}

server/db/providers/arangodb/verification_requests.go

@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/arangodb/go-driver"
+	arangoDriver "github.com/arangodb/go-driver"
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/graph/model"
 	"github.com/google/uuid"
@@ -96,7 +96,7 @@ func (p *provider) GetVerificationRequestByEmail(ctx context.Context, email stri
 // ListVerificationRequests to get list of verification requests from database
 func (p *provider) ListVerificationRequests(ctx context.Context, pagination model.Pagination) (*model.VerificationRequests, error) {
 	var verificationRequests []*model.VerificationRequest
-	sctx := driver.WithQueryFullCount(ctx)
+	sctx := arangoDriver.WithQueryFullCount(ctx)
 	query := fmt.Sprintf("FOR d in %s SORT d.created_at DESC LIMIT %d, %d RETURN d", models.Collections.VerificationRequest, pagination.Offset, pagination.Limit)
 
 	cursor, err := p.db.Query(sctx, query, nil)
@@ -112,7 +112,7 @@ func (p *provider) ListVerificationRequests(ctx context.Context, pagination mode
 		var verificationRequest models.VerificationRequest
 		meta, err := cursor.ReadDocument(ctx, &verificationRequest)
 
-		if driver.IsNoMoreDocuments(err) {
+		if arangoDriver.IsNoMoreDocuments(err) {
 			break
 		} else if err != nil {
 			return nil, err
@@ -132,8 +132,8 @@ func (p *provider) ListVerificationRequests(ctx context.Context, pagination mode
 
 // DeleteVerificationRequest to delete verification request from database
 func (p *provider) DeleteVerificationRequest(ctx context.Context, verificationRequest models.VerificationRequest) error {
-	collection, _ := p.db.Collection(nil, models.Collections.VerificationRequest)
+	collection, _ := p.db.Collection(ctx, models.Collections.VerificationRequest)
-	_, err := collection.RemoveDocument(nil, verificationRequest.Key)
+	_, err := collection.RemoveDocument(ctx, verificationRequest.Key)
 	if err != nil {
 		return err
 	}

server/db/providers/arangodb/webhook.go

@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/arangodb/go-driver"
 	arangoDriver "github.com/arangodb/go-driver"
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/graph/model"
@@ -50,7 +49,7 @@ func (p *provider) ListWebhook(ctx context.Context, pagination model.Pagination)
 
 	query := fmt.Sprintf("FOR d in %s SORT d.created_at DESC LIMIT %d, %d RETURN d", models.Collections.Webhook, pagination.Offset, pagination.Limit)
 
-	sctx := driver.WithQueryFullCount(ctx)
+	sctx := arangoDriver.WithQueryFullCount(ctx)
 	cursor, err := p.db.Query(sctx, query, nil)
 	if err != nil {
 		return nil, err

server/db/providers/arangodb/webhook_log.go

@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/arangodb/go-driver"
 	arangoDriver "github.com/arangodb/go-driver"
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/graph/model"
@@ -44,7 +43,7 @@ func (p *provider) ListWebhookLogs(ctx context.Context, pagination model.Paginat
 		}
 	}
 
-	sctx := driver.WithQueryFullCount(ctx)
+	sctx := arangoDriver.WithQueryFullCount(ctx)
 	cursor, err := p.db.Query(sctx, query, bindVariables)
 	if err != nil {
 		return nil, err