This project implements the core server-side API for Firefox Accounts. It provides account, device and encryption-key management for the Mozilla Cloud Services ecosystem.
- node 6+
- npm 2
- Grunt
- postfix
- memcached
- redis
On some systems running the server as root will cause working directory permissions issues with node. It is recommended that you create a separate, standard user to ensure a clean and more secure installation.
Clone the git repository and install dependencies:
git clone git://github.com/mozilla/fxa-auth-server.git
cd fxa-auth-server
npm install
This runs a script scripts/start-local.sh
as defined in package.json
. This will start up
4 services, three of which listen on the following ports (by default):
bin/key_server.js
on port 9000test/mail_helper.js
on port 9001./node_modules/fxa-customs-server/bin/customs_server.js
on port 7000
When you Ctrl-c
your server, all 4 processes will be stopped.
To start the server in dev MySQL store mode (ie. NODE_ENV=dev
), run:
npm run start-mysql
Create the following file: config/secrets.json
. It will not be tracked in Git.
Use the following as a template, and fill in your own values:
{
"subscriptions": {
"stripeApiKey": "sk_test_123",
"paypalNvpSigCredentials": {
"enabled": true,
"sandbox": true,
"user": "business_account_email_ID",
"pwd": "business_account_password",
"signature": "business_account_signature"
}
}
}
stripeApiKey
should be a test Stripe Secret Keyuser
should be a sandbox PayPal business account usernamepwd
should be a sandbox PayPal business account passwordsignature
should be a sandbox PayPal business account signature
The sandbox PayPal business account API credentials above can be found in the PayPal developer dashboard under "Sandbox" > "Accounts". You may need to create a business account if one doesn't exist.
Run tests with:
npm test
Run specific tests with the following commands:
# Test only test/local/account_routes.js
# Note: This command does not work for remote tests.
npm test -- test/local/account_routes.js
# Grep for "SQSReceiver"
NODE_ENV=dev npx mocha -r ts-node/register test/*/** -g "SQSReceiver"
To select a specific glob of tests to run:
npm test -- test/local/account_routes.js test/local/password_*
To run a certain suite of tests (e.g. all remote tests):
npm test -- test/remote
- Note: stop the auth-server before running tests. Otherwise, they will fail with obscure errors.
- You can use
LOG_LEVEL
, such asLOG_LEVEL=debug
to specify the test logging level.
This package uses Mocha to test its code. By default npm test
will run a series of NPM test scripts and then lint the code:
Refer to Mocha's CLI documentation for more advanced test configuration.
Executing tests using remote databases (MySQL, Redis, Memcached) is possible by specifying (and exporting) the following environment variables:
- MySQL:
- MYSQL_HOST
- MYSQL_SLAVE_HOST
- AUTH_MYSQL_HOST
- Redis:
- REDIS_HOST
- ACCESS_TOKEN_REDIS_HOST
- REFRESH_TOKEN_REDIS_HOST
- Memcached:
- MEMCACHE_METRICS_CONTEXT_ADDRESS
This also allows to use temporary throw-away Docker containers to provide these.
The mailer library is located in mailer/
directory.
The emails are written to postfix which tends sends them off to SES.
The auth-mailer also includes a restify API to send emails, but the auth server is using it as a library at the moment.
If you are changing or adding templates then you need to update .html
and .txt
templates.
In mailer/
, use the /partials
directory to make changes to the HTML templates, then run grunt templates
to regenerate the template.
This saves the HTML template into /templates
. Then make changes to the .txt
template in the /templates
directory.
After updating a string in one of the templates in ./mailer/templates
you'll need to extract the strings.
Follow the instructions at mozilla/fxa-content-server-l10n.
Use the FXA_L10N_SHA
to pin L10N files to certain SHA. If not set then the master
SHA will be used.
Refer to https://github.com/mozilla/fxa-dev.git.
Configuration of this project
is managed by convict,
using the schema in
config/index.ts
.
Default values from this schema can be overridden in two ways:
-
By setting individual environment variables, as indicated by the
env
property for each item in the schema.For example:
export CONTENT_SERVER_URL="http://your.content.server.org"
-
By specifying the path to a conforming JSON file, or a comma-separated list of paths, using the
CONFIG_FILES
environment variable. Files specified in this way are loaded when the server starts. If the server fails to start, it usually indicates that one of these JSON files does not conform to the schema; check the error message for more information.For example:
export CONFIG_FILES="~/fxa-content-server.json,~/fxa-db.json"
There is also some live config loaded from Redis for the email service. This config is stored as a JSON string that looks like this (every property is optional):
{
"sendgrid": {
"percentage": 100,
"regex": "^.+@example\\.com$"
},
"socketlabs": {
"percentage": 100,
"regex": "^.+@example\\.org$"
},
"ses": {
"percentage": 10,
"regex": ".*"
}
}
scripts/email-config.js
has been written to help
manage this config.
-
To print the current live config to stdout:
npx ts-node scripts/email-config read
-
To set the live config from a JSON file on disk:
cat foo.json | npx ts-node scripts/email-config write
-
To set the live config from a string:
echo '{"sendgrid":{"percentage":10}}' | npx ts-node scripts/email-config write
-
To undo the last change:
npx ts-node scripts/email-config revert
-
To check the resolved config for a specific email address:
npx ts-node scripts/email-config check [email protected]
Firefox Accounts authorization is a complicated flow. You can get verbose logging by adjusting the log level in the config.json
on your deployed instance. Add a stanza like:
"log": {
"level": "trace"
}
Valid level
values (from least to most verbose logging) include: "fatal", "error", "warn", "info", "trace", "debug"
.
This server depends on a database server
from the fxa-auth-db-mysql
repo.
MPL 2.0