From 58e6b46b42a4aba837f9f96134c78762552e3251 Mon Sep 17 00:00:00 2001
From: Emi Matchu <emi@matchu.dev>
Date: Wed, 13 Mar 2024 13:00:27 -0700
Subject: [PATCH] Split NeoPass dev server into main/backing servers

---
 bin/neopass-server | 51 +++++++++++++++++++++++++++++++++++++++---
 package.json       |  2 ++
 yarn.lock          | 55 +++++++++++++++++++++++++++++++++++++++++++++-
 3 files changed, 104 insertions(+), 4 deletions(-)

diff --git a/bin/neopass-server b/bin/neopass-server
index 98b5a651..dee0e1c9 100755
--- a/bin/neopass-server
+++ b/bin/neopass-server
@@ -1,8 +1,23 @@
 #!/usr/bin/env node
+/**
+ * A test NeoPass server! This is a very lean, hacky implementation, designed
+ * to just see the basic OAuth interactions Work At All.
+ *
+ * First, we have a "backing server", which is a `oauth2-mock-server` instance
+ * that's easy to spin up and have perform OAuth for us. We give it a hardcoded
+ * development-only key, and it just auto-grants permissions!
+ *
+ * We also have a "main server", which obeys the actual NeoPass API: the
+ * backing server isn't configurable with stuff like paths, so we use the main
+ * server to proxy from the paths in the NeoPass spec to the paths the backing
+ * server uses.
+ */
 
+const urlLib = require("node:url");
 const { OAuth2Server } = require("oauth2-mock-server");
+const express = require("express");
 
-async function main() {
+async function startBackingServer(port) {
 	const server = new OAuth2Server();
 	await server.issuer.keys.add({
 		// A key we generated for the NeoPass test server. It's okay for its
@@ -21,8 +36,38 @@ async function main() {
 		n: "svVfGU4NGcfBCmQiIOW5uzg5SAN2CWSIQSstnhqZoCdjy5OoKpKVR8O9TbDvxixrvkFyAav90Q0Xse8iFTcjfCKuqINYiuYMXhCvfBlc_DVVOQca9pMpN03LaDofd5Ll4_BFTtt1nSPahwWU7xDM-Bkkh_TcS2qS4N2xbpEGi0q0ZkrJN4WyiDBC2k9WbK-YHr4Rj4JKypFVSeBIrjxVPmlPzgfqlLGGIB0l92SnJDXDMlkWcCCTyLgqSBM04nkxGDSykq_ei76qCdRd7b10wMBaoS9DeBThAyHpur2LoPdH3gxbcwoWExi-jPlNP1LdKVZD8b95OY3CRyMAAMGdKQ",
 	});
 
-	await server.start(8585, "localhost");
-	console.log("Started NeoPass server at: ", server.issuer.url);
+	await server.start(port, "localhost");
+	console.log(`Started NeoPass backing server at: ${server.issuer.url}`);
+}
+
+async function startMainServer(port) {
+	const fetch = await import("node-fetch");
+
+	const app = express();
+	app.use(express.raw());
+
+	app.get("/", (req, res) => res.end("NeoPass development server for DTI!"));
+
+	app.get("/oauth2/auth", (req, res) => {
+		const query = urlLib.parse(req.url).query;
+		res.redirect(`http://localhost:8686/authorize?${query}`);
+	});
+
+	app.post("/oauth2/token", (req, res) => {
+		// For POST requests, the HTTP spec doesn't allow a redirect to a POST,
+		// so we proxy the request instead.
+		// TODO: Actually do that! For now we just log it.
+		console.log(req.body);
+		res.end("owo");
+	});
+
+	await new Promise((resolve) => app.listen(port, resolve));
+	console.log(`Started NeoPass main server at: http://localhost:${port}`);
+}
+
+async function main() {
+	await startBackingServer(8686);
+	await startMainServer(8585);
 }
 
 main().catch((error) => {
diff --git a/package.json b/package.json
index d54c173e..3a8dd3e0 100644
--- a/package.json
+++ b/package.json
@@ -35,7 +35,9 @@
     "eslint-plugin-jsx-a11y": "^6.8.0",
     "eslint-plugin-react": "^7.33.2",
     "eslint-plugin-react-hooks": "^4.6.0",
+    "express": "^4.18.3",
     "husky": "^8.0.3",
+    "node-fetch": "^3.3.2",
     "oauth2-mock-server": "^7.1.1",
     "prettier": "^3.0.3",
     "typescript": "^5.2.2"
diff --git a/yarn.lock b/yarn.lock
index cc206d8c..65158f6b 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -2363,6 +2363,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"data-uri-to-buffer@npm:^4.0.0":
+  version: 4.0.1
+  resolution: "data-uri-to-buffer@npm:4.0.1"
+  checksum: 20a6b93107597530d71d4cb285acee17f66bcdfc03fd81040921a81252f19db27588d87fc8fc69e1950c55cfb0bf8ae40d0e5e21d907230813eb5d5a7f9eb45b
+  languageName: node
+  linkType: hard
+
 "debug@npm:2.6.9":
   version: 2.6.9
   resolution: "debug@npm:2.6.9"
@@ -2896,7 +2903,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"express@npm:^4.18.2":
+"express@npm:^4.18.2, express@npm:^4.18.3":
   version: 4.18.3
   resolution: "express@npm:4.18.3"
   dependencies:
@@ -2978,6 +2985,16 @@ __metadata:
   languageName: node
   linkType: hard
 
+"fetch-blob@npm:^3.1.2, fetch-blob@npm:^3.1.4":
+  version: 3.2.0
+  resolution: "fetch-blob@npm:3.2.0"
+  dependencies:
+    node-domexception: "npm:^1.0.0"
+    web-streams-polyfill: "npm:^3.0.3"
+  checksum: 60054bf47bfa10fb0ba6cb7742acec2f37c1f56344f79a70bb8b1c48d77675927c720ff3191fa546410a0442c998d27ab05e9144c32d530d8a52fbe68f843b69
+  languageName: node
+  linkType: hard
+
 "file-entry-cache@npm:^6.0.1":
   version: 6.0.1
   resolution: "file-entry-cache@npm:6.0.1"
@@ -3064,6 +3081,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"formdata-polyfill@npm:^4.0.10":
+  version: 4.0.10
+  resolution: "formdata-polyfill@npm:4.0.10"
+  dependencies:
+    fetch-blob: "npm:^3.1.2"
+  checksum: 5392ec484f9ce0d5e0d52fb5a78e7486637d516179b0eb84d81389d7eccf9ca2f663079da56f761355c0a65792810e3b345dc24db9a8bbbcf24ef3c8c88570c6
+  languageName: node
+  linkType: hard
+
 "forwarded@npm:0.2.0":
   version: 0.2.0
   resolution: "forwarded@npm:0.2.0"
@@ -3449,12 +3475,14 @@ __metadata:
     eslint-plugin-jsx-a11y: "npm:^6.8.0"
     eslint-plugin-react: "npm:^7.33.2"
     eslint-plugin-react-hooks: "npm:^4.6.0"
+    express: "npm:^4.18.3"
     framer-motion: "npm:^4.1.11"
     graphql: "npm:^15.5.0"
     graphql-tag: "npm:^2.12.6"
     husky: "npm:^8.0.3"
     immer: "npm:^9.0.6"
     lru-cache: "npm:^6.0.0"
+    node-fetch: "npm:^3.3.2"
     oauth2-mock-server: "npm:^7.1.1"
     prettier: "npm:^3.0.3"
     react: "npm:^18.2.0"
@@ -4038,6 +4066,24 @@ __metadata:
   languageName: node
   linkType: hard
 
+"node-domexception@npm:^1.0.0":
+  version: 1.0.0
+  resolution: "node-domexception@npm:1.0.0"
+  checksum: 5e5d63cda29856402df9472335af4bb13875e1927ad3be861dc5ebde38917aecbf9ae337923777af52a48c426b70148815e890a5d72760f1b4d758cc671b1a2b
+  languageName: node
+  linkType: hard
+
+"node-fetch@npm:^3.3.2":
+  version: 3.3.2
+  resolution: "node-fetch@npm:3.3.2"
+  dependencies:
+    data-uri-to-buffer: "npm:^4.0.0"
+    fetch-blob: "npm:^3.1.4"
+    formdata-polyfill: "npm:^4.0.10"
+  checksum: f3d5e56190562221398c9f5750198b34cf6113aa304e34ee97c94fd300ec578b25b2c2906edba922050fce983338fde0d5d34fcb0fc3336ade5bd0e429ad7538
+  languageName: node
+  linkType: hard
+
 "oauth2-mock-server@npm:^7.1.1":
   version: 7.1.1
   resolution: "oauth2-mock-server@npm:7.1.1"
@@ -5256,6 +5302,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"web-streams-polyfill@npm:^3.0.3":
+  version: 3.3.3
+  resolution: "web-streams-polyfill@npm:3.3.3"
+  checksum: 64e855c47f6c8330b5436147db1c75cb7e7474d924166800e8e2aab5eb6c76aac4981a84261dd2982b3e754490900b99791c80ae1407a9fa0dcff74f82ea3a7f
+  languageName: node
+  linkType: hard
+
 "which-boxed-primitive@npm:^1.0.2":
   version: 1.0.2
   resolution: "which-boxed-primitive@npm:1.0.2"