Skip to content

Production Mode

Production mode can be turned on with the environment setting NODE_ENV, e.g. 

NODE_ENV=production

Authentication overview

In production mode, authentication is handled through the Google OAuth API. An OAuth 2.0 web client has been setup through the Google developer console.

Login occurs through

  • when testing it outside the docker images http://localhost:4000/auth/login
  • when running it in the docker image e.g. http://deepsea-ai-backend/auth/login

Cookies are not used in this application and passwords are not stored. User identification is handled by storing an encrypted JWT token on the client.

Google OAuth

To change the authentication credentials:

Login to the Google Developer Console

https://console.developers.google.com/

Key settings are:

  • Authorized redirect URIs this is set to http://localhost:4000/auth/google/callback and must match the key GOOGLE_CALLBACKURL in .env
  • Client secret - this must mach the key GOOGLE_SECRET in .env
  • Client ID - this must match the key GOOGLE_CLIENTID in .env

Change the environment parameters

The production environment parameters to add to the .env file include: Change to match those in the developer console:

GOOGLE_CLIENTID=*changeme.apps.googleusercontent.com GOOGLE_SECRET=*changeme GOOGLE_CALLBACKURL=http://*.shore.mbari.org/auth/google/callback

Test authentication

Test the authentication outside the docker image, run the database separately with

docker-compose -f docker-compose.yml.postgres up -d database

You should be able to login here http://localhost:4000/auth/login and be redirected to the api here http://localhost:4000/graphql.

Deploy the docker image

When the above is working, deploy the entire stack with

bin/docker_start.sh postgres all

References

  • Good blog on oauth (scroll to bottom for JWT auth) http://gregtrowbridge.com/node-authentication-with-google-oauth-part1-sessions/
  • Prisma Deployment Docs