Skip to content

Production Mode

1- Check-out the code

git clone https://bitbucket.org/mbari/deepsea-ai-backend.git

2 - Modify environment variables

Edit the production environment file, modifying the passwords and google-related environment variables

JWT_SECRET=ephyra
POSTGRES_DATA=****change to directory where database is stored****
POSTGRES_PASSWORD=***change me***
DATABASE_URL=postgres://postgres:***change me to match POSTGRES_PASSWORD***@localhost:5432/deepsea-ai
GOOGLE_CLIENTID=*******.apps.googleusercontent.com
GOOGLE_SECRET=*******
GOOGLE_CALLBACKURL=http://*******.shore.mbari.org/auth/google/callback

3- Authentication overview

In production mode, authentication is handled through the Google OAuth API. An OAuth 2.0 web client has been setup through the Google developer console.

Login occurs through

  • when testing it outside the docker images http://localhost:4000/auth/login
  • when running it in the docker image e.g. http://deepsea-ai-backend/auth/login

Cookies are not used in this application and passwords are not stored. User identification is handled by storing an encrypted JWT token on the client.


Google OAuth

To change the authentation credentials:

Login to the google developer console

https://console.developers.google.com/

Key settings are:

  • Authorized redirect URIs this is set to http://localhost:4000/auth/google/callback and must match the key GOOGLE_CALLBACKURL in config/prod.env
  • Client secret - this must mach the key GOOGLE_SECRET in config/prod.env
  • Client ID - this must match the key GOOGLE_CLIENTID in config/prod.env

Change the environment parameters

The production environment parameters are defined in the config/prod.env file. Changing the parameters to match those in the developer console, specifically:

  • GOOGLE_CLIENTID
  • GOOGLE_SECRET
  • GOOGLE_CALLBACKURL - e.g. http://deepsea-ai.shore.mbari.org/auth/google/callback

Test authentication

Test the authentication outside the docker image

env-cmd -f config/prod.env up

You should be able to login here http://localhost:4000/auth/login and be redirected to the api here http://localhost:4000/api.

Deploy the docker image

When all of the above is working, deploy the docker stack with

cd deepsea-ai-backend && docker-compose --env-file config/prod.env up

Developer notes

  • Good blog on oauth (scroll to bottom for JWT auth) http://gregtrowbridge.com/node-authentication-with-google-oauth-part1-sessions/
  • Prisma Deployment Docs