Added AWS Cognito Authentication, and Jira Notifications

.gitignore

@@ -4,4 +4,6 @@ yarn.lock
 config.json
 npm-debug.log
 *.sublime-*
-.DS_Store
+.DS_Store
+/.idea
+/wordpress-comments.xml

README.md

@@ -88,10 +88,92 @@ You will find further information on the [schnack page](https://schnack.cool/).
 * slack
 * rss
 * sendmail
+* [Jira Cloud](https://developer.atlassian.com/cloud/jira/platform/rest/v3/)
+
+#### Setting up Jira
+
+The Jira notifier adds a task to the backlog of your nominated project. This allows your team to assign a workflow to the moderation / approval process.
+
+**1: Setup the Application in Jira**
+
+1. Log into Jira using a privileged account, then visit [Atlassian Account API Token Manager](https://id.atlassian.com/manage/api-tokens)
+1. Click _Create API Token_ and enter a label
+1. When the [Your new API token](https://confluence.atlassian.com/cloud/files/938839638/938839639/1/1507010022324/Screen+Shot+2017-09-25+at+5.09.09+pm.png) modal is shown, click the _Copy to clipboard_ button
+1. Using [your favourite Base64 Encoding tool](https://www.base64decode.org/), create the Base64 encoded string `my-email@example.com:my-copied-atlassian-token`
+1. Copy the resulting string to the `notify.jira.basic_auth.base64` property
+
+**2: Assign a board to receive notifications**
+
+1. Collect a list of the boards available by running `npm run jira-boards`
+2. Find the board you'd like to push notifications to, and note the `projectKey`
+3. Add the `projectKey` to the `notify.jira.project_key`
+
+**3: Test**
+
+1. Send a test task to the board, by running `npm run jira-test`
+
+
+**Authentication Providers:**
+
+* Twitter
+* GitHub
+* Google Accounts
+* Facebook
+* Mastodon
+* [AWS Cognito](https://aws.amazon.com/cognito/)
+
+#### Setting up Cognito
+
+**Set up a user pool**
+
+1. Log in to your Amazon AWS Account, and find the Cognito service
+1. Sign up for Cognito if you have not already
+1. Click _Manage User Pools_
+1. Click _Create a user pool_
+1. Create a pool name (can be anything you like)
+1. Click _Step Through Settings_ and follow the wizard to set up the new user pool
+
+**Set up an authentication app**
+
+1. From the main  screen / control panel for your new user pool, click _App Integration=> App client settings_
+1. Check _Enabled Identity Providers => Select All_ (making sure _Cognito User Pool_ is also checked)
+1. Enter your Sign-in URL (`http://mydomain/auth/cognito/callback`)
+1. Check _OAuth 2.0 => Authorization code grant_
+1. Check **at least** _Allowed OAuth Scopes => aws.cognito.signin.user.admin_ (others can be used, if required)
+1. Note the _App client => ID_, and copy to the `oauth.cognito.client_id` property in the `config.json` file
+
+**Get / create a domain prefix**
+
+1. From the main  screen / control panel for your new user pool, click _App Integration=> Domain name_
+1. If there isn't one already, create a new domain prefix
+1. Note the domain prefix, and copy to the `oauth.cognito.domain_prefix` property in the `config.json` file
+1. Note the region (between the `auth` and the `amazoncognito` parts of the domain, eg `eu-west-1`) and copy to the `oauth.cognito.region` property in the `config.json` file
+
+**Get the client secret**
+
+1. From the main  screen / control panel for your new user pool, click _General settings => App clients_
+1. Find the app you'd like to integrate (or create a new app client, if needed)
+1. Click the _Show Details_ button
+1. Note the App client secret, and copy and copy to the `oauth.cognito.client_secret` property in the `config.json` file
+
+#### CORS Issues
+
+If you bump into CORS issues when attempting authentication across different ports **during development**, you may need to use a proxy tunnel to pipe requests from one port to another. Eg:
+
+`https://comments.localhost.lcl` => `https://localhost:8080`
+`https://schnack.localhost.lcl` => `https://localhost:3000`
+
+This can be achieved using third party servers like Apache or Nginx, combined with _Proxy Pass_ to forward traffic from a neutral port (like `443`), to the server ports.
+
+If you do this, you will also need to update `test/index.html` with the address of the proxied Schnack server.
+
+### Included SSL Certificates
+
+The SSL Certificates included in the `/certs` directory are for **development purposes only**. These are used to make it possible to fetch data and perform authentication over SSL, on `localhost`. **DO NOT** use them in a production environment. 
 
 ### Who is behind Schnack?
 
-Schnack is [yet another](https://github.com/gka/canvid/) happy collaboration between [Webkid](https://webkid.io/) and [Gregor Aisch](https://www.vis4.net).
+Schnack is [yet another](https://github.com/gka/canvid/) happy collaboration between [Webkid](https://webkid.io/) and [Gregor Aisch](https://www.vis4.net), with a few minor additions from [Jerram Digital](https://jerram.co.uk/).
 
 ### Who is using Schnack?
 

certs/local.crt

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDXTCCAkWgAwIBAgIJAOE6sLa+lkbXMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwHhcNMTkwMjIwMTMyMjA2WhcNMjAwMjIwMTMyMjA2WjBF
+MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
+ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAtjgHIX9O6ROw3VHkE5eT39dJaDm60YPwiouHtaBIPXeFgFTTL91LMoG4
+6AZ+n5Ec/UAEJoAdSs4kwyo6ChHnbEhrW83DGUtmKETWzmiNM00riBgHa/+GmNAh
+fHIzGoNdmO3uffpvViGM38N5oQV4L9/tNuTAHfb9PRzsR1ghOaRBC+dxwmBaJ4Yh
+AqN6Tqth6McmnHO/4ftvwDXCS1UcUEb7i8+yiyebu26PFpOhFrB7y+WtJpMNOCtS
+ipQQGbEXEC/zqw3ptMWdQZ8BoaglV4UgDZoD97Gzvd55C4Yq5NMsVVFnuagM88nw
+68iTmm38jC5U8WWnBP6ZAL2TCGvXfwIDAQABo1AwTjAdBgNVHQ4EFgQUpAoiHZdR
+AcxspD5PDQhNDs2yXekwHwYDVR0jBBgwFoAUpAoiHZdRAcxspD5PDQhNDs2yXekw
+DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEABsM+QeUif6po0GY/SmHW
+/zLY1NXJ6/Wvkdq2/ZJb3M49HpRFY6AES8aqfj2XOIPLExDXSiBiIHtYwVBcM9ka
+PKOuFY/Pm7h9Ud19NGa3XdogztoQjd9nabILk9m1zLTFYmQXRTmBNoRbJqhx9Oqv
+YSLgg0RaNqxqOdsjKVy799Uz17cATx95adkTRCCL3R9crpXoZ5sUuY66ax3NL4Ar
+g2xVa/CU09fErqLwTgibzbDMNnphBNPOxFMVpqflZ1WXYlIysbKpO72ZaWT9428A
+xALeoy1dFUaGC3/IAoELDJj9EqitUOyHT9uqvJ4aG0emM48agFOXAWu0bwtY2SNv
+3w==
+-----END CERTIFICATE-----

certs/local.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC2OAchf07pE7Dd
+UeQTl5Pf10loObrRg/CKi4e1oEg9d4WAVNMv3UsygbjoBn6fkRz9QAQmgB1KziTD
+KjoKEedsSGtbzcMZS2YoRNbOaI0zTSuIGAdr/4aY0CF8cjMag12Y7e59+m9WIYzf
+w3mhBXgv3+025MAd9v09HOxHWCE5pEEL53HCYFonhiECo3pOq2Hoxyacc7/h+2/A
+NcJLVRxQRvuLz7KLJ5u7bo8Wk6EWsHvL5a0mkw04K1KKlBAZsRcQL/OrDem0xZ1B
+nwGhqCVXhSANmgP3sbO93nkLhirk0yxVUWe5qAzzyfDryJOabfyMLlTxZacE/pkA
+vZMIa9d/AgMBAAECggEBAJOJ+fwdYH9H+kS5MbrLWGg9oKpLVACgm/sRzug4x0U9
+qVKnW/e9bk2Oy3DTEWOR068aTkH+KbmQACQl5KiSppb+bC8BA59PdX/VfTfTX8DS
+ExU2n4vKcej5XKOus8Ib64UP4bMPO2a5856aX7kI/K+G2ENCJGweuBzrdkSuDvjj
+sB973aVCHyuuDrKyPtyQ+cKil4OGR4tsiCJ0u6vXESV9lDadinLwznXXTBY0uNzF
+/xPnvdgYsPqwXUsOohJWdtu6rCnzfutqW79MtqJzEYdZHjDjRX8sQfQI5pQae2Uf
+A5Xm9VChiDT/Dcx+nMjl+NOSxneVRmqxW4ezGeAWroECgYEA2nmZOwEMoowNiDQz
+IvBXWWcuvgxxOnBjRrOkymnvV7FJK79Hn4zPtgUuNZrDQu3hvgJUb5mVW5lKGnOF
+KbBVSoUfx9br4yaFPSsKC27C7O9/+V+7CQ8Y+8uNzmAuVaY6pJXwLbpagvt0GWOm
+IAZiR182u99NbPtVzLKP7xFThbcCgYEA1YQ83CrinN8kLanOxocL8i5TPGtHNJRF
+gvEGTkqr1RQ/uT1CQDl0fUfXl/sYlVfIeGxT55nF4WKCxwdyaVwAjgwn3nZPcpaL
+D356JfHa0bGRucEzM7VfZlEhByg7KM3s+PYYWAauGW82EJi1h83svwxqD4HPD3e7
+rfb13P47fHkCgYAsLVJyv++SHsfNtuBwPDEtftPQ0itDKd6pOUIlO+6NyOeG1RLi
+jFKj98A0TqsVKYzwIwB34JJ3BzQYzSssFt/oRar7edYRBIUErWNGlIsN5g/2mQj0
+9/yRTcPK61/zKb3J8hey52/N9JKxX5kD+MZ+sB4dNzYsx1W+Io1ARjyhWQKBgHEX
+5wiTKo7+3nHVZLHhLCGuCeaRyBiAhMUTl0x23scxP4OFgAb2p84H9JkKpf3MjmHC
+tzqQR7DW9gAn4KEP2zdiFugNcI14UdX2HwrkLQwu6soiHFXCNvLB/CWHWLaHRIKm
+D0To3OSZ9GAcEuMI3uJe1/q4vg0qVV2S1q2kd6u5AoGBALXxg0Wp9cFNuBR7JxLc
+xQbyQIs7hpjahH0oZKEilOknq95qSVJcSxE5Cg/QFvmFXlcR1aCG+VGXdgEkf0EW
+2wrIkGpFbGjL2Q1a0/GFF7uOCoPaqi4BQQW6I6pruD/TCuL3B6lFjlhP5VAtl6iN
+tyOO3Y1QKyMnjeucROUuo+cf
+-----END PRIVATE KEY-----

config.tpl.json

@@ -28,6 +28,12 @@
         "mastodon": {
             "app_name": "your website name",
             "app_website": "https://blog.example.com/"
+        },
+        "cognito": {
+            "domain_prefix": "xxxxx",
+            "region": "xxxxx",
+            "client_id": "xxxxx",
+            "client_secret": "xxxxx"
         }
     },
     "notify": {
@@ -41,7 +47,19 @@
         },
         "slack": {
             "webhook_url": "xxxxx"
+        },
+        "jira": {
+            "host": "myhost.atlassian.net",
+            "project_key": "xxxxx",
+            "issue_type": "Story",
+            "basic_auth": {
+                "base64": "xxxxx"
+            }
         }
     },
+    "ssl": {
+        "certificate_path": "./certs/local.crt",
+        "certificate_key": "./certs/local.key"
+    },
     "date_format": "MMMM DD, YYYY - h:mm a"
 }