Ported CLI from commander to yargs because yargs suits our large CLI better and is easier to develop with. Split commands into separate files since the file was getting annoyingly long.

lib/cli/auth-oauth2/index.js

@@ -0,0 +1,102 @@
+module.exports.command = 'auth-oauth2'
+
+module.exports.describe = 'Start an OAuth 2.0 auth unit.'
+
+module.exports.builder = function(yargs) {
+  return yargs
+    .env('STF_AUTH_OAUTH2')
+    .strict()
+    .option('app-url', {
+      alias: 'a'
+    , describe: 'URL to the app unit.'
+    , type: 'string'
+    , demand: true
+    })
+    .option('oauth-authorization-url', {
+      describe: 'OAuth 2.0 authorization URL.'
+    , type: 'string'
+    , default: process.env.OAUTH_AUTHORIZATION_URL
+    , demand: true
+    })
+    .option('oauth-token-url', {
+      describe: 'OAuth 2.0 token URL.'
+    , type: 'string'
+    , default: process.env.OAUTH_TOKEN_URL
+    , demand: true
+    })
+    .option('oauth-userinfo-url', {
+      describe: 'OAuth 2.0 user info URL.'
+    , type: 'string'
+    , default: process.env.OAUTH_USERINFO_URL
+    , demand: true
+    })
+    .option('oauth-client-id', {
+      describe: 'OAuth 2.0 client ID.'
+    , type: 'string'
+    , default: process.env.OAUTH_CLIENT_ID
+    , demand: true
+    })
+    .option('oauth-client-secret', {
+      describe: 'OAuth 2.0 client secret.'
+    , type: 'string'
+    , default: process.env.OAUTH_CLIENT_SECRET
+    , demand: true
+    })
+    .option('oauth-callback-url', {
+      describe: 'OAuth 2.0 callback URL.'
+    , type: 'string'
+    , default: process.env.OAUTH_CALLBACK_URL
+    , demand: true
+    })
+    .option('oauth-scope', {
+      describe: 'Space-separated OAuth 2.0 scope.'
+    , type: 'string'
+    , default: process.env.OAUTH_SCOPE
+    , demand: true
+    })
+    .option('port', {
+      alias: 'p'
+    , describe: 'The port to bind to.'
+    , type: 'number'
+    , default: process.env.PORT || 7120
+    })
+    .option('secret', {
+      alias: 's'
+    , describe: 'The secret to use for auth JSON Web Tokens. Anyone who ' +
+        'knows this token can freely enter the system if they want, so keep ' +
+        'it safe.'
+    , type: 'string'
+    , default: process.env.SECRET
+    , demand: true
+    })
+    .option('ssid', {
+      alias: 'i'
+    , describe: 'The name of the session ID cookie.'
+    , type: 'string'
+    , default: process.env.SSID || 'ssid'
+    })
+    .epilog('Each option can be be overwritten with an environment variable ' +
+      'by converting the option to uppercase, replacing dashes with ' +
+      'underscores and prefixing it with `STF_AUTH_OAUTH2_` (e.g. ' +
+      '`STF_AUTH_OAUTH2_SECRET`). Legacy environment variables like ' +
+      'OAUTH_SCOPE are still accepted, too, but consider them ' +
+      'deprecated.')
+}
+
+module.exports.handler = function(argv) {
+  return require('../../units/auth/oauth2')({
+    port: argv.port
+  , secret: argv.secret
+  , ssid: argv.ssid
+  , appUrl: argv.appUrl
+  , oauth: {
+      authorizationURL: argv.oauthAuthorizationUrl
+    , tokenURL: argv.oauthTokenUrl
+    , userinfoURL: argv.oauthUserinfoUrl
+    , clientID: argv.oauthClientId
+    , clientSecret: argv.oauthClientSecret
+    , callbackURL: argv.oauthCallbackUrl
+    , scope: argv.oauthScope.split(/\s+/)
+    }
+  })
+}