These scripts provided a practical implementation of the steps and practices described in the FusionAuth Security Guide.https://fusionauth.io/resources/guide-to-user-data-security

This project contains a set of bash scripts that can be used to secure a new Linux server. The scripts are broken into parts:

Configuration
Server setup

Configuration

We are using fusion auth to generate JWT tokens upon login for several of our apps. The tokens are then used for accessing several of our API's. Our API's need to determine which tenant the user belongs to. It would be great if this could be done using the JWT token. FusionAuth for user management, since it provides a neat UI and all the stuff for managing user data (CIAM) and supports many authentication strategies (OAuth2, JWT.), defines user, applications, roles, etc, but does not handle per-application api-keys nor routing (it is not an api-gateway).

Before you can use secure your server, you need to run the configuration script. This script is named configure.sh. This script will ask you a variety of questions related to your server including:

IP Address
Alert email
SMTP server
SMTP port
SMTP username
SMTP password
SMTP encryption (if any)
Slack Webhook URL
Pushover application and user keys

After the script has asked all the questions, it will output all of the necessary configuration files that the server setup scripts will use. These will be placed in the output directory.

Fusionauth Generate User Api Key Free

Server Setup

After you run the configure script, you can run the server setup script. This script is named setup-new-server.sh. This script will prompt you for the password for the ordinary user account that is created on the server and then it will upload all of the files from the output directory to the server and execute the install script on the server.

Chef

You can also use the Chef Cookbook instead of the configure.sh and setup-new-server.sh scripts. The Chef Cookbook is located in the chef-repo/cookbooks. You can install this Cookbook in your Chef server by executing these commands:

This will add the Cookbook to the Chef server that is configured in your knife.rb file. From there, you can use the Cookbook to bootstrap your nodes.

To use this Chef Cookbook, you first need to configure these required attributes:

node['security_guide']['users'] - This is an array that contains the users that the Chef recipe will create on the server. Each user must have these attributes:
- username - The username of the user
- password - The hashed password of the user (this is put directly in the /etc/shadow file)
- public_key - The RSA public key of the user
node['security_guide']['monit']['alert_email] - The email address where Monit alerts are sent

Fusionauth Generate User Api Key In Excel

In addition to the required attributes, the Chef Cookbook also takes these optional attributes:

node['security_guide']['sudo_group'] - The name of the group that grants a user sudo access (defaults to sudo)
node['security_guide']['monit']['email_server'] - The name of the SMTP server Monit uses to send emails (defaults to localhost)
node['security_guide']['monit']['email_port'] - The SMTP port Monit uses to send emails (defaults to 25)
node['security_guide']['monit']['email_username'] - The username that Monit uses to connect to the SMTP server
node['security_guide']['monit']['email_password'] - The password that Monit uses to connect to the SMTP server
node['security_guide']['monit']['email_encryption'] - The encryption Monit uses to connect to the SMTP server. This must be ssl or tlsv12 if specified
node['security_guide']['monit']['slack_url'] - The Slack Webhook URL that Monit will use to send Slack notifications (defaults to ')
node['security_guide']['monit']['slack_enabled'] - Whether or not Slack notifications are enabled as a String not a boolean (defaults to 'false')
node['security_guide']['monit']['pushover_application'] - The Pushover application id Monit uses to send Pushover notifications to (defaults to ')
node['security_guide']['monit']['pushover_user'] - The Pushover user id Monit uses to send Pushover notifications to (defaults to ')
node['security_guide']['monit']['pushover_enabled'] - Whether or not Pushover notifications are enabled as a String not a boolean (defaults to 'false')

You can set these attributes via a node attribute file, role or environment setting. The Chef recipe will verify that you have specified the required attributes and fail if they are absent.

NOTE: This repository is no longer the official NodeJS and React example. Please use the https://github.com/FusionAuth/fusionauth-example-react repository going forward as that repository properly illustrates the OAuth Authorization Code Grant with React.

This project contains an example project that illustrates using FusionAuth with NodeJS and React. The Node and React applications each have their own Readme with further explanations of the applications, including configuration options. Each application also has examples of how to deploy it view Jenkins, Gitlab, or Drone.

About

The application uses the core features a person would want to use from software like FusionAuth. In order to do that, the Todo example includes routing to make all of these items happen. Best serial key generator software. Included features are:

Signup / login.
- Email verification before logging in is allowed.
Forgot password workflow.
View / edit profile details.
Enable / disable 2FA.
Change password while logged in.
Working with a MongoDB model (Todos) with a logged in user.
- Create, read, update, delete Todos.
Authentication of a route before allowing access to the page.

Prerequisites

You will need the following things properly installed on your computer.

Node.js (with NPM)

Installation

git clone https://github.com/fusionauth/fusionauth-nodejs-react-example
cd fusionauth-nodejs-react-example
./server npm install
./frontend npm install

FusionAuth and Database Configuration

Choose your preferred installation method.
- This demo will cover the Fast Path option as a quick way to get up and running.
Install the dependencies for your Operating System (this will do it in the current directory).
- MacOS
  - sh -c 'curl -fsSL https://raw.githubusercontent.com/FusionAuth/fusionauth-install/master/install.sh sh'
- Windows
  - iex (new-object net.webclient).downloadstring('https://raw.githubusercontent.com/FusionAuth/fusionauth-install/master/install.ps1)
- Linux (zip)
  - sh -c 'curl -fsSL https://raw.githubusercontent.com/FusionAuth/fusionauth-install/master/install.sh sh -s - -z'
- Linux (DEB or RPM)
  - sh -c 'curl -fsSL https://raw.githubusercontent.com/FusionAuth/fusionauth-install/master/install.sh sh'
Start the FusionAuth App.
- ./fusionauth/bin/startup.sh
  - The installer will also give the full path to the startup file.
Ensure MySQL is up and running with a root user.
Create a MongoDB database. We'll use a free tier from MongoDB Cloud.
- Sign in and create a new Project.
- Create a cluster on the new project. Choose a name and click create. You don't need to add additional team members.
- Create a new Cluster for the project. Each project can support one free cluster.
  - If the cluster being created is the first for the project, you have the choice of using a starter cluster which is free. Choose that. You can name the cluster or accept the default name of Cluster0.
- On the Network Access tab, add a new IP to be able to access the cluster.
  - Either add your own IP, or add 0.0.0.0.
- On the Database Access tab, create a new user demo with the role Read and Write any database.
  - Set a password (demoPass).
- Once the cluster is provisioned, click the Clusters tab. Then click Connect followed by Connect your application. The default language is NodeJS. Copy the connection string.
  - Connection string is in the format mongodb+srv://cookbook:<password>@something.mongodb.net/test?retryWrites=true&w=majority
  - You will want the portion of the URL between the @ and /test -> something.mongodb.net
Open http://localhost:9011 in your browser to set up FusionAuth.
- You can leave the defaults for all the options, but you will need to provide the root MySQL or PostgreSQL username and password.
- The next page asks for information to create a FusionAuth admin account.

Running / Development

./server npm start
- Debug mode ./server node --inspect server.js
./frontend npm start
- This should open a browser to http://localhost:3000.

App Configuration

Details for how to configure each application (Node / React) will be detailed in their respective folders. This section will go over how to get everything set up as information may be required by both applications.

Create an application in FusionAuth.
- Give it a name (FusionAuth Demo).
- Add a role of member and check on the Default box for that role.
- On the JWT tab, click the Enable button.
- On the Security tab, click the Allow refresh token button and uncheck the Require an API key button.
- Save.
- Grab the Application ID for the new application.
- Grab the Application Secret for the new application.
Create an API key.
- Give it a description and do not click any of the buttons. This will be a root key for demo purposes.
- Grab the ID of the API key.
Enable emails
- Settings -> Tenants (Default) -> Email
- Use the appropriate settings for your email host.
- Click the Verify Email button.
- Use the Email Verification for the Verification Template.
Replace the Email Verification and Forgot Password Verification email templates with the HTML provided.
- In the email templates, you will need to change Site Name to your site's name.
- You will also need to change https://your-site.com/ to your own domain.
- You will need to change the From Email in FusionAuth on both templates to the email used in the email setup.
Add the required routing authentication to the MongoDB database.
- Visit the cluster for the project you create @ MongoDB.
- On the Clusters tab, click Collections.
- Under the fusionAuthDemo database, click roles.
- Click Insert Document.
- Beside the VIEW text, click the blank looking button. This will be a free form editor.
- Paste the content from mongodb/roles.json and click Insert.