added edge-sso template#5
Open
godronus wants to merge 2 commits into
Open
Conversation
There was a problem hiding this comment.
Pull request overview
Adds the new edge-sso FastEdge template (multi-provider SSO / Identity-Aware Proxy) alongside improvements to template packaging and publishing. This expands the repository’s catalog beyond html2md with a full, deployable SSO solution (auth-app + CDN filter) and supporting docs/tests.
Changes:
- Add
edge-sso/template: shared core, three variants (gate-only / cookie / header), tests, and context documentation. - Make
html2mdmore self-contained (registry metadata, license, Cargo target config; dependency pinning). - Add GitHub Actions + composite actions to build/publish templates; update root docs/gitignore.
Reviewed changes
Copilot reviewed 111 out of 116 changed files in this pull request and generated 11 comments.
Show a summary per file
| File | Description |
|---|---|
| README.md | Update root README to list templates and add edge-sso summary/linking. |
| html2md/registry.json | Add template registry metadata for publishing. |
| html2md/LICENSE | Add Apache-2.0 license file for the template. |
| html2md/Cargo.toml | Pin proxy-wasm dependency version (remove workspace dep). |
| html2md/.cargo/config.toml | Set default Cargo build target to wasm32-wasip1. |
| edge-sso/tsconfig.base.json | Add shared TS config baseline for edge-sso packages. |
| edge-sso/templates/header/cdn-filter/src/lib.rs | Header variant filter entrypoint wiring to shared Rust core. |
| edge-sso/templates/header/cdn-filter/registry.json | Registry metadata + configuration params for header filter. |
| edge-sso/templates/header/cdn-filter/package.json | Build/test scripts for header CDN filter. |
| edge-sso/templates/header/cdn-filter/Cargo.toml | Header filter crate config + feature selection for shared core. |
| edge-sso/templates/header/cdn-filter/.env.example | Header filter environment/secret configuration guide. |
| edge-sso/templates/header/auth-app/tsconfig.json | TS config for header auth-app. |
| edge-sso/templates/header/auth-app/tests/app.test.ts | Header auth-app smoke test (non-cookie shared suite). |
| edge-sso/templates/header/auth-app/server.tsx | Header auth-app entrypoint (FastEdge fetch handler). |
| edge-sso/templates/header/auth-app/package.json | Build/test scripts and deps for header auth-app. |
| edge-sso/templates/header/auth-app/.env.example | Header auth-app environment/secret configuration guide. |
| edge-sso/templates/gate-only/cdn-filter/src/lib.rs | Gate-only filter entrypoint wiring. |
| edge-sso/templates/gate-only/cdn-filter/registry.json | Registry metadata + params for gate-only filter. |
| edge-sso/templates/gate-only/cdn-filter/package.json | Build script for gate-only CDN filter. |
| edge-sso/templates/gate-only/cdn-filter/Cargo.toml | Gate-only filter crate config + shared core features. |
| edge-sso/templates/gate-only/cdn-filter/.env.example | Gate-only filter configuration guide. |
| edge-sso/templates/gate-only/auth-app/tsconfig.json | TS config for gate-only auth-app. |
| edge-sso/templates/gate-only/auth-app/tests/app.test.ts | Gate-only auth-app smoke test (non-cookie shared suite). |
| edge-sso/templates/gate-only/auth-app/server.tsx | Gate-only auth-app entrypoint. |
| edge-sso/templates/gate-only/auth-app/package.json | Build/test scripts and deps for gate-only auth-app. |
| edge-sso/templates/gate-only/auth-app/.env.example | Gate-only auth-app configuration guide. |
| edge-sso/templates/cookie/cdn-filter/tests/filter.test.ts | Cookie filter test runner wiring (suite orchestration). |
| edge-sso/templates/cookie/cdn-filter/src/lib.rs | Cookie filter entrypoint wiring. |
| edge-sso/templates/cookie/cdn-filter/registry.json | Registry metadata + params for cookie filter. |
| edge-sso/templates/cookie/cdn-filter/package.json | Build/test scripts for cookie CDN filter. |
| edge-sso/templates/cookie/cdn-filter/Cargo.toml | Cookie filter crate config + shared core features. |
| edge-sso/templates/cookie/cdn-filter/.env.example | Cookie filter configuration guide. |
| edge-sso/templates/cookie/auth-app/tsconfig.json | TS config for cookie auth-app. |
| edge-sso/templates/cookie/auth-app/tests/unit/session-token.test.ts | Unit tests for JWT/session token + request binding helpers. |
| edge-sso/templates/cookie/auth-app/tests/unit/saml-claims.test.ts | Unit tests for SAML claim extraction + mapping parsing. |
| edge-sso/templates/cookie/auth-app/tests/unit/redirect.test.ts | Unit tests for redirect validation/hardening. |
| edge-sso/templates/cookie/auth-app/tests/unit/providers-registry.test.ts | Unit tests for provider registry/allowlist behavior. |
| edge-sso/templates/cookie/auth-app/tests/unit/oauth-common.test.ts | Unit tests for PKCE + signed OAuth state + verified email gating. |
| edge-sso/templates/cookie/auth-app/tests/unit/google-oidc.test.ts | Unit tests for Google ID token verification (iss/aud/exp/nonce). |
| edge-sso/templates/cookie/auth-app/tests/unit/default-claims.test.ts | Unit tests for parsing default identity claim list. |
| edge-sso/templates/cookie/auth-app/tests/tsconfig.json | TS config for tests under Node. |
| edge-sso/templates/cookie/auth-app/tests/non-cookie-smoke.ts | Shared smoke suite for gate-only + header auth-app variants. |
| edge-sso/templates/cookie/auth-app/tests/_cookies.ts | Helper to normalize set-cookie header handling across fastedge-test versions. |
| edge-sso/templates/cookie/auth-app/server.tsx | Cookie auth-app entrypoint. |
| edge-sso/templates/cookie/auth-app/package.json | Build/test/e2e scripts and deps for cookie auth-app. |
| edge-sso/templates/cookie/auth-app/.env.test | Checked-in fake test fixture env values for integration tests. |
| edge-sso/templates/cookie/auth-app/.env.example | Cookie auth-app configuration guide. |
| edge-sso/scripts/gen-ec-keypair.mjs | Utility script to generate ES256 keypair and emit env/secret values. |
| edge-sso/README.md | Public-facing overview for edge-sso template. |
| edge-sso/pnpm-workspace.yaml | pnpm workspace + shared dependency catalog for edge-sso. |
| edge-sso/package.json | Root package manifest for edge-sso monorepo scripts. |
| edge-sso/LICENSE | Apache-2.0 license file for edge-sso template. |
| edge-sso/core/util/env.ts | Helpers for required env/secret reads (FastEdge runtime). |
| edge-sso/core/util/bytes.ts | UTF-8/base64/base64url helpers for crypto/token code. |
| edge-sso/core/tsconfig.json | TS config for core package. |
| edge-sso/core/session/token.ts | JWT signing/verification + SAML RelayState request binding utilities. |
| edge-sso/core/session/key.ts | Secret/key loading for HS256 and ES256 signing. |
| edge-sso/core/package.json | Package exports map for @sso/core. |
| edge-sso/core/filter/Cargo.toml | Shared Rust filter core crate + feature flags. |
| edge-sso/core/federation/util/redirect.ts | Redirect allowlist + hardening logic for ?redirect=. |
| edge-sso/core/federation/saml/request.ts | SAML AuthnRequest generation + deflate/base64 encoding. |
| edge-sso/core/federation/saml/handlers.ts | SAML login/callback handlers: binding + cookies + token minting. |
| edge-sso/core/federation/saml/config.ts | SAML config resolution from env/secrets. |
| edge-sso/core/federation/saml/claims.ts | SAML attribute-to-claim extraction + optional claim map parsing. |
| edge-sso/core/federation/providers/registry.ts | Provider registry + allowlist/creds-based selection + login URL builder. |
| edge-sso/core/federation/providers/microsoft-oidc.ts | Microsoft id_token verification with tenant handling/allowlist. |
| edge-sso/core/federation/providers/google.ts | Google OAuth/OIDC login + callback handler. |
| edge-sso/core/federation/providers/google-oidc.ts | Google ID token verification helper. |
| edge-sso/core/federation/providers/facebook.ts | Facebook OAuth login + callback handler. |
| edge-sso/core/federation/providers/common.ts | PKCE, signed state, and verified-email helpers (Node-testable). |
| edge-sso/core/federation/index.ts | Public exports for federation package surface. |
| edge-sso/core/federation/error.tsx | Generic error page (no reflected user input). |
| edge-sso/core/federation/config.ts | Runtime config + branding resolution + audience requirement. |
| edge-sso/core/federation/app.tsx | Hono app wiring for /auth routes, providers, JWKS, logout, etc. |
| edge-sso/context/INDEX.md | Context entrypoint doc with reading map and file map. |
| edge-sso/context/development/testing.md | Testing inventory + how-to-run + CI notes. |
| edge-sso/context/design/integration.md | Customer integration guide for /auth surface and embedding options. |
| edge-sso/context/architecture/security.md | Security posture and known limitations documentation. |
| edge-sso/context/architecture/saml-flow.md | SAML flow and verification approach documentation. |
| edge-sso/context/architecture/runtime-constraints.md | StarlingMonkey/FastEdge runtime constraints documentation. |
| edge-sso/context/architecture/overview.md | Architecture overview (two-app split, contract, structure). |
| edge-sso/context/architecture/auth-modes.md | Explanation of the three delivery variants and their axis discipline. |
| edge-sso/CLAUDE.md | Template-specific agent/developer guidance for edge-sso. |
| edge-sso/Cargo.toml | Rust workspace for edge-sso filter crates and shared deps. |
| edge-sso/AGENTS.md | Template-specific agent policy file for edge-sso. |
| edge-sso/.gitignore | edge-sso template-specific ignore rules. |
| edge-sso/.cargo/config.toml | Default Cargo build target for edge-sso workspace. |
| CLAUDE.md | Root repo guidance updated for multi-template repo structure. |
| Cargo.toml | Remove old root Rust workspace config (no longer valid for new layout). |
| AGENTS.md | Add/refresh root agent policy file. |
| .gitignore | Broaden ignores for wasm artifacts and nested target dirs. |
| .github/workflows/publish-html2md.yml | Add workflow to build and publish the html2md template. |
| .github/setup-node/action.yaml | Composite action to setup Node + pnpm + dependency install. |
| .github/setup-harbor-pull/action.yaml | Composite action to authenticate to Harbor and pull compiler image. |
| .github/build-rust/action.yaml | Composite action to build Rust WASM via the compiler Docker image. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.