How to deploy it on local.[enviroment variables] about owasp-threat-dragon HOT 9 CLOSED

Hello @ZhangK123

here are the steps to set up the environment variables:

• In your github account, go to Settings -> 'Developer settings' -> 'OAuth Apps' -> 'New OAuth App'
• fill out the form with the following:
  Application name: not critical, suggest something like 'Threat Dragon'
  Homepage URL: http://localhost:3000
  Application description: not critical, suggest something like 'threat dragon for local development'
  Authorization callback URL: http://localhost:3000/oauth/github
• Regsister the application, screenshot below

• In this new OAuth App, note the values for Client ID (for example 01234567890123456789) and Client Secret (for example 0123456789abcdef0123456789abcdef01234567)

You now have all the info to set up the environment variables:

• GITHUB_CLIENT_ID from Client ID above, for example export GITHUB_CLIENT_ID=01234567890123456789
• GITHUB_CLIENT_SECRET from Client Secret above, for example export GITHUB_CLIENT_SECRET=0123456789abcdef0123456789abcdef01234567
• export NODE_ENV=development
• export SESSION_STORE=local
• SESSION_SIGNING_KEY as a random 32 character hexadecimal key, for example export SESSION_SIGNING_KEY=11223344556677889900aabbccddeeff
• SESSION_ENCRYPTION_KEYS has the same 32 character key, for example export SESSION_ENCRYPTION_KEYS='[{"isPrimary": true, "id": 0, "value": "11223344556677889900aabbccddeeff"}]'

you should now be able to start the threat dragon webapp using npm run-script start and then navigate in a browser to "http://localhost:3000/"

Hope this works OK for you, if not then get back to me

from owasp-threat-dragon.

D:\CodeSpace\ow\owasp-threat-dragon> set SESSION_SIGNING_KEY=local & set NODE_ENV=development & npm start

[email protected] start D:\CodeSpace\ow\owasp-threat-dragon
node server.js

{"name":"threatdragon","excludes":["req-headers","res-headers","res","req","short-body","body","response-hrtime","incoming","user-agent","response-time","http-version"],"hostname":"DESKTOP-5O3JJ6D","pid":2780,"level":50,"security":true,"msg":"local session store used - should only happen in dev environments","time":"2020-06-21T20:16:09.056Z","v":0}
{"name":"threatdragon","hostname":"DESKTOP-5O3JJ6D","pid":2780,"level":50,"msg":"owasp threat dragon failed to start up","time":"2020-06-21T20:16:09.085Z","v":0}
{"name":"threatdragon","hostname":"DESKTOP-5O3JJ6D","pid":2780,"level":50,"msg":"OAuth2Strategy requires a clientID option","time":"2020-06-21T20:16:09.085Z","v":0}

from owasp-threat-dragon.

this is how i run the code, i try to edit session.config.js, and try to run the code with command line, but they all doesn't works. I don't know how to set "OAuth2Strategy requires a clientID option",

from owasp-threat-dragon.

Hello @ZhangK123 , you need to set up all these environment variables:

• GITHUB_CLIENT_ID
• GITHUB_CLIENT_SECRET
• SESSION_SIGNING_KEY
• SESSION_ENCRYPTION_KEYS
• SESSION_STORE
• NODE_ENV

I agree the documentation is not very explicit, and it probably needs documenting more fully.

Once you have all the steps in https://github.com/settings/applications/new then you end up with entering these exports to set up your env vars:

export GITHUB_CLIENT_ID=XXXX (your github OAuth client ID)
export GITHUB_CLIENT_SECRET=XXXX (your github OAuth Client Secret)
export SESSION_SIGNING_KEY=XXXX(32 byte long random key)
export SESSION_ENCRYPTION_KEYS='[{"isPrimary": true, "id": 0, "value": "XXXX(32 byte key)"}, {"isPrimary": false, "id": 1, "value": "XXXX(32 byte key)"}]'
export SESSION_STORE=local
export NODE_ENV=development

from owasp-threat-dragon.

OK Thank you i will try it now.

from owasp-threat-dragon.

I will try and give a step-by-step guide sometime in the next day or so, but in the meantime do you want to try the desktop application first? It is easier to set up and once you have evaluated it you can then move on to using github to store your model files.

Threat Dragon Desktop version is here https://github.com/owasp/threat-dragon-desktop and the install is easy once you have downloaded the source:
https://github.com/owasp/threat-dragon-desktop/archive/main.zip
or cloned it:

git clone https://github.com/owasp/threat-dragon-desktop
npm install
npm run start

There is also version 1.2 installers at https://github.com/mike-goodwin/owasp-threat-dragon-desktop/releases/tag/v1.2

from owasp-threat-dragon.

I will try it. Thank you.

from owasp-threat-dragon.

Thank for your help. I finally successfully set up the enviroment variables

This is how i set these variables in Win10:

Add these lines to ./td/app.js:
6 try {
7 process.env.GITHUB_CLIENT_ID = 'a12345bc123aa123bb12 ';
8 process.env.GITHUB_CLIENT_SECRET = '0123456789abcdef0123456789abcdef01234567';
9 process.env.NODE_ENV = 'development';
10 process.env.SESSION_STORE = 'local';
11 process.env.SESSION_SIGNING_KEY = '11223344556677889900aabbccddeeff';
12 process.env.SESSION_ENCRYPTION_KEYS = '[{"isPrimary": true, "id": 0, "value": "11223344556677889900aabbccddeeff"}]'
......

Save then run the code in the cmd with "npm start"

from owasp-threat-dragon.

Hello @ZhangK123 - good news that you are now running Threat Dragon, I hope you like it.
I realise that I had sent you the example commands for Linux / MacOS, not Windows ... I am a linux sort of guy myself. I will make sure I updated the instructions with Windows commands as well

from owasp-threat-dragon.