Merge branch 'main' into spencer/eng-175/webhook-event-log

.github/workflows/contentcheck.yml

@@ -19,7 +19,7 @@ jobs:
       - name: Check for blog posts that have incorrect categories
         run: |
           find astro/src/content/blog/ -type f -name "*.md*" |grep -v swp | xargs grep '^categories:'|sed 's/.*categories: //'|sed 's/, /\n/g'|sort -u  > out
-          RES=`diff out .github/known-blog-categories.txt`
+          RES=`diff out config/contentcheck/known-blog-categories.txt`
           exit $RES
         shell: bash
       - name: Grep for absolute URLs referencing FusionAuth.io

.github/workflows/devlinkcheck.yml

@@ -16,5 +16,5 @@ jobs:
       - uses: actions/checkout@v4
       - uses: filiph/[email protected]
         with:
-          arguments: https://fusionauth.dev/docs/ --skip-file .github/linkcheck-skip.txt --connection-failures-as-warnings
+          arguments: https://fusionauth.dev/docs/ --skip-file config/linkcheck/linkcheck-skip.txt --connection-failures-as-warnings
         name: linkcheck

.github/workflows/exampleappscheck.yml

@@ -3,7 +3,7 @@ name: example_app_check
 on: 
   pull_request:
     paths:
-      - '.github/scripts/count-repos.sh'
+      - 'src/scripts/count-repos.sh'
       - '.github/workflows/exampleappcheck.yml'
       - 'astro/src/content/json/exampleapps.json'
       - 'astro/src/content/quickstarts/**'
@@ -18,4 +18,4 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Check for example app completeness
-        run: .github/scripts/count-repos.sh
+        run: src/scripts/count-repos.sh

.github/workflows/linkcheck.yml

@@ -19,5 +19,5 @@ jobs:
       - uses: actions/checkout@v4
       - uses: filiph/[email protected]
         with:
-          arguments: https://fusionauth.io/ --skip-file .github/linkcheck-skip.txt --connection-failures-as-warnings
+          arguments: https://fusionauth.io/ --skip-file config/linkcheck/linkcheck-skip.txt --connection-failures-as-warnings
         name: linkcheck

.github/workflows/updatesitemap.yml

@@ -21,11 +21,11 @@ jobs:
         with:
           node-version: 20
           cache: 'npm'
-          cache-dependency-path: '.github/scripts/publish_sitemap/package-lock.json'
+          cache-dependency-path: '.src/scripts/publish_sitemap/package-lock.json'
       - name: Install dependencies
-        run: cd .github/scripts/publish_sitemap && npm install 
+        run: cd src/scripts/publish_sitemap && npm install 
       - name: Update sitemap
         env: 
           GOOGLE_SEARCH_CONSOLE_JSON_KEY: ${{ secrets.GOOGLE_SEARCH_CONSOLE_JSON_KEY }}
-        run: node .github/scripts/publish_sitemap/publish_sitemap.js
+        run: node src/scripts/publish_sitemap/publish_sitemap.js
         shell: bash

.spellcheck.yaml

@@ -8,7 +8,7 @@ matrix:
   dictionary:
     encoding: utf-8
     wordlists:
-    - .github/knownwords.txt
+    - config/spellcheck/knownwords.txt
   pipeline:
   - pyspelling.filters.url:
   - pyspelling.filters.html:

.vale.ini

@@ -1,4 +1,4 @@
-StylesPath = .github/vale/styles
+StylesPath = config/vale/styles
 
 Vocab = FusionAuth
 MinAlertLevel = error

DocsDevREADME.md

@@ -175,7 +175,7 @@ Follow everything in the `Content Style Guidelines` section.
 - For site navigation, use double quotes: Navigate to "Tenants" and then to the "Password" tab.
 - For field names, use double quotes: "Login Identifier Attribute".
 - For values, use back ticks: `userPrincipalName`.
-- Put each blog post into one or more of the known categories. [Here's the list](https://github.com/FusionAuth/fusionauth-site/blob/main/.github/known-blog-categories.txt). You can separate categories with commas.
+- Put each blog post into one or more of the known categories. [Here's the list](https://github.com/FusionAuth/fusionauth-site/blob/main/config/contentcheck/known-blog-categories.txt). You can separate categories with commas.
 - Use tags. They are separated with commas. These are freeform, so feel free to add multiple and choose what works. The first one is what is used to show related posts, unless there's a `featuredTag` value in the front matter. You can [learn more about the logic by reviewing the layout](https://github.com/FusionAuth/fusionauth-site/blob/main/astro/src/layouts/Blog.astro).
 - You can use the `get-images-from-markdown.rb` script to extract images from markdown and store them in a directory.
 - All references to `stackoverflow.com` should be updated and direct to the community forum at `https://fusionauth.io/community/forum/`
@@ -452,9 +452,9 @@ The main configuration file is located at [`.vale.ini`](./.vale.ini), where we s
 
 ### Rules
 
-- The rules _(or, as Vale calls them, "styles")_ are located at [`.github/vale/styles`](./.github/vale/styles).
-- Right now, we're using [`write-good`](./.github.vale/styles/write-good), a collection of simple rules to avoid common mistakes and awkward sentences.
-- We also have a custom vocabulary at [`.github/vale/styles/config/vocabularies/FusionAuth/accept.txt`](./.github/vale/styles/config/vocabularies/FusionAuth/accept.txt) with known words.
+- The rules _(or, as Vale calls them, "styles")_ are located at [`config/vale/styles`](./config/vale/styles).
+- Right now, we're using [`write-good`](./config/vale/styles/write-good), a collection of simple rules to avoid common mistakes and awkward sentences.
+- We also have a custom vocabulary at [`config/vale/styles/config/vocabularies/FusionAuth/accept.txt`](./config/vale/styles/config/vocabularies/FusionAuth/accept.txt) with known words.
   - Note that this file can use regular expressions to match words in a case-insensitive manner, as described [in their docs](https://vale.sh/docs/topics/vocab/).
 
 ### GitHub Actions
@@ -488,7 +488,7 @@ $ vale --filter=".Name == 'Vale.Spelling'" astro/path/to/file
 Whenever you receive an error, you need to determine if you should:
 
 - Actually fix the word (e.g. if you received an error like _"Use 'Id' instead of 'ID'."_); or
-- Add a known word to [`the vocabulary`](./.github/vale/styles/config/vocabularies/FusionAuth/accept.txt) if it's a language, library, company name, etc. But make sure you have the correct capitalization to avoid having duplicates there; or
+- Add a known word to [`the vocabulary`](./config/vale/styles/config/vocabularies/FusionAuth/accept.txt) if it's a language, library, company name, etc. But make sure you have the correct capitalization to avoid having duplicates there; or
 - In case of custom Astro components, you'd probably need to add a new `TokenIgnores` item in [`.vale.ini`](./.vale.ini).
 
 ## Pull request review process

astro/src/components/docs/operate/secure-and-monitor/elasticDiagram1.astro

@@ -0,0 +1,27 @@
+---
+import Diagram from 'src/components/mermaid/FlowchartDiagram.astro';
+
+const { alt } = Astro.props;
+
+//language=Mermaid
+const code = `
+graph TB
+  subgraph I[Your server]
+    direction TB
+    subgraph G[Docker]
+      H[(PostgreSQL)]
+    end
+    subgraph C[Docker]
+      A(FusionAuth)
+    end
+  end
+  C --> G
+  style I fill:#999
+`;
+---
+<Diagram {code} alt={alt} />
+<style is:global>
+    foreignObject > div {
+        transform: translateY(-4px);
+    }
+</style>

astro/src/components/docs/operate/secure-and-monitor/elasticDiagram2.astro

@@ -0,0 +1,33 @@
+---
+import Diagram from 'src/components/mermaid/FlowchartDiagram.astro';
+
+const { alt } = Astro.props;
+
+//language=Mermaid
+const code = `
+graph TD
+  subgraph E[Elastic Server]
+    J(Kibana) --> B[(Elasticsearch)]
+    J --> F(Fleet)
+  end
+  subgraph I[Your server]
+    subgraph G[Docker]
+      H[(PostgreSQL)]
+    end
+    subgraph C[Docker]
+      A(FusionAuth)
+      D(Elastic Agent)
+    end
+  end
+  A --> G
+  D --> E
+  style I fill:#999
+  style E fill:#999
+`;
+---
+<Diagram {code} alt={alt} />
+<style is:global>
+    foreignObject > div {
+        transform: translateY(-4px);
+    }
+</style>

astro/src/components/docs/operate/secure-and-monitor/elasticDiagram3.astro

@@ -0,0 +1,29 @@
+---
+import Diagram from 'src/components/mermaid/FlowchartDiagram.astro';
+
+const { alt } = Astro.props;
+
+//language=Mermaid
+const code = `
+graph TD
+  subgraph E[Elastic Server]
+    J(Kibana) --> B[(Elasticsearch)]
+    J --> F(Fleet)
+  end
+  subgraph I[Your server]
+    H[(PostgreSQL)]
+    A(FusionAuth)
+    D(Elastic Agent)
+  end
+  A --> H
+  D --> E
+  style I fill:#999
+  style E fill:#999
+`;
+---
+<Diagram {code} alt={alt} />
+<style is:global>
+    foreignObject > div {
+        transform: translateY(-4px);
+    }
+</style>

astro/src/components/docs/operate/secure-and-monitor/elasticDiagram4.astro

@@ -0,0 +1,36 @@
+---
+import Diagram from 'src/components/mermaid/FlowchartDiagram.astro';
+
+const { alt } = Astro.props;
+
+//language=Mermaid
+const code = `
+graph TD
+  subgraph E[Elastic Server]
+    J(Kibana) --> B[(Elasticsearch)]
+    J --> F(Fleet)
+  end
+  subgraph I[Your server]
+    subgraph G[Docker]
+      H[(PostgreSQL)]
+    end
+    subgraph C[Docker]
+      A(FusionAuth)
+    end
+    subgraph K[Docker]
+      D(Elastic Agent)
+    end
+  end
+  K --> E
+  K --> C
+  C --> G
+  style I fill:#999
+  style E fill:#999
+`;
+---
+<Diagram {code} alt={alt} />
+<style is:global>
+    foreignObject > div {
+        transform: translateY(-4px);
+    }
+</style>

astro/src/components/docs/operate/secure-and-monitor/elasticDiagram5.astro

@@ -0,0 +1,35 @@
+---
+import Diagram from 'src/components/mermaid/FlowchartDiagram.astro';
+
+const { alt } = Astro.props;
+
+//language=Mermaid
+const code = `
+graph TD
+  subgraph Z[Elastic Server]
+    X(Kibana) --> W[(Elasticsearch)]
+    X --> Y(Fleet)
+  end
+  subgraph I[Your server]
+    subgraph G[Docker]
+      H[(PostgreSQL)]
+    end
+    subgraph C[Docker]
+      A(FusionAuth)
+    end
+    subgraph E[Docker]
+      B(Custom metric getter code)
+    end
+  end
+  C --> G
+  B --> |API call| C
+  B --> |API call| W
+  style I fill:#999
+`;
+---
+<Diagram {code} alt={alt} />
+<style is:global>
+    foreignObject > div {
+        transform: translateY(-4px);
+    }
+</style>

astro/src/components/docs/operate/secure-and-monitor/elasticDiagram6.astro

@@ -0,0 +1,39 @@
+---
+import Diagram from 'src/components/mermaid/FlowchartDiagram.astro';
+
+const { alt } = Astro.props;
+
+//language=Mermaid
+const code = `
+graph TD
+  subgraph Z[Elastic Server]
+    X(Kibana) --> W[(Elasticsearch)]
+    X --> Y(Fleet)
+  end
+  subgraph I[Your server]
+    subgraph G[Docker]
+      H[(PostgreSQL)]
+    end
+    subgraph C[Docker]
+      A(FusionAuth)
+    end
+    subgraph E[Docker]
+      B(Custom metric getter code)
+    end
+    subgraph M[Docker]
+      N(Elastic Agent)
+    end
+  end
+  C --> G
+  M --> Z
+  B --> |API call| C
+  B --> |API call| W
+  style I fill:#999
+`;
+---
+<Diagram {code} alt={alt} />
+<style is:global>
+    foreignObject > div {
+        transform: translateY(-4px);
+    }
+</style>

astro/src/content/articles/identity-basics/magic-links.md

@@ -24,17 +24,17 @@ The process starts when a user inputs their email address into a login form. The
 
 By doing so, magic links leverage the security of the user's email provider. If someone can access the magic link, they already have access to the user's email. If the user's email account is compromised, then they likely have bigger problems than someone accessing your service. The magic link is a one-time URL that can only be used once. This means that if someone steals a magic link that has already been used, they cannot use it again. This means that the user gets the ease of logging in to your system without having to present a credential. But they still benefit from the security around the email account, including any protections the email provider has put in place or MFA the user has added.
 
-## Benefits Of Using Magic Links
+## What Are The Benefits Of Using Magic Links
 
-### User Experience (UX):
+### How Do Magic Links Impact User Experience (UX)?
 
 It's no secret that users often struggle with password management. The average user is registered on dozens of online platforms, each requiring a unique password. Remembering these is often challenging, leading to frequent password resets, which further degrade user experience. Magic links simplify this process, requiring only access to an email account.
 
-### Security:
+### Are Magic Links Secure?
 
 Despite being the standard for years, passwords are a known security weak point. Users often reuse passwords across platforms or opt for easy-to-remember (and easy-to-guess) options. By using magic links, we eliminate the risk of password reuse or theft. In addition, the temporary nature of magic links also acts as a security advantage, as each link expires after use or after a set period, whichever happens first. This prevents attackers from using them for malicious purposes.
 
-### Development Simplicity:
+### How Hard Is It To Implement Magic Links?
 
 Implementing a secure password-based system can be a challenge. It involves creating secure password storage, implementing encryption, managing password resets, etc. In comparison, magic link systems can be simpler to implement and maintain. They don't require any changes to existing infrastructure, which makes them a good choice for small and medium businesses. In addition, they can be implemented with fewer resources than other security solutions such as software-based two-factor authentication (2FA) systems or hardware tokens.
 ## Are Magic Links Better Than Passwords?
@@ -55,15 +55,15 @@ To sum up, while passwords have long been the foundation of the authentication p
 
 While magic links provide an attractive alternative to traditional passwords and forgot password links, it's crucial to consider potential drawbacks.
 
-### Email Account Dependence:
+### Are Magic Links Reliant On Email Accounts?
 
 Magic links rely on the security of the user's email account. If a user's email account is compromised, all services using magic links are potentially at risk. It's thus crucial to encourage users to protect their email accounts with strong security measures, like two-factor authentication. Also, some email providers will pre-fetch all links in all emails, which may expire magic links. Make sure you consider this in your implementation.
 
-### Phishing Attacks:
+### Do Magic Links Prevent Phishing Attacks?
 
 Users might be tricked into clicking on malicious links masquerading as magic links. Training users to identify genuine magic links and raising awareness about such threats is essential.
 
-### Security:
+### What Are Security Considerations of Magic Links?
 
 If the user's email account is compromised, all services using magic links are potentially at risk. This issue can be mitigated by encouraging users to protect their email accounts with strong security measures like two-factor authentication and keeping the lifetime of a magic link low.
 
@@ -97,4 +97,4 @@ Finally, it's important to continuously monitor and update the magic link system
 
 Magic links provide a promising alternative to traditional password-based authentication, offering improved user experience and security. As developers, it's our role to adapt to these changing paradigms to offer the best possible security solutions to our users. As we move towards a passwordless future, magic links are certainly worth considering. They're easy to implement, they don't require any special permissions, and they provide a seamless user experience.
 
-Before switching over, ensure your team understands the benefits, risks, and implementation process. Remember, the goal is not just to follow trends but to enhance the overall security and usability of your systems. Embrace the magic of these links, and let's stride towards a more secure digital future.
+Before switching over, ensure your team understands the benefits, risks, and implementation process. Remember, the goal is not just to follow trends but to enhance the overall security and usability of your systems. Embrace the magic of these links, and let's stride towards a more secure digital future.