Merge pull request 'Probably not...' (#2) from feature/updated_compose into main

Reviewed-on: #2

.drone.yml

@@ -61,14 +61,12 @@ trigger:
   branch:
   - main
   event:
-  # - pull_request
+  - pull_request
-  - push
 
 ---
 kind: pipeline
 type: docker
 name: Publish Pipeline
-group: publish
 
 workspace:
   path: /drone/grow
@@ -80,16 +78,10 @@ steps:
     - yarn install
     - yarn build
 - name: Publish NPM
-  image: plugins/npm
+  image: node:20-alpine
   failure: ignore
-  settings:
+  commands:
-    username:
+    - yarn publish -t ${DRONE_TAG}
-      from_secret: registry_username
-    password:
-      from_secret: registry_password
-    registry: https://git.mifi.dev/api/packages/mifi/npm
-    token:
-    - from_secret: gitea_token
   volumes:
   - name: npmrc
     path: /drone/grow/.npmrc
@@ -109,34 +101,18 @@ steps:
       - success
       - failure
 - name: Publish Image
-  image: docker
+  image: plugins/docker
-  commands:
+  settings:
-    - docker build -t git.mifi.dev/mifi/mifi/auth:latest -t git.mifi.dev/mifi/mifi/auth:${DRONE_TAG} .
+    auto_tag: true
-    - docker push git.mifi.dev/mifi/mifi/auth:latest
+    repo: git.mifi.dev/mifi/mifi/auth
-  volumes:
+    registry: git.mifi.dev
-  - name: dockersock
+    debug: true
-    path: /var/run/docker.sock
+    ssh-agent-key:
-  - name: dockerconfig
+      from_secret: reg_token    
-    path: /drone/grow/.docker/config.json
+    username: <token>
-# - name: Publish Image
+    password:
-#   image: plugins/docker
+      from_secret: reg_token
-#   settings:
+  secrets: [reg_token]
-#     auto_tag: true
-#     squash: true
-#     repo: git.mifi.dev/mifi/auth
-#     context: mifi
-#     registry: git.mifi.dev
-#     username:
-#       from_secret: registry_username
-#     password:
-#       from_secret: registry_password
-#     ssh-agent-key:
-#       from_secret: gitea_token
-  volumes:
-  - name: dockersock
-    path: /var/run/docker.sock
-  - name: dockerconfig
-    path: /drone/grow/.docker/config.json
 - name: Report Image Publish Status
   image: plugins/webhook
   settings:
@@ -168,10 +144,7 @@ depends_on:
   - Test Pipeline
 
 trigger:
-  # branch:
-  # - main
   event:
-  # - push
   - tag
 
 ---
@@ -186,6 +159,11 @@ steps:
 - name: Deploy Container
   image: docker
   privileged: true
+  environment:
+    CONTAINER_PREFIX: staging
+    HOST: area51.mifi.dev
+    ROUTE_PREFIX: /auth
+    PORT: 9001
   commands:
     - docker compose -f docker-compose.staging.yml pull
     - docker compose -f docker-compose.staging.yml build --no-cache
@@ -224,14 +202,13 @@ volumes:
     path: /var/run/docker.sock
 - name: env-secrets
   host:
-    path: /volume1/docker/beethoven/labs-auth/staging.secrets.env
+    path: /volume1/docker/beethoven/labs-auth/staging.env
 
 depends_on:
   - Test Pipeline
 
 trigger:
-  # branch:
-  # - main
   event:
-  # - push
+  - promote
-  - tag
+  target:
+  - production

.env.staging

@@ -1,6 +0,0 @@
-HOST=area51.mifi.dev
-PORT=9001
-
-ROUTE_PREFIX=/auth
-
-CONTAINER_PREFIX=mifi

Dockerfile

@@ -5,14 +5,14 @@ COPY tsconfig.json ./
 COPY lib ./lib
 RUN ls -a
 RUN yarn install
-RUN yarn build:production
+RUN yarn build
 
 ## this is stage two , where the app actually runs
 FROM node:20-alpine AS containerize
+ENV NODE_ENV ${ENV:-production}
 WORKDIR /home/node/app
 COPY package*.json ./
 RUN yarn install --frozen-lockfile --production
 COPY --from=0 /home/node/app/dist .
-EXPOSE 9001
+EXPOSE ${PORT}
-EXPOSE 27017
 CMD ["node","server/index.js"]

docker-compose.dev.yml

@@ -3,6 +3,9 @@ version: '3.8'
 services:
     auth-service_mongo:
         env_file: .env.dev
+        build:
+            args:
+              - CONTAINER_PREFIX=${CONTAINER_PREFIX}
         container_name: ${CONTAINER_PREFIX:-dev}-auth-service_mongo
         ports:
             - 27017:27017
@@ -15,7 +18,13 @@ services:
         image: mongo:latest
     auth-service:
         env_file: .env.dev
-        build: .
+        build:
+            context: .
+            args:
+              - HOST=${HOST}
+              - PORT=${PORT}
+              - ROUTE_PREFIX=${ROUTE_PREFIX}
+              - CONTAINER_PREFIX=${CONTAINER_PREFIX}
         container_name: ${CONTAINER_PREFIX:-dev}-auth-service
         ports:
             - 9001:9001

docker-compose.staging.yml

@@ -2,24 +2,23 @@ version: '3.8'
 
 services:
     auth-service_mongo:
-        container_name: ${CONTAINER_PREFIX:-mifi}-auth-service_mongo
+        container_name: ${CONTAINER_PREFIX}-auth-service_mongo
         env_file:
-            - .env.staging
             - staging.env
         networks:
             - docknet
         volumes:
             - '/volume1/docker/labs/auth/mongo:/data/db'
+            # - ./mongo-init.js:/docker-entrypoint-initdb.d/mongo-init.js:ro
         restart: unless-stopped
         image: mongo:latest
     auth-service:
         env_file:
-            - .env.staging
             - staging.env
         build: .
-        container_name: ${CONTAINER_PREFIX:-mifi}-auth-service
+        container_name: ${CONTAINER_PREFIX}-auth-service
         environment:
-            - DB_HOST=${CONTAINER_PREFIX:-mifi}-auth-service_mongo
+            - DB_HOST=${CONTAINER_PREFIX}-auth-service_mongo
         labels:
             - 'traefik.enable=true'
             - 'traefik.http.routers.grow.rule=Host(`${HOST}`) && Path(`${ROUTE_PREFIX}`)'

docker-compose.staging_image.yml

@@ -0,0 +1,39 @@
+version: '3.8'
+
+services:
+    auth-service_mongo:
+        container_name: ${CONTAINER_PREFIX}-auth-service_mongo
+        env_file:
+            - staging.env
+        networks:
+            - docknet
+        volumes:
+            - '/volume1/docker/labs/auth/mongo:/data/db'
+            # - ./mongo-init.js:/docker-entrypoint-initdb.d/mongo-init.js:ro
+        restart: unless-stopped
+        image: mongo:latest
+    auth-service:
+        env_file:
+            - staging.env
+        build: .
+        container_name: ${CONTAINER_PREFIX}-auth-service
+        environment:
+            - DB_HOST=${CONTAINER_PREFIX}-auth-service_mongo
+        labels:
+            - 'traefik.enable=true'
+            - 'traefik.http.routers.grow.rule=Host(`${HOST}`) && Path(`${ROUTE_PREFIX}`)'
+            - 'traefik.http.routers.grow.entrypoints=websecure'
+            - 'traefik.http.routers.grow.tls=true'
+            - 'traefik.http.routers.grow.tls.certresolver=letsencrypt'
+            - 'traefik.http.routers.grow.service=grow-service'
+            - 'traefik.http.services.grow-service.loadbalancer.server.port=${PORT}'
+        networks:
+            - docknet
+        restart: unless-stopped
+        image: node:20-alpine
+        depends_on:
+            - auth-service_mongo
+networks:
+    docknet:
+        name: docknet
+        external: true

lib/server/controllers/auth.ts

@@ -7,6 +7,7 @@ import Auth from '../../db/model/auth';
 import { sign } from '../../utils/jwt';
 import passport from '../passport';
 import { ErrorCodes, getErrorBody } from '../../constants/errors';
+import { authenticated } from '../middleware/authenication';
 
 const routerOpts: Router.IRouterOptions = { prefix };
 const router: Router = new Router(routerOpts);
@@ -43,7 +44,10 @@ router.post(process.env.RESET_ROUTE || RESET_ROUTE, async (ctx, next) => {
     ctx.body = { success: false, ...getErrorBody(ErrorCodes.RESET_REQUEST_DATA) };
 });
 
-router.patch('/:record', (ctx: Koa.Context) => {
+router.patch('/:record', authenticated(), (ctx: Koa.Context) => {
+    if (ctx.user !== ctx.param.record) {
+        ctx.throw(StatusCodes.UNAUTHORIZED);
+    }
     const data = Auth.findOneAndUpdate({ record: ctx.params.record });
     if (!data) {
         ctx.throw(StatusCodes.NOT_FOUND);

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mifi/auth",
-  "version": "0.0.31",
+  "version": "0.0.37",
   "author": "mifi (Mike Fitzpatrick)",
   "license": "MIT",
   "scripts": {