Merge pull request 'Probably not...' (#2) from feature/updated_compose into main

Reviewed-on: #2

.drone.yml

@@ -10,23 +10,19 @@ steps:
   image: node:latest
   commands:
   - yarn install
-
 - name: Code Style Checks
   image: node:latest
   commands:
   - yarn prettier
-
 - name: Lint
   image: node:latest
   commands:
   - yarn lint
-
 - name: Unit Tests
   image: node:latest
   commands:
   - yarn test
-
-- name: Send Status Notification
+- name: Send Test Status Notification
   image: plugins/webhook
   settings:
     urls: https://lab.mifi.dev/hooks/9p65zpagctgkmndo8nwwm4199r
@@ -41,34 +37,14 @@ steps:
     status:
       - success
       - failure
-
-trigger:
-  event:
-  - push
-
----
-kind: pipeline
-type: docker
-name: Build Pipeline
-
-workspace:
-  path: /drone/grow
-
-steps:
-- name: yarn install
-  image: node:latest
-  commands:
-  - yarn install
-
 - name: Build
   image: node:latest
   commands:
   - yarn build
-
-- name: Send Status Notifications
+- name: Send Build Status Notifications
   image: plugins/webhook
   settings:
-    urls: https://lab.mifi.dev/hooks/ccw34hdf7tgbjmzp96nptn938r
+    urls: https://lab.mifi.dev/hooks/9p65zpagctgkmndo8nwwm4199r
     content_type: application/json
     template: |
       {
@@ -81,14 +57,11 @@ steps:
       - success
       - failure
 
-depends_on:
-  - Test Pipeline
-
 trigger:
   branch:
   - main
   event:
-  - push
+  - pull_request
 
 ---
 kind: pipeline
@@ -99,36 +72,20 @@ workspace:
   path: /drone/grow
 
 steps:
-- name: Build Service
+- name: Build Package
   image: node:latest
   commands:
-    - cp /drone/grow/package.json ./
-    - cp /drone/grow/yarn.lock ./
-    - yarn install --frozen-lockfile
-    - cp -r /drone/grow/* .
+    - yarn install
     - yarn build
 - name: Publish NPM
-  image: plugins/npm
-  settings:
-    username: mifi
-    registry: git.mifi.dev
-    token:
-    - from_secret: gitea_token
-- name: Publish Image
-  image: plugins/docker
-  settings:
-    auto_tag: true
-    squash: true
-    repo: git.mifi.dev/mifi/auth
-    registry: git.mifi.dev
-    ssh-agent-key:
-      from_secret: gitea_token
+  image: node:20-alpine
+  failure: ignore
+  commands:
+    - yarn publish -t ${DRONE_TAG}
   volumes:
-  - name: dockersock
-    Path: /var/run/docker.sock
-  - name: dockerconfig
-    Path: /.docker/config.json
-- name: Send Status Notifications
+  - name: npmrc
+    path: /drone/grow/.npmrc
+- name: Report NPM Publish Status
   image: plugins/webhook
   settings:
     urls: https://lab.mifi.dev/hooks/ccw34hdf7tgbjmzp96nptn938r
@@ -136,7 +93,35 @@ steps:
     template: |
       {
         "icon_url":"https://emojipedia-us.s3.dualstack.us-west-1.amazonaws.com/thumbs/120/apple/198/freezing-face_1f976.png",
-        "text": "[{{ repo.name }} - New tagged docker image release {{tag}} from # {{ build.number }}] Deploy {{ build.status }} {{#success build.status}}:tada:{{else}}:poop:{{/success}}",
+        "text": "[{{ repo.name }} - New npm package release {{tag}} from # {{ build.number }}] Deploy {{ build.status }} {{#success build.status}}:tada:{{else}}:poop:{{/success}}",
+        "username":"DroneBot"
+      }
+  when:
+    status:
+      - success
+      - failure
+- name: Publish Image
+  image: plugins/docker
+  settings:
+    auto_tag: true
+    repo: git.mifi.dev/mifi/mifi/auth
+    registry: git.mifi.dev
+    debug: true
+    ssh-agent-key:
+      from_secret: reg_token    
+    username: <token>
+    password:
+      from_secret: reg_token
+  secrets: [reg_token]
+- name: Report Image Publish Status
+  image: plugins/webhook
+  settings:
+    urls: https://lab.mifi.dev/hooks/ccw34hdf7tgbjmzp96nptn938r
+    content_type: application/json
+    template: |
+      {
+        "icon_url":"https://emojipedia-us.s3.dualstack.us-west-1.amazonaws.com/thumbs/120/apple/198/freezing-face_1f976.png",
+        "text": "[{{ repo.name }} - New docker image release {{tag}} from # {{ build.number }}] Deploy {{ build.status }} {{#success build.status}}:tada:{{else}}:poop:{{/success}}",
         "username":"DroneBot"
       }
   when:
@@ -145,17 +130,20 @@ steps:
       - failure
 
 volumes:
-- name: dockersock
-  path: /var/run/docker.sock
 - name: dockerconfig
-  path: /volume1/docker/labs/grow-auth/dockerconfig.json
+  host:
+    path: /volume1/docker/dockerconfig.json
+- name: dockersock
+  host:
+    path: /var/run/docker.sock
+- name: npmrc
+  host:
+    path: /volume1/docker/beethoven/labs-auth/.npmrc
 
 depends_on:
-  - Build Pipeline
+  - Test Pipeline
 
 trigger:
-  branch:
-  - main
   event:
   - tag
 
@@ -167,24 +155,30 @@ name: Deploy Pipeline
 workspace:
   path: /drone/grow
 
-# image_pull_secrets:
-# - from_secret: gitea_token
-
 steps:
 - name: Deploy Container
   image: docker
+  privileged: true
+  environment:
+    CONTAINER_PREFIX: staging
+    HOST: area51.mifi.dev
+    ROUTE_PREFIX: /auth
+    PORT: 9001
   commands:
-    - compose build .
-    - compose up --wait
+    - docker compose -f docker-compose.staging.yml pull
+    - docker compose -f docker-compose.staging.yml build --no-cache
+    - docker compose -f docker-compose.staging.yml rm --stop
+    - docker compose -f docker-compose.staging.yml up --wait
   volumes:
-  - name: env
-    path: /.env
+  - name: env-secrets
+    path: /drone/grow/staging.env
   - name: dockersock
-    Path: /var/run/docker.sock
+    path: /var/run/docker.sock
   - name: dockerconfig
-    Path: /.docker/config.json
+    path: /drone/grow/.docker/config.json
 - name: Send Status Notifications
   image: plugins/webhook
+  privileged: true
   settings:
     urls: https://lab.mifi.dev/hooks/ccw34hdf7tgbjmzp96nptn938r
     content_type: application/json
@@ -200,18 +194,21 @@ steps:
       - failure
 
 volumes:
-- name: env
-  path: /volume1/docker/labs/grow-auth/.env
-- name: dockersock
-  path: /var/run/docker.sock
 - name: dockerconfig
-  path: /volume1/docker/labs/grow-auth/dockerconfig.json
+  host:
+    path: /volume1/docker/dockerconfig.json
+- name: dockersock
+  host:
+    path: /var/run/docker.sock
+- name: env-secrets
+  host:
+    path: /volume1/docker/beethoven/labs-auth/staging.env
 
 depends_on:
-  - Build Pipeline
+  - Test Pipeline
 
 trigger:
-  branch:
-  - main
   event:
-  - tag
+  - promote
+  target:
+  - production

.env.dev

@@ -0,0 +1,29 @@
+HOST=localhost
+PORT=9001
+
+ROUTE_PREFIX=/auth
+
+LOGIN_ROUTE=/login
+RESET_ROUTE=/reset
+
+DB_ADMIN_USERNAME=root
+DB_ADMIN_PASSWORD=password
+DB_USERNAME=user
+DB_PASSWORD=password
+DB_NAME=auth
+
+MONGO_INITDB_ROOT_USERNAME=$DB_ADMIN_USERNAME
+MONGO_INITDB_ROOT_PASSWORD=$DB_ADMIN_PASSWORD
+MONGO_INITDB_DATABASE=$DB_NAME
+
+SESSION_KEY=shjhakjfhfjdshjksdhfdshfhfduyeyb73te4
+
+JWT_AUDIENCE=Grow.io
+JWT_ISSUER=Grow Latch
+JWT_SECRET=Th!sIs a d3v3lopm3nt server SEcr¢T.
+
+LOGIN_VALID_TIME=12H
+RESET_VALID_MINUTES=15
+DEFAULT_TOKEN_DAYS=1
+
+CONTAINER_PREFIX=dev

Dockerfile

@@ -1,13 +1,3 @@
-# FROM node:20-alpine AS build
-# RUN mkdir -p /home/node/app/node_modules && chown -R node:node /home/node/app
-# WORKDIR /home/node/app
-# COPY package*.json .
-# COPY dist/lib .
-# USER node
-# RUN yarn install --frozen-lockfile --production
-# COPY --chown=node:node node_modules ./node_modules
-# CMD ["node", "dist/lib/server/index.js"]
-
 FROM node:20-alpine AS build
 WORKDIR /home/node/app
 COPY package*.json ./
@@ -15,13 +5,14 @@ COPY tsconfig.json ./
 COPY lib ./lib
 RUN ls -a
 RUN yarn install
-RUN yarn build:production
+RUN yarn build
 
 ## this is stage two , where the app actually runs
 FROM node:20-alpine AS containerize
+ENV NODE_ENV ${ENV:-production}
 WORKDIR /home/node/app
 COPY package*.json ./
 RUN yarn install --frozen-lockfile --production
 COPY --from=0 /home/node/app/dist .
-EXPOSE 80
+EXPOSE ${PORT}
 CMD ["node","server/index.js"]

docker-compose.dev.yml

@@ -0,0 +1,41 @@
+version: '3.8'
+
+services:
+    auth-service_mongo:
+        env_file: .env.dev
+        build:
+            args:
+              - CONTAINER_PREFIX=${CONTAINER_PREFIX}
+        container_name: ${CONTAINER_PREFIX:-dev}-auth-service_mongo
+        ports:
+            - 27017:27017
+        networks:
+            - labs-net
+        volumes:
+            - /var/tmp/labs:/data/db
+            - ./mongo-init.js:/docker-entrypoint-initdb.d/mongo-init.js:ro
+        restart: unless-stopped
+        image: mongo:latest
+    auth-service:
+        env_file: .env.dev
+        build:
+            context: .
+            args:
+              - HOST=${HOST}
+              - PORT=${PORT}
+              - ROUTE_PREFIX=${ROUTE_PREFIX}
+              - CONTAINER_PREFIX=${CONTAINER_PREFIX}
+        container_name: ${CONTAINER_PREFIX:-dev}-auth-service
+        ports:
+            - 9001:9001
+        environment:
+            - DB_HOST=${CONTAINER_PREFIX:-dev}-auth-service_mongo
+        networks:
+            - labs-net
+        restart: unless-stopped
+        image: node:20-alpine
+        depends_on:
+            - auth-service_mongo
+networks:
+    labs-net:
+        name: labs-net

docker-compose.staging.yml

@@ -0,0 +1,39 @@
+version: '3.8'
+
+services:
+    auth-service_mongo:
+        container_name: ${CONTAINER_PREFIX}-auth-service_mongo
+        env_file:
+            - staging.env
+        networks:
+            - docknet
+        volumes:
+            - '/volume1/docker/labs/auth/mongo:/data/db'
+            # - ./mongo-init.js:/docker-entrypoint-initdb.d/mongo-init.js:ro
+        restart: unless-stopped
+        image: mongo:latest
+    auth-service:
+        env_file:
+            - staging.env
+        build: .
+        container_name: ${CONTAINER_PREFIX}-auth-service
+        environment:
+            - DB_HOST=${CONTAINER_PREFIX}-auth-service_mongo
+        labels:
+            - 'traefik.enable=true'
+            - 'traefik.http.routers.grow.rule=Host(`${HOST}`) && Path(`${ROUTE_PREFIX}`)'
+            - 'traefik.http.routers.grow.entrypoints=websecure'
+            - 'traefik.http.routers.grow.tls=true'
+            - 'traefik.http.routers.grow.tls.certresolver=letsencrypt'
+            - 'traefik.http.routers.grow.service=grow-service'
+            - 'traefik.http.services.grow-service.loadbalancer.server.port=${PORT}'
+        networks:
+            - docknet
+        restart: unless-stopped
+        image: node:20-alpine
+        depends_on:
+            - auth-service_mongo
+networks:
+    docknet:
+        name: docknet
+        external: true

docker-compose.staging_image.yml

@@ -0,0 +1,39 @@
+version: '3.8'
+
+services:
+    auth-service_mongo:
+        container_name: ${CONTAINER_PREFIX}-auth-service_mongo
+        env_file:
+            - staging.env
+        networks:
+            - docknet
+        volumes:
+            - '/volume1/docker/labs/auth/mongo:/data/db'
+            # - ./mongo-init.js:/docker-entrypoint-initdb.d/mongo-init.js:ro
+        restart: unless-stopped
+        image: mongo:latest
+    auth-service:
+        env_file:
+            - staging.env
+        build: .
+        container_name: ${CONTAINER_PREFIX}-auth-service
+        environment:
+            - DB_HOST=${CONTAINER_PREFIX}-auth-service_mongo
+        labels:
+            - 'traefik.enable=true'
+            - 'traefik.http.routers.grow.rule=Host(`${HOST}`) && Path(`${ROUTE_PREFIX}`)'
+            - 'traefik.http.routers.grow.entrypoints=websecure'
+            - 'traefik.http.routers.grow.tls=true'
+            - 'traefik.http.routers.grow.tls.certresolver=letsencrypt'
+            - 'traefik.http.routers.grow.service=grow-service'
+            - 'traefik.http.services.grow-service.loadbalancer.server.port=${PORT}'
+        networks:
+            - docknet
+        restart: unless-stopped
+        image: node:20-alpine
+        depends_on:
+            - auth-service_mongo
+networks:
+    docknet:
+        name: docknet
+        external: true

docker-compose.yml

@@ -1,56 +0,0 @@
-version: '3.8'
-
-services:
-    auth-service_mongo:
-        container_name: ${CONTAINER_PREFIX}${SERVICE_NAME}_${DB_TYPE}
-        environment:
-            - ALLOW_EMPTY_PASSWORD=yes
-            - MONGO_INITDB_ROOT_USERNAME=${DB_USER}
-            - MONGO_INITDB_ROOT_PASSWORD=${DB_PASS}
-            - MONGO_INITDB_DATABASE=${DB_NAME}
-        networks:
-            - docknet
-        volumes:
-            - '/volume1/docker/labs/grow-auth/mongo:/data/db'
-        restart: unless-stopped
-        image: mongo
-    auth-service:
-        build: .
-        container_name: ${CONTAINER_PREFIX}-${SERVICE_NAME}
-        environment:
-            - PORT=${PORT}
-            - ROUTE_PREFIX=${ROUTE_PREFIX}
-            - LOGIN_ROUTE=${LOGIN_ROUTE}
-            - RESET_ROUTE=${RESET_ROUTE}
-            - DB_HOST=${CONTAINER_PREFIX}-${SERVICE_NAME}_${DB_TYPE}
-            - DB_USER=${DB_USER}
-            - DB_PASS=${DB_PASS}
-            - DB_NAME=${DB_NAME}
-            - SESSION_KEY=${SESSION_KEY}
-            - JWT_AUDIENCE=${JWT_AUDIENCE}
-            - JWT_ISSUER=${JWT_ISSUER}
-            - JWT_SECRET=${JWT_SECRET}
-            - LOGIN_VALID_TIME=${LOGIN_VALID_TIME}
-            - RESET_VALID_MINUTES=${RESET_VALID_MINUTES}
-            - DEFAULT_TOKEN_DAYS=${DEFAULT_TOKEN_DAYS}
-        labels:
-            - 'traefik.enable=true'
-            - 'traefik.http.routers.grow.rule=Host(`${HOST}`)'
-            - 'traefik.http.routers.grow.rule=Path(`${ROUTE_PREFIX}`)'
-            - 'traefik.http.routers.grow.entrypoints=websecure'
-            - 'traefik.http.routers.grow.tls=true'
-            - 'traefik.http.routers.grow.tls.certresolver=letsencrypt'
-            - 'traefik.http.routers.grow.service=gitea'
-            - 'traefik.http.services.gitea.loadbalancer.server.port=${PORT}'
-        networks:
-            - docknet
-        volumes:
-            - '/Volume1/docker/.yarnrc.yml:/.yarnrc.yml'
-            - '/Volume1/docker/labs/grow-auth/.env:/.env'
-        restart: unless-stopped
-        image: node
-        depends_on:
-            - auth-service_mongo
-networks:
-    docknet:
-        name: docknet

lib/constants/db.ts

@@ -1,5 +1,5 @@
-export const DB_HOST = process.env.DB_HOST || 'mongodb';
+export const DB_HOST = process.env.DB_HOST || 'not_set';
 export const DB_PORT = process.env.DB_PORT || 27017;
-export const DB_USER = process.env.DB_USER || 'test';
-export const DB_PASS = process.env.DB_PASSWORD || 'test';
-export const DB_NAME = process.env.DB_NAME || 'auth';
+export const DB_USERNAME = process.env.DB_USERNAME || 'not_set';
+export const DB_PASSWORD = process.env.DB_PASSWORD || 'not_set';
+export const DB_NAME = process.env.DB_NAME || 'not_set';

lib/constants/env.ts

@@ -1,4 +1,4 @@
-export const PACKAGE_NAME = '@mifi/latch';
+export const PACKAGE_NAME = '@mifi/auth';
 export const PORT = process.env.PORT || 9000;
 
 export const SESSION_KEY = process.env.SESSION_KEY || 'secret-key';

lib/db/index.ts

@@ -1,5 +1,5 @@
 import mongoose from 'mongoose';
 
-import { DB_HOST, DB_NAME, DB_PASS, DB_PORT, DB_USER } from '../constants/db';
+import { DB_HOST, DB_NAME, DB_PASSWORD, DB_PORT, DB_USERNAME } from '../constants/db';
 
-export const connection = mongoose.connect(`mongodb://${DB_USER}:${DB_PASS}@${DB_HOST}:${DB_PORT}/${DB_NAME}`);
+export const connection = mongoose.connect(`mongodb://${DB_USERNAME}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/${DB_NAME}`);

lib/server/controllers/auth.ts

@@ -7,10 +7,17 @@ import Auth from '../../db/model/auth';
 import { sign } from '../../utils/jwt';
 import passport from '../passport';
 import { ErrorCodes, getErrorBody } from '../../constants/errors';
+import { authenticated } from '../middleware/authenication';
 
 const routerOpts: Router.IRouterOptions = { prefix };
 const router: Router = new Router(routerOpts);
 
+router.get('/info', (ctx) => {
+    ctx.body = {
+        service: process.env.SERVICE_NAME,
+    };
+});
+
 router.post('/', async (ctx) => {
     const data = (await Auth.create(ctx.body)).save();
     ctx.body = { success: true, data: { ...data, strategies: undefined } };
@@ -37,7 +44,10 @@ router.post(process.env.RESET_ROUTE || RESET_ROUTE, async (ctx, next) => {
     ctx.body = { success: false, ...getErrorBody(ErrorCodes.RESET_REQUEST_DATA) };
 });
 
-router.patch('/:record', (ctx: Koa.Context) => {
+router.patch('/:record', authenticated(), (ctx: Koa.Context) => {
+    if (ctx.user !== ctx.param.record) {
+        ctx.throw(StatusCodes.UNAUTHORIZED);
+    }
     const data = Auth.findOneAndUpdate({ record: ctx.params.record });
     if (!data) {
         ctx.throw(StatusCodes.NOT_FOUND);

lib/server/index.ts

@@ -1,12 +1,11 @@
-import dotenv from 'dotenv';
-
 import app from './app';
 import { connection } from '../db';
 import { PORT } from '../constants/env';
 
-dotenv.config();
-
 connection.then(
-    () => app.listen(PORT),
-    (err) => console.error('ERROR!', err),
+    () => {
+        app.listen(PORT);
+        console.log('LISTENING', process.env);
+    },
+    (err) => console.error('SERVER ERROR!', { err, env: process.env }),
 );

mongo-init.js

@@ -0,0 +1,12 @@
+/* eslint-disable no-undef */
+db = db.getSiblingDB(process.env.DB_NAME);
+db.createUser({
+    user: process.env.DB_USERNAME,
+    pwd: process.env.DB_PASSWORD,
+    roles: [
+        {
+            role: 'readWrite',
+            db: process.env.DB_NAME,
+        },
+    ],
+});

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mifi/auth",
-  "version": "0.0.6",
+  "version": "0.0.37",
   "author": "mifi (Mike Fitzpatrick)",
   "license": "MIT",
   "scripts": {