Lots of updates! Working in local dev... not sure about staging yet...

Reviewed-on: #3

.drone.yml

@@ -1,70 +1,70 @@
-# kind: pipeline
+kind: pipeline
-# type: docker
+type: docker
-# name: Test Pipeline
+name: Test Pipeline
 
-# workspace:
+workspace:
-#   path: /drone/grow
+  path: /drone/grow
 
-# steps:
+steps:
-# - name: yarn install
+- name: yarn install
-#   image: node:latest
+  image: node:latest
-#   commands:
+  commands:
-#   - yarn install
+  - yarn install
-# - name: Code Style Checks
+- name: Code Style Checks
-#   image: node:latest
+  image: node:latest
-#   commands:
+  commands:
-#   - yarn prettier
+  - yarn prettier
-# - name: Lint
+- name: Lint
-#   image: node:latest
+  image: node:latest
-#   commands:
+  commands:
-#   - yarn lint
+  - yarn lint
-# - name: Unit Tests
+- name: Unit Tests
-#   image: node:latest
+  image: node:latest
-#   commands:
+  commands:
-#   - yarn test
+  - yarn test
-# - name: Send Test Status Notification
+- name: Send Test Status Notification
-#   image: plugins/webhook
+  image: plugins/webhook
-#   settings:
+  settings:
-#     urls: https://lab.mifi.dev/hooks/9p65zpagctgkmndo8nwwm4199r
+    urls: https://lab.mifi.dev/hooks/9p65zpagctgkmndo8nwwm4199r
-#     content_type: application/json
+    content_type: application/json
-#     template: |
+    template: |
-#       {
+      {
-#         "icon_url":"https://emojipedia-us.s3.dualstack.us-west-1.amazonaws.com/thumbs/120/apple/198/freezing-face_1f976.png",
+        "icon_url":"https://emojipedia-us.s3.dualstack.us-west-1.amazonaws.com/thumbs/120/apple/198/freezing-face_1f976.png",
-#         "text": "[{{ repo.name }} - Build # {{ build.number }}] Code Quality Checks {{ build.status }} {{#success build.status}}:tada:{{else}}:poop:{{/success}}",
+        "text": "[{{ repo.name }} - Build # {{ build.number }}] Code Quality Checks {{ build.status }} {{#success build.status}}:tada:{{else}}:poop:{{/success}}",
-#         "username":"DroneBot"
+        "username":"DroneBot"
-#       }
+      }
-#   when:
+  when:
-#     status:
+    status:
-#       - success
+      - success
-#       - failure
+      - failure
-# - name: Build
+- name: Build
-#   image: node:latest
+  image: node:latest
-#   commands:
+  commands:
-#   - yarn build
+  - yarn build
-# - name: Send Build Status Notifications
+- name: Send Build Status Notifications
-#   image: plugins/webhook
+  image: plugins/webhook
-#   settings:
+  settings:
-#     urls: https://lab.mifi.dev/hooks/9p65zpagctgkmndo8nwwm4199r
+    urls: https://lab.mifi.dev/hooks/9p65zpagctgkmndo8nwwm4199r
-#     content_type: application/json
+    content_type: application/json
-#     template: |
+    template: |
-#       {
+      {
-#         "icon_url":"https://emojipedia-us.s3.dualstack.us-west-1.amazonaws.com/thumbs/120/apple/198/freezing-face_1f976.png",
+        "icon_url":"https://emojipedia-us.s3.dualstack.us-west-1.amazonaws.com/thumbs/120/apple/198/freezing-face_1f976.png",
-#         "text": "[{{ repo.name }} - Build # {{ build.number }}] Build package {{ build.status }} {{#success build.status}}:tada:{{else}}:poop:{{/success}}",
+        "text": "[{{ repo.name }} - Build # {{ build.number }}] Build package {{ build.status }} {{#success build.status}}:tada:{{else}}:poop:{{/success}}",
-#         "username":"DroneBot"
+        "username":"DroneBot"
-#       }
+      }
-#   when:
+  when:
-#     status:
+    status:
-#       - success
+      - success
-#       - failure
+      - failure
 
-# trigger:
+trigger:
-#   branch:
+  branch:
-#   - main
+  - main
-#   event:
+  - develop
-#   # - pull_request
+  event:
-#   - push
+  - pull_request
 
-# ---
+---
 kind: pipeline
 type: docker
 name: Publish Pipeline
@@ -73,61 +73,35 @@ workspace:
   path: /drone/grow
 
 steps:
-# - name: Build Package
+- name: Build Package
-#   image: node:latest
+  image: node:latest
-#   commands:
+  commands:
-#     - yarn install
+    - yarn install
-#     - yarn build
+    - yarn build
-# - name: Publish NPM
+- name: Publish NPM
-#   image: node:20-alpine
+  image: node:20-alpine
-#   failure: ignore
-#   commands:
-#     - yarn publish -t ${DRONE_TAG}
-#   volumes:
-#   - name: npmrc
-#     path: /drone/grow/.npmrc
-# - name: Publish NPM
-#   image: plugins/npm
-#   failure: ignore
-#   settings:
-#     username:
-#       from_secret: registry_username
-#     password:
-#       from_secret: registry_password
-#     registry: https://git.mifi.dev/api/packages/mifi/npm
-#     token:
-#     - from_secret: gitea_token
-#   volumes:
-#   - name: npmrc
-#     path: /drone/grow/.npmrc
-# - name: Report NPM Publish Status
-#   image: plugins/webhook
-#   settings:
-#     urls: https://lab.mifi.dev/hooks/ccw34hdf7tgbjmzp96nptn938r
-#     content_type: application/json
-#     template: |
-#       {
-#         "icon_url":"https://emojipedia-us.s3.dualstack.us-west-1.amazonaws.com/thumbs/120/apple/198/freezing-face_1f976.png",
-#         "text": "[{{ repo.name }} - New npm package release {{tag}} from # {{ build.number }}] Deploy {{ build.status }} {{#success build.status}}:tada:{{else}}:poop:{{/success}}",
-#         "username":"DroneBot"
-#       }
-#   when:
-#     status:
-#       - success
-#       - failure
-- name: Publish Image
-  image: docker
   failure: ignore
   commands:
-    - docker login git.mifi.dev
+    - yarn publish -t ${DRONE_TAG}
-    - 'docker build -t git.mifi.dev/mifi/mifi/auth:latest -t git.mifi.dev/mifi/mifi/auth:${DRONE_TAG:-latest} .'
-    - docker push git.mifi.dev/mifi/mifi/auth:latest
   volumes:
-  - name: dockersock
+  - name: npmrc
-    path: /var/run/docker.sock
+    path: /drone/grow/.npmrc
-  - name: dockerconfig
+- name: Report NPM Publish Status
-    path: /drone/grow/.docker/config.json
+  image: plugins/webhook
-- name: Publish Image (plugin)
+  settings:
+    urls: https://lab.mifi.dev/hooks/ccw34hdf7tgbjmzp96nptn938r
+    content_type: application/json
+    template: |
+      {
+        "icon_url":"https://emojipedia-us.s3.dualstack.us-west-1.amazonaws.com/thumbs/120/apple/198/freezing-face_1f976.png",
+        "text": "[{{ repo.name }} - New npm package release {{tag}} from # {{ build.number }}] Deploy {{ build.status }} {{#success build.status}}:tada:{{else}}:poop:{{/success}}",
+        "username":"DroneBot"
+      }
+  when:
+    status:
+      - success
+      - failure
+- name: Publish Image
   image: plugins/docker
   settings:
     auto_tag: true
@@ -167,79 +141,78 @@ volumes:
   host:
     path: /volume1/docker/beethoven/labs-auth/.npmrc
 
-# depends_on:
+depends_on:
-#   - Test Pipeline
+  - Test Pipeline
 
 trigger:
-  branch:
-  - main
   event:
-  - push
+  - tag
-  # - tag
 
-# ---
+---
-# kind: pipeline
+kind: pipeline
-# type: docker
+type: docker
-# name: Deploy Pipeline
+name: Deploy Pipeline
 
-# workspace:
+workspace:
-#   path: /drone/grow
+  path: /drone/grow
 
-# steps:
+clone:
-# - name: Deploy Container
+  disable: true
-#   image: docker
-#   privileged: true
-#   environment:
-#     CONTAINER_PREFIX: staging
-#     HOST: area51.mifi.dev
-#     ROUTE_PREFIX: /auth
-#     PORT: 9001
-#   commands:
-#     - docker compose -f docker-compose.staging.yml pull
-#     - docker compose -f docker-compose.staging.yml build --no-cache
-#     - docker compose -f docker-compose.staging.yml rm --stop
-#     - docker compose -f docker-compose.staging.yml up --wait
-#   volumes:
-#   - name: env-secrets
-#     path: /drone/grow/staging.env
-#   - name: dockersock
-#     path: /var/run/docker.sock
-#   - name: dockerconfig
-#     path: /drone/grow/.docker/config.json
-# - name: Send Status Notifications
-#   image: plugins/webhook
-#   privileged: true
-#   settings:
-#     urls: https://lab.mifi.dev/hooks/ccw34hdf7tgbjmzp96nptn938r
-#     content_type: application/json
-#     template: |
-#       {
-#         "icon_url":"https://emojipedia-us.s3.dualstack.us-west-1.amazonaws.com/thumbs/120/apple/198/freezing-face_1f976.png",
-#         "text": "[{{ repo.name }} - Build # {{ build.number }}] Deploy {{ build.status }} {{#success build.status}}:tada:{{else}}:poop:{{/success}}",
-#         "username":"DroneBot"
-#       }
-#   when:
-#     status:
-#       - success
-#       - failure
 
-# volumes:
+steps:
-# - name: dockerconfig
+- name: Deploy Container
-#   host:
+  image: docker
-#     path: /volume1/docker/dockerconfig.json
+  privileged: true
-# - name: dockersock
+  environment:
-#   host:
+    CONTAINER_PREFIX: staging
-#     path: /var/run/docker.sock
+    HOST: area51.mifi.dev
-# - name: env-secrets
+    ROUTE_PREFIX: /auth
-#   host:
+    PORT: 9001
-#     path: /volume1/docker/beethoven/labs-auth/staging.env
+  commands:
+    - docker compose -f docker-compose.staging-image.yml pull
+    - docker compose -f docker-compose.staging-image.yml build --no-cache
+    - docker compose -f docker-compose.staging-image.yml rm --stop
+    - docker compose -f docker-compose.staging-image.yml up --wait
+  volumes:
+  - name: env-secrets
+    path: /drone/grow/staging.env
+  - name: dockersock
+    path: /var/run/docker.sock
+  - name: dockerconfig
+    path: /drone/grow/.docker/config.json
+- name: Send Status Notifications
+  image: plugins/webhook
+  privileged: true
+  settings:
+    urls: https://lab.mifi.dev/hooks/ccw34hdf7tgbjmzp96nptn938r
+    content_type: application/json
+    template: |
+      {
+        "icon_url":"https://emojipedia-us.s3.dualstack.us-west-1.amazonaws.com/thumbs/120/apple/198/freezing-face_1f976.png",
+        "text": "[{{ repo.name }} - Build # {{ build.number }}] Deploy {{ build.status }} {{#success build.status}}:tada:{{else}}:poop:{{/success}}",
+        "username":"DroneBot"
+      }
+  when:
+    status:
+      - success
+      - failure
 
-# # depends_on:
+volumes:
-# #   - Test Pipeline
+- name: dockerconfig
+  host:
+    path: /volume1/docker/dockerconfig.json
+- name: dockersock
+  host:
+    path: /var/run/docker.sock
+- name: env-secrets
+  host:
+    path: /volume1/docker/beethoven/labs-auth/staging.env
 
-# trigger:
+depends_on:
-#   branch:
+  - Test Pipeline
-#   - main
+
-#   event:
+trigger:
-#   - push
+  event:
-#   # - tag
+  - promote
+  target:
+  - production

.env.dev

@@ -27,3 +27,5 @@ RESET_VALID_MINUTES=15
 DEFAULT_TOKEN_DAYS=1
 
 CONTAINER_PREFIX=dev
+SERVICE_NAME=auth-service
+ENV=development

Dockerfile

@@ -1,4 +1,5 @@
 FROM node:20-alpine AS build
+ENV NODE_ENV development
 WORKDIR /home/node/app
 COPY package*.json ./
 COPY tsconfig.json ./
@@ -13,6 +14,6 @@ ENV NODE_ENV ${ENV:-production}
 WORKDIR /home/node/app
 COPY package*.json ./
 RUN yarn install --frozen-lockfile --production
-COPY --from=0 /home/node/app/dist/**/*.js .
+COPY --from=0 /home/node/app/dist .
-EXPOSE ${PORT}
+EXPOSE ${PORT:-9001}
 CMD ["node","server/index.js"]

docker-compose.dev.yml

@@ -3,16 +3,13 @@ version: '3.8'
 services:
     auth-service_mongo:
         env_file: .env.dev
-        build:
-            args:
-              - CONTAINER_PREFIX=${CONTAINER_PREFIX}
         container_name: ${CONTAINER_PREFIX:-dev}-auth-service_mongo
         ports:
             - 27017:27017
         networks:
-            - labs-net
+            - backend
         volumes:
-            - /var/tmp/labs:/data/db
+            - auth-db:/data
             - ./mongo-init.js:/docker-entrypoint-initdb.d/mongo-init.js:ro
         restart: unless-stopped
         image: mongo:latest
@@ -21,10 +18,8 @@ services:
         build:
             context: .
             args:
-              - HOST=${HOST}
+              - PORT
-              - PORT=${PORT}
+              - ENV
-              - ROUTE_PREFIX=${ROUTE_PREFIX}
-              - CONTAINER_PREFIX=${CONTAINER_PREFIX}
         container_name: ${CONTAINER_PREFIX:-dev}-auth-service
         ports:
             - 9001:9001
@@ -32,6 +27,7 @@ services:
             - DB_HOST=${CONTAINER_PREFIX:-dev}-auth-service_mongo
         networks:
             - labs-net
+            - backend
         restart: unless-stopped
         image: node:20-alpine
         depends_on:
@@ -39,3 +35,7 @@ services:
 networks:
     labs-net:
         name: labs-net
+
+volumes:
+    auth-db:
+        external: true

docker-compose.staging-build.yml

@@ -0,0 +1,47 @@
+version: '3.8'
+
+services:
+    auth-service_mongo:
+        container_name: ${CONTAINER_PREFIX:-staging}-auth-service_mongo
+        env_file:
+            - staging.env
+        networks:
+            - docknet
+        volumes:
+            - 'auth-db:/data'
+            - './mongo-init.js:/docker-entrypoint-initdb.d/mongo-init.js:ro'
+        restart: unless-stopped
+        image: mongo:latest
+    auth-service:
+        env_file:
+            - staging.env
+        build:
+            context: .
+            args:
+              - PORT
+              - ENV
+        container_name: ${CONTAINER_PREFIX:-staging}-auth-service
+        environment:
+            - DB_HOST=${CONTAINER_PREFIX:-staging}-auth-service_mongo
+        labels:
+            - 'traefik.enable=true'
+            - 'traefik.http.routers.grow.rule=Host(`${HOST}`) && Path(`${ROUTE_PREFIX}`)'
+            - 'traefik.http.routers.grow.entrypoints=websecure'
+            - 'traefik.http.routers.grow.tls=true'
+            - 'traefik.http.routers.grow.tls.certresolver=letsencrypt'
+            - 'traefik.http.routers.grow.service=grow-service'
+            - 'traefik.http.services.grow-service.loadbalancer.server.port=${PORT}'
+        networks:
+            - docknet
+        restart: unless-stopped
+        image: node:20-alpine
+        depends_on:
+            - auth-service_mongo
+networks:
+    docknet:
+        name: docknet
+        external: true
+
+volumes:
+    auth-db:
+        external: false

docker-compose.staging-image.yml

@@ -2,23 +2,22 @@ version: '3.8'
 
 services:
     auth-service_mongo:
-        container_name: ${CONTAINER_PREFIX}-auth-service_mongo
+        container_name: ${CONTAINER_PREFIX:-staging}-auth-service_mongo
         env_file:
             - staging.env
         networks:
             - docknet
         volumes:
-            - '/volume1/docker/labs/auth/mongo:/data/db'
+            - auth-db:/data
-            # - ./mongo-init.js:/docker-entrypoint-initdb.d/mongo-init.js:ro
+            - ./mongo-init.js:/docker-entrypoint-initdb.d/mongo-init.js:ro
         restart: unless-stopped
         image: mongo:latest
     auth-service:
         env_file:
             - staging.env
-        build: .
+        container_name: ${CONTAINER_PREFIX:-staging}-auth-service
-        container_name: ${CONTAINER_PREFIX}-auth-service
         environment:
-            - DB_HOST=${CONTAINER_PREFIX}-auth-service_mongo
+            - DB_HOST=${CONTAINER_PREFIX:-staging}-auth-service_mongo
         labels:
             - 'traefik.enable=true'
             - 'traefik.http.routers.grow.rule=Host(`${HOST}`) && Path(`${ROUTE_PREFIX}`)'
@@ -30,10 +29,15 @@ services:
         networks:
             - docknet
         restart: unless-stopped
-        image: node:20-alpine
+        image: git.mifi.dev/mifi/mifi/auth:latest
         depends_on:
             - auth-service_mongo
+
 networks:
     docknet:
         name: docknet
         external: true
+
+volumes:
+    auth-db:
+        external: false

lib/constants/db.ts

@@ -1,5 +1,5 @@
-export const DB_HOST = process.env.DB_HOST || 'not_set';
+export const DB_HOST = process.env.DB_HOST;
 export const DB_PORT = process.env.DB_PORT || 27017;
-export const DB_USERNAME = process.env.DB_USERNAME || 'not_set';
+export const DB_USERNAME = process.env.DB_USERNAME;
-export const DB_PASSWORD = process.env.DB_PASSWORD || 'not_set';
+export const DB_PASSWORD = process.env.DB_PASSWORD;
-export const DB_NAME = process.env.DB_NAME || 'not_set';
+export const DB_NAME = process.env.DB_NAME;

lib/server/controllers/auth.ts

@@ -7,6 +7,7 @@ import Auth from '../../db/model/auth';
 import { sign } from '../../utils/jwt';
 import passport from '../passport';
 import { ErrorCodes, getErrorBody } from '../../constants/errors';
+import { authenticated } from '../middleware/authenication';
 
 const routerOpts: Router.IRouterOptions = { prefix };
 const router: Router = new Router(routerOpts);
@@ -43,7 +44,10 @@ router.post(process.env.RESET_ROUTE || RESET_ROUTE, async (ctx, next) => {
     ctx.body = { success: false, ...getErrorBody(ErrorCodes.RESET_REQUEST_DATA) };
 });
 
-router.patch('/:record', (ctx: Koa.Context) => {
+router.patch('/:record', authenticated(), (ctx: Koa.Context) => {
+    if (ctx.user !== ctx.param.record) {
+        ctx.throw(StatusCodes.UNAUTHORIZED);
+    }
     const data = Auth.findOneAndUpdate({ record: ctx.params.record });
     if (!data) {
         ctx.throw(StatusCodes.NOT_FOUND);

lib/server/index.ts

@@ -5,7 +5,7 @@ import { PORT } from '../constants/env';
 connection.then(
     () => {
         app.listen(PORT);
-        console.log('LISTENING', process.env);
+        console.debug('Server up and listening', { env: process.env });
     },
-    (err) => console.error('SERVER ERROR!', { err, env: process.env }),
+    (err) => console.error('Could not reach database', { err, env: process.env }),
 );

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mifi/auth",
-  "version": "0.0.34",
+  "version": "0.0.38",
   "author": "mifi (Mike Fitzpatrick)",
   "license": "MIT",
   "scripts": {