Merge commit '45215115248e1363747fd8628f834ecf0d12a258'

iforge-uos · Apr 27, 2024 · d223951 · d223951
2 parents 430d864 + 4521511
commit d223951
Show file tree

Hide file tree

Showing 65 changed files with 986 additions and 924 deletions.
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
diff --git a/.env.tpl b/.env.tpl
@@ -0,0 +1,8 @@
+OP_CONNECT_TOKEN="op://IT/jcjmzwjh6sjrr2uybko6rrizwu/credential"
+OP_CONNECT_HOST=http://op-api:8080
+EDGEDB_SERVER_ADMIN_UI=enabled
+EDGEDB_SERVER_TLS_CERT_MODE=require_file
+EDGEDB_SERVER_TLS_KEY_FILE=/ignis_certs/ignis_key.pem
+EDGEDB_SERVER_TLS_CERT_FILE=/ignis_certs/ignis_cert.pem
+EDGEDB_SERVER_USER="op://IT/Ignis EdgeDB Docker Prod/username"
+EDGEDB_SERVER_PASSWORD="op://IT/Ignis EdgeDB Docker Prod/password"
diff --git a/.gitignore b/.gitignore
@@ -10,3 +10,4 @@ Thumbs.db
 **/.turbo/**
 deploy/container-images/**
 **/secret/**
+.env
diff --git a/README.md b/README.md
@@ -9,3 +9,21 @@ DESCRIPTION COMING SOON
 ## Manual Install
 
 Each [app](/apps) has installation instructions in its README.
+
+## Docker Compose
+
+```
+# First create the secret dirs
+mkdir -p ./config/secret/{db,op}
+
+# Then create the cert
+./scripts/gen-cert.sh
+
+# Get the 1password-credentials.json and place it in ./config/secret/op
+
+# Next gen the docker compose env from the template
+pnpm env:gen
+
+# Docker compose up
+docker compose up -d
+```
diff --git a/apps/anvil/.dev.env b/apps/anvil/.dev.env
diff --git a/apps/anvil/.env b/apps/anvil/.env
diff --git a/apps/anvil/Dockerfile b/apps/anvil/Dockerfile
@@ -1,3 +1,4 @@
+FROM 1password/op:2 as op
 FROM node:20-alpine AS deps
 WORKDIR /app
 
@@ -29,6 +30,17 @@ FROM node:20-slim AS anvil
 WORKDIR /app
 COPY --from=build /prod/forge ./
 COPY --from=build /app/apps/anvil/dist ./dist
+
+# Create iforge user and set ownership
+RUN useradd -m iforge
+RUN chown -R iforge:iforge /app
+
+# Copy 1Password home directory from the op image
+COPY --from=op --chown=iforge:iforge /home/opuser/ /home/iforge/
+COPY --from=op /usr/local/bin/op /usr/local/bin/op
+
+USER iforge
+
 EXPOSE 3000
 ENV NODE_PATH=/app/node_modules
-CMD node dist/src/main.js
+CMD ["/usr/local/bin/op", "run", "--env-file=/config/.env.production.tpl", "--", "node", "dist/src/main.js"]
diff --git a/apps/anvil/package.json b/apps/anvil/package.json
@@ -7,10 +7,10 @@
   "private": true,
   "scripts": {
     "build": "nest build",
-    "start": "OP_ACCOUNT=iforge.1password.com op run --env-file=.dev.env -- nest start",
-    "dev": "OP_ACCOUNT=iforge.1password.com op run --env-file=.dev.env -- nest start --watch --preserveWatchOutput",
-    "start:debug": "OP_ACCOUNT=iforge.1password.com op run --env-file=.dev.env -- nest start --debug --watch --preserveWatchOutput",
-    "start:prod": "OP_ACCOUNT=iforge.1password.com op run --env-file=.env -- node dist/src/main",
+    "start": "OP_ACCOUNT=iforge.1password.com op run --env-file=../../config/anvil/.env.development.tpl -- nest start",
+    "dev": "OP_ACCOUNT=iforge.1password.com op run --env-file=../../config/anvil/.env.development.tpl -- nest start --watch --preserveWatchOutput",
+    "start:debug": "OP_ACCOUNT=iforge.1password.com op run --env-file=../../config/anvil/.env.development.tpl -- nest start --debug --watch --preserveWatchOutput",
+    "start:prod": "OP_ACCOUNT=iforge.1password.com op run --env-file=../../config/anvil/.env.production.tpl -- node dist/src/main",
     "start:prod:docker": "node dist/src/main.js",
     "start:email": "op run --env-file=.dev.env -- email preview src/email/templates",
     "test": "jest",

diff --git a/apps/anvil/src/app.module.ts b/apps/anvil/src/app.module.ts
@@ -26,14 +26,13 @@ import { UsersModule } from "./users/users.module";
 
 @Module({
   imports: [
+    ConfigModule.forRoot({
+      envFilePath: ".env.production",
+    }),
     EdgeDBModule,
     UsersModule,
     AuthenticationModule,
-    LdapModule,
     ScheduleModule.forRoot(),
-    ConfigModule.forRoot({
-      envFilePath: ".env.production",
-    }),
     ThrottlerModule.forRoot([
       {
         name: "short",
@@ -47,6 +46,7 @@ import { UsersModule } from "./users/users.module";
     SignInModule,
     BullModule.registerQueue({ name: "email" }),
     RootModule,
+    LdapModule,
   ],
   providers: [
     {

diff --git a/apps/anvil/src/auth/authentication/authentication.module.ts b/apps/anvil/src/auth/authentication/authentication.module.ts
@@ -1,17 +1,16 @@
-import { Logger, Module } from "@nestjs/common";
-import { AuthenticationService } from "./authentication.service";
-import { AuthenticationController } from "./authentication.controller";
-import { UsersModule } from "@/users/users.module";
-import { PassportModule } from "@nestjs/passport";
+import { EdgeDBModule } from "@/edgedb/edgedb.module";
 import { LdapModule } from "@/ldap/ldap.module";
-import { DiscordStrategy } from "./strategies/discord.strategy";
-import { LdapAuthStrategy } from "./strategies/ldap.strategy";
-import { JwtModule } from "@nestjs/jwt";
 import { IntegrationsModule } from "@/users/integrations/integrations.module";
+import { UsersModule } from "@/users/users.module";
+import { Logger, Module } from "@nestjs/common";
+import { JwtModule } from "@nestjs/jwt";
+import { PassportModule } from "@nestjs/passport";
+import { AuthenticationController } from "./authentication.controller";
+import { AuthenticationService } from "./authentication.service";
 import { BlacklistService } from "./blacklist/blacklist.service";
-import { JwtStrategy } from "./strategies/jwt.strategy";
-import { EdgeDBModule } from "@/edgedb/edgedb.module";
+import { DiscordStrategy } from "./strategies/discord.strategy";
 import { GoogleStrategy } from "./strategies/google.strategy";
+import { JwtStrategy } from "./strategies/jwt.strategy";
 
 @Module({
   imports: [
@@ -29,15 +28,7 @@ import { GoogleStrategy } from "./strategies/google.strategy";
       }),
     }),
   ],
-  providers: [
-    AuthenticationService,
-    DiscordStrategy,
-    GoogleStrategy,
-    LdapAuthStrategy,
-    BlacklistService,
-    JwtStrategy,
-    Logger,
-  ],
+  providers: [AuthenticationService, DiscordStrategy, GoogleStrategy, BlacklistService, JwtStrategy, Logger],
   controllers: [AuthenticationController],
 })
 export class AuthenticationModule {}
diff --git a/apps/anvil/src/auth/authentication/strategies/ldap.strategy.ts b/apps/anvil/src/auth/authentication/strategies/ldap.strategy.ts
diff --git a/apps/anvil/src/auth/interfaces/ldap-user.interface.ts b/apps/anvil/src/auth/interfaces/ldap-user.interface.ts
@@ -1,18 +1,12 @@
 export interface LdapUser {
-  dn: string;
-  /** User's id */
-  uid: string;
-  cn: string;
-  /** User's surname */
-  sn: string;
-  initials: string;
   /** User's organisational unit */
   ou: string;
-  /** User's email */
-  mail: string;
+  /** User's surname */
+  sn: string;
   /** User's first name */
   givenName: string;
-  shefReportingFaculty: string;
-  userPrincipalName: string;
-  "mS-DS-ConsistencyGuid"?: string;
+  /** User's email */
+  mail: string;
+  uid: string;
+  shefLibraryNumber: string;
 }