Merge pull request #71 from NSWC-Crane/CHRIS_DEV

Minor updates to OIDC configuration

.dockerignore

@@ -3,6 +3,7 @@
 .svn
 .DS_Store
 .vscode
+**/.env
 *.log
 *.tmp
 *.swp

Dockerfile

@@ -1,4 +1,4 @@
-ARG BASE_IMAGE="node:lts"
+ARG BASE_IMAGE="node:lts-alpine"
 FROM ${BASE_IMAGE} as build
 ARG COMMIT_BRANCH="unspecified"
 ARG COMMIT_SHA="unspecified"
@@ -8,34 +8,27 @@ LABEL commit-branch=${COMMIT_BRANCH}
 LABEL commit-sha=${COMMIT_SHA}
 LABEL commit-tag=${COMMIT_TAG}
 LABEL commit-describe=${COMMIT_DESCRIBE}
-
 WORKDIR /app/client
-
 COPY client/package*.json ./
-
 RUN npm install --force
-
 COPY client/. .
-
 RUN npm run build
 
-FROM node:lts
-
-WORKDIR /app/api
-
-COPY api/package*.json ./
-
-RUN npm install
-
-COPY api/. .
-
-COPY --from=build /app/client/dist ../client/dist
-
+FROM ${BASE_IMAGE}
+WORKDIR /home/node
+RUN chown -R node:node /home/node
+USER node
+WORKDIR /home/node/app/api
+COPY --chown=node:node api/package*.json ./
+RUN npm ci
+COPY --chown=node:node api/. .
+COPY --chown=node:node --from=build /app/client/dist ../client/dist
 ENV COMMIT_SHA=${COMMIT_SHA} \
-COMMIT_BRANCH=${COMMIT_BRANCH} \
-COMMIT_TAG=${COMMIT_TAG} \
-COMMIT_DESCRIBE=${COMMIT_DESCRIBE}
-
+    COMMIT_BRANCH=${COMMIT_BRANCH} \
+    COMMIT_TAG=${COMMIT_TAG} \
+    COMMIT_DESCRIBE=${COMMIT_DESCRIBE}
+USER root
+RUN df -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type d -perm -0002 2>/dev/null | xargs chmod a+t 2>/dev/null || true
+USER node
 EXPOSE 8086
-
 CMD ["node", "index.js"]

api/Controllers/Operation.js

@@ -10,10 +10,12 @@
 
 const operationService = require('../Services/mysql/operationService');
 const config = require('../utils/config');
+
 module.exports.getConfiguration = async function getConfiguration(req, res, next) {
     try {
         let dbConfigs = await operationService.getConfiguration()
         let version = { version: config.version }
+        let commit = { commit: config.commit }
         let response = { ...version, ...dbConfigs }
         res.json(response)
     }

api/index.js

@@ -191,7 +191,7 @@ const CPAT = {
   Env: {
     version: "${config.version}",
     apiBase: "${config.client.apiBase}",
-        commit: {
+    commit: {
         branch: "${config.commit.branch}",
         sha: "${config.commit.sha}",
         tag: "${config.commit.tag}",

api/specification/C-PAT.yaml

@@ -3835,6 +3835,8 @@ components:
       properties:
         classification:
           $ref: '#/components/schemas/ApiClassification'
+        commit:
+          $ref: '#/components/schemas/CommitObject'
         version:
           $ref: '#/components/schemas/ApiVersion'
     ApiDefinition:
@@ -3853,6 +3855,26 @@ components:
           $ref: '#/components/schemas/String45'
         value:
           $ref: '#/components/schemas/String255'
+    CommitBranch:
+      type: string
+    CommitDescribe:
+      type: string
+    CommitObject:
+      type: object
+      additionalProperties: false
+      properties:
+        branch:
+          $ref: '#/components/schemas/CommitBranch'
+        describe:
+          $ref: '#/components/schemas/CommitDescribe'
+        sha:
+          $ref: '#/components/schemas/CommitSha'
+        tag:
+          $ref: '#/components/schemas/CommitTag'
+    CommitSha:
+      type: string
+    CommitTag:
+      type: string
     SuccessMessage:
       type: object
       properties:
@@ -5065,5 +5087,5 @@ components:
   securitySchemes:
       oauth:
         type: openIdConnect
-        openIdConnectUrl: https://localhost:2020/realms/RMFTools/.well-known/openid-configuration    
+        openIdConnectUrl: https://localhost:8080/realms/RMFTools/.well-known/openid-configuration    
 

api/utils/config.js

@@ -25,7 +25,7 @@ let config = {
     },
     client: {
         clientId: process.env.CPAT_CLIENT_ID || "c-pat",
-        authority: process.env.CPAT_CLIENT_OIDC_PROVIDER || process.env.CPAT_OIDC_PROVIDER || "http://localhost:2020/auth/realms/RMFTools",
+        authority: process.env.CPAT_OIDC_PROVIDER || "http://localhost:8080/auth/realms/RMFTools",
         apiBase: process.env.CPAT_CLIENT_API_BASE || "api",
         disabled: process.env.CPAT_CLIENT_DISABLED === "true",
         directory: process.env.CPAT_CLIENT_DIRECTORY || '../client/dist',
@@ -48,7 +48,7 @@ let config = {
         docsDirectory: process.env.CPAT_DOCS_DIRECTORY || '../docs/_build/html',
     },
     http: {
-        address: process.env.CPAT_API_ADDRESS || "0.0.0.0",
+        address: process.env.CPAT_API_ADDRESS || "127.0.0.1",
         port: process.env.CPAT_API_PORT || 8086,
         maxJsonBody: process.env.CPAT_API_MAX_JSON_BODY || "31457280",
         maxUpload: process.env.CPAT_API_MAX_UPLOAD || "1073741824"
@@ -78,12 +78,12 @@ let config = {
     },
     swaggerUi: {
         enabled: process.env.CPAT_SWAGGER_ENABLED === "true",
-        authority: process.env.CPAT_SWAGGER_OIDC_PROVIDER || process.env.CPAT_SWAGGER_AUTHORITY || process.env.CPAT_OIDC_PROVIDER || "http://localhost:2020/auth/realms/RMFTools",
+        authority: process.env.CPAT_SWAGGER_OIDC_PROVIDER || process.env.CPAT_OIDC_PROVIDER || "http://localhost:8080/auth/realms/RMFTools",
         server: process.env.CPAT_SWAGGER_SERVER || "http://localhost:8086/api",
         oauth2RedirectUrl: process.env.CPAT_SWAGGER_REDIRECT || "http://localhost:8086/api-docs/oauth2-redirect.html"
     },
     oauth: {
-        authority: process.env.CPAT_OIDC_PROVIDER || process.env.CPAT_API_AUTHORITY || "http://localhost:2020/auth/realms/RMFTools",
+        authority: process.env.CPAT_OIDC_PROVIDER || "http://129.168.1.101:8080/auth/realms/RMFTools",
         claims: {
             scope: process.env.CPAT_JWT_SCOPE_CLAIM || "scope",
             username: process.env.CPAT_JWT_USERNAME_CLAIM || "preferred_username",

client/src/app/app.module.ts

@@ -40,7 +40,8 @@ function getScopeStr(configId: string) {
       `${cpatScopePrefix}c-pat:op`,
       'openid',
       'profile',
-      'email'
+      'email',
+      'offline_access'
     ];
   } else if (configId === 'stigman') {
     scopes = [
@@ -50,7 +51,8 @@ function getScopeStr(configId: string) {
       `${stigmanScopePrefix}stig-manager:user`,
       `${stigmanScopePrefix}stig-manager:user:read`,
       `${stigmanScopePrefix}stig-manager:op`,
-      'openid'
+      'openid',
+      'offline_access'
     ];
   }
 
@@ -83,7 +85,7 @@ function getScopeStr(configId: string) {
           postLoginRoute: '/consent',
           authority: CPAT.Env.oauth.authority,
           redirectUrl: window.location.origin + '/consent',
-          postLogoutRedirectUri: window.location.origin,
+          postLogoutRedirectUri: window.location.origin + '/consent',
           clientId: CPAT.Env.oauth.clientId,
           scope: getScopeStr('cpat'),
           responseType: 'code',
@@ -99,7 +101,7 @@ function getScopeStr(configId: string) {
           configId: 'stigman',
           authority: CPAT.Env.oauth.authority,
           redirectUrl: window.location.origin + '/consent',
-          postLogoutRedirectUri: window.location.origin,
+          postLogoutRedirectUri: window.location.origin + '/consent',
           clientId: CPAT.Env.stigman.clientId,
           scope: getScopeStr('stigman'),
           responseType: 'code',