diff --git a/.dockerignore b/.dockerignore index 7d992f82..283a2890 100644 --- a/.dockerignore +++ b/.dockerignore @@ -3,6 +3,7 @@ .svn .DS_Store .vscode +**/.env *.log *.tmp *.swp diff --git a/Dockerfile b/Dockerfile index c639f8ff..7a03708c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG BASE_IMAGE="node:lts" +ARG BASE_IMAGE="node:lts-alpine" FROM ${BASE_IMAGE} as build ARG COMMIT_BRANCH="unspecified" ARG COMMIT_SHA="unspecified" @@ -8,34 +8,27 @@ LABEL commit-branch=${COMMIT_BRANCH} LABEL commit-sha=${COMMIT_SHA} LABEL commit-tag=${COMMIT_TAG} LABEL commit-describe=${COMMIT_DESCRIBE} - WORKDIR /app/client - COPY client/package*.json ./ - RUN npm install --force - COPY client/. . - RUN npm run build -FROM node:lts - -WORKDIR /app/api - -COPY api/package*.json ./ - -RUN npm install - -COPY api/. . - -COPY --from=build /app/client/dist ../client/dist - +FROM ${BASE_IMAGE} +WORKDIR /home/node +RUN chown -R node:node /home/node +USER node +WORKDIR /home/node/app/api +COPY --chown=node:node api/package*.json ./ +RUN npm ci +COPY --chown=node:node api/. . +COPY --chown=node:node --from=build /app/client/dist ../client/dist ENV COMMIT_SHA=${COMMIT_SHA} \ -COMMIT_BRANCH=${COMMIT_BRANCH} \ -COMMIT_TAG=${COMMIT_TAG} \ -COMMIT_DESCRIBE=${COMMIT_DESCRIBE} - + COMMIT_BRANCH=${COMMIT_BRANCH} \ + COMMIT_TAG=${COMMIT_TAG} \ + COMMIT_DESCRIBE=${COMMIT_DESCRIBE} +USER root +RUN df -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type d -perm -0002 2>/dev/null | xargs chmod a+t 2>/dev/null || true +USER node EXPOSE 8086 - CMD ["node", "index.js"] \ No newline at end of file diff --git a/api/Controllers/Operation.js b/api/Controllers/Operation.js index 0a874286..2cbe6fe6 100644 --- a/api/Controllers/Operation.js +++ b/api/Controllers/Operation.js @@ -10,10 +10,12 @@ const operationService = require('../Services/mysql/operationService'); const config = require('../utils/config'); + module.exports.getConfiguration = async function getConfiguration(req, res, next) { try { let dbConfigs = await operationService.getConfiguration() let version = { version: config.version } + let commit = { commit: config.commit } let response = { ...version, ...dbConfigs } res.json(response) } diff --git a/api/index.js b/api/index.js index d869e77b..a6cb7b6c 100644 --- a/api/index.js +++ b/api/index.js @@ -191,7 +191,7 @@ const CPAT = { Env: { version: "${config.version}", apiBase: "${config.client.apiBase}", - commit: { + commit: { branch: "${config.commit.branch}", sha: "${config.commit.sha}", tag: "${config.commit.tag}", diff --git a/api/specification/C-PAT.yaml b/api/specification/C-PAT.yaml index c4addea3..67650436 100644 --- a/api/specification/C-PAT.yaml +++ b/api/specification/C-PAT.yaml @@ -3835,6 +3835,8 @@ components: properties: classification: $ref: '#/components/schemas/ApiClassification' + commit: + $ref: '#/components/schemas/CommitObject' version: $ref: '#/components/schemas/ApiVersion' ApiDefinition: @@ -3853,6 +3855,26 @@ components: $ref: '#/components/schemas/String45' value: $ref: '#/components/schemas/String255' + CommitBranch: + type: string + CommitDescribe: + type: string + CommitObject: + type: object + additionalProperties: false + properties: + branch: + $ref: '#/components/schemas/CommitBranch' + describe: + $ref: '#/components/schemas/CommitDescribe' + sha: + $ref: '#/components/schemas/CommitSha' + tag: + $ref: '#/components/schemas/CommitTag' + CommitSha: + type: string + CommitTag: + type: string SuccessMessage: type: object properties: @@ -5065,5 +5087,5 @@ components: securitySchemes: oauth: type: openIdConnect - openIdConnectUrl: https://localhost:2020/realms/RMFTools/.well-known/openid-configuration + openIdConnectUrl: https://localhost:8080/realms/RMFTools/.well-known/openid-configuration diff --git a/api/utils/config.js b/api/utils/config.js index eba2baba..648e0e05 100644 --- a/api/utils/config.js +++ b/api/utils/config.js @@ -25,7 +25,7 @@ let config = { }, client: { clientId: process.env.CPAT_CLIENT_ID || "c-pat", - authority: process.env.CPAT_CLIENT_OIDC_PROVIDER || process.env.CPAT_OIDC_PROVIDER || "http://localhost:2020/auth/realms/RMFTools", + authority: process.env.CPAT_OIDC_PROVIDER || "http://localhost:8080/auth/realms/RMFTools", apiBase: process.env.CPAT_CLIENT_API_BASE || "api", disabled: process.env.CPAT_CLIENT_DISABLED === "true", directory: process.env.CPAT_CLIENT_DIRECTORY || '../client/dist', @@ -48,7 +48,7 @@ let config = { docsDirectory: process.env.CPAT_DOCS_DIRECTORY || '../docs/_build/html', }, http: { - address: process.env.CPAT_API_ADDRESS || "0.0.0.0", + address: process.env.CPAT_API_ADDRESS || "127.0.0.1", port: process.env.CPAT_API_PORT || 8086, maxJsonBody: process.env.CPAT_API_MAX_JSON_BODY || "31457280", maxUpload: process.env.CPAT_API_MAX_UPLOAD || "1073741824" @@ -78,12 +78,12 @@ let config = { }, swaggerUi: { enabled: process.env.CPAT_SWAGGER_ENABLED === "true", - authority: process.env.CPAT_SWAGGER_OIDC_PROVIDER || process.env.CPAT_SWAGGER_AUTHORITY || process.env.CPAT_OIDC_PROVIDER || "http://localhost:2020/auth/realms/RMFTools", + authority: process.env.CPAT_SWAGGER_OIDC_PROVIDER || process.env.CPAT_OIDC_PROVIDER || "http://localhost:8080/auth/realms/RMFTools", server: process.env.CPAT_SWAGGER_SERVER || "http://localhost:8086/api", oauth2RedirectUrl: process.env.CPAT_SWAGGER_REDIRECT || "http://localhost:8086/api-docs/oauth2-redirect.html" }, oauth: { - authority: process.env.CPAT_OIDC_PROVIDER || process.env.CPAT_API_AUTHORITY || "http://localhost:2020/auth/realms/RMFTools", + authority: process.env.CPAT_OIDC_PROVIDER || "http://129.168.1.101:8080/auth/realms/RMFTools", claims: { scope: process.env.CPAT_JWT_SCOPE_CLAIM || "scope", username: process.env.CPAT_JWT_USERNAME_CLAIM || "preferred_username", diff --git a/client/src/app/app.module.ts b/client/src/app/app.module.ts index 183583c0..9253471c 100644 --- a/client/src/app/app.module.ts +++ b/client/src/app/app.module.ts @@ -40,7 +40,8 @@ function getScopeStr(configId: string) { `${cpatScopePrefix}c-pat:op`, 'openid', 'profile', - 'email' + 'email', + 'offline_access' ]; } else if (configId === 'stigman') { scopes = [ @@ -50,7 +51,8 @@ function getScopeStr(configId: string) { `${stigmanScopePrefix}stig-manager:user`, `${stigmanScopePrefix}stig-manager:user:read`, `${stigmanScopePrefix}stig-manager:op`, - 'openid' + 'openid', + 'offline_access' ]; } @@ -83,7 +85,7 @@ function getScopeStr(configId: string) { postLoginRoute: '/consent', authority: CPAT.Env.oauth.authority, redirectUrl: window.location.origin + '/consent', - postLogoutRedirectUri: window.location.origin, + postLogoutRedirectUri: window.location.origin + '/consent', clientId: CPAT.Env.oauth.clientId, scope: getScopeStr('cpat'), responseType: 'code', @@ -99,7 +101,7 @@ function getScopeStr(configId: string) { configId: 'stigman', authority: CPAT.Env.oauth.authority, redirectUrl: window.location.origin + '/consent', - postLogoutRedirectUri: window.location.origin, + postLogoutRedirectUri: window.location.origin + '/consent', clientId: CPAT.Env.stigman.clientId, scope: getScopeStr('stigman'), responseType: 'code',