Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Linking service #7

Merged
merged 7 commits into from
Aug 12, 2024
Merged

Linking service #7

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
414af25
refactor: move filters to shared
Behzad-rabiei Aug 12, 2024
33f4416
test: add lit tests
Behzad-rabiei Aug 12, 2024
d83af97
ci: add build-push
Behzad-rabiei Aug 12, 2024
426d0e6
fix: update jest and dockerfile
Behzad-rabiei Aug 12, 2024
ee54e2e
ci: fixing docker issues
Behzad-rabiei Aug 12, 2024
b6ce3e5
ci: fixing docker issues
Behzad-rabiei Aug 12, 2024
5546ad7
Merge branch 'main' into linking-service
Behzad-rabiei Aug 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 34 additions & 0 deletions .github/workflows/build-push.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
on:
workflow_call:

env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}

jobs:
build-push:
name: Build + Push Image
runs-on: ubuntu-latest
permissions:
contents: read
packages: write

steps:
- uses: actions/checkout@v4
- uses: docker/setup-buildx-action@v3
- uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: docker/metadata-action@v5
id: meta
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- uses: docker/build-push-action@v5
with:
context: .
target: production
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
92 changes: 36 additions & 56 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,65 +1,45 @@
name: CI Pipeline

on:
push:
branches:
- '**'
push:
branches:
- '**'

env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}

jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: super-linter/super-linter@v5.0.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TYPESCRIPT_DEFAULT_STYLE: prettier
VALIDATE_DOCKERFILE_HADOLINT: false
VALIDATE_JSCPD: false
VALIDATE_PYTHON_FLAKE8: false
VALIDATE_PYTHON_MYPY: false
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: super-linter/super-linter@v5.0.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TYPESCRIPT_DEFAULT_STYLE: prettier
VALIDATE_DOCKERFILE_HADOLINT: false
VALIDATE_JSCPD: false
VALIDATE_PYTHON_FLAKE8: false
VALIDATE_PYTHON_MYPY: false

test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v3
with:
node-version: 20
cache: 'npm'
- run: npm install --force
- run: npm run test
- uses: paambaati/codeclimate-action@v5.0.0
env:
CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }}
with:
coverageCommand: npm run test:cov
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v3
with:
node-version: 20
cache: 'npm'
- run: npm install --force
- run: npm run test
- uses: paambaati/codeclimate-action@v5.0.0
env:
CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }}
with:
coverageCommand: npm run test:cov

# build-push:
# name: Build and Push Image
# runs-on: ubuntu-latest
# needs: [lint, test]
# steps:
# - uses: actions/checkout@v4
# - uses: docker/setup-buildx-action@v3
# - uses: docker/login-action@v3
# with:
# registry: ${{ env.REGISTRY }}
# username: ${{ github.actor }}
# password: ${{ secrets.GITHUB_TOKEN }}
# - uses: docker/metadata-action@v5
# id: meta
# with:
# images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
# - uses: docker/build-push-action@v5
# with:
# context: .
# target: prod
# push: true
# tags: ${{ steps.meta.outputs.tags }}
# labels: ${{ steps.meta.outputs.labels }}
build-push:
needs: [lint, test]
uses: ./.github/workflows/build-push.yml
4 changes: 2 additions & 2 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,11 @@ EXPOSE 3000
CMD ["npm", "run", "start:dev"]

# Stage 3: Production
FROM node:20-alpine AS production
FROM node:20-alpine AS production
WORKDIR /app
COPY --from=builder /app .
COPY . .
RUN npm install --only=production
RUN npm install --only=production --ignore-scripts
EXPOSE 3000
CMD ["node", "dist/main"]

Expand Down
48 changes: 27 additions & 21 deletions docker-compose.dev.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,23 +1,29 @@
version: "3.9"
version: '3.9'

services:
app:
build:
context: .
target: development
dockerfile: Dockerfile
environment:
- NODE_ENV=development
- PORT=3000
- GOOGLE_CLIENT_ID=x
- GOOGLE_CLIENT_SECRET=y
- GOOGLE_CALLBACK_URI=https://github.com/brocoders/nestjs-boilerplate/tree/main/src
- DISCORD_CLIENT_ID=v
- DISCORD_CLIENT_SECRET=b
- DISCORD_CALLBACK_URI=https://github.com/brocoders/nestjs-boilerplate/tree/main/src
- JWT_SECRET=t
- LOG_LEVEL=trace
ports:
- "3000:3000"
volumes:
- ./coverage:/project/coverage
app:
build:
context: .
target: development
dockerfile: Dockerfile
environment:
- NODE_ENV=development
- PORT=3000
- DISCORD_CLIENT_ID=x
- DISCORD_CLIENT_SECRET=-x
- DISCORD_REDIRECT_URI=http://localhost:4000/api/v1/auth/discord/authenticate/callback
- GOOGLE_CLIENT_ID=x
- GOOGLE_CLIENT_SECRET=x
- GOOGLE_REDIRECT_URI=http://localhost:4000/api/v1/auth/google/authenticate/callback
- SESSION_SECRET=x
- JWT_SECRET=x
- WALLET_PRIVATE_KEY=0x85167e00aeed1db6a59945f1f78f997856e2e312cf4e55cde90b740b71f9808c
- WALLET_PUBLIC_KEY=x
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Address potential security risk with WALLET keys.

The WALLET_PRIVATE_KEY and WALLET_PUBLIC_KEY are detected as generic API keys. Ensure these are not hardcoded in production configurations and are securely managed.

- WALLET_PRIVATE_KEY=0x85167e00aeed1db6a59945f1f78f997856e2e312cf4e55cde90b740b71f9808c
- WALLET_PUBLIC_KEY=x
+ WALLET_PRIVATE_KEY=${WALLET_PRIVATE_KEY}
+ WALLET_PUBLIC_KEY=${WALLET_PUBLIC_KEY}
Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- WALLET_PRIVATE_KEY=0x85167e00aeed1db6a59945f1f78f997856e2e312cf4e55cde90b740b71f9808c
- WALLET_PUBLIC_KEY=x
- WALLET_PRIVATE_KEY=${WALLET_PRIVATE_KEY}
- WALLET_PUBLIC_KEY=${WALLET_PUBLIC_KEY}
Tools
Gitleaks

20-21: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

- LOG_LEVEL=info
- FRONTEND_URL=http://localhost:3000
- LIT_NETWORK=datil-dev

ports:
- '3000:3000'
volumes:
- ./coverage:/project/coverage
43 changes: 24 additions & 19 deletions docker-compose.prod.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,21 +1,26 @@
version: "3.9"
version: '3.9'

services:
app:
build:
context: .
target: prod
dockerfile: Dockerfile
environment:
- NODE_ENV=production
- PORT=3000
- GOOGLE_CLIENT_ID=x
- GOOGLE_CLIENT_SECRET=y
- GOOGLE_CALLBACK_URI=https://github.com/brocoders/nestjs-boilerplate/tree/main/src
- DISCORD_CLIENT_ID=v
- DISCORD_CLIENT_SECRET=b
- DISCORD_CALLBACK_URI=https://github.com/brocoders/nestjs-boilerplate/tree/main/src
- JWT_SECRET=t
- LOG_LEVEL=trace
volumes:
- ./coverage:/project/coverage
app:
build:
context: .
target: production
dockerfile: Dockerfile
environment:
- NODE_ENV=production
- PORT=3000
- DISCORD_CLIENT_ID=x
- DISCORD_CLIENT_SECRET=-x
- DISCORD_REDIRECT_URI=x
- GOOGLE_CLIENT_ID=x
- GOOGLE_CLIENT_SECRET=x
- GOOGLE_REDIRECT_URI=x
- SESSION_SECRET=x
- JWT_SECRET=x
- WALLET_PRIVATE_KEY=0x85167e00aeed1db6a59945f1f78f997856e2e312cf4e55cde90b740b71f9808c
- WALLET_PUBLIC_KEY=x
- LOG_LEVEL=info
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security Warning: Potential API Key Exposure.

The WALLET_PRIVATE_KEY appears to be a sensitive value. Ensure that sensitive information is not hardcoded and is securely managed, such as through environment variables or secret management tools.

Tools
Gitleaks

20-21: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

- FRONTEND_URL=http://localhost:3000
- LIT_NETWORK=datil-dev
volumes:
- ./coverage:/project/coverage
43 changes: 24 additions & 19 deletions docker-compose.test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,21 +1,26 @@
version: "3.9"
version: '3.9'

services:
app:
build:
context: .
target: test
dockerfile: Dockerfile
environment:
- NODE_ENV=test
- PORT=3000
- GOOGLE_CLIENT_ID=x
- GOOGLE_CLIENT_SECRET=y
- GOOGLE_CALLBACK_URI=https://github.com/brocoders/nestjs-boilerplate/tree/main/src
- DISCORD_CLIENT_ID=v
- DISCORD_CLIENT_SECRET=b
- DISCORD_CALLBACK_URI=https://github.com/brocoders/nestjs-boilerplate/tree/main/src
- JWT_SECRET=t
- LOG_LEVEL=trace
volumes:
- ./coverage:/project/coverage
app:
build:
context: .
target: test
dockerfile: Dockerfile
environment:
- NODE_ENV=test
- PORT=3000
- DISCORD_CLIENT_ID=x
- DISCORD_CLIENT_SECRET=-x
- DISCORD_REDIRECT_URI=http://localhost:4000/api/v1/auth/discord/authenticate/callback
- GOOGLE_CLIENT_ID=x
- GOOGLE_CLIENT_SECRET=x
- GOOGLE_REDIRECT_URI=http://localhost:4000/api/v1/auth/google/authenticate/callback
- SESSION_SECRET=x
- JWT_SECRET=x
- WALLET_PRIVATE_KEY=0x85167e00aeed1db6a59945f1f78f997856e2e312cf4e55cde90b740b71f9808c
- WALLET_PUBLIC_KEY=x
- LOG_LEVEL=info
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Address potential security risk with WALLET keys.

The WALLET_PRIVATE_KEY and WALLET_PUBLIC_KEY are detected as generic API keys. Ensure these are not hardcoded in production configurations and are securely managed.

- WALLET_PRIVATE_KEY=0x85167e00aeed1db6a59945f1f78f997856e2e312cf4e55cde90b740b71f9808c
- WALLET_PUBLIC_KEY=x
+ WALLET_PRIVATE_KEY=${WALLET_PRIVATE_KEY}
+ WALLET_PUBLIC_KEY=${WALLET_PUBLIC_KEY}
Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- WALLET_PRIVATE_KEY=0x85167e00aeed1db6a59945f1f78f997856e2e312cf4e55cde90b740b71f9808c
- WALLET_PUBLIC_KEY=x
- WALLET_PRIVATE_KEY=${WALLET_PRIVATE_KEY}
- WALLET_PUBLIC_KEY=${WALLET_PUBLIC_KEY}
Tools
Gitleaks

20-21: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

- FRONTEND_URL=http://localhost:3000
- LIT_NETWORK=datil-dev
volumes:
- ./coverage:/project/coverage
36 changes: 12 additions & 24 deletions jest.config.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,25 +1,13 @@
{
"moduleFileExtensions": [
"js",
"json",
"ts"
],
"rootDir": ".",
"testRegex": ".*\\.spec\\.ts$",
"transform": {
"^.+\\.(t|j)s$": "ts-jest"
},
"collectCoverage": true,
"collectCoverageFrom": [
"**/*.(t|j)s"
],
"coverageDirectory": "./coverage",
"coverageReporters": [
"json",
"lcov",
"text",
"clover",
"html"
],
"testEnvironment": "node"
}
"moduleFileExtensions": ["js", "json", "ts"],
"rootDir": ".",
"testRegex": ".*\\.spec\\.ts$",
"transform": {
"^.+\\.(t|j)s$": "ts-jest"
},
"collectCoverage": true,
"collectCoverageFrom": ["src/**/*.ts*"],
"coverageDirectory": "./coverage",
"coverageReporters": ["json", "lcov", "text", "clover", "html"],
"testEnvironment": "node"
}
1 change: 1 addition & 0 deletions src/auth-discord/config/auth-discord.config.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ export const discordConfigSchema = {
.required()
.description('Discord client secret'),
DISCORD_REDIRECT_URI: Joi.string()
.uri()
.required()
.description('Discord redirect URI after OAuth'),
DISCORD_SCOPES: Joi.string()
Expand Down
Loading
Loading