Skip to content

Commit

Permalink
18941 deploy sta in uat (#64)
Browse files Browse the repository at this point in the history
* Align staging to dev (#37)

Add staging pipeline file (#36)

* add file

* fix

* Update staging (#39)

* Add staging pipeline file (#36)

* add file

* fix

* feat(cli): update seeder (#35)

* Add deploy stage to logto-admin (#38)

---------

Co-authored-by: Norbert Nagy <nagy.norbert1989@gmail.com>
Co-authored-by: William Monteiro <williamwd@users.noreply.github.com>

* fix(cli): fix seeder to handle empty data (#42)

* fix(cli): fix seeder to handle empty data (#41)

fix(cli): fix seeder to handle empty values

* chore(cli): cleanup

* fix(cli): azure pipeline

* [17584] Deploy to staging (#47)

* Add staging pipeline file (#36)

* add file

* fix

* feat(cli): update seeder (#35)

* Add deploy stage to logto-admin (#38)

* fix(cli): fix logto pipeline (#40)

* fix(cli): fix seeder to handle empty data (#41)

fix(cli): fix seeder to handle empty values

* feat: logto uat changes (#43)

* feat: logto uat changes

* Update pipeline-variables/uat.yml

Co-authored-by: Sara Zanellato <47299026+peschina@users.noreply.github.com>

---------

Co-authored-by: Sara Zanellato <47299026+peschina@users.noreply.github.com>

---------

Co-authored-by: Alfonso Graziano <alfonso.graziano@nearform.com>
Co-authored-by: Norbert Nagy <nagy.norbert1989@gmail.com>
Co-authored-by: William Monteiro <williamwd@users.noreply.github.com>

* [18810] Deploy to staging (#50)

* Add staging pipeline file (#36)

* add file

* fix

* feat(cli): update seeder (#35)

* Add deploy stage to logto-admin (#38)

* fix(cli): fix logto pipeline (#40)

* fix(cli): fix seeder to handle empty data (#41)

fix(cli): fix seeder to handle empty values

* feat: logto uat changes (#43)

* feat: logto uat changes

* Update pipeline-variables/uat.yml

Co-authored-by: Sara Zanellato <47299026+peschina@users.noreply.github.com>

---------

Co-authored-by: Sara Zanellato <47299026+peschina@users.noreply.github.com>

* Test migration command in Terraform (#48)

fix: remove seed commands from dockerfile

---------

Co-authored-by: Alfonso Graziano <alfonso.graziano@nearform.com>
Co-authored-by: Norbert Nagy <nagy.norbert1989@gmail.com>
Co-authored-by: William Monteiro <williamwd@users.noreply.github.com>

* [18630] Deploy renamed seeder to staging (#53)

* Add staging pipeline file (#36)

* add file

* fix

* feat(cli): update seeder (#35)

* Add deploy stage to logto-admin (#38)

* fix(cli): fix logto pipeline (#40)

* fix(cli): fix seeder to handle empty data (#41)

fix(cli): fix seeder to handle empty values

* feat: logto uat changes (#43)

* feat: logto uat changes

* Update pipeline-variables/uat.yml

Co-authored-by: Sara Zanellato <47299026+peschina@users.noreply.github.com>

---------

Co-authored-by: Sara Zanellato <47299026+peschina@users.noreply.github.com>

* Test migration command in Terraform (#48)

fix: remove seed commands from dockerfile

* 18630 seed real roles (#45)

* feat(cli): seed roles and permissions into db

* fix(cli): cleanup code

* chore(cli): small update

* chore(cli): refactoring roles

* chore(cli): refactoring organization roles

* chore(cli): update

* chore(cli): rename seeder file (#52)

* chore(cli): rename seeder file

* chore(cli): fix eof new line

---------

Co-authored-by: Alfonso Graziano <alfonso.graziano@nearform.com>
Co-authored-by: Norbert Nagy <nagy.norbert1989@gmail.com>
Co-authored-by: William Monteiro <williamwd@users.noreply.github.com>

* 18941 Deploy dev into stage (#62)

* Add staging pipeline file (#36)

* add file

* fix

* feat(cli): update seeder (#35)

* Add deploy stage to logto-admin (#38)

* fix(cli): fix logto pipeline (#40)

* fix(cli): fix seeder to handle empty data (#41)

fix(cli): fix seeder to handle empty values

* feat: logto uat changes (#43)

* feat: logto uat changes

* Update pipeline-variables/uat.yml

Co-authored-by: Sara Zanellato <47299026+peschina@users.noreply.github.com>

---------

Co-authored-by: Sara Zanellato <47299026+peschina@users.noreply.github.com>

* Test migration command in Terraform (#48)

fix: remove seed commands from dockerfile

* 18630 seed real roles (#45)

* feat(cli): seed roles and permissions into db

* fix(cli): cleanup code

* chore(cli): small update

* chore(cli): refactoring roles

* chore(cli): refactoring organization roles

* chore(cli): update

* chore(cli): rename seeder file (#52)

* chore(cli): rename seeder file

* chore(cli): fix eof new line

* chore: use port 7001 instead of 5001 to avoid conflicts with forms (#56)

* fix(cli): remove secrets from local seeder (#59)

* feat(cli): seed is_third_party flag (#57)

* feat(cli): seed is_third_party flag

* fix(demo-app): trying to ignore the entire seeder local file from gitleaks

* Reverted .gitleaksignore change

---------

Co-authored-by: alfonsograziano <alfonsohack0019@gmail.com>
Co-authored-by: Alfonso Graziano <alfonso.graziano@nearform.com>

* feat(cli): seed multiple redurect uris (#58)

* Feature(ogcio): messaging integration (#60)

* feat(ogcio): added messaging permissions locally

* feat(core): updated seeder for deployments

* chore(core): added EOL

---------

Co-authored-by: Alfonso Graziano <alfonso.graziano@nearform.com>

* Add MyGovId Mock service to Logto (#55)

* feat(demo-app): copied mock service from life events repo

* feat(demo-app): add mock users + fix build

* feat(demo-app): changed port to not clash with 3005 in life-events auth-service

* fix(demo-app): trying to ignore the entire seeder local file from gitleaks

* feat(cli): seeder updates already existing entries (#61)

* feat(cli): seeder updates already existing entries

* feat(cli): seeder file updated

* feat(cli): update

* feat(cli): documenting the seeders limitations

* feat(cli): updated documentation

---------

Co-authored-by: Alfonso Graziano <alfonso.graziano@nearform.com>
Co-authored-by: William Monteiro <williamwd@users.noreply.github.com>
Co-authored-by: Sara Zanellato <47299026+peschina@users.noreply.github.com>
Co-authored-by: Marius Sebastian Besel <145235082+msebastianb@users.noreply.github.com>
Co-authored-by: alfonsograziano <alfonsohack0019@gmail.com>
Co-authored-by: SamSalvatico <40636569+SamSalvatico@users.noreply.github.com>

---------

Co-authored-by: Alfonso Graziano <alfonso.graziano@nearform.com>
Co-authored-by: William Monteiro <williamwd@users.noreply.github.com>
Co-authored-by: Sara Zanellato <47299026+peschina@users.noreply.github.com>
Co-authored-by: Marius Sebastian Besel <145235082+msebastianb@users.noreply.github.com>
Co-authored-by: alfonsograziano <alfonsohack0019@gmail.com>
Co-authored-by: SamSalvatico <40636569+SamSalvatico@users.noreply.github.com>
  • Loading branch information
7 people authored Jul 4, 2024
1 parent 6863c7f commit 6cf11e0
Show file tree
Hide file tree
Showing 37 changed files with 3,595 additions and 372 deletions.
3 changes: 0 additions & 3 deletions .gitleaksignore
Original file line number Diff line number Diff line change
@@ -1,4 +1 @@
/src/packages/connectors/connector-saml/README.md:private-key:101
/src/packages/cli/src/commands/database/ogcio/ogcio-seeder-local.json:generic-api-key:37
/src/packages/cli/src/commands/database/ogcio/ogcio-seeder-local.json:generic-api-key:46
/src/packages/cli/src/commands/database/ogcio/ogcio-seeder-local.json:generic-api-key:157
3 changes: 2 additions & 1 deletion .gitpod.yml
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,8 @@ ports:
port: 5432
visibility: public
onOpen: ignore
- port: 5001
# OGCIO - formsie port collision fixed
- port: 7001
onOpen: ignore
- port: 5002
onOpen: ignore
Expand Down
14 changes: 14 additions & 0 deletions README.OGCIO.md
Original file line number Diff line number Diff line change
Expand Up @@ -113,3 +113,17 @@ This command can take a parameter to specify the input data file, called `seeder
Usage: `npm run cli db ogcio -- --seeder-filepath="DATA_FILE_PATH"`

To seed the default data for local dev environments, run `npm run cli db ogcio -- --seeder-filepath="./packages/cli/src/commands/database/ogcio/ogcio-seeder-local.json"`.

### Limitations

In most cases, we have predefined IDs in our seeder to ensure the same database structure, even if the database was cleared and re-seeded. Logto IDs are simple text fields (no UUID or other validations are applied) with a maximum length of 21 characters. Do not use IDs longer than 21 characters; otherwise, the seeder will fail with a database error!

Be careful when defining a new ID because data duplication is avoided based on this field. If you later want to change the ID of any of your entries, the seeder won't be able to detect the existence of the affected entry, and it will try to create a new one. Creating a duplicate entry with a different ID can cause a database error if some other fields have a unique constraint. If this is not the case, a duplicate entry will be created, which is also a mistake, and we want to avoid any of these situations. Once you have defined an ID, do not change it if unnecessary.

Using resources other than those declared in the seeder's data file is also impossible because referencing any resource outside of the seeder's scope is not supported. The seeder is supposed to create all the required resources and use them to seed the custom configuration into the database.

### Edge cases

Some changes might affect other entries from the database, like the user entities. In this case, a custom migration script is required to resolve the changes necessary to the affected entries. Before any change in the seeder data, analyse the situation to determine if it is safe to perform. The seeder is not intended to resolve conflicts or update other data than the configuration it seeds.

Deletion of existing seeded data via the seeder is not yet possible. Only the permissions (scopes) will be removed and recreated every time the seeder is executed because that is safe and does not cause conflicts with other entries. A custom script or manual action is required for any other data that must be eliminated.
21 changes: 21 additions & 0 deletions mygovid-mock-service/.eslintrc.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
{
"parser": "@typescript-eslint/parser",
"extends": [
"plugin:@typescript-eslint/recommended",
"plugin:prettier/recommended",
"eslint:recommended"
],
"parserOptions": {
"ecmaVersion": 2020,
"sourceType": "module"
},
"rules": {
"no-redeclare": "off",
"no-unused-vars": "off"
},
"env": {
"browser": true,
"node": true
},
"ignorePatterns": ["dist"]
}
2 changes: 2 additions & 0 deletions mygovid-mock-service/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
node_modules
.tap
44 changes: 44 additions & 0 deletions mygovid-mock-service/package.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
{
"name": "mygovid-mock-service",
"version": "1.0.0",
"description": "",
"main": "dist/index.js",
"scripts": {
"test": "TAP_RCFILE=tap.yml tap",
"start": "node dist/index.js",
"dev": "nodemon | pino-pretty",
"lint": "eslint . --ext .ts",
"build": "echo Build script for the MyGovId mock service not needed so far"
},
"nodemonConfig": {
"ext": "ts,json",
"exec": "node --import tsx src/index.ts"
},
"type": "module",
"author": "",
"license": "ISC",
"dependencies": {
"@fastify/cookie": "^9.3.1",
"@fastify/formbody": "^7.4.0",
"@fastify/sensible": "^5.5.0",
"@fastify/type-provider-typebox": "^4.0.0",
"@sinclair/typebox": "^0.32.16",
"fastify": "^4.26.2",
"fastify-plugin": "^4.5.1",
"jose": "^5.2.4"
},
"devDependencies": {
"@types/node": "^20.11.28",
"@typescript-eslint/eslint-plugin": "^7.5.0",
"@typescript-eslint/parser": "^7.5.0",
"eslint": "^8.57.0",
"eslint-config-prettier": "^9.1.0",
"eslint-plugin-prettier": "^5.1.3",
"pino-pretty": "^11.0.0",
"prettier": "^3.2.5",
"tap": "^18.8.0",
"ts-node": "^10.9.2",
"tsx": "^4.7.1",
"typescript": "^5.4.2"
}
}
21 changes: 21 additions & 0 deletions mygovid-mock-service/src/app.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
import fastify, { FastifyServerOptions } from "fastify";
import routes from "./routes/index.js";
import { TypeBoxTypeProvider } from "@fastify/type-provider-typebox";
import sensible from "@fastify/sensible";

export async function build(opts?: FastifyServerOptions) {
const app = fastify(opts).withTypeProvider<TypeBoxTypeProvider>();

app.register(import("@fastify/cookie"), {
hook: "onRequest", // set to false to disable cookie autoparsing or set autoparsing on any of the following hooks: 'onRequest', 'preParsing', 'preHandler', 'preValidation'. default: 'onRequest'
parseOptions: {}, // options for parsing cookies
});

app.register(import("@fastify/formbody"));

app.register(routes);

app.register(sensible);

return app;
}
13 changes: 13 additions & 0 deletions mygovid-mock-service/src/index.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
import { build } from "./app.js";

const app = await build();

app.listen({ host: "0.0.0.0", port: 4005 }, (err, address) => {
if (err) {
console.error(err);
process.exit(1);
}
console.log(`MyGovId Mock Service listening at ${address}`);
});

await app.ready();
6 changes: 6 additions & 0 deletions mygovid-mock-service/src/routes/healthcheck.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
import { FastifyInstance } from "fastify";
export default async function healthCheck(app: FastifyInstance) {
app.get("/health", async () => {
return { status: "ok" };
});
}
8 changes: 8 additions & 0 deletions mygovid-mock-service/src/routes/index.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
import { FastifyInstance } from "fastify";
import healthCheck from "./healthcheck.js";
import logto from "./logto/index.js";

export default async function routes(app: FastifyInstance) {
app.register(healthCheck);
app.register(logto, { prefix: "/logto/mock" });
}
186 changes: 186 additions & 0 deletions mygovid-mock-service/src/routes/logto/index.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,186 @@
import { FastifyInstance } from "fastify";
import fs from "fs";
import path, { dirname } from "path";
import { exportJWK } from "jose";
import { fileURLToPath } from "url";
import { Type } from "@sinclair/typebox";
import {
createMockSignedJwt,
getPublicKey,
streamToString,
} from "./utils/index.js";
import { HttpError } from "../../types/httpErrors.js";

const __dirname = dirname(fileURLToPath(import.meta.url));

export default async function login(app: FastifyInstance) {
app.get<{
Querystring: {
response_type: string;
client_id: string;
redirect_uri: string;
state: string;
nonce: string;
scope: string;
};
}>(
"/auth",
{
schema: {
tags: ["Mock"],
querystring: {
response_type: Type.String(),
client_id: Type.String(),
redirect_uri: Type.String(),
state: Type.String(),
nonce: Type.String(),
scope: Type.String(),
},
response: { 200: Type.String(), 500: HttpError },
},
},
async (request, reply) => {
const { redirect_uri, state } = request.query;

const stream = fs.createReadStream(
path.join(__dirname, "..", "static", "mock-login.html")
);

const result = (await streamToString(stream))
.replace("%REDIRECT_URL%", redirect_uri)
.replace("%STATE%", state);
return reply.type("text/html").send(result);
}
);

app.post<{
Body: {
password: string;
firstName: string;
lastName: string;
email: string;
redirect_url: string;
state: string;
};
}>("/login", async (request, reply) => {
const { password, firstName, lastName, email, redirect_url, state } =
request.body;

if (password !== "123")
reply.redirect(
`/logto/mock/auth?redirect_uri=${redirect_url}&state=${state}`
);

const id_token = await createMockSignedJwt(
{ firstName, lastName, email },
request.headers.origin as unknown as string
);

return reply.redirect(`${redirect_url}?code=${id_token}&state=${state}`);
});

app.post<{
Body: {
code: string;
grant_type: string;
redirect_uri: string;
client_id: string;
client_secret: string;
};
Reply: {
id_token: string;
access_token: string;
token_type: string;
not_before: number;
expires_in: number;
expires_on: number;
id_token_expires_in: number;
profile_info: string;
scope: string;
};
}>(
"/token",
{
schema: {
tags: ["Mock"],
body: Type.Object({
code: Type.String(),
grant_type: Type.String(),
redirect_uri: Type.String(),
client_id: Type.String(),
client_secret: Type.String(),
}),
response: {
200: Type.Object({
id_token: Type.String(),
access_token: Type.String(),
token_type: Type.String(),
not_before: Type.Number(),
expires_in: Type.Number(),
expires_on: Type.Number(),
id_token_expires_in: Type.Number(),
profile_info: Type.String(),
scope: Type.String(),
}),
500: HttpError,
},
},
},
async (request, _) => {
const id_token = request.body.code;
return {
id_token,
access_token: id_token,
token_type: "Bearer",
not_before: Date.now() - 5000,
expires_in: 1800,
expires_on: Date.now() - 5000 + 1800,
id_token_expires_in: 1800,
profile_info:
"eyJ2ZXIiOiIxLjAiLCJ0aWQiOiI4OTc5MmE2ZC0xZWE0LTQxMjYtOTRkZi1hNzFkMjkyZGViYzciLCJzdWIiOm51bGwsIm5hbWUiOm51bGwsInByZWZlcnJlZF91c2VybmFtZSI6bnVsbCwiaWRwIjpudWxsfQ",
scope: "openid",
};
}
);

app.get<{
Reply: {
keys: {
kid: string;
use: string;
kty?: string;
n?: string;
e?: string;
}[];
};
}>(
"/keys",
{
schema: {
tags: ["Mock"],
response: {
200: Type.Object({
keys: Type.Array(
Type.Object({
kid: Type.String(),
use: Type.String(),
kty: Type.Optional(Type.String()),
n: Type.Optional(Type.String()),
e: Type.Optional(Type.String()),
})
),
}),
500: HttpError,
},
},
},
async (request, reply) => {
const publicKey = await getPublicKey();
const { kty, n, e } = await exportJWK(publicKey);

return {
keys: [{ kid: "signingkey.mygovid.v1", use: "sig", kty, n, e }],
};
}
);
}
Loading

0 comments on commit 6cf11e0

Please sign in to comment.