Merge branch 'develop'

deploy/docker/.env

@@ -1,4 +1,8 @@
 IDENTITY_SERVER_PORT=8080
 COMMUNITY_SERVER_PORT=8087
 WORKSHOP_SERVER_PORT=8000
-ENABLE_LOG4J=false
+ENABLE_SHELL_INJECTION=false
+ENABLE_LOG4J=false
+LISTEN_IP="127.0.0.1"
+TLS_ENABLED=false
+VERSION=latest

deploy/docker/docker-compose.yml

@@ -10,7 +10,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-
 services:
 
   crapi-identity:
@@ -39,6 +38,7 @@ services:
       - [email protected]
       - SMTP_AUTH=true
       - SMTP_STARTTLS=true
+      - JWT_EXPIRATION=604800000
       - ENABLE_LOG4J=${ENABLE_LOG4J:-false}
       - API_GATEWAY_URL=https://api.mypremiumdealership.com
       - TLS_ENABLED=${TLS_ENABLED:-false}
@@ -53,10 +53,10 @@ services:
       mongodb:
         condition: service_healthy
     healthcheck:
-        test: /app/health.sh
-        interval: 15s
-        timeout: 15s
-        retries: 15
+      test: /app/health.sh
+      interval: 15s
+      timeout: 15s
+      retries: 15
     deploy:
       resources:
         limits:
@@ -92,10 +92,10 @@ services:
       crapi-identity:
         condition: service_healthy
     healthcheck:
-        test: /app/health.sh
-        interval: 15s
-        timeout: 15s
-        retries: 15
+      test: /app/health.sh
+      interval: 15s
+      timeout: 15s
+      retries: 15
     deploy:
       resources:
         limits:
@@ -135,10 +135,10 @@ services:
       crapi-community:
         condition: service_healthy
     healthcheck:
-        test: /app/health.sh
-        interval: 15s
-        timeout: 15s
-        retries: 15
+      test: /app/health.sh
+      interval: 15s
+      timeout: 15s
+      retries: 15
     deploy:
       resources:
         limits:
@@ -164,10 +164,10 @@ services:
       crapi-workshop:
         condition: service_healthy
     healthcheck:
-        test: curl 0.0.0.0:80/web/health
-        interval: 15s
-        timeout: 15s
-        retries: 15
+      test: curl 0.0.0.0:80/web/health
+      interval: 15s
+      timeout: 15s
+      retries: 15
     deploy:
       resources:
         limits:
@@ -184,10 +184,10 @@ services:
     #ports:
     #  - "${LISTEN_IP:-127.0.0.1}:5432:5432"
     healthcheck:
-        test: ["CMD-SHELL", "pg_isready"]
-        interval: 15s
-        timeout: 15s
-        retries: 15
+      test: [ "CMD-SHELL", "pg_isready" ]
+      interval: 15s
+      timeout: 15s
+      retries: 15
     volumes:
       - postgresql-data:/var/lib/postgresql/data/
     deploy:
@@ -205,11 +205,11 @@ services:
     #ports:
     #  - "${LISTEN_IP:-127.0.0.1}:27017:27017"
     healthcheck:
-        test: echo 'db.runCommand("ping").ok' | mongo mongodb:27017/test --quiet
-        interval: 15s
-        timeout: 15s
-        retries: 15
-        start_period: 20s
+      test: echo 'db.runCommand("ping").ok' | mongo mongodb:27017/test --quiet
+      interval: 15s
+      timeout: 15s
+      retries: 15
+      start_period: 20s
     volumes:
       - mongodb-data:/data/db
     deploy:
@@ -226,13 +226,13 @@ services:
       MH_MONGO_URI: admin:crapisecretpassword@mongodb:27017
       MH_STORAGE: mongodb
     ports:
-    #  - "127.0.0.1:1025:1025" # smtp server
+      #  - "127.0.0.1:1025:1025" # smtp server
       - "${LISTEN_IP:-127.0.0.1}:8025:8025" # Mail ui
     healthcheck:
-        test: ["CMD", "nc", "-z", "localhost", "8025"]
-        interval: 15s
-        timeout: 15s
-        retries: 15
+      test: [ "CMD", "nc", "-z", "localhost", "8025" ]
+      interval: 15s
+      timeout: 15s
+      retries: 15
     deploy:
       resources:
         limits:
@@ -245,11 +245,11 @@ services:
     #ports:
     #  - "${LISTEN_IP:-127.0.0.1}:8443:443" # https
     healthcheck:
-        test: curl -vk 0.0.0.0:443
-        interval: 15s
-        timeout: 15s
-        retries: 15
-        start_period: 15s
+      test: echo -n "GET / HTTP/1.1\n\n" > /dev/tcp/api.mypremiumdealership.com/443
+      interval: 15s
+      timeout: 15s
+      retries: 15
+      start_period: 15s
     deploy:
       resources:
         limits:

deploy/docker/scripts/load.sh

@@ -0,0 +1,8 @@
+docker load -i mailhog.tar
+docker load -i gateway-service.tar
+docker load -i crapi-identity.tar
+docker load -i crapi-community.tar
+docker load -i crapi-workshop.tar
+docker load -i crapi-web.tar
+docker load -i postgres.tar
+docker load -i mongo.tar

deploy/docker/scripts/save.sh

@@ -0,0 +1,8 @@
+docker save crapi/mailhog:develop -o mailhog.tar
+docker save crapi/gateway-service:develop -o gateway-service.tar
+docker save crapi/crapi-identity:develop -o crapi-identity.tar
+docker save crapi/crapi-community:develop -o crapi-community.tar
+docker save crapi/crapi-workshop:develop -o crapi-workshop.tar
+docker save crapi/crapi-web:develop -o crapi-web.tar
+docker save postgres:14 -o postgres.tar
+docker save mongo:4.4 -o mongo.tar

deploy/helm/templates/identity/config.yaml

@@ -27,6 +27,7 @@ data:
   SMTP_PASS: {{ .Values.identity.config.smtpPass }}
   SMTP_FROM: {{ .Values.identity.config.smtpFrom }}
   SMTP_AUTH: {{ .Values.identity.config.smtpAuth | quote }}
+  JWT_EXPIRATION: {{ .Values.identity.config.jwtExpiration | quote }}
   SMTP_STARTTLS: {{ .Values.identity.config.smtpStartTLS | quote }}
   SERVER_PORT: {{ .Values.identity.port | quote }}
   API_GATEWAY_URL: {{ if .Values.apiGatewayServiceInstall }}"https://{{ .Values.apiGatewayService.service.name }}"{{ else }}{{ .Values.apiGatewayServiceUrl }}{{ end }}

deploy/helm/values.yaml

@@ -8,7 +8,7 @@ enableShellInjection: true
 imagePullPolicy: Always
 apiGatewayServiceUrl: https://api.mypremiumdealership.com
 apiGatewayServiceInstall: true
-apiGatewayPassword: 
+apiGatewayPassword:
 tlsEnabled: false
 
 waitForK8sResources:
@@ -73,6 +73,7 @@ identity:
     smtpFrom: "[email protected]"
     smtpAuth: true
     smtpStartTLS: true
+    jwtExpiration: 604800000
     keyStoreType: PKCS12
     keyStore: classpath:certs/server.p12
     keyStorePassword: passw0rd

deploy/k8s/base/identity/config.yaml

@@ -7,7 +7,7 @@ metadata:
 data:
   DB_HOST: postgresdb
   DB_DRIVER: postgresql
-  JWT_SECRET: crapi #Used for creating a JWT. Can be anything 
+  JWT_SECRET: crapi #Used for creating a JWT. Can be anything
   DB_USER: admin
   DB_PASSWORD: crapisecretpassword
   DB_NAME: crapi
@@ -24,5 +24,6 @@ data:
   SMTP_PASS: "xxxxxxxxxxxxxx"
   SMTP_FROM: "[email protected]"
   SMTP_AUTH: "true"
+  JWT_EXPIRATION: "604800000"
   SMTP_STARTTLS: "true"
   SERVER_PORT: "8080"

services/community/api/router/routes.go

@@ -18,6 +18,7 @@ import (
 	"fmt"
 	"net/http"
 	"os"
+	"time"
 
 	"crapi.proj/goservice/api/config"
 	"crapi.proj/goservice/api/controllers"
@@ -59,6 +60,12 @@ func (server *Server) InitializeRoutes() *mux.Router {
 
 func (server *Server) Run(addr string) {
 	fmt.Println("Listening to port " + os.Getenv("SERVER_PORT"))
+	srv := &http.Server{
+		Addr:    addr,
+		Handler: server.Router,
+		ReadTimeout:  30 * time.Second,
+		WriteTimeout: 30 * time.Second,
+	}
 	if utils.IsTLSEnabled() {
 		// Check if env variable TLS_CERTIFICATE is set then use it as certificate else default to certs/server.crt
 		certificate, is_cert := os.LookupEnv("TLS_CERTIFICATE")
@@ -70,12 +77,12 @@ func (server *Server) Run(addr string) {
 		if !is_key || key == "" {
 			key = "certs/server.key"
 		}
-		err := http.ListenAndServeTLS(addr, certificate, key, server.Router)
+		err := srv.ListenAndServeTLS(certificate, key)
 		if err != nil {
 			fmt.Println(err)
 		}
 	} else {
-		err := http.ListenAndServe(addr, server.Router)
+		err := srv.ListenAndServe()
 		if err != nil {
 			fmt.Println(err)
 		}

services/identity/.env

@@ -19,6 +19,7 @@ export [email protected]
 export ENABLE_SHELL_INJECTION=false
 export JWT_SECRET=crapi
 export SMTP_HOST=smtp.example.com
+export JWT_EXPIRATION=604800000
 export API_GATEWAY_URL=https://api.mypremiumdealership.com
 export TLS_ENABLED=false
 export TLS_KEYSTORE_TYPE=PKCS12

services/identity/src/main/java/com/crapi/config/JwtProvider.java

@@ -28,6 +28,7 @@
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.math.BigDecimal;
 import java.net.URI;
 import java.net.URLConnection;
 import java.nio.charset.StandardCharsets;
@@ -45,7 +46,7 @@ public class JwtProvider {
   private static final Logger logger = LoggerFactory.getLogger(JwtProvider.class);
 
   @Value("${app.jwtExpiration}")
-  private int jwtExpiration;
+  private String jwtExpiration;
 
   private KeyPair keyPair;
 
@@ -82,11 +83,14 @@ public String getPublicJwkSet() {
    * @return generated token with expire date
    */
   public String generateJwtToken(User user) {
+    int jwtExpirationInt;
+    if (jwtExpiration.contains("e+")) jwtExpirationInt = new BigDecimal(jwtExpiration).intValue();
+    else jwtExpirationInt = Integer.parseInt(jwtExpiration);
     return Jwts.builder()
         .setSubject((user.getEmail()))
         .claim("role", user.getRole().getName())
         .setIssuedAt(new Date())
-        .setExpiration(new Date((new Date()).getTime() + jwtExpiration))
+        .setExpiration(new Date((new Date()).getTime() + jwtExpirationInt))
         .signWith(SignatureAlgorithm.RS256, this.keyPair.getPrivate())
         .compact();
   }

services/identity/src/main/resources/application.properties

@@ -15,7 +15,7 @@ spring.jpa.hibernate.ddl-auto=update
 
 
 app.jwksJson=${JWKS}
-app.jwtExpiration=604800000
+app.jwtExpiration=${JWT_EXPIRATION}
 
 #Mail Configuration
 mail.from=${SMTP_FROM}