Skip to content

Commit

Permalink
Get client manifest and icons from country-config
Browse files Browse the repository at this point in the history
  • Loading branch information
tareq89 committed Sep 4, 2024
1 parent eebe9b9 commit ce187c2
Show file tree
Hide file tree
Showing 4 changed files with 104 additions and 1 deletion.
14 changes: 14 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -53,13 +53,27 @@
## Improvements

- Fetch child identifier in view record
- Home screen application’s name and icons are to be configured from country configuration package as manifest.json and app icon files are moved from core to country config (check `opencrvs-countryconfig/src/client-static` folder)

## Bug fixes

- On slow connections or in rare corner cases, it was possible that the same record got saved to the database twice. This was caused by a bug in how the unique technical identifier we generate were stored as FHIR. The backend now ensures every record is submitted only once. [#7477](https://github.com/opencrvs/opencrvs-core/issues/7477)

## 1.5.0 (TBD)

### New features

- Certificate handlebar for registration fees `registrationFees` [#6817](https://github.com/opencrvs/opencrvs-core/issues/6817)
- Logged in user details handlebar `loggedInUser` [#6529](https://github.com/opencrvs/opencrvs-core/issues/6529)
- Supporting document fields can now be made required
- If there is only one option in the document uploader select, then it stays hidden and only the upload button is showed with the only option being selected by default

* **ElasticSearch reindexing**

Allows reindexing ElasticSearch via a new search-service endpoint `reindex`. We're replacing the original `ocrvs` index with timestamped ones. This is done automatically when upgrading and migrating, but this is an important architectural change that should be noted. More details in [#7033](https://github.com/opencrvs/opencrvs-core/pull/7033).

- Introduce a new certificate handlebar "preview" which can be used to conditionally render some svg element when previewing the certificate e.g. background image similar to security paper

## Breaking changes

- #### Upgrade node version to 18
Expand Down
2 changes: 1 addition & 1 deletion packages/client/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ RUN apt-get update && apt-get upgrade -y
COPY --from=0 /app/packages/client/build/ /usr/share/nginx/html/

COPY infrastructure/nginx-deploy-config.sh /
COPY infrastructure/nginx-default.conf /etc/nginx/conf.d/default.conf
COPY packages/client/nginx.conf /etc/nginx/conf.d/default.conf

RUN chmod +x /nginx-deploy-config.sh
CMD ["bash", "-c", "'./nginx-deploy-config.sh'"]
76 changes: 76 additions & 0 deletions packages/client/nginx.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at https://mozilla.org/MPL/2.0/.
#
# OpenCRVS is also distributed under the terms of the Civil Registration
# & Healthcare Disclaimer located at http://opencrvs.org/license.
#
# Copyright (C) The OpenCRVS Authors located at https://github.com/opencrvs/opencrvs-core/blob/master/AUTHORS.


# config to don't allow the browser to render the page inside an frame or iframe
# and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking
# if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri
# https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
add_header X-Frame-Options SAMEORIGIN;

# when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header,
# to disable content-type sniffing on some browsers.
# https://www.owasp.org/index.php/List_of_useful_HTTP_headers
# currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx
# http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx
# 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020
add_header X-Content-Type-Options nosniff;

# The 'HTTP Strict Transport Security' (Strict-Transport-Security) HTTP header
# is used to control if the browser is allowed to only access a site over a
# secure connection and how long to remember the server response for thus forcing
# continued usage.Secure configuration: Return the 'Strict-Transport-Security' header
# with an appropriate timeout over a secure connection.
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;";

# A cross-domain policy file is an XML document that grants a web client,
# such as Adobe Flash Player or Adobe Acrobat (though not necessarily limited to these),
# permission to handle data across domains. When clients request content hosted on
# a particular source domain and that content make requests directed towards a domain
# other than its own, the remote domain needs to host a cross-domain policy file
# that grants access to the source domain, allowing the client to continue the transaction.
add_header X-Permitted-Cross-Domain-Policies master-only;

# with Content Security Policy (CSP) enabled(and a browser that supports it(http://caniuse.com/#feat=contentsecuritypolicy),
# you can tell the browser that it can only download content from the domains you explicitly allow
# http://www.html5rocks.com/en/tutorials/security/content-security-policy/
# https://www.owasp.org/index.php/Content_Security_Policy
# I need to change our application code so we can increase security by disabling 'unsafe-inline' 'unsafe-eval'
# directives for css and js(if you have inline css or js, you will need to keep it too).
# more: http://www.html5rocks.com/en/tutorials/security/content-security-policy/#inline-code-considered-harmful
add_header Content-Security-Policy "default-src 'self' {{CONTENT_SECURITY_POLICY_WILDCARD}} *.sentry.io/ sentry.io/; font-src fonts.gstatic.com {{CONTENT_SECURITY_POLICY_WILDCARD}}; object-src 'none'; script-src 'self' 'unsafe-eval' blob: https: http: storage.googleapis.com/workbox-cdn/ sentry.io/api/embed/error-page/; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src 'self' data: http: https: ";

server {
listen 80;
server_name localhost;
server_tokens off;

# country-config related proxy since client's manifest.json is served from country-config
location /manifest.json {
proxy_pass http://countryconfig:3040/static/manifest.json;
}

# country-config related proxy since client's icon files are served from country-config
location /images/ {
proxy_pass http://countryconfig:3040/static/images/;
}

location / {
root /usr/share/nginx/html;
# allows fallback to /index.html so SPAs work
try_files $uri $uri/ /index.html;
}

# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
13 changes: 13 additions & 0 deletions packages/client/vite.config.ts
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,19 @@ export default defineConfig(({ mode }) => {
coverage: {
reporter: ['text', 'json', 'html']
}
},
server: {
// to get the manifest.json and images from country-config during development time
proxy: {
'/manifest.json': {
target: 'http://localhost:3040/static/',
changeOrigin: true
},
'/images/': {
target: 'http://localhost:3040/static/',
changeOrigin: true
}
}
}
}
})

0 comments on commit ce187c2

Please sign in to comment.