Skip to content

Commit

Permalink
Upgrade bcrypt to use node v16 (#666)
Browse files Browse the repository at this point in the history 
* Upgrade bcrypt to use node v16

* Update Dockerfile and versions

* Update test Dockerfile to match production image

* Install git because it is used by scripts

* Copy version file

* Update user permissions

* Create image folder

* Remove unused files and folders

* Update test Dockerfile

* Update restify to v7.7.0

* Update nodejs base image to latest v16
  • Loading branch information
@mpfeil
mpfeil authored Jan 4, 2023
1 parent ac1fa31 commit 84ec180
Show file tree
Hide file tree
Showing 9 changed files with 381 additions and 284 deletions.
2 changes: 1 addition & 1 deletion .dockerignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ version.js
*.md
*-dev.sh
*.log
.github
tests
apidoc
apidoc.json
images
37 changes: 24 additions & 13 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,33 +1,44 @@
FROM node:14.18-alpine as build
# Image selected based on https://snyk.io/blog/choosing-the-best-node-js-docker-image/
# Used best practices from https://snyk.io/blog/10-best-practices-to-containerize-nodejs-web-applications-with-docker/

ENV NODE_ENV=production
# --------------> The build image
FROM node:16.19.0-bullseye-slim as build

RUN apk --no-cache --virtual .build add build-base python2 git
RUN apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends git dumb-init

# taken from node:6-onbuild
#RUN mkdir -p /usr/src/app
WORKDIR /usr/src/app

# copy in main package.json and yarn.lock
# Copy in main package.json and yarn.lock
COPY package.json /usr/src/app/
COPY yarn.lock /usr/src/app/
# copy in workspace package.json files

# Copy in workspace package.json files
COPY packages/api/package.json /usr/src/app/packages/api/
COPY packages/models/package.json /usr/src/app/packages/models/

RUN yarn install --pure-lockfile --production

COPY . /usr/src/app

RUN yarn create-version-file \
&& rm -rf .git .scripts
RUN yarn create-version-file

# Final stage
FROM node:14.18-alpine
# --------------> The production image
FROM node:16.19.0-bullseye-slim

ENV NODE_ENV=production
COPY --from=build /usr/bin/dumb-init /usr/bin/dumb-init
USER node

WORKDIR /usr/src/app
COPY --from=build /usr/src/app /usr/src/app

CMD [ "yarn", "start" ]
COPY --chown=node:node --from=build /usr/src/app/node_modules /usr/src/app/node_modules
COPY --chown=node:node --from=build /usr/src/app/version.js /usr/src/app/version.js
COPY --chown=node:node . /usr/src/app

# Remove unused files and folders
RUN rm -rf .git .scripts

# Create and change ownership of folder to store uploaded images
RUN mkdir -p /usr/src/app/dist/userimages && chown node:node /usr/src/app/dist/userimages

CMD ["dumb-init", "node", "packages/api/app.js"]
4 changes: 3 additions & 1 deletion packages/api/app.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,9 @@ const log = bunyan.createLogger({ name: 'opensensemap-api', serializers: bunyan.

const server = restify.createServer({
name: `opensensemap-api (${getVersion})`,
log
log,
onceNext: true,
strictNext: false,
});

// We're using caddy as proxy. It supplies a 'X-Forwarded-Proto' header
Expand Down
18 changes: 11 additions & 7 deletions packages/api/lib/routes.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,6 @@ const routes = {
{ path: `${managementPath}/boxes/:boxId`, method: 'get', handler: managementController.getBox, reference: 'api-Admin-getBox' },
{ path: `${managementPath}/boxes/:boxId`, method: 'put', handler: managementController.updateBox, reference: 'api-Admin-updateBox' },
{ path: `${managementPath}/boxes/delete`, method: 'post', handler: managementController.deleteBoxes, reference: 'api-Admin-deleteBoxes' },

{ path: `${managementPath}/users`, method: 'get', handler: managementController.listUsers, reference: 'api-Admin-listUsers' },
{ path: `${managementPath}/users/:userId`, method: 'get', handler: managementController.getUser, reference: 'api-Admin-getUser' },
{ path: `${managementPath}/users/:userId`, method: 'put', handler: managementController.updateUser, reference: 'api-Admin-updateUser' },
Expand All @@ -136,16 +135,21 @@ const initRoutes = function initRoutes (server) {
}

// Attach secured routes (needs authorization through jwt)
server.use(verifyJwt);

// The .use() method runs now for all routes
// https://github.com/restify/node-restify/issues/1685
for (const route of routes.auth) {
server[route.method]({ path: route.path }, route.handler);
server[route.method]({ path: route.path }, [verifyJwt, route.handler]);
}

server.use(checkPrivilege);

// Attach verifyJwt and checkPrivilage routes (needs authorization through jwt)
// The .use() method runs now for all routes
// https://github.com/restify/node-restify/issues/1685
for (const route of routes.management) {
server[route.method]({ path: route.path }, route.handler);
server[route.method]({ path: route.path }, [
verifyJwt,
checkPrivilege,
route.handler,
]);
}
};

Expand Down
2 changes: 1 addition & 1 deletion packages/api/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@
"millify": "^5.0.1",
"moment": "^2.29.4",
"ms": "^2.1.3",
"restify": "^5.2.0",
"restify": "7.7.0",
"restify-errors": "^8.0.2",
"simple-statistics": "^7.7.0",
"stringify-stream": "^1.0.5",
Expand Down
2 changes: 1 addition & 1 deletion packages/models/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
"@grpc/proto-loader": "^0.6.4",
"@sensebox/osem-protos": "^1.1.0",
"@sensebox/sketch-templater": "1.12.1",
"bcrypt": "^5.0.1",
"bcrypt": "^5.1.0",
"bunyan": "^1.8.15",
"config": "^3.3.6",
"got": "^11.8.2",
Expand Down
22 changes: 9 additions & 13 deletions tests/tests-Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,25 +1,21 @@
FROM node:14.18-alpine
FROM node:16.19.0-bullseye-slim

# YARN_PRODUCTION=false is a workaround for https://github.com/yarnpkg/yarn/issues/4557
ENV NODE_ENV=production \
YARN_PRODUCTION=false

# taken from node:6-onbuild
RUN mkdir -p /usr/src/app
RUN apt-get update \
&& apt-get upgrade -y \
&& apt-get install -y --no-install-recommends git dumb-init

WORKDIR /usr/src/app

# COPY in dev versions
COPY . /usr/src/app

RUN apk --no-cache --virtual .build add build-base python2 git \
&& yarn install --pure-lockfile --production=false \
&& apk del .build
COPY . /usr/src/app
RUN yarn install --pure-lockfile --production=false

# for git 2.1.4
RUN apk --no-cache --virtual .git add git \
&& yarn create-version-file \
&& rm -rf .git \
&& apk del .git
RUN yarn create-version-file \
&& rm -rf .git

CMD [ "yarn", "start" ]
CMD ["dumb-init", "yarn", "start"]
2 changes: 2 additions & 0 deletions tests/tests/004-users-test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,8 @@ describe('openSenseMap API Routes: /users', function () {
});

it('should deny to change email and password at the same time', function () {
this.timeout(120000);

return chakram.put(`${BASE_URL}/users/me`, { email: '[email protected]', newPassword: '87654321' }, { headers: { 'Authorization': `Bearer ${jwt}` } })
.then(function (response) {
expect(response).to.have.status(400);
Expand Down
Loading

0 comments on commit 84ec180

Please sign in to comment.