From 5d70c5e06332e1473bb9c47dc2d60843b96d808f Mon Sep 17 00:00:00 2001 From: einhorn_b Date: Thu, 4 Jan 2024 17:36:44 +0100 Subject: [PATCH 01/34] add hetzner_cloud deployment folder, simplify config --- deployment/bare_metal/.env.dist | 117 ++++++++-------- deployment/bare_metal/doc/server.drawio | 118 ++++++++++++++++ .../sites-available/gradido.conf.ssl.template | 128 ------------------ .../sites-available/gradido.conf.template | 2 +- .../update-page.conf.ssl.template | 37 ----- deployment/bare_metal/start.sh | 8 +- deployment/hetzner_cloud/README.md | 82 +++++++++++ deployment/hetzner_cloud/cloudConfig.yaml | 46 +++++++ deployment/hetzner_cloud/install.sh | 60 ++++++++ deployment/hetzner_cloud/mysql_secure.sh | 33 +++++ nginx/gradido.conf | 2 +- 11 files changed, 403 insertions(+), 230 deletions(-) create mode 100644 deployment/bare_metal/doc/server.drawio delete mode 100644 deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template delete mode 100644 deployment/bare_metal/nginx/sites-available/update-page.conf.ssl.template create mode 100644 deployment/hetzner_cloud/README.md create mode 100644 deployment/hetzner_cloud/cloudConfig.yaml create mode 100644 deployment/hetzner_cloud/install.sh create mode 100644 deployment/hetzner_cloud/mysql_secure.sh diff --git a/deployment/bare_metal/.env.dist b/deployment/bare_metal/.env.dist index 1335e06a5..9abc739fb 100644 --- a/deployment/bare_metal/.env.dist +++ b/deployment/bare_metal/.env.dist @@ -1,45 +1,25 @@ -GRADIDO_LOG_PATH=/home/gradido/gradido/deployment/bare_metal/log - -# start script -DEPLOY_SEED_DATA=false - -# nginx -NGINX_REWRITE_LEGACY_URLS=true -NGINX_SSL=true -NGINX_SERVER_NAME=stage1.gradido.net -NGINX_SSL_CERTIFICATE=/etc/letsencrypt/live/stage1.gradido.net/fullchain.pem -NGINX_SSL_CERTIFICATE_KEY=/etc/letsencrypt/live/stage1.gradido.net/privkey.pem -NGINX_SSL_DHPARAM=/etc/letsencrypt/ssl-dhparams.pem -NGINX_SSL_INCLUDE=/etc/letsencrypt/options-ssl-nginx.conf -NGINX_UPDATE_PAGE_ROOT=/home/gradido/gradido/deployment/bare_metal/nginx/update-page - -# webhook -WEBHOOK_GITHUB_SECRET=secret -WEBHOOK_GITHUB_BRANCH=master - -# community -COMMUNITY_NAME="Gradido Development Stage1" -COMMUNITY_URL=https://stage1.gradido.net/ -COMMUNITY_REGISTER_URL=https://stage1.gradido.net/register -COMMUNITY_REDEEM_URL=https://stage1.gradido.net/redeem/{code} -COMMUNITY_REDEEM_CONTRIBUTION_URL=https://stage1.gradido.net/redeem/CL-{code} -COMMUNITY_DESCRIPTION="Gradido Development Stage1 Test Community" +# Need to adjust! +COMMUNITY_NAME="Your community name" +COMMUNITY_DESCRIPTION="Short Description from your Community." +COMMUNITY_URL=gddhost.tld COMMUNITY_SUPPORT_MAIL=support@supportmail.com -# backend +# Need to adjust by updates +# config versions +DATABASE_CONFIG_VERSION=v1.2022-03-18 BACKEND_CONFIG_VERSION=v17.2023-07-03 +FRONTEND_CONFIG_VERSION=v4.2022-12-20 +ADMIN_CONFIG_VERSION=v1.2022-03-18 +FEDERATION_CONFIG_VERSION=v1.2023-01-09 +FEDERATION_DHT_CONFIG_VERSION=v3.2023-04-26 -JWT_EXPIRES_IN=10m -GDT_API_URL=https://gdt.gradido.net - -TYPEORM_LOGGING_RELATIVE_PATH=../deployment/bare_metal/log/typeorm.backend.log - -KLICKTIPP=false -KLICKTIPP_USER= -KLICKTIPP_PASSWORD= -KLICKTIPP_APIKEY_DE= -KLICKTIPP_APIKEY_EN= +# Need adjustments for test system +URL_PROTOCOL=https +# start script +# only for test server +DEPLOY_SEED_DATA=false +# setup email account for sending gradido system messages to users EMAIL=true EMAIL_TEST_MODUS=false EMAIL_TEST_RECEIVER=test_team@gradido.net @@ -47,41 +27,57 @@ EMAIL_USERNAME=peter@lustig.de EMAIL_SENDER=peter@lustig.de EMAIL_PASSWORD=1234 EMAIL_SMTP_URL=smtp.lustig.de -EMAIL_LINK_VERIFICATION=https://stage1.gradido.net/checkEmail/{optin}{code} -EMAIL_LINK_SETPASSWORD=https://stage1.gradido.net/reset-password/{optin} -EMAIL_LINK_FORGOTPASSWORD=https://stage1.gradido.net/forgot-password -EMAIL_LINK_OVERVIEW=https://stage1.gradido.net/overview EMAIL_CODE_VALID_TIME=1440 EMAIL_CODE_REQUEST_TIME=10 -WEBHOOK_ELOPAGE_SECRET=secret +# Logging +GRADIDO_LOG_PATH=/home/gradido/gradido/deployment/bare_metal/log +TYPEORM_LOGGING_RELATIVE_PATH=/home/gradido/gradido/deployment/bare_metal/log/typeorm.backend.log + +# webhook +WEBHOOK_GITHUB_SECRET=secret +WEBHOOK_GITHUB_BRANCH=master + +# frontend and admin paths, usually don't need changes +# used in nginx config and for links in emails +WALLET_PATH=/login +COMMUNITY_REGISTER_PATH=/register +COMMUNITY_REDEEM_PATH=/redeem/{code} +COMMUNITY_REDEEM_CONTRIBUTION_PATH=/redeem/CL-{code} +WALLET_AUTH_PATH=/authenticate?token={token} +EMAIL_LINK_VERIFICATION=/checkEmail/{optin}{code} +EMAIL_LINK_SETPASSWORD=/reset-password/{optin} +EMAIL_LINK_FORGOTPASSWORD=/forgot-password +EMAIL_LINK_OVERVIEW=/overview +ADMIN_AUTH_PATH=/admin/authenticate?token={token} +GRAPHQL_PATH=/graphql + +# login expire time +JWT_EXPIRES_IN=10m # Federation -FEDERATION_DHT_CONFIG_VERSION=v3.2023-04-26 # if you set the value of FEDERATION_DHT_TOPIC, the DHT hyperswarm will start to announce and listen # on an hash created from this topic # FEDERATION_DHT_TOPIC=GRADIDO_HUB # FEDERATION_DHT_SEED=64ebcb0e3ad547848fef4197c6e2332f -FEDERATION_COMMUNITY_URL=http://stage1.gradido.net # the api port is the baseport, which will be added with the api-version, e.g. 1_0 = 5010 FEDERATION_COMMUNITY_API_PORT=5000 -FEDERATION_CONFIG_VERSION=v1.2023-01-09 # comma separated list of api-versions, which cause starting several federation modules FEDERATION_COMMUNITY_APIS=1_0,1_1 -# database -DATABASE_CONFIG_VERSION=v1.2022-03-18 +# externe gradido services (more added in future) +GDT_API_URL=https://gdt.gradido.net -# frontend -FRONTEND_CONFIG_VERSION=v4.2022-12-20 +# used for combining a newsletter on klicktipp with this gradido community +# if used, user will be subscribed on register and can unsubscribe in his account +KLICKTIPP=false +KLICKTIPP_USER= +KLICKTIPP_PASSWORD= +KLICKTIPP_APIKEY_DE= +KLICKTIPP_APIKEY_EN= -GRAPHQL_URI=https://stage1.gradido.net/graphql -ADMIN_AUTH_URL=https://stage1.gradido.net/admin/authenticate?token={token} - -DEFAULT_PUBLISHER_ID=2896 - -META_URL=http://localhost +# Meta data in frontend pages, important when shared via facebook or twitter or for search engines META_TITLE_DE="Gradido – Dein Dankbarkeitskonto" META_TITLE_EN="Gradido - Your gratitude account" META_DESCRIPTION_DE="Dankbarkeit ist die Währung der neuen Zeit. Immer mehr Menschen entfalten ihr Potenzial und gestalten eine gute Zukunft für alle." @@ -90,8 +86,11 @@ META_KEYWORDS_DE="Grundeinkommen, Währung, Dankbarkeit, Schenk-Ökonomie, Natü META_KEYWORDS_EN="Basic Income, Currency, Gratitude, Gift Economy, Natural Economy of Life, Economy, Ecology, Potential Development, Giving and Thanking, Cycle of Life, Monetary System" META_AUTHOR="Bernd Hückstädt - Gradido-Akademie" -# admin -ADMIN_CONFIG_VERSION=v1.2022-03-18 +# update page shown while updating gradido +# page will be fed with status changes +NGINX_UPDATE_PAGE_ROOT=/home/gradido/gradido/deployment/bare_metal/nginx/update-page -WALLET_AUTH_URL=https://stage1.gradido.net/authenticate?token={token} -WALLET_URL=https://stage1.gradido.net/login +# LEGACY +NGINX_REWRITE_LEGACY_URLS=false +DEFAULT_PUBLISHER_ID=2896 +WEBHOOK_ELOPAGE_SECRET=secret \ No newline at end of file diff --git a/deployment/bare_metal/doc/server.drawio b/deployment/bare_metal/doc/server.drawio new file mode 100644 index 000000000..e65220821 --- /dev/null +++ b/deployment/bare_metal/doc/server.drawio @@ -0,0 +1,118 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template deleted file mode 100644 index a99327745..000000000 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template +++ /dev/null @@ -1,128 +0,0 @@ -server { - if ($host = $NGINX_SERVER_NAME) { - return 301 https://$host$request_uri; - } - - server_name $NGINX_SERVER_NAME; - listen 80; - listen [::]:80; - return 404; -} - -server { - server_name $NGINX_SERVER_NAME; - - listen [::]:443 ssl ipv6only=on; - listen 443 ssl; - ssl_certificate $NGINX_SSL_CERTIFICATE; - ssl_certificate_key $NGINX_SSL_CERTIFICATE_KEY; - include $NGINX_SSL_INCLUDE; - ssl_dhparam $NGINX_SSL_DHPARAM; - - include /etc/nginx/common/protect.conf; - include /etc/nginx/common/protect_add_header.conf; - - #gzip_static on; - gzip on; - gzip_proxied any; - gzip_types - text/css - text/javascript - text/xml - text/plain - application/javascript - application/x-javascript - application/json; - - # Legacy URLS - set $REWRITE_LEGACY_URLS "$NGINX_REWRITE_LEGACY_URLS"; - if ($REWRITE_LEGACY_URLS = 'true') { - rewrite ^/vue/?(.*)$ /$1 permanent; - } - - # Frontend (default) - location / { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - - proxy_pass http://127.0.0.1:3000; - proxy_redirect off; - - access_log $GRADIDO_LOG_PATH/nginx-access.frontend.log gradido_log; - error_log $GRADIDO_LOG_PATH/nginx-error.frontend.log warn; - } - - # Backend - location /graphql { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - - proxy_pass http://127.0.0.1:4000; - proxy_redirect off; - - access_log $GRADIDO_LOG_PATH/nginx-access.backend.log gradido_log; - error_log $GRADIDO_LOG_PATH/nginx-error.backend.log warn; - } - - # Backend webhooks - location /hook { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - - proxy_pass http://127.0.0.1:4000/hook; - proxy_redirect off; - - access_log $GRADIDO_LOG_PATH/nginx-access.backend.hook.log gradido_log; - error_log $GRADIDO_LOG_PATH/nginx-error.backend.hook.log warn; - } - - # Webhook reverse proxy - location /hooks/ { - proxy_pass http://127.0.0.1:9000/hooks/; - - access_log $GRADIDO_LOG_PATH/nginx-access.hooks.log gradido_log; - error_log $GRADIDO_LOG_PATH/nginx-error.hooks.log warn; - } - - # Admin Frontend - location /admin { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - - proxy_pass http://127.0.0.1:8080/; - proxy_redirect off; - - access_log $GRADIDO_LOG_PATH/nginx-access.admin.log gradido_log; - error_log $GRADIDO_LOG_PATH/nginx-error.admin.log warn; - } - - # Federation - $FEDERATION_NGINX_CONF - - # TODO this could be a performance optimization - #location /vue { - # alias /var/www/html/gradido/frontend/build; - # index index.html; - # - # location ~* \.(png)$ { - # expires 39d; - # } - # try_files $uri $uri/ /index.html = 404; - #} -} \ No newline at end of file diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.template index f6149a818..1b4732d7c 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.template @@ -1,5 +1,5 @@ server { - server_name $NGINX_SERVER_NAME; + server_name $COMMUNITY_URL; listen 80; listen [::]:80; diff --git a/deployment/bare_metal/nginx/sites-available/update-page.conf.ssl.template b/deployment/bare_metal/nginx/sites-available/update-page.conf.ssl.template deleted file mode 100644 index ddcb9ffc1..000000000 --- a/deployment/bare_metal/nginx/sites-available/update-page.conf.ssl.template +++ /dev/null @@ -1,37 +0,0 @@ - -server { - if ($host = $NGINX_SERVER_NAME) { - return 301 https://$host$request_uri; - } - - server_name $NGINX_SERVER_NAME; - listen 80; - listen [::]:80; - return 404; -} -server { - server_name $NGINX_SERVER_NAME; - - listen [::]:443 ssl ipv6only=on; - listen 443 ssl; - ssl_certificate $NGINX_SSL_CERTIFICATE; - ssl_certificate_key $NGINX_SSL_CERTIFICATE_KEY; - include $NGINX_SSL_INCLUDE; - ssl_dhparam $NGINX_SSL_DHPARAM; - - include /etc/nginx/common/protect.conf; - include /etc/nginx/common/protect_add_header.conf; - - gzip on; - - root $NGINX_UPDATE_PAGE_ROOT; - index updating.html; - - location / { - try_files /updating.html =404; - } - - access_log $GRADIDO_LOG_PATH/nginx-access.update-page.log gradido_log; - error_log $GRADIDO_LOG_PATH/nginx-error.update-page.log warn; -} - diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index 5d5744bd6..bc923c6fa 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -100,8 +100,8 @@ export FEDERATION_NGINX_CONF=$(< $NGINX_CONFIG_DIR/gradido-federation.conf.locat # *** 3rd generate gradido nginx config including federation modules per api-version echo 'Generate new gradido nginx config' >> $UPDATE_HTML -case "$NGINX_SSL" in - true) TEMPLATE_FILE="gradido.conf.ssl.template" ;; +case "$URL_PROTOCOL" in + 'https') TEMPLATE_FILE="gradido.conf.ssl.template" ;; *) TEMPLATE_FILE="gradido.conf.template" ;; esac envsubst '$FEDERATION_NGINX_CONF' < $NGINX_CONFIG_DIR/$TEMPLATE_FILE > $NGINX_CONFIG_DIR/gradido.conf.tmp @@ -112,8 +112,8 @@ rm $NGINX_CONFIG_DIR/gradido-federation.conf.locations # Generate update-page.conf from template echo 'Generate new update-page nginx config' >> $UPDATE_HTML -case "$NGINX_SSL" in - true) TEMPLATE_FILE="update-page.conf.ssl.template" ;; +case "$URL_PROTOCOL" in + 'https') TEMPLATE_FILE="update-page.conf.ssl.template" ;; *) TEMPLATE_FILE="update-page.conf.template" ;; esac envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $NGINX_CONFIG_DIR/$TEMPLATE_FILE > $NGINX_CONFIG_DIR/update-page.conf diff --git a/deployment/hetzner_cloud/README.md b/deployment/hetzner_cloud/README.md new file mode 100644 index 000000000..01df8663d --- /dev/null +++ b/deployment/hetzner_cloud/README.md @@ -0,0 +1,82 @@ +# Setup on Hetzner Cloud Server +Suggested minimal Plan: CX41 +4x vCPU, 16 GB Ram, 160 GB Disk Space, 20.71 € per month (04.01.2024) + +Suggested OS: +Debian 12 + +For Hetzner Cloud Server a cloud config can be attached, which will be run before first start +https://community.hetzner.com/tutorials/basic-cloud-config/de +https://cloudinit.readthedocs.io/en/latest/reference/examples.html +You can use our [cloudConfig.yaml](./cloudConfig.yaml) but you must insert you own ssh public key, +like this: +```yaml +ssh_authorized_keys: + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAkLGbzbG7KIGfkssKJBkc/0EVAzQ/8vjvVHzNdxhK8J yourname +``` + +## After Setup Cloud Server with cloudConfig.yaml +### setup your domain pointing on server ip address +### login to your new server as root +```bash +ssh -i /path/to/privKey root@gddhost.tld +``` + +### Change default shell + +```bash +chsh -s /bin/bash +chsh -s /bin/bash gradido +``` + +### Set password for user `gradido` + +```bash +$ passwd gradido +# enter new password twice +``` + +### Switch to the new user + +```bash +su gradido +``` + +### Test authentication via SSH + +If you logout from the server you can test authentication: + +```bash +$ ssh -i /path/to/privKey gradido@gddhost.tld +# This should log you in and allow you to use sudo commands, which will require the user's password +``` + +### Disable password root login via ssh + +```bash +sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.org +sudo sed -i -e '/^\(#\|\)PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config +sudo sed -i '$a AllowUsers gradido' /etc/ssh/sshd_config +sudo /etc/init.d/ssh restart +``` + +### Test SSH Access only, no root ssh access + +```bash +$ ssh gradido@gddhost.tld +# Will result in in either a passphrase request for your key or the message 'Permission denied (publickey)' +$ ssh -i /path/to/privKey root@gddhost.tld +# Will result in 'Permission denied (publickey)' +$ ssh -i /path/to/privKey gradido@gddhost.tld +# Will succeed after entering the correct keys passphrase (if any) +``` + +### Install `Gradido` code +```bash +cd ~ +git clone https://github.com/gradido/gradido.git +``` +### Edit Config +```bash +cd ~/gradido/deployment +cp ./bare_metal/.env.dist ./hetzner_cloud/.env \ No newline at end of file diff --git a/deployment/hetzner_cloud/cloudConfig.yaml b/deployment/hetzner_cloud/cloudConfig.yaml new file mode 100644 index 000000000..86e7d5724 --- /dev/null +++ b/deployment/hetzner_cloud/cloudConfig.yaml @@ -0,0 +1,46 @@ +#cloud-config +users: + - name: gradido + groups: users, admin, sudo + sudo: ALL=(ALL) NOPASSWD:/etc/init.d/nginx start,/etc/init.d/nginx stop,/etc/init.d/nginx restart + shell: /bin/bash + ssh_authorized_keys: + - + +packages: + - fail2ban + - ufw + - git + - mariadb-server + - nginx + - curl + - build-essential + - gnupg + - certbot + - python3-certbot-nginx + - logrotate + - automysqlbackup + - expect +package_update: true +package_upgrade: true + +runcmd: +- printf "[sshd]\nenabled = true\nbanaction = iptables-multiport" > /etc/fail2ban/jail.local +- systemctl enable fail2ban + +- ufw allow OpenSSH +- ufw allow http +- ufw allow https +- ufw enable + +- sed -i -e '/^\(#\|\)PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config +- sed -i -e '/^\(#\|\)KbdInteractiveAuthentication/s/^.*$/KbdInteractiveAuthentication no/' /etc/ssh/sshd_config +- sed -i -e '/^\(#\|\)ChallengeResponseAuthentication/s/^.*$/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config +- sed -i -e '/^\(#\|\)MaxAuthTries/s/^.*$/MaxAuthTries 3/' /etc/ssh/sshd_config +- sed -i -e '/^\(#\|\)AllowTcpForwarding/s/^.*$/AllowTcpForwarding no/' /etc/ssh/sshd_config +- sed -i -e '/^\(#\|\)X11Forwarding/s/^.*$/X11Forwarding no/' /etc/ssh/sshd_config +- sed -i -e '/^\(#\|\)AllowAgentForwarding/s/^.*$/AllowAgentForwarding no/' /etc/ssh/sshd_config +- sed -i -e '/^\(#\|\)AuthorizedKeysFile/s/^.*$/AuthorizedKeysFile .ssh\/authorized_keys/' /etc/ssh/sshd_config +- sed -i '$a AllowUsers gradido root' /etc/ssh/sshd_config + +- reboot \ No newline at end of file diff --git a/deployment/hetzner_cloud/install.sh b/deployment/hetzner_cloud/install.sh new file mode 100644 index 000000000..c51a2e60b --- /dev/null +++ b/deployment/hetzner_cloud/install.sh @@ -0,0 +1,60 @@ +#!/bin/bash + +# Note: This is needed - since there is Summer-Time included in the default server Setup - UTC is REQUIRED for production data +timedatectl set-timezone UTC +timedatectl set-ntp on +apt purge ntp +systemctl start systemd-timesyncd + +set -o allexport +SCRIPT_PATH=$(realpath ../bare_metal) +SCRIPT_DIR=$(dirname $SCRIPT_PATH) +PROJECT_ROOT=$SCRIPT_DIR/../.. +set +o allexport + +# Load .env or .env.dist if not present +# NOTE: all config values will be in process.env when starting +# the services and will therefore take precedence over the .env +if [ -f "./.env" ]; then + set -o allexport + source ./.env + set +o allexport +else + set -o allexport + source $SCRIPT_DIR/.env.dist + set +o allexport +fi + +# Configure git +git config pull.ff only + +# Secure mysql https://gist.github.com/Mins/4602864 +SECURE_MYSQL=$(expect -c " + +set timeout 10 +spawn mysql_secure_installation + +expect \"Enter current password for root (enter for none):\" +send \"\r\" + +expect \"Switch to unix_socket authentication:\" +send \"Y\r\" + +expect \"Change the root password?\" +send \"n\r\" + +expect \"Remove anonymous users?\" +send \"y\r\" + +expect \"Disallow root login remotely?\" +send \"y\r\" + +expect \"Remove test database and access to it?\" +send \"y\r\" + +expect \"Reload privilege tables now?\" +send \"y\r\" + +expect eof +") +echo "$SECURE_MYSQL" \ No newline at end of file diff --git a/deployment/hetzner_cloud/mysql_secure.sh b/deployment/hetzner_cloud/mysql_secure.sh new file mode 100644 index 000000000..2f90c4f4e --- /dev/null +++ b/deployment/hetzner_cloud/mysql_secure.sh @@ -0,0 +1,33 @@ +#!/bin/bash + + +#// Not required in actual script +MYSQL_ROOT_PASSWORD=abcd1234 + +SECURE_MYSQL=$(expect -c " + +set timeout 10 +spawn mysql_secure_installation + +expect \"Enter current password for root (enter for none):\" +send \"$MYSQL\r\" + +expect \"Change the root password?\" +send \"n\r\" + +expect \"Remove anonymous users?\" +send \"y\r\" + +expect \"Disallow root login remotely?\" +send \"y\r\" + +expect \"Remove test database and access to it?\" +send \"y\r\" + +expect \"Reload privilege tables now?\" +send \"y\r\" + +expect eof +") + +echo "$SECURE_MYSQL" diff --git a/nginx/gradido.conf b/nginx/gradido.conf index 403a2766b..2279d1e4f 100644 --- a/nginx/gradido.conf +++ b/nginx/gradido.conf @@ -1,5 +1,5 @@ server { - server_name $NGINX_SERVER_NAME; + server_name _; listen 80; listen [::]:80; From 1258d43d3861af0bdc2af9886abfff4e7f8dd8cb Mon Sep 17 00:00:00 2001 From: einhorn_b Date: Thu, 4 Jan 2024 19:18:28 +0100 Subject: [PATCH 02/34] update admin with new url config approach --- README.md | 2 +- admin/.env.dist | 8 +++++--- admin/.env.template | 9 +++++---- admin/src/config/index.js | 16 ++++++++++++---- admin/src/plugins/apolloProvider.js | 2 +- deployment/bare_metal/.env.dist | 6 +++--- .../nginx/sites-available/gradido.conf.template | 2 +- .../sites-available/update-page.conf.template | 2 +- 8 files changed, 29 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 87b4f44e5..91ac65dab 100644 --- a/README.md +++ b/README.md @@ -131,7 +131,7 @@ Each component (frontend, admin, backend and database) has its own `.env` file. Each component has a `.env.dist` file. This file contains all environment variables used by the component and can be used as pattern. If you want to use a local `.env`, copy the `.env.dist` and adjust the variables accordingly. -Each component has a `.env.template` file. These files are very important on deploy. +Each component has a `.env.template` file. These files are very important on deploy. They use COMMUNITY_HOST instead of different urls for different modules because in deploy using nginx is expected for routing incoming request to the correct module There is one `.env.dist` in the `deployment/bare_metal/` folder. This `.env.dist` contains all variables used by the components, e.g. unites all `.env.dist` from the components. On deploy, we copy this `.env.dist` to `.env` and set all variables in this new file. The deploy script loads this variables and provides them by the `.env.templates` of each component, creating an `.env` for each component (see in `deployment/bare_metal/start.sh` the `envsubst`). diff --git a/admin/.env.dist b/admin/.env.dist index 66c84dda8..d92f3d9bc 100644 --- a/admin/.env.dist +++ b/admin/.env.dist @@ -1,4 +1,6 @@ -GRAPHQL_URI=http://localhost:4000/graphql -WALLET_AUTH_URL=http://localhost/authenticate?token={token} -WALLET_URL=http://localhost/login +GRAPHQL_URL=http://localhost:4000 +GRAPHQL_PATH=/graphql +WALLET_URL=http://localhost +WALLET_AUTH_PATH=/authenticate?token={token} +WALLET_LOGIN_PATH=/login DEBUG_DISABLE_AUTH=false \ No newline at end of file diff --git a/admin/.env.template b/admin/.env.template index 488c9aba4..636b15593 100644 --- a/admin/.env.template +++ b/admin/.env.template @@ -1,6 +1,7 @@ CONFIG_VERSION=$ADMIN_CONFIG_VERSION -GRAPHQL_URI=$GRAPHQL_URI -WALLET_AUTH_URL=$WALLET_AUTH_URL -WALLET_URL=$WALLET_URL -DEBUG_DISABLE_AUTH=false \ No newline at end of file +COMMUNITY_HOST=$COMMUNITY_HOST +WALLET_AUTH_PATH=$WALLET_AUTH_PATH +WALLET_LOGIN_PATH=$WALLET_LOGIN_PATH +GRAPHQL_PATH=$GRAPHQL_PATH +DEBUG_DISABLE_AUTH=false diff --git a/admin/src/config/index.js b/admin/src/config/index.js index fe373386d..10c75579a 100644 --- a/admin/src/config/index.js +++ b/admin/src/config/index.js @@ -7,7 +7,7 @@ const pkg = require('../../package') const constants = { CONFIG_VERSION: { DEFAULT: 'DEFAULT', - EXPECTED: 'v1.2022-03-18', + EXPECTED: 'v2.2024-01-04', CURRENT: '', }, } @@ -26,10 +26,18 @@ const environment = { PRODUCTION: process.env.NODE_ENV === 'production' || false, } +const COMMUNITY_HOST = process.env.COMMUNITY_HOST || undefined +const URL_PROTOCOL = process.env.URL_PROTOCOL || 'http' +const COMMUNITY_URL = + COMMUNITY_HOST && URL_PROTOCOL ? URL_PROTOCOL + '://' + COMMUNITY_HOST : undefined +const WALLET_URL = process.env.WALLET_URL || COMMUNITY_URL || 'http://localhost' + const endpoints = { - GRAPHQL_URI: process.env.GRAPHQL_URI || 'http://localhost:4000/graphql', - WALLET_AUTH_URL: process.env.WALLET_AUTH_URL || 'http://localhost/authenticate?token={token}', - WALLET_URL: process.env.WALLET_URL || 'http://localhost/login', + GRAPHQL_URL: + (process.env.GRAPHQL_URL || COMMUNITY_URL || 'http://localhost:4000') + + process.env.GRAPHQL_PATH || '/graphql', + WALLET_AUTH_URL: WALLET_URL + (process.env.WALLET_AUTH_PATH || '/authenticate?token={token}'), + WALLET_LOGIN_URL: WALLET_URL + (process.env.WALLET_LOGIN_PATH || '/login'), } const debug = { diff --git a/admin/src/plugins/apolloProvider.js b/admin/src/plugins/apolloProvider.js index 8b02013f4..122857031 100644 --- a/admin/src/plugins/apolloProvider.js +++ b/admin/src/plugins/apolloProvider.js @@ -16,7 +16,7 @@ const authLink = new ApolloLink((operation, forward) => { return forward(operation).map((response) => { if (response.errors && response.errors[0].message === '403.13 - Client certificate revoked') { store.dispatch('logout', null) - window.location.assign(CONFIG.WALLET_URL) + window.location.assign(CONFIG.WALLET_LOGIN_URL) return response } const newToken = operation.getContext().response.headers.get('token') diff --git a/deployment/bare_metal/.env.dist b/deployment/bare_metal/.env.dist index 9abc739fb..796bf4d46 100644 --- a/deployment/bare_metal/.env.dist +++ b/deployment/bare_metal/.env.dist @@ -1,7 +1,7 @@ # Need to adjust! COMMUNITY_NAME="Your community name" COMMUNITY_DESCRIPTION="Short Description from your Community." -COMMUNITY_URL=gddhost.tld +COMMUNITY_HOST=gddhost.tld COMMUNITY_SUPPORT_MAIL=support@supportmail.com # Need to adjust by updates @@ -9,7 +9,7 @@ COMMUNITY_SUPPORT_MAIL=support@supportmail.com DATABASE_CONFIG_VERSION=v1.2022-03-18 BACKEND_CONFIG_VERSION=v17.2023-07-03 FRONTEND_CONFIG_VERSION=v4.2022-12-20 -ADMIN_CONFIG_VERSION=v1.2022-03-18 +ADMIN_CONFIG_VERSION=v2.2024-01-04 FEDERATION_CONFIG_VERSION=v1.2023-01-09 FEDERATION_DHT_CONFIG_VERSION=v3.2023-04-26 @@ -40,10 +40,10 @@ WEBHOOK_GITHUB_BRANCH=master # frontend and admin paths, usually don't need changes # used in nginx config and for links in emails -WALLET_PATH=/login COMMUNITY_REGISTER_PATH=/register COMMUNITY_REDEEM_PATH=/redeem/{code} COMMUNITY_REDEEM_CONTRIBUTION_PATH=/redeem/CL-{code} +WALLET_LOGIN_PATH=/login WALLET_AUTH_PATH=/authenticate?token={token} EMAIL_LINK_VERIFICATION=/checkEmail/{optin}{code} EMAIL_LINK_SETPASSWORD=/reset-password/{optin} diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.template index 1b4732d7c..6b885a26a 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.template @@ -1,5 +1,5 @@ server { - server_name $COMMUNITY_URL; + server_name $COMMUNITY_HOST; listen 80; listen [::]:80; diff --git a/deployment/bare_metal/nginx/sites-available/update-page.conf.template b/deployment/bare_metal/nginx/sites-available/update-page.conf.template index c26a705ce..e6cb51c7c 100644 --- a/deployment/bare_metal/nginx/sites-available/update-page.conf.template +++ b/deployment/bare_metal/nginx/sites-available/update-page.conf.template @@ -1,6 +1,6 @@ server { - server_name _; + server_name $COMMUNITY_HOST; listen 80; listen [::]:80; From abda419a284b30edf34167bf2a995087fddbbb77 Mon Sep 17 00:00:00 2001 From: einhorn_b Date: Thu, 4 Jan 2024 19:32:56 +0100 Subject: [PATCH 03/34] remove unneccessary file --- deployment/hetzner_cloud/mysql_secure.sh | 33 ------------------------ 1 file changed, 33 deletions(-) delete mode 100644 deployment/hetzner_cloud/mysql_secure.sh diff --git a/deployment/hetzner_cloud/mysql_secure.sh b/deployment/hetzner_cloud/mysql_secure.sh deleted file mode 100644 index 2f90c4f4e..000000000 --- a/deployment/hetzner_cloud/mysql_secure.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash - - -#// Not required in actual script -MYSQL_ROOT_PASSWORD=abcd1234 - -SECURE_MYSQL=$(expect -c " - -set timeout 10 -spawn mysql_secure_installation - -expect \"Enter current password for root (enter for none):\" -send \"$MYSQL\r\" - -expect \"Change the root password?\" -send \"n\r\" - -expect \"Remove anonymous users?\" -send \"y\r\" - -expect \"Disallow root login remotely?\" -send \"y\r\" - -expect \"Remove test database and access to it?\" -send \"y\r\" - -expect \"Reload privilege tables now?\" -send \"y\r\" - -expect eof -") - -echo "$SECURE_MYSQL" From 6cf488630cc113001624a79e412f20dab5f848f8 Mon Sep 17 00:00:00 2001 From: einhorn_b Date: Mon, 8 Jan 2024 12:22:20 +0100 Subject: [PATCH 04/34] reduce urls, replace || with ?? https://mariusschulz.com/blog/nullish-coalescing-the-operator-in-typescript --- admin/.env.template | 1 + admin/src/components/NavBar.vue | 4 +-- admin/src/config/index.js | 28 ++++++++--------- backend/.env.dist | 14 ++++----- backend/.env.template | 11 ++++--- backend/src/config/index.ts | 37 ++++++++++++---------- deployment/bare_metal/.env.dist | 12 ++++---- dht-node/.env.template | 3 +- dht-node/src/config/index.ts | 32 ++++++++++--------- dlt-connector/src/config/index.ts | 8 ++--- dlt-database/src/config/index.ts | 12 ++++---- federation/.env.template | 3 +- federation/src/config/index.ts | 28 +++++++++-------- frontend/.env.dist | 6 ++-- frontend/.env.template | 9 +++--- frontend/src/config/index.js | 51 +++++++++++++++++-------------- 16 files changed, 141 insertions(+), 118 deletions(-) diff --git a/admin/.env.template b/admin/.env.template index 636b15593..11e849271 100644 --- a/admin/.env.template +++ b/admin/.env.template @@ -1,6 +1,7 @@ CONFIG_VERSION=$ADMIN_CONFIG_VERSION COMMUNITY_HOST=$COMMUNITY_HOST +URL_PROTOCOL=$URL_PROTOCOL WALLET_AUTH_PATH=$WALLET_AUTH_PATH WALLET_LOGIN_PATH=$WALLET_LOGIN_PATH GRAPHQL_PATH=$GRAPHQL_PATH diff --git a/admin/src/components/NavBar.vue b/admin/src/components/NavBar.vue index 2efeda048..4191290f3 100644 --- a/admin/src/components/NavBar.vue +++ b/admin/src/components/NavBar.vue @@ -38,8 +38,8 @@ export default { name: 'navbar', methods: { async logout() { - window.location.assign(CONFIG.WALLET_URL) - // window.location = CONFIG.WALLET_URL + window.location.assign(CONFIG.WALLET_LOGIN_URL) + // window.location = CONFIG.WALLET_LOGIN_URL this.$store.dispatch('logout') await this.$apollo.mutate({ mutation: logout, diff --git a/admin/src/config/index.js b/admin/src/config/index.js index 10c75579a..708815398 100644 --- a/admin/src/config/index.js +++ b/admin/src/config/index.js @@ -14,38 +14,38 @@ const constants = { const version = { APP_VERSION: pkg.version, - BUILD_COMMIT: process.env.BUILD_COMMIT || null, + BUILD_COMMIT: process.env.BUILD_COMMIT ?? null, // self reference of `version.BUILD_COMMIT` is not possible at this point, hence the duplicate code - BUILD_COMMIT_SHORT: (process.env.BUILD_COMMIT || '0000000').slice(0, 7), - PORT: process.env.PORT || 8080, + BUILD_COMMIT_SHORT: (process.env.BUILD_COMMIT ?? '0000000').slice(0, 7), + PORT: process.env.PORT ?? 8080, } const environment = { NODE_ENV: process.env.NODE_ENV, - DEBUG: process.env.NODE_ENV !== 'production' || false, - PRODUCTION: process.env.NODE_ENV === 'production' || false, + DEBUG: process.env.NODE_ENV !== 'production' ?? false, + PRODUCTION: process.env.NODE_ENV === 'production' ?? false, } -const COMMUNITY_HOST = process.env.COMMUNITY_HOST || undefined -const URL_PROTOCOL = process.env.URL_PROTOCOL || 'http' +const COMMUNITY_HOST = process.env.COMMUNITY_HOST ?? undefined +const URL_PROTOCOL = process.env.URL_PROTOCOL ?? 'http' const COMMUNITY_URL = COMMUNITY_HOST && URL_PROTOCOL ? URL_PROTOCOL + '://' + COMMUNITY_HOST : undefined -const WALLET_URL = process.env.WALLET_URL || COMMUNITY_URL || 'http://localhost' +const WALLET_URL = process.env.WALLET_URL ?? COMMUNITY_URL ?? 'http://localhost' const endpoints = { GRAPHQL_URL: - (process.env.GRAPHQL_URL || COMMUNITY_URL || 'http://localhost:4000') + - process.env.GRAPHQL_PATH || '/graphql', - WALLET_AUTH_URL: WALLET_URL + (process.env.WALLET_AUTH_PATH || '/authenticate?token={token}'), - WALLET_LOGIN_URL: WALLET_URL + (process.env.WALLET_LOGIN_PATH || '/login'), + (process.env.GRAPHQL_URL ?? COMMUNITY_URL ?? 'http://localhost:4000') + + process.env.GRAPHQL_PATH ?? '/graphql', + WALLET_AUTH_URL: WALLET_URL + (process.env.WALLET_AUTH_PATH ?? '/authenticate?token={token}'), + WALLET_LOGIN_URL: WALLET_URL + (process.env.WALLET_LOGIN_PATH ?? '/login'), } const debug = { - DEBUG_DISABLE_AUTH: process.env.DEBUG_DISABLE_AUTH === 'true' || false, + DEBUG_DISABLE_AUTH: process.env.DEBUG_DISABLE_AUTH === 'true' ?? false, } // Check config version -constants.CONFIG_VERSION.CURRENT = process.env.CONFIG_VERSION || constants.CONFIG_VERSION.DEFAULT +constants.CONFIG_VERSION.CURRENT = process.env.CONFIG_VERSION ?? constants.CONFIG_VERSION.DEFAULT if ( ![constants.CONFIG_VERSION.EXPECTED, constants.CONFIG_VERSION.DEFAULT].includes( constants.CONFIG_VERSION.CURRENT, diff --git a/backend/.env.dist b/backend/.env.dist index 9844d8c4a..96afd1ab5 100644 --- a/backend/.env.dist +++ b/backend/.env.dist @@ -28,9 +28,9 @@ DLT_CONNECTOR_URL=http://localhost:6010 # Community COMMUNITY_NAME=Gradido Entwicklung COMMUNITY_URL=http://localhost/ -COMMUNITY_REGISTER_URL=http://localhost/register -COMMUNITY_REDEEM_URL=http://localhost/redeem/{code} -COMMUNITY_REDEEM_CONTRIBUTION_URL=http://localhost/redeem/CL-{code} +COMMUNITY_REGISTER_PATH=/register +COMMUNITY_REDEEM_PATH=/redeem/{code} +COMMUNITY_REDEEM_CONTRIBUTION_PATH=/redeem/CL-{code} COMMUNITY_DESCRIPTION=Die lokale Entwicklungsumgebung von Gradido. COMMUNITY_SUPPORT_MAIL=support@supportmail.com @@ -47,10 +47,10 @@ EMAIL_SENDER=info@gradido.net EMAIL_PASSWORD=xxx EMAIL_SMTP_URL=gmail.com EMAIL_SMTP_PORT=587 -EMAIL_LINK_VERIFICATION=http://localhost/checkEmail/{optin}{code} -EMAIL_LINK_SETPASSWORD=http://localhost/reset-password/{optin} -EMAIL_LINK_FORGOTPASSWORD=http://localhost/forgot-password -EMAIL_LINK_OVERVIEW=http://localhost/overview +EMAIL_LINK_VERIFICATION_PATH=/checkEmail/{optin}{code} +EMAIL_LINK_SETPASSWORD_PATH=/reset-password/{optin} +EMAIL_LINK_FORGOTPASSWORD_PATH=/forgot-password +EMAIL_LINK_OVERVIEW_PATH=/overview EMAIL_CODE_VALID_TIME=1440 EMAIL_CODE_REQUEST_TIME=10 diff --git a/backend/.env.template b/backend/.env.template index e79122368..9133428ab 100644 --- a/backend/.env.template +++ b/backend/.env.template @@ -25,14 +25,15 @@ KLICKTIPP_APIKEY_EN=$KLICKTIPP_APIKEY_EN # DltConnector DLT_CONNECTOR=$DLT_CONNECTOR -DLT_CONNECTOR_URL=$DLT_CONNECTOR_URL +DLT_CONNECTOR_PORT=$DLT_CONNECTOR_PORT # Community +COMMUNITY_HOST=$COMMUNITY_HOST +URL_PROTOCOL=$URL_PROTOCOL COMMUNITY_NAME=$COMMUNITY_NAME -COMMUNITY_URL=$COMMUNITY_URL -COMMUNITY_REGISTER_URL=$COMMUNITY_REGISTER_URL -COMMUNITY_REDEEM_URL=$COMMUNITY_REDEEM_URL -COMMUNITY_REDEEM_CONTRIBUTION_URL=$COMMUNITY_REDEEM_CONTRIBUTION_URL +COMMUNITY_REGISTER_PATH=$COMMUNITY_REGISTER_PATH +COMMUNITY_REDEEM_PATH=$COMMUNITY_REDEEM_PATH +COMMUNITY_REDEEM_CONTRIBUTION_PATH=$COMMUNITY_REDEEM_CONTRIBUTION_PATH COMMUNITY_DESCRIPTION=$COMMUNITY_DESCRIPTION COMMUNITY_SUPPORT_MAIL=$COMMUNITY_SUPPORT_MAIL diff --git a/backend/src/config/index.ts b/backend/src/config/index.ts index 6f03d21b9..cbb9eabf9 100644 --- a/backend/src/config/index.ts +++ b/backend/src/config/index.ts @@ -19,7 +19,7 @@ const constants = { LOG_LEVEL: process.env.LOG_LEVEL ?? 'info', CONFIG_VERSION: { DEFAULT: 'DEFAULT', - EXPECTED: 'v20.2023-09-19', + EXPECTED: 'v21.2024-01-06', CURRENT: '', }, } @@ -51,18 +51,23 @@ const klicktipp = { KLICKTIPP_APIKEY_EN: process.env.KLICKTIPP_APIKEY_EN ?? 'SomeFakeKeyEN', } +const COMMUNITY_HOST = process.env.COMMUNITY_HOST ?? 'localhost' +const URL_PROTOCOL = process.env.URL_PROTOCOL ?? 'http' +const COMMUNITY_URL = process.env.COMMUNITY_URL ?? `${URL_PROTOCOL}://${COMMUNITY_HOST}` +const DLT_CONNECTOR_PORT = process.env.DLT_CONNECTOR_PORT ?? 6010 + const dltConnector = { DLT_CONNECTOR: process.env.DLT_CONNECTOR === 'true' || false, - DLT_CONNECTOR_URL: process.env.DLT_CONNECTOR_URL ?? 'http://localhost:6010', + DLT_CONNECTOR_URL: process.env.DLT_CONNECTOR_URL ?? `${COMMUNITY_URL}:${DLT_CONNECTOR_PORT}`, } const community = { COMMUNITY_NAME: process.env.COMMUNITY_NAME ?? 'Gradido Entwicklung', - COMMUNITY_URL: process.env.COMMUNITY_URL ?? 'http://localhost/', - COMMUNITY_REGISTER_URL: process.env.COMMUNITY_REGISTER_URL ?? 'http://localhost/register', - COMMUNITY_REDEEM_URL: process.env.COMMUNITY_REDEEM_URL ?? 'http://localhost/redeem/{code}', + COMMUNITY_URL, + COMMUNITY_REGISTER_URL: COMMUNITY_URL + (process.env.COMMUNITY_REGISTER_PATH ?? '/register'), + COMMUNITY_REDEEM_URL: COMMUNITY_URL + (process.env.COMMUNITY_REDEEM_PATH ?? '/redeem/{code}'), COMMUNITY_REDEEM_CONTRIBUTION_URL: - process.env.COMMUNITY_REDEEM_CONTRIBUTION_URL ?? 'http://localhost/redeem/CL-{code}', + COMMUNITY_URL + (process.env.COMMUNITY_REDEEM_CONTRIBUTION_PATH ?? '/redeem/CL-{code}'), COMMUNITY_DESCRIPTION: process.env.COMMUNITY_DESCRIPTION ?? 'Die lokale Entwicklungsumgebung von Gradido.', COMMUNITY_SUPPORT_MAIL: process.env.COMMUNITY_SUPPORT_MAIL ?? 'support@supportmail.com', @@ -74,8 +79,8 @@ const loginServer = { } const email = { - EMAIL: process.env.EMAIL === 'true' || false, - EMAIL_TEST_MODUS: process.env.EMAIL_TEST_MODUS === 'true' || false, + EMAIL: process.env.EMAIL === 'true' ?? false, + EMAIL_TEST_MODUS: process.env.EMAIL_TEST_MODUS === 'true' ?? false, EMAIL_TEST_RECEIVER: process.env.EMAIL_TEST_RECEIVER ?? 'stage1@gradido.net', EMAIL_USERNAME: process.env.EMAIL_USERNAME ?? '', EMAIL_SENDER: process.env.EMAIL_SENDER ?? 'info@gradido.net', @@ -85,19 +90,19 @@ const email = { // eslint-disable-next-line no-unneeded-ternary EMAIL_TLS: process.env.EMAIL_TLS === 'false' ? false : true, EMAIL_LINK_VERIFICATION: - process.env.EMAIL_LINK_VERIFICATION ?? 'http://localhost/checkEmail/{optin}{code}', + COMMUNITY_URL + (process.env.EMAIL_LINK_VERIFICATION_PATH ?? '/checkEmail/{optin}{code}'), EMAIL_LINK_SETPASSWORD: - process.env.EMAIL_LINK_SETPASSWORD ?? 'http://localhost/reset-password/{optin}', + COMMUNITY_URL + (process.env.EMAIL_LINK_SETPASSWORD_PATH ?? '/reset-password/{optin}'), EMAIL_LINK_FORGOTPASSWORD: - process.env.EMAIL_LINK_FORGOTPASSWORD ?? 'http://localhost/forgot-password', - EMAIL_LINK_OVERVIEW: process.env.EMAIL_LINK_OVERVIEW ?? 'http://localhost/overview', + COMMUNITY_URL + (process.env.EMAIL_LINK_FORGOTPASSWORD_PATH ?? '/forgot-password'), + EMAIL_LINK_OVERVIEW: COMMUNITY_URL + (process.env.EMAIL_LINK_OVERVIEW_PATH ?? '/overview'), // time in minutes a optin code is valid EMAIL_CODE_VALID_TIME: process.env.EMAIL_CODE_VALID_TIME - ? parseInt(process.env.EMAIL_CODE_VALID_TIME) || 1440 + ? parseInt(process.env.EMAIL_CODE_VALID_TIME) ?? 1440 : 1440, // time in minutes that must pass to request a new optin code EMAIL_CODE_REQUEST_TIME: process.env.EMAIL_CODE_REQUEST_TIME - ? parseInt(process.env.EMAIL_CODE_REQUEST_TIME) || 10 + ? parseInt(process.env.EMAIL_CODE_REQUEST_TIME) ?? 10 : 10, } @@ -124,9 +129,9 @@ if ( const federation = { FEDERATION_BACKEND_SEND_ON_API: process.env.FEDERATION_BACKEND_SEND_ON_API ?? '1_0', FEDERATION_VALIDATE_COMMUNITY_TIMER: - Number(process.env.FEDERATION_VALIDATE_COMMUNITY_TIMER) || 60000, + Number(process.env.FEDERATION_VALIDATE_COMMUNITY_TIMER) ?? 60000, FEDERATION_XCOM_SENDCOINS_ENABLED: - process.env.FEDERATION_XCOM_SENDCOINS_ENABLED === 'true' || false, + process.env.FEDERATION_XCOM_SENDCOINS_ENABLED === 'true' ?? false, // default value for community-uuid is equal uuid of stage-3 FEDERATION_XCOM_RECEIVER_COMMUNITY_UUID: process.env.FEDERATION_XCOM_RECEIVER_COMMUNITY_UUID ?? '56a55482-909e-46a4-bfa2-cd025e894ebc', diff --git a/deployment/bare_metal/.env.dist b/deployment/bare_metal/.env.dist index 796bf4d46..973a9e8a6 100644 --- a/deployment/bare_metal/.env.dist +++ b/deployment/bare_metal/.env.dist @@ -7,8 +7,8 @@ COMMUNITY_SUPPORT_MAIL=support@supportmail.com # Need to adjust by updates # config versions DATABASE_CONFIG_VERSION=v1.2022-03-18 -BACKEND_CONFIG_VERSION=v17.2023-07-03 -FRONTEND_CONFIG_VERSION=v4.2022-12-20 +BACKEND_CONFIG_VERSION=v21.2024-01-06 +FRONTEND_CONFIG_VERSION=v5.2024-01-08 ADMIN_CONFIG_VERSION=v2.2024-01-04 FEDERATION_CONFIG_VERSION=v1.2023-01-09 FEDERATION_DHT_CONFIG_VERSION=v3.2023-04-26 @@ -45,10 +45,10 @@ COMMUNITY_REDEEM_PATH=/redeem/{code} COMMUNITY_REDEEM_CONTRIBUTION_PATH=/redeem/CL-{code} WALLET_LOGIN_PATH=/login WALLET_AUTH_PATH=/authenticate?token={token} -EMAIL_LINK_VERIFICATION=/checkEmail/{optin}{code} -EMAIL_LINK_SETPASSWORD=/reset-password/{optin} -EMAIL_LINK_FORGOTPASSWORD=/forgot-password -EMAIL_LINK_OVERVIEW=/overview +EMAIL_LINK_VERIFICATION_PATH=/checkEmail/{optin}{code} +EMAIL_LINK_SETPASSWORD_PATH=/reset-password/{optin} +EMAIL_LINK_FORGOTPASSWORD_PATH=/forgot-password +EMAIL_LINK_OVERVIEW_PATH=/overview ADMIN_AUTH_PATH=/admin/authenticate?token={token} GRAPHQL_PATH=/graphql diff --git a/dht-node/.env.template b/dht-node/.env.template index 1278f61be..c342247e5 100644 --- a/dht-node/.env.template +++ b/dht-node/.env.template @@ -19,5 +19,6 @@ FEDERATION_DHT_CONFIG_VERSION=$FEDERATION_DHT_CONFIG_VERSION # on an hash created from this topic FEDERATION_DHT_TOPIC=$FEDERATION_DHT_TOPIC FEDERATION_DHT_SEED=$FEDERATION_DHT_SEED -FEDERATION_COMMUNITY_URL=$FEDERATION_COMMUNITY_URL +COMMUNITY_HOST=$COMMUNITY_HOST +URL_PROTOCOL=$URL_PROTOCOL FEDERATION_COMMUNITY_API_PORT=$FEDERATION_COMMUNITY_API_PORT diff --git a/dht-node/src/config/index.ts b/dht-node/src/config/index.ts index 2548166f4..90f99fcf5 100644 --- a/dht-node/src/config/index.ts +++ b/dht-node/src/config/index.ts @@ -7,7 +7,7 @@ const constants = { DB_VERSION: '0078-move_resubmission_date', LOG4JS_CONFIG: 'log4js-config.json', // default log level on production should be info - LOG_LEVEL: process.env.LOG_LEVEL || 'info', + LOG_LEVEL: process.env.LOG_LEVEL ?? 'info', CONFIG_VERSION: { DEFAULT: 'DEFAULT', EXPECTED: 'v3.2023-04-26', @@ -16,34 +16,38 @@ const constants = { } const server = { - PRODUCTION: process.env.NODE_ENV === 'production' || false, + PRODUCTION: process.env.NODE_ENV === 'production' ?? false, } const database = { - DB_HOST: process.env.DB_HOST || 'localhost', + DB_HOST: process.env.DB_HOST ?? 'localhost', DB_PORT: process.env.DB_PORT ? parseInt(process.env.DB_PORT) : 3306, - DB_USER: process.env.DB_USER || 'root', - DB_PASSWORD: process.env.DB_PASSWORD || '', - DB_DATABASE: process.env.DB_DATABASE || 'gradido_community', + DB_USER: process.env.DB_USER ?? 'root', + DB_PASSWORD: process.env.DB_PASSWORD ?? '', + DB_DATABASE: process.env.DB_DATABASE ?? 'gradido_community', TYPEORM_LOGGING_RELATIVE_PATH: - process.env.TYPEORM_LOGGING_RELATIVE_PATH || 'typeorm.dht-node.log', + process.env.TYPEORM_LOGGING_RELATIVE_PATH ?? 'typeorm.dht-node.log', } const community = { - COMMUNITY_NAME: process.env.COMMUNITY_NAME || 'Gradido Entwicklung', + COMMUNITY_NAME: process.env.COMMUNITY_NAME ?? 'Gradido Entwicklung', COMMUNITY_DESCRIPTION: - process.env.COMMUNITY_DESCRIPTION || 'Gradido-Community einer lokalen Entwicklungsumgebung.', + process.env.COMMUNITY_DESCRIPTION ?? 'Gradido-Community einer lokalen Entwicklungsumgebung.', } +const COMMUNITY_HOST = process.env.COMMUNITY_HOST ?? 'localhost' +const URL_PROTOCOL = process.env.URL_PROTOCOL ?? 'http' +const COMMUNITY_URL = process.env.COMMUNITY_URL ?? `${URL_PROTOCOL}://${COMMUNITY_HOST}` + const federation = { - FEDERATION_DHT_TOPIC: process.env.FEDERATION_DHT_TOPIC || 'GRADIDO_HUB', - FEDERATION_DHT_SEED: process.env.FEDERATION_DHT_SEED || null, - FEDERATION_COMMUNITY_URL: process.env.FEDERATION_COMMUNITY_URL || 'http://localhost', - FEDERATION_COMMUNITY_API_PORT: process.env.FEDERATION_COMMUNITY_API_PORT || '5000', + FEDERATION_DHT_TOPIC: process.env.FEDERATION_DHT_TOPIC ?? 'GRADIDO_HUB', + FEDERATION_DHT_SEED: process.env.FEDERATION_DHT_SEED ?? null, + FEDERATION_COMMUNITY_URL: process.env.FEDERATION_COMMUNITY_URL ?? COMMUNITY_URL, + FEDERATION_COMMUNITY_API_PORT: process.env.FEDERATION_COMMUNITY_API_PORT ?? '5000', } // Check config version -constants.CONFIG_VERSION.CURRENT = process.env.CONFIG_VERSION || constants.CONFIG_VERSION.DEFAULT +constants.CONFIG_VERSION.CURRENT = process.env.CONFIG_VERSION ?? constants.CONFIG_VERSION.DEFAULT if ( ![constants.CONFIG_VERSION.EXPECTED, constants.CONFIG_VERSION.DEFAULT].includes( constants.CONFIG_VERSION.CURRENT, diff --git a/dlt-connector/src/config/index.ts b/dlt-connector/src/config/index.ts index fc8c780b8..37332a4b2 100644 --- a/dlt-connector/src/config/index.ts +++ b/dlt-connector/src/config/index.ts @@ -6,7 +6,7 @@ const constants = { LOG4JS_CONFIG: 'log4js-config.json', DB_VERSION: '0002-refactor_add_community', // default log level on production should be info - LOG_LEVEL: process.env.LOG_LEVEL || 'info', + LOG_LEVEL: process.env.LOG_LEVEL ?? 'info', CONFIG_VERSION: { DEFAULT: 'DEFAULT', EXPECTED: 'v4.2023-09-12', @@ -15,7 +15,7 @@ const constants = { } const server = { - PRODUCTION: process.env.NODE_ENV === 'production' || false, + PRODUCTION: process.env.NODE_ENV === 'production' ?? false, } const database = { @@ -35,11 +35,11 @@ const iota = { } const dltConnector = { - DLT_CONNECTOR_PORT: process.env.DLT_CONNECTOR_PORT || 6010, + DLT_CONNECTOR_PORT: process.env.DLT_CONNECTOR_PORT ?? 6010, } // Check config version -constants.CONFIG_VERSION.CURRENT = process.env.CONFIG_VERSION || constants.CONFIG_VERSION.DEFAULT +constants.CONFIG_VERSION.CURRENT = process.env.CONFIG_VERSION ?? constants.CONFIG_VERSION.DEFAULT if ( ![constants.CONFIG_VERSION.EXPECTED, constants.CONFIG_VERSION.DEFAULT].includes( constants.CONFIG_VERSION.CURRENT, diff --git a/dlt-database/src/config/index.ts b/dlt-database/src/config/index.ts index 20208befc..46a1e580c 100644 --- a/dlt-database/src/config/index.ts +++ b/dlt-database/src/config/index.ts @@ -13,19 +13,19 @@ const constants = { } const database = { - DB_HOST: process.env.DB_HOST || 'localhost', + DB_HOST: process.env.DB_HOST ?? 'localhost', DB_PORT: process.env.DB_PORT ? parseInt(process.env.DB_PORT) : 3306, - DB_USER: process.env.DB_USER || 'root', - DB_PASSWORD: process.env.DB_PASSWORD || '', - DB_DATABASE: process.env.DB_DATABASE || 'gradido_dlt', + DB_USER: process.env.DB_USER ?? 'root', + DB_PASSWORD: process.env.DB_PASSWORD ?? '', + DB_DATABASE: process.env.DB_DATABASE ?? 'gradido_dlt', } const migrations = { - MIGRATIONS_TABLE: process.env.MIGRATIONS_TABLE || 'migrations', + MIGRATIONS_TABLE: process.env.MIGRATIONS_TABLE ?? 'migrations', } // Check config version -constants.CONFIG_VERSION.CURRENT = process.env.CONFIG_VERSION || constants.CONFIG_VERSION.DEFAULT +constants.CONFIG_VERSION.CURRENT = process.env.CONFIG_VERSION ?? constants.CONFIG_VERSION.DEFAULT if ( ![constants.CONFIG_VERSION.EXPECTED, constants.CONFIG_VERSION.DEFAULT].includes( constants.CONFIG_VERSION.CURRENT, diff --git a/federation/.env.template b/federation/.env.template index e6ac8ad7d..91fb1c692 100644 --- a/federation/.env.template +++ b/federation/.env.template @@ -13,7 +13,8 @@ DB_PASSWORD=$DB_PASSWORD DB_DATABASE=gradido_community # Federation -FEDERATION_COMMUNITY_URL=$FEDERATION_COMMUNITY_URL +COMMUNITY_HOST=$COMMUNITY_HOST +URL_PROTOCOL=$URL_PROTOCOL FEDERATION_CONFIG_VERSION=$FEDERATION_CONFIG_VERSION # comma separated list of api-versions, which cause starting several federation modules FEDERATION_COMMUNITY_APIS=$FEDERATION_COMMUNITY_APIS \ No newline at end of file diff --git a/federation/src/config/index.ts b/federation/src/config/index.ts index 036ce67ee..a538080cb 100644 --- a/federation/src/config/index.ts +++ b/federation/src/config/index.ts @@ -14,7 +14,7 @@ const constants = { DECAY_START_TIME: new Date('2021-05-13 17:46:31-0000'), // GMT+0 LOG4JS_CONFIG: 'log4js-config.json', // default log level on production should be info - LOG_LEVEL: process.env.LOG_LEVEL || 'info', + LOG_LEVEL: process.env.LOG_LEVEL ?? 'info', CONFIG_VERSION: { DEFAULT: 'DEFAULT', EXPECTED: 'v2.2023-08-24', @@ -25,21 +25,21 @@ const constants = { const server = { // JWT_SECRET: process.env.JWT_SECRET || 'secret123', // JWT_EXPIRES_IN: process.env.JWT_EXPIRES_IN || '10m', - GRAPHIQL: process.env.GRAPHIQL === 'true' || false, + GRAPHIQL: process.env.GRAPHIQL === 'true' ?? false, // GDT_API_URL: process.env.GDT_API_URL || 'https://gdt.gradido.net', - PRODUCTION: process.env.NODE_ENV === 'production' || false, + PRODUCTION: process.env.NODE_ENV === 'production' ?? false, } const database = { - DB_HOST: process.env.DB_HOST || 'localhost', + DB_HOST: process.env.DB_HOST ?? 'localhost', DB_PORT: process.env.DB_PORT ? parseInt(process.env.DB_PORT) : 3306, - DB_USER: process.env.DB_USER || 'root', - DB_PASSWORD: process.env.DB_PASSWORD || '', - DB_DATABASE: process.env.DB_DATABASE || 'gradido_community', - TYPEORM_LOGGING_RELATIVE_PATH: process.env.TYPEORM_LOGGING_RELATIVE_PATH || 'typeorm.backend.log', + DB_USER: process.env.DB_USER ?? 'root', + DB_PASSWORD: process.env.DB_PASSWORD ?? '', + DB_DATABASE: process.env.DB_DATABASE ?? 'gradido_community', + TYPEORM_LOGGING_RELATIVE_PATH: process.env.TYPEORM_LOGGING_RELATIVE_PATH ?? 'typeorm.backend.log', } // Check config version -constants.CONFIG_VERSION.CURRENT = process.env.CONFIG_VERSION || constants.CONFIG_VERSION.DEFAULT +constants.CONFIG_VERSION.CURRENT = process.env.CONFIG_VERSION ?? constants.CONFIG_VERSION.DEFAULT if ( ![constants.CONFIG_VERSION.EXPECTED, constants.CONFIG_VERSION.DEFAULT].includes( constants.CONFIG_VERSION.CURRENT, @@ -50,10 +50,14 @@ if ( ) } +const COMMUNITY_HOST = process.env.COMMUNITY_HOST ?? 'localhost' +const URL_PROTOCOL = process.env.URL_PROTOCOL ?? 'http' +const COMMUNITY_URL = process.env.COMMUNITY_URL ?? `${URL_PROTOCOL}://${COMMUNITY_HOST}` + const federation = { - FEDERATION_API: process.env.FEDERATION_API || '1_0', - FEDERATION_PORT: process.env.FEDERATION_PORT || 5010, - FEDERATION_COMMUNITY_URL: process.env.FEDERATION_COMMUNITY_URL || null, + FEDERATION_API: process.env.FEDERATION_API ?? '1_0', + FEDERATION_PORT: process.env.FEDERATION_PORT ?? 5010, + FEDERATION_COMMUNITY_URL: process.env.FEDERATION_COMMUNITY_URL ?? COMMUNITY_URL, FEDERATION_TRADING_LEVEL: { RECEIVER_COMMUNITY_URL: 'https://stage3.gradido.net/api/', SEND_COINS: true, diff --git a/frontend/.env.dist b/frontend/.env.dist index 427d43359..f7e7edcd6 100644 --- a/frontend/.env.dist +++ b/frontend/.env.dist @@ -2,13 +2,13 @@ DEFAULT_PUBLISHER_ID=2896 # Endpoints -GRAPHQL_URI=http://localhost/graphql -ADMIN_AUTH_URL=http://localhost/admin/authenticate?token={token} +GRAPHQL_PATH=/graphql +ADMIN_AUTH_PATH=/admin/authenticate?token={token} # Community COMMUNITY_NAME=Gradido Entwicklung COMMUNITY_URL=http://localhost/ -COMMUNITY_REGISTER_URL=http://localhost/register +COMMUNITY_REGISTER_PATH=/register COMMUNITY_DESCRIPTION=Die lokale Entwicklungsumgebung von Gradido. COMMUNITY_SUPPORT_MAIL=support@supportmail.com diff --git a/frontend/.env.template b/frontend/.env.template index 59e34eb80..e5662140c 100644 --- a/frontend/.env.template +++ b/frontend/.env.template @@ -4,13 +4,14 @@ CONFIG_VERSION=$FRONTEND_CONFIG_VERSION DEFAULT_PUBLISHER_ID=$DEFAULT_PUBLISHER_ID # Endpoints -GRAPHQL_URI=$GRAPHQL_URI -ADMIN_AUTH_URL=$ADMIN_AUTH_URL +GRAPHQL_PATH=$GRAPHQL_PATH +ADMIN_AUTH_PATH=$ADMIN_AUTH_PATH # Community COMMUNITY_NAME=$COMMUNITY_NAME -COMMUNITY_URL=$COMMUNITY_URL -COMMUNITY_REGISTER_URL=$COMMUNITY_REGISTER_URL +COMMUNITY_HOST=$COMMUNITY_HOST +URL_PROTOCOL=$URL_PROTOCOL +COMMUNITY_REGISTER_PATH=$COMMUNITY_REGISTER_PATH COMMUNITY_DESCRIPTION=$COMMUNITY_DESCRIPTION COMMUNITY_SUPPORT_MAIL=$COMMUNITY_SUPPORT_MAIL diff --git a/frontend/src/config/index.js b/frontend/src/config/index.js index b90376672..dd2e85dac 100644 --- a/frontend/src/config/index.js +++ b/frontend/src/config/index.js @@ -8,61 +8,66 @@ const constants = { DECAY_START_TIME: new Date('2021-05-13 17:46:31-0000'), // GMT+0 CONFIG_VERSION: { DEFAULT: 'DEFAULT', - EXPECTED: 'v4.2022-12-20', + EXPECTED: 'v5.2024-01-08', CURRENT: '', }, } const version = { APP_VERSION: pkg.version, - BUILD_COMMIT: process.env.BUILD_COMMIT || null, + BUILD_COMMIT: process.env.BUILD_COMMIT ?? null, // self reference of `version.BUILD_COMMIT` is not possible at this point, hence the duplicate code - BUILD_COMMIT_SHORT: (process.env.BUILD_COMMIT || '0000000').slice(0, 7), + BUILD_COMMIT_SHORT: (process.env.BUILD_COMMIT ?? '0000000').slice(0, 7), } const environment = { NODE_ENV: process.env.NODE_ENV, - DEBUG: process.env.NODE_ENV !== 'production' || false, - PRODUCTION: process.env.NODE_ENV === 'production' || false, - DEFAULT_PUBLISHER_ID: process.env.DEFAULT_PUBLISHER_ID || 2896, - PORT: process.env.PORT || 3000, + DEBUG: process.env.NODE_ENV !== 'production' ?? false, + PRODUCTION: process.env.NODE_ENV === 'production' ?? false, + DEFAULT_PUBLISHER_ID: process.env.DEFAULT_PUBLISHER_ID ?? 2896, + PORT: process.env.PORT ?? 3000, } +const COMMUNITY_HOST = process.env.COMMUNITY_HOST ?? 'localhost' +const URL_PROTOCOL = process.env.URL_PROTOCOL ?? 'http' +const COMMUNITY_URL = process.env.COMMUNITY_URL ?? `${URL_PROTOCOL}://${COMMUNITY_HOST}` + const endpoints = { - GRAPHQL_URI: process.env.GRAPHQL_URI || 'http://localhost/graphql', - ADMIN_AUTH_URL: process.env.ADMIN_AUTH_URL || 'http://localhost/admin/authenticate?token={token}', + GRAPHQL_URI: COMMUNITY_URL + (process.env.GRAPHQL_PATH ?? '/graphql'), + ADMIN_AUTH_URL: + COMMUNITY_URL + (process.env.ADMIN_AUTH_PATH ?? '/admin/authenticate?token={token}'), } const community = { - COMMUNITY_NAME: process.env.COMMUNITY_NAME || 'Gradido Entwicklung', - COMMUNITY_URL: process.env.COMMUNITY_URL || 'http://localhost/', - COMMUNITY_REGISTER_URL: process.env.COMMUNITY_REGISTER_URL || 'http://localhost/register', + COMMUNITY_NAME: process.env.COMMUNITY_NAME ?? 'Gradido Entwicklung', + COMMUNITY_URL: COMMUNITY_URL, + COMMUNITY_REGISTER_URL: COMMUNITY_URL + (process.env.COMMUNITY_REGISTER_PATH ?? '/register'), COMMUNITY_DESCRIPTION: - process.env.COMMUNITY_DESCRIPTION || 'Die lokale Entwicklungsumgebung von Gradido.', - COMMUNITY_SUPPORT_MAIL: process.env.COMMUNITY_SUPPORT_MAIL || 'support@supportmail.com', + process.env.COMMUNITY_DESCRIPTION ?? 'Die lokale Entwicklungsumgebung von Gradido.', + COMMUNITY_SUPPORT_MAIL: process.env.COMMUNITY_SUPPORT_MAIL ?? 'support@supportmail.com', } const meta = { - META_URL: process.env.META_URL || 'http://localhost', - META_TITLE_DE: process.env.META_TITLE_DE || 'Gradido – Dein Dankbarkeitskonto', - META_TITLE_EN: process.env.META_TITLE_EN || 'Gradido - Your gratitude account', + META_URL: process.env.META_URL ?? 'http://localhost', + META_TITLE_DE: process.env.META_TITLE_DE ?? 'Gradido – Dein Dankbarkeitskonto', + META_TITLE_EN: process.env.META_TITLE_EN ?? 'Gradido - Your gratitude account', META_DESCRIPTION_DE: - process.env.META_DESCRIPTION_DE || + process.env.META_DESCRIPTION_DE ?? 'Dankbarkeit ist die Währung der neuen Zeit. Immer mehr Menschen entfalten ihr Potenzial und gestalten eine gute Zukunft für alle.', META_DESCRIPTION_EN: - process.env.META_DESCRIPTION_EN || + process.env.META_DESCRIPTION_EN ?? 'Gratitude is the currency of the new age. More and more people are unleashing their potential and shaping a good future for all.', META_KEYWORDS_DE: - process.env.META_KEYWORDS_DE || + process.env.META_KEYWORDS_DE ?? 'Grundeinkommen, Währung, Dankbarkeit, Schenk-Ökonomie, Natürliche Ökonomie des Lebens, Ökonomie, Ökologie, Potenzialentfaltung, Schenken und Danken, Kreislauf des Lebens, Geldsystem', META_KEYWORDS_EN: - process.env.META_KEYWORDS_EN || + process.env.META_KEYWORDS_EN ?? 'Basic Income, Currency, Gratitude, Gift Economy, Natural Economy of Life, Economy, Ecology, Potential Development, Giving and Thanking, Cycle of Life, Monetary System', - META_AUTHOR: process.env.META_AUTHOR || 'Bernd Hückstädt - Gradido-Akademie', + META_AUTHOR: process.env.META_AUTHOR ?? 'Bernd Hückstädt - Gradido-Akademie', } // Check config version -constants.CONFIG_VERSION.CURRENT = process.env.CONFIG_VERSION || constants.CONFIG_VERSION.DEFAULT +constants.CONFIG_VERSION.CURRENT = process.env.CONFIG_VERSION ?? constants.CONFIG_VERSION.DEFAULT if ( ![constants.CONFIG_VERSION.EXPECTED, constants.CONFIG_VERSION.DEFAULT].includes( constants.CONFIG_VERSION.CURRENT, From 29fc999a8b2ebb1514c8b011ea95ae3e679b9e59 Mon Sep 17 00:00:00 2001 From: einhorn_b Date: Mon, 8 Jan 2024 12:37:26 +0100 Subject: [PATCH 05/34] bugfix --- .../src/emails/templates/addedContributionMessage/html.pug | 2 +- .../emails/templates/includes/contributionDetailsCTA.pug | 4 ++-- .../src/emails/templates/transactionLinkRedeemed/html.pug | 2 +- backend/src/emails/templates/transactionReceived/html.pug | 2 +- dlt-database/migrations/0001-init_db.ts | 6 +++--- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/backend/src/emails/templates/addedContributionMessage/html.pug b/backend/src/emails/templates/addedContributionMessage/html.pug index 7865b2099..ff7c89c30 100644 --- a/backend/src/emails/templates/addedContributionMessage/html.pug +++ b/backend/src/emails/templates/addedContributionMessage/html.pug @@ -9,6 +9,6 @@ block content h2= t('emails.addedContributionMessage.readMessage') div(class="p_content")= t('emails.addedContributionMessage.toSeeAndAnswerMessage') - a.button-3(href=`${communityURL}community/contributions`) #{t('emails.general.toAccount')} + a.button-3(href=`${communityURL}/community/contributions`) #{t('emails.general.toAccount')} include ../includes/doNotReply.pug diff --git a/backend/src/emails/templates/includes/contributionDetailsCTA.pug b/backend/src/emails/templates/includes/contributionDetailsCTA.pug index fb2906419..0a3bd395d 100644 --- a/backend/src/emails/templates/includes/contributionDetailsCTA.pug +++ b/backend/src/emails/templates/includes/contributionDetailsCTA.pug @@ -1,7 +1,7 @@ //- h2= t('emails.general.contributionDetails') div(class="p_content")= t('emails.contribution.toSeeContributionsAndMessages') -a.button-3(href=`${communityURL}community/contributions`) #{t('emails.general.toAccount')} +a.button-3(href=`${communityURL}/community/contributions`) #{t('emails.general.toAccount')} div(class="p_content")= t('emails.general.orCopyLink') -a.clink(href=`${communityURL}community/contributions`) #{`${communityURL}community/contributions`} \ No newline at end of file +a.clink(href=`${communityURL}/community/contributions`) #{`${communityURL}/community/contributions`} \ No newline at end of file diff --git a/backend/src/emails/templates/transactionLinkRedeemed/html.pug b/backend/src/emails/templates/transactionLinkRedeemed/html.pug index b24c5da40..281ee9205 100644 --- a/backend/src/emails/templates/transactionLinkRedeemed/html.pug +++ b/backend/src/emails/templates/transactionLinkRedeemed/html.pug @@ -13,6 +13,6 @@ block content br = t('emails.general.detailsYouFindOnLinkToYourAccount') - a.button-3(href=`${communityURL}transactions`) #{t('emails.general.toAccount')} + a.button-3(href=`${communityURL}/transactions`) #{t('emails.general.toAccount')} include ../includes/doNotReply.pug diff --git a/backend/src/emails/templates/transactionReceived/html.pug b/backend/src/emails/templates/transactionReceived/html.pug index 93de2c88e..5370ec03e 100644 --- a/backend/src/emails/templates/transactionReceived/html.pug +++ b/backend/src/emails/templates/transactionReceived/html.pug @@ -9,7 +9,7 @@ block content h2= t('emails.general.transactionDetails') div(class="p_content")= t('emails.general.detailsYouFindOnLinkToYourAccount') - a.button-3(href=`${communityURL}transactions`) #{t('emails.general.toAccount')} + a.button-3(href=`${communityURL}/transactions`) #{t('emails.general.toAccount')} include ../includes/doNotReply.pug diff --git a/dlt-database/migrations/0001-init_db.ts b/dlt-database/migrations/0001-init_db.ts index 85fed59e0..8188a889d 100644 --- a/dlt-database/migrations/0001-init_db.ts +++ b/dlt-database/migrations/0001-init_db.ts @@ -23,7 +23,7 @@ export async function upgrade(queryFn: (query: string, values?: any[]) => Promis \`confirmed_at\` datetime(3) DEFAULT NULL, PRIMARY KEY (\`id\`), INDEX \`gradido_id\` (\`gradido_id\`), - UNIQUE KEY \`pubkey\` (\`pubkey\`) + UNIQUE KEY \`derive1_pubkey\` (\`derive1_pubkey\`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;`) await queryFn(` @@ -38,7 +38,7 @@ export async function upgrade(queryFn: (query: string, values?: any[]) => Promis \`balance\` decimal(40,20) NOT NULL DEFAULT 0, \`balance_date\` datetime(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3), PRIMARY KEY (\`id\`), - UNIQUE KEY \`pubkey\` (\`pubkey\`), + UNIQUE KEY \`derive2_pubkey\` (\`derive2_pubkey\`), FOREIGN KEY (\`user_id\`) REFERENCES users(id) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; `) @@ -56,7 +56,7 @@ export async function upgrade(queryFn: (query: string, values?: any[]) => Promis \`created_at\` datetime(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3), \`confirmed_at\` datetime(3) DEFAULT NULL, PRIMARY KEY (\`id\`), - UNIQUE KEY \`pubkey\` (\`pubkey\`), + UNIQUE KEY \`root_pubkey\` (\`root_pubkey\`), FOREIGN KEY (\`gmw_account_id\`) REFERENCES accounts(id), FOREIGN KEY (\`auf_account_id\`) REFERENCES accounts(id) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;`) From 464e993da2b96af299063219b65a12d48fa45a54 Mon Sep 17 00:00:00 2001 From: einhorn_b Date: Mon, 8 Jan 2024 13:13:03 +0100 Subject: [PATCH 06/34] update .env --- deployment/bare_metal/.env.dist | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/deployment/bare_metal/.env.dist b/deployment/bare_metal/.env.dist index 973a9e8a6..dd5e75484 100644 --- a/deployment/bare_metal/.env.dist +++ b/deployment/bare_metal/.env.dist @@ -4,6 +4,17 @@ COMMUNITY_DESCRIPTION="Short Description from your Community." COMMUNITY_HOST=gddhost.tld COMMUNITY_SUPPORT_MAIL=support@supportmail.com +# setup email account for sending gradido system messages to users +EMAIL=true +EMAIL_TEST_MODUS=false +EMAIL_TEST_RECEIVER=test_team@gradido.net +EMAIL_USERNAME=peter@lustig.de +EMAIL_SENDER=peter@lustig.de +EMAIL_PASSWORD=1234 +EMAIL_SMTP_URL=smtp.lustig.de +EMAIL_CODE_VALID_TIME=1440 +EMAIL_CODE_REQUEST_TIME=10 + # Need to adjust by updates # config versions DATABASE_CONFIG_VERSION=v1.2022-03-18 @@ -19,17 +30,6 @@ URL_PROTOCOL=https # only for test server DEPLOY_SEED_DATA=false -# setup email account for sending gradido system messages to users -EMAIL=true -EMAIL_TEST_MODUS=false -EMAIL_TEST_RECEIVER=test_team@gradido.net -EMAIL_USERNAME=peter@lustig.de -EMAIL_SENDER=peter@lustig.de -EMAIL_PASSWORD=1234 -EMAIL_SMTP_URL=smtp.lustig.de -EMAIL_CODE_VALID_TIME=1440 -EMAIL_CODE_REQUEST_TIME=10 - # Logging GRADIDO_LOG_PATH=/home/gradido/gradido/deployment/bare_metal/log TYPEORM_LOGGING_RELATIVE_PATH=/home/gradido/gradido/deployment/bare_metal/log/typeorm.backend.log From bd59e06d170ea37e293b1d8f48d5353f2a0b3224 Mon Sep 17 00:00:00 2001 From: einhorn_b Date: Mon, 8 Jan 2024 15:59:55 +0100 Subject: [PATCH 07/34] install.sh can run on command line, certbort used for https, FEDERATION_DHT_SEED generate and loaded in start.sh --- deployment/bare_metal/.env.dist | 2 + deployment/bare_metal/start.sh | 25 ++++++---- deployment/hetzner_cloud/README.md | 31 +++++++++++- deployment/hetzner_cloud/install.sh | 73 ++++++++++++++++++++++++++++- 4 files changed, 118 insertions(+), 13 deletions(-) diff --git a/deployment/bare_metal/.env.dist b/deployment/bare_metal/.env.dist index dd5e75484..59cbf042e 100644 --- a/deployment/bare_metal/.env.dist +++ b/deployment/bare_metal/.env.dist @@ -24,6 +24,8 @@ ADMIN_CONFIG_VERSION=v2.2024-01-04 FEDERATION_CONFIG_VERSION=v1.2023-01-09 FEDERATION_DHT_CONFIG_VERSION=v3.2023-04-26 +FEDERATION_DHT_TOPIC=GRADIDO_HUB + # Need adjustments for test system URL_PROTOCOL=https # start script diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index bc923c6fa..db67cc0d9 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -14,8 +14,10 @@ set +o allexport # the services and will therefore take precedence over the .env # We have to load the backend .env to get DB_USERNAME, DB_PASSWORD AND JWT_SECRET +# and the dht-node .env to get FEDERATION_DHT_SEED export_var(){ export $1=$(grep -v '^#' $PROJECT_ROOT/backend/.env | grep -e "$1" | sed -e 's/.*=//') + export $1=$(grep -v '^#' $PROJECT_ROOT/dht-node/.env | grep -e "$1" | sed -e 's/.*=//') } if [ -f "$PROJECT_ROOT/backend/.env" ]; then @@ -24,6 +26,10 @@ if [ -f "$PROJECT_ROOT/backend/.env" ]; then export_var 'JWT_SECRET' fi +if [ -f "$PROJECT_ROOT/dht-node/.env" ]; then + export_var 'FEDERATION_DHT_SEED' +fi + # Load .env or .env.dist if not present if [ -f "$SCRIPT_DIR/.env" ]; then set -o allexport @@ -57,6 +63,10 @@ echo 'Configuring nginx to serve the update-page' >> $UPDATE_HTML rm /etc/nginx/sites-enabled/gradido.conf ln -s /etc/nginx/sites-available/update-page.conf /etc/nginx/sites-enabled/ sudo /etc/init.d/nginx restart +# enable https if env variable has value https +if [ "$URL_PROTOCOL" = "https" ]; then + certbot --nginx --non-interactive +fi # stop all services echo 'Stop and delete all Gradido services' >> $UPDATE_HTML @@ -100,11 +110,7 @@ export FEDERATION_NGINX_CONF=$(< $NGINX_CONFIG_DIR/gradido-federation.conf.locat # *** 3rd generate gradido nginx config including federation modules per api-version echo 'Generate new gradido nginx config' >> $UPDATE_HTML -case "$URL_PROTOCOL" in - 'https') TEMPLATE_FILE="gradido.conf.ssl.template" ;; - *) TEMPLATE_FILE="gradido.conf.template" ;; -esac -envsubst '$FEDERATION_NGINX_CONF' < $NGINX_CONFIG_DIR/$TEMPLATE_FILE > $NGINX_CONFIG_DIR/gradido.conf.tmp +envsubst '$FEDERATION_NGINX_CONF' < $NGINX_CONFIG_DIR/gradido.conf.template > $NGINX_CONFIG_DIR/gradido.conf.tmp unset FEDERATION_NGINX_CONF envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $NGINX_CONFIG_DIR/gradido.conf.tmp > $NGINX_CONFIG_DIR/gradido.conf rm $NGINX_CONFIG_DIR/gradido.conf.tmp @@ -112,11 +118,7 @@ rm $NGINX_CONFIG_DIR/gradido-federation.conf.locations # Generate update-page.conf from template echo 'Generate new update-page nginx config' >> $UPDATE_HTML -case "$URL_PROTOCOL" in - 'https') TEMPLATE_FILE="update-page.conf.ssl.template" ;; - *) TEMPLATE_FILE="update-page.conf.template" ;; -esac -envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $NGINX_CONFIG_DIR/$TEMPLATE_FILE > $NGINX_CONFIG_DIR/update-page.conf +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $NGINX_CONFIG_DIR/update-page.conf.template > $NGINX_CONFIG_DIR/update-page.conf # Clean tmp folder - remove yarn files find /tmp -name "yarn--*" -exec rm -r {} \; @@ -262,6 +264,9 @@ echo 'Configuring nginx to serve gradido again' >> $UPDATE_HTML ln -s /etc/nginx/sites-available/gradido.conf /etc/nginx/sites-enabled/ rm /etc/nginx/sites-enabled/update-page.conf sudo /etc/init.d/nginx restart +if [ "$URL_PROTOCOL" = "https" ]; then + certbot --nginx --non-interactive +fi # keep the update log cat $UPDATE_HTML >> $GRADIDO_LOG_PATH/update.$TODAY.log diff --git a/deployment/hetzner_cloud/README.md b/deployment/hetzner_cloud/README.md index 01df8663d..fbad7ace6 100644 --- a/deployment/hetzner_cloud/README.md +++ b/deployment/hetzner_cloud/README.md @@ -76,7 +76,34 @@ $ ssh -i /path/to/privKey gradido@gddhost.tld cd ~ git clone https://github.com/gradido/gradido.git ``` -### Edit Config + +### Adjust the values in `.env` + +***!!! Attention !!!*** + +*Don't forget this step! +All your following installations in `install.sh` will fail!* + +*Notes:* + +- *`;` cannot be part of any value!* +- *The GitHub secret is created on GitHub in Settings -> Webhooks.* + +#### Create `.env` and set values + ```bash cd ~/gradido/deployment -cp ./bare_metal/.env.dist ./hetzner_cloud/.env \ No newline at end of file +cp ./bare_metal/.env.dist ./hetzner_cloud/.env +cd hetzner_cloud/ +nano .env +# adjust values accordingly +``` + +### Run `install.sh` +***!!! Attention !!!*** +Don't use this script if you have custom config in /etc/nginx/conf.d, because this script +will remove it and ln ../bare_metal/nginx/conf.d + +```bash +sudo chmod +x ./install.sh +sudo ./install.sh \ No newline at end of file diff --git a/deployment/hetzner_cloud/install.sh b/deployment/hetzner_cloud/install.sh index c51a2e60b..64f6240ec 100644 --- a/deployment/hetzner_cloud/install.sh +++ b/deployment/hetzner_cloud/install.sh @@ -57,4 +57,75 @@ send \"y\r\" expect eof ") -echo "$SECURE_MYSQL" \ No newline at end of file +echo "$SECURE_MYSQL" + +# Configure nginx +rm /etc/nginx/sites-enabled/default +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_DIR/nginx/sites-available/gradido.conf.template > $SCRIPT_DIR/nginx/sites-available/gradido.conf +ln -s $SCRIPT_DIR/nginx/sites-available/gradido.conf /etc/nginx/sites-available +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_DIR/nginx/sites-available/update-page.conf.template > $SCRIPT_DIR/nginx/sites-available/update-page.conf +ln -s $SCRIPT_DIR/nginx/sites-available/update-page.conf /etc/nginx/sites-available +ln -s $SCRIPT_DIR/nginx/common /etc/nginx/ +rmdir /etc/nginx/conf.d +ln -s $SCRIPT_DIR/nginx/conf.d /etc/nginx/ + +# setup https with certbot +certbot --nginx --non-interactive --agree-tos --domains $COMMUNITY_HOST --email $COMMUNITY_SUPPORT_MAIL + +# Install node 16.x +curl -sL https://deb.nodesource.com/setup_16.x | sudo -E bash - +apt-get install -y nodejs + +# Install yarn +curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - +echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list +apt-get update +apt-get install -y yarn + +# Install pm2 +yarn global add pm2 +pm2 startup + +# Install logrotate +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_DIR/logrotate/gradido.conf.template > $SCRIPT_DIR/logrotate/gradido.conf +cp $SCRIPT_DIR/logrotate/gradido.conf /etc/logrotate.d/gradido.conf +chown root:root /etc/logrotate.d/gradido.conf + +# create db user +export DB_USER=gradido +export DB_PASSWORD=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo); +mysql < $PROJECT_ROOT/database/.env + +# Configure backend +export JWT_SECRET=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo); +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/backend/.env.template > $PROJECT_ROOT/backend/.env + +# Configure frontend +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/frontend/.env.template > $PROJECT_ROOT/frontend/.env + +# Configure admin +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/admin/.env.template > $PROJECT_ROOT/admin/.env + +# Configure dht-node +export FEDERATION_DHT_SEED=$(< /dev/urandom tr -dc a-f0-9 | head -c 32;echo); +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/dht-node/.env.template > $PROJECT_ROOT/dht-node/.env + +# Configure federation +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/federation/.env.template > $PROJECT_ROOT/federation/.env + +# create cronjob to delete yarn output in /tmp +# crontab -e +# hourly job: 0 * * * * find /tmp -name "yarn--*" -cmin +60 -exec rm -r {} \; > /dev/null +crontab -l | { cat; echo "0 * * * * find /tmp -name "yarn--*" -cmin +60 -exec rm -r {} \; > /dev/null"; } | crontab - +# daily job: 0 4 * * * find /tmp -name "yarn--*" -ctime +1 -exec rm -r {} \; > /dev/null +crontab -l | { cat; echo "0 4 * * * find /tmp -name "yarn--*" -ctime +1 -exec rm -r {} \; > /dev/null"; } | crontab - +# Start gradido +# Note: on first startup some errors will occur - nothing serious +$SCRIPT_PATH/start.sh \ No newline at end of file From 3c1449f9d59966a76333c623ba3b520ff957bf11 Mon Sep 17 00:00:00 2001 From: einhorn_b Date: Mon, 8 Jan 2024 16:12:50 +0100 Subject: [PATCH 08/34] move .env to bare_metal --- deployment/hetzner_cloud/README.md | 7 ++++--- deployment/hetzner_cloud/install.sh | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/deployment/hetzner_cloud/README.md b/deployment/hetzner_cloud/README.md index fbad7ace6..9f0bb94e6 100644 --- a/deployment/hetzner_cloud/README.md +++ b/deployment/hetzner_cloud/README.md @@ -92,10 +92,10 @@ All your following installations in `install.sh` will fail!* #### Create `.env` and set values ```bash -cd ~/gradido/deployment -cp ./bare_metal/.env.dist ./hetzner_cloud/.env -cd hetzner_cloud/ +cd ~/gradido/deployment/bare_metal +cp .env.dist .env nano .env + # adjust values accordingly ``` @@ -105,5 +105,6 @@ Don't use this script if you have custom config in /etc/nginx/conf.d, because th will remove it and ln ../bare_metal/nginx/conf.d ```bash +cd ~/gradido/deployment/hetzner_cloud sudo chmod +x ./install.sh sudo ./install.sh \ No newline at end of file diff --git a/deployment/hetzner_cloud/install.sh b/deployment/hetzner_cloud/install.sh index 64f6240ec..538386bf0 100644 --- a/deployment/hetzner_cloud/install.sh +++ b/deployment/hetzner_cloud/install.sh @@ -17,7 +17,7 @@ set +o allexport # the services and will therefore take precedence over the .env if [ -f "./.env" ]; then set -o allexport - source ./.env + source $SCRIPT_DIR/.env set +o allexport else set -o allexport From 912b2dc679045cb53e5443f84bd6c5f57a3937ff Mon Sep 17 00:00:00 2001 From: einhorn_b Date: Mon, 8 Jan 2024 16:18:55 +0100 Subject: [PATCH 09/34] make install.sh executable --- deployment/hetzner_cloud/install.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 deployment/hetzner_cloud/install.sh diff --git a/deployment/hetzner_cloud/install.sh b/deployment/hetzner_cloud/install.sh old mode 100644 new mode 100755 From 646f78dd5df10d115a8341c55c43e5e96d6264ac Mon Sep 17 00:00:00 2001 From: einhorn_b Date: Mon, 8 Jan 2024 16:30:24 +0100 Subject: [PATCH 10/34] adjust paths --- deployment/hetzner_cloud/install.sh | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/deployment/hetzner_cloud/install.sh b/deployment/hetzner_cloud/install.sh index 538386bf0..cdde55080 100755 --- a/deployment/hetzner_cloud/install.sh +++ b/deployment/hetzner_cloud/install.sh @@ -9,7 +9,7 @@ systemctl start systemd-timesyncd set -o allexport SCRIPT_PATH=$(realpath ../bare_metal) SCRIPT_DIR=$(dirname $SCRIPT_PATH) -PROJECT_ROOT=$SCRIPT_DIR/../.. +PROJECT_ROOT=$SCRIPT_DIR/.. set +o allexport # Load .env or .env.dist if not present @@ -17,11 +17,11 @@ set +o allexport # the services and will therefore take precedence over the .env if [ -f "./.env" ]; then set -o allexport - source $SCRIPT_DIR/.env + source $SCRIPT_PATH/.env set +o allexport else set -o allexport - source $SCRIPT_DIR/.env.dist + source $SCRIPT_PATH/.env.dist set +o allexport fi @@ -61,13 +61,13 @@ echo "$SECURE_MYSQL" # Configure nginx rm /etc/nginx/sites-enabled/default -envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_DIR/nginx/sites-available/gradido.conf.template > $SCRIPT_DIR/nginx/sites-available/gradido.conf +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_PATH/nginx/sites-available/gradido.conf.template > $SCRIPT_PATH/nginx/sites-available/gradido.conf ln -s $SCRIPT_DIR/nginx/sites-available/gradido.conf /etc/nginx/sites-available -envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_DIR/nginx/sites-available/update-page.conf.template > $SCRIPT_DIR/nginx/sites-available/update-page.conf -ln -s $SCRIPT_DIR/nginx/sites-available/update-page.conf /etc/nginx/sites-available -ln -s $SCRIPT_DIR/nginx/common /etc/nginx/ +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_PATH/nginx/sites-available/update-page.conf.template > $SCRIPT_PATH/nginx/sites-available/update-page.conf +ln -s $SCRIPT_PATH/nginx/sites-available/update-page.conf /etc/nginx/sites-available +ln -s $SCRIPT_PATH/nginx/common /etc/nginx/ rmdir /etc/nginx/conf.d -ln -s $SCRIPT_DIR/nginx/conf.d /etc/nginx/ +ln -s $SCRIPT_PATH/nginx/conf.d /etc/nginx/ # setup https with certbot certbot --nginx --non-interactive --agree-tos --domains $COMMUNITY_HOST --email $COMMUNITY_SUPPORT_MAIL @@ -87,8 +87,8 @@ yarn global add pm2 pm2 startup # Install logrotate -envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_DIR/logrotate/gradido.conf.template > $SCRIPT_DIR/logrotate/gradido.conf -cp $SCRIPT_DIR/logrotate/gradido.conf /etc/logrotate.d/gradido.conf +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_PATH/logrotate/gradido.conf.template > $SCRIPT_PATH/logrotate/gradido.conf +cp $SCRIPT_PATH/logrotate/gradido.conf /etc/logrotate.d/gradido.conf chown root:root /etc/logrotate.d/gradido.conf # create db user @@ -96,7 +96,7 @@ export DB_USER=gradido export DB_PASSWORD=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo); mysql < Date: Mon, 8 Jan 2024 16:45:53 +0100 Subject: [PATCH 11/34] fix bug --- deployment/hetzner_cloud/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/hetzner_cloud/install.sh b/deployment/hetzner_cloud/install.sh index cdde55080..2116e37dd 100755 --- a/deployment/hetzner_cloud/install.sh +++ b/deployment/hetzner_cloud/install.sh @@ -15,7 +15,7 @@ set +o allexport # Load .env or .env.dist if not present # NOTE: all config values will be in process.env when starting # the services and will therefore take precedence over the .env -if [ -f "./.env" ]; then +if [ -f "$SCRIPT_PATH/.env" ]; then set -o allexport source $SCRIPT_PATH/.env set +o allexport From 1b3355a61011bf54b3ed21728ade8adc96519555 Mon Sep 17 00:00:00 2001 From: einhorn_b Date: Mon, 8 Jan 2024 16:56:14 +0100 Subject: [PATCH 12/34] fix certbot --- deployment/bare_metal/start.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index db67cc0d9..68934dbcf 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -65,7 +65,7 @@ ln -s /etc/nginx/sites-available/update-page.conf /etc/nginx/sites-enabled/ sudo /etc/init.d/nginx restart # enable https if env variable has value https if [ "$URL_PROTOCOL" = "https" ]; then - certbot --nginx --non-interactive + certbot --nginx --non-interactive --domains $COMMUNITY_HOST fi # stop all services @@ -265,7 +265,7 @@ ln -s /etc/nginx/sites-available/gradido.conf /etc/nginx/sites-enabled/ rm /etc/nginx/sites-enabled/update-page.conf sudo /etc/init.d/nginx restart if [ "$URL_PROTOCOL" = "https" ]; then - certbot --nginx --non-interactive + certbot --nginx --non-interactive --domains $COMMUNITY_HOST fi # keep the update log From 0540857af3d2c197df758400d6f6f122cf28df0f Mon Sep 17 00:00:00 2001 From: einhorn_b Date: Mon, 8 Jan 2024 17:26:59 +0100 Subject: [PATCH 13/34] update nginx code --- deployment/bare_metal/start.sh | 11 +++++------ deployment/hetzner_cloud/install.sh | 7 ++++--- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index 68934dbcf..554b947af 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -60,12 +60,12 @@ exec > >(tee -a $UPDATE_HTML) 2>&1 # configure nginx for the update-page echo 'Configuring nginx to serve the update-page' >> $UPDATE_HTML -rm /etc/nginx/sites-enabled/gradido.conf -ln -s /etc/nginx/sites-available/update-page.conf /etc/nginx/sites-enabled/ + +ln -s $SCRIPT_PATH/nginx/sites-available/update-page.conf $SCRIPT_PATH/nginx/sites-enabled/default sudo /etc/init.d/nginx restart # enable https if env variable has value https if [ "$URL_PROTOCOL" = "https" ]; then - certbot --nginx --non-interactive --domains $COMMUNITY_HOST + certbot install --nginx --non-interactive --cert-name $COMMUNITY_HOST --logs-dir ./log/ --work-dir . --config-dir . fi # stop all services @@ -261,11 +261,10 @@ done # let nginx showing gradido echo 'Configuring nginx to serve gradido again' >> $UPDATE_HTML -ln -s /etc/nginx/sites-available/gradido.conf /etc/nginx/sites-enabled/ -rm /etc/nginx/sites-enabled/update-page.conf +ln -s $SCRIPT_PATH/nginx/sites-available/gradido.conf $SCRIPT_PATH/nginx/sites-enabled/default sudo /etc/init.d/nginx restart if [ "$URL_PROTOCOL" = "https" ]; then - certbot --nginx --non-interactive --domains $COMMUNITY_HOST + certbot install --nginx --non-interactive --cert-name $COMMUNITY_HOST --logs-dir ./log/ --work-dir . --config-dir . fi # keep the update log diff --git a/deployment/hetzner_cloud/install.sh b/deployment/hetzner_cloud/install.sh index 2116e37dd..69224223a 100755 --- a/deployment/hetzner_cloud/install.sh +++ b/deployment/hetzner_cloud/install.sh @@ -62,9 +62,10 @@ echo "$SECURE_MYSQL" # Configure nginx rm /etc/nginx/sites-enabled/default envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_PATH/nginx/sites-available/gradido.conf.template > $SCRIPT_PATH/nginx/sites-available/gradido.conf -ln -s $SCRIPT_DIR/nginx/sites-available/gradido.conf /etc/nginx/sites-available envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_PATH/nginx/sites-available/update-page.conf.template > $SCRIPT_PATH/nginx/sites-available/update-page.conf -ln -s $SCRIPT_PATH/nginx/sites-available/update-page.conf /etc/nginx/sites-available +mkdir $SCRIPT_PATH/nginx/sites-enabled +ln -s $SCRIPT_PATH/nginx/sites-available/update-page.conf $SCRIPT_PATH/nginx/sites-enabled/default +ln -s $SCRIPT_PATH/nginx/sites-enabled/default /etc/nginx/sites-enabled ln -s $SCRIPT_PATH/nginx/common /etc/nginx/ rmdir /etc/nginx/conf.d ln -s $SCRIPT_PATH/nginx/conf.d /etc/nginx/ @@ -128,4 +129,4 @@ crontab -l | { cat; echo "0 * * * * find /tmp -name "yarn--*" -cmin +60 -exec rm crontab -l | { cat; echo "0 4 * * * find /tmp -name "yarn--*" -ctime +1 -exec rm -r {} \; > /dev/null"; } | crontab - # Start gradido # Note: on first startup some errors will occur - nothing serious -$SCRIPT_PATH/start.sh \ No newline at end of file +sudo -u gradido $SCRIPT_PATH/start.sh \ No newline at end of file From bf1a6b8565cd9db4e74bf4bca0d8789fbdb1dfd5 Mon Sep 17 00:00:00 2001 From: einhorn_b Date: Mon, 8 Jan 2024 17:47:42 +0100 Subject: [PATCH 14/34] use txt file for start cron jobs --- deployment/hetzner_cloud/crontabs.txt | 38 +++++++++++++++++++++++++++ deployment/hetzner_cloud/install.sh | 11 ++++---- 2 files changed, 43 insertions(+), 6 deletions(-) create mode 100644 deployment/hetzner_cloud/crontabs.txt diff --git a/deployment/hetzner_cloud/crontabs.txt b/deployment/hetzner_cloud/crontabs.txt new file mode 100644 index 000000000..c798b58c4 --- /dev/null +++ b/deployment/hetzner_cloud/crontabs.txt @@ -0,0 +1,38 @@ +# Edit this file to introduce tasks to be run by cron. +# +# Each task to run has to be defined through a single line +# indicating with different fields when the task will be run +# and what command to run for the task +# +# To define the time you can provide concrete values for +# minute (m), hour (h), day of month (dom), month (mon), +# and day of week (dow) or use '*' in these fields (for 'any'). +# +# Notice that tasks will be started based on the cron's system +# daemon's notion of time and timezones. +# +# Output of the crontab jobs (including errors) is sent through +# email to the user the crontab file belongs to (unless redirected). +# +# For example, you can run a backup of all your user accounts +# at 5 a.m every week with: +# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/ +# +# For more information see the manual pages of crontab(5) and cron(8) +# +# m h dom mon dow command + +# `yarn` creates output in `/tmp` directory. This output is generated whenever `yarn start` is called. +# This is especially problematic on staging systems where instable versions are automatically deployed which can lead to an ever restarting, +# hence generating a lot of yarn output. +# the following hourly cron clean the /tmp folder +0 * * * * find /tmp -name "yarn--*" -exec rm -r {} \; > /dev/null + +# cronjob for a daily db backup at 3:00am +0 3 * * * ~/gradido/deployment/bare_metal/backup.sh + +# cronjob for a daily logfile clearance at 3:15 +# remove all log files older than 30 days +15 3 * * * ~/gradido/deployment/bare_metal/removeLogFiles.sh + + diff --git a/deployment/hetzner_cloud/install.sh b/deployment/hetzner_cloud/install.sh index 69224223a..f39ce6c32 100755 --- a/deployment/hetzner_cloud/install.sh +++ b/deployment/hetzner_cloud/install.sh @@ -9,6 +9,8 @@ systemctl start systemd-timesyncd set -o allexport SCRIPT_PATH=$(realpath ../bare_metal) SCRIPT_DIR=$(dirname $SCRIPT_PATH) +LOCAL_SCRIPT_PATH=$(realpath $0) +LOCAL_SCRIPT_DIR=$(dirname $SCRIPT_PATH) PROJECT_ROOT=$SCRIPT_DIR/.. set +o allexport @@ -121,12 +123,9 @@ envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/dht-node/.env # Configure federation envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/federation/.env.template > $PROJECT_ROOT/federation/.env -# create cronjob to delete yarn output in /tmp -# crontab -e -# hourly job: 0 * * * * find /tmp -name "yarn--*" -cmin +60 -exec rm -r {} \; > /dev/null -crontab -l | { cat; echo "0 * * * * find /tmp -name "yarn--*" -cmin +60 -exec rm -r {} \; > /dev/null"; } | crontab - -# daily job: 0 4 * * * find /tmp -name "yarn--*" -ctime +1 -exec rm -r {} \; > /dev/null -crontab -l | { cat; echo "0 4 * * * find /tmp -name "yarn--*" -ctime +1 -exec rm -r {} \; > /dev/null"; } | crontab - +# create cronjob to delete yarn output in /tmp and for making backups regulary +sudo -u gradido crontab < $LOCAL_SCRIPT_PATH/crontabs.txt + # Start gradido # Note: on first startup some errors will occur - nothing serious sudo -u gradido $SCRIPT_PATH/start.sh \ No newline at end of file From ceb84a2e55c7f5dc01064fb199da1e2c6ed5c2c3 Mon Sep 17 00:00:00 2001 From: einhorn_b Date: Mon, 8 Jan 2024 20:42:32 +0100 Subject: [PATCH 15/34] update ssl and nginx setup, change node version install strategy --- deployment/bare_metal/.env.dist | 6 + .../sites-available/gradido.conf.ssl.template | 128 ++++++++++++++++++ .../update-page.conf.ssl.template | 37 +++++ deployment/bare_metal/start.sh | 28 ++-- deployment/hetzner_cloud/install.sh | 11 +- 5 files changed, 194 insertions(+), 16 deletions(-) create mode 100644 deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template create mode 100644 deployment/bare_metal/nginx/sites-available/update-page.conf.ssl.template diff --git a/deployment/bare_metal/.env.dist b/deployment/bare_metal/.env.dist index 59cbf042e..3ce9b4cb5 100644 --- a/deployment/bare_metal/.env.dist +++ b/deployment/bare_metal/.env.dist @@ -91,6 +91,12 @@ META_AUTHOR="Bernd Hückstädt - Gradido-Akademie" # update page shown while updating gradido # page will be fed with status changes NGINX_UPDATE_PAGE_ROOT=/home/gradido/gradido/deployment/bare_metal/nginx/update-page +# NGINX SSL Setup with certbot +# will be generated by start.sh with $COMMUNITY_HOST, only need to set manual if setup differ from default +#NGINX_SSL_CERTIFICATE=/etc/letsencrypt/live/gddhost.tld/fullchain.pem +#NGINX_SSL_CERTIFICATE_KEY=/etc/letsencrypt/live/gddhost.tld/privkey.pem +NGINX_SSL_DHPARAM=/etc/letsencrypt/ssl-dhparams.pem +NGINX_SSL_INCLUDE=/etc/letsencrypt/options-ssl-nginx.conf # LEGACY NGINX_REWRITE_LEGACY_URLS=false diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template new file mode 100644 index 000000000..a99327745 --- /dev/null +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template @@ -0,0 +1,128 @@ +server { + if ($host = $NGINX_SERVER_NAME) { + return 301 https://$host$request_uri; + } + + server_name $NGINX_SERVER_NAME; + listen 80; + listen [::]:80; + return 404; +} + +server { + server_name $NGINX_SERVER_NAME; + + listen [::]:443 ssl ipv6only=on; + listen 443 ssl; + ssl_certificate $NGINX_SSL_CERTIFICATE; + ssl_certificate_key $NGINX_SSL_CERTIFICATE_KEY; + include $NGINX_SSL_INCLUDE; + ssl_dhparam $NGINX_SSL_DHPARAM; + + include /etc/nginx/common/protect.conf; + include /etc/nginx/common/protect_add_header.conf; + + #gzip_static on; + gzip on; + gzip_proxied any; + gzip_types + text/css + text/javascript + text/xml + text/plain + application/javascript + application/x-javascript + application/json; + + # Legacy URLS + set $REWRITE_LEGACY_URLS "$NGINX_REWRITE_LEGACY_URLS"; + if ($REWRITE_LEGACY_URLS = 'true') { + rewrite ^/vue/?(.*)$ /$1 permanent; + } + + # Frontend (default) + location / { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + + proxy_pass http://127.0.0.1:3000; + proxy_redirect off; + + access_log $GRADIDO_LOG_PATH/nginx-access.frontend.log gradido_log; + error_log $GRADIDO_LOG_PATH/nginx-error.frontend.log warn; + } + + # Backend + location /graphql { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + + proxy_pass http://127.0.0.1:4000; + proxy_redirect off; + + access_log $GRADIDO_LOG_PATH/nginx-access.backend.log gradido_log; + error_log $GRADIDO_LOG_PATH/nginx-error.backend.log warn; + } + + # Backend webhooks + location /hook { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + + proxy_pass http://127.0.0.1:4000/hook; + proxy_redirect off; + + access_log $GRADIDO_LOG_PATH/nginx-access.backend.hook.log gradido_log; + error_log $GRADIDO_LOG_PATH/nginx-error.backend.hook.log warn; + } + + # Webhook reverse proxy + location /hooks/ { + proxy_pass http://127.0.0.1:9000/hooks/; + + access_log $GRADIDO_LOG_PATH/nginx-access.hooks.log gradido_log; + error_log $GRADIDO_LOG_PATH/nginx-error.hooks.log warn; + } + + # Admin Frontend + location /admin { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + + proxy_pass http://127.0.0.1:8080/; + proxy_redirect off; + + access_log $GRADIDO_LOG_PATH/nginx-access.admin.log gradido_log; + error_log $GRADIDO_LOG_PATH/nginx-error.admin.log warn; + } + + # Federation + $FEDERATION_NGINX_CONF + + # TODO this could be a performance optimization + #location /vue { + # alias /var/www/html/gradido/frontend/build; + # index index.html; + # + # location ~* \.(png)$ { + # expires 39d; + # } + # try_files $uri $uri/ /index.html = 404; + #} +} \ No newline at end of file diff --git a/deployment/bare_metal/nginx/sites-available/update-page.conf.ssl.template b/deployment/bare_metal/nginx/sites-available/update-page.conf.ssl.template new file mode 100644 index 000000000..ddcb9ffc1 --- /dev/null +++ b/deployment/bare_metal/nginx/sites-available/update-page.conf.ssl.template @@ -0,0 +1,37 @@ + +server { + if ($host = $NGINX_SERVER_NAME) { + return 301 https://$host$request_uri; + } + + server_name $NGINX_SERVER_NAME; + listen 80; + listen [::]:80; + return 404; +} +server { + server_name $NGINX_SERVER_NAME; + + listen [::]:443 ssl ipv6only=on; + listen 443 ssl; + ssl_certificate $NGINX_SSL_CERTIFICATE; + ssl_certificate_key $NGINX_SSL_CERTIFICATE_KEY; + include $NGINX_SSL_INCLUDE; + ssl_dhparam $NGINX_SSL_DHPARAM; + + include /etc/nginx/common/protect.conf; + include /etc/nginx/common/protect_add_header.conf; + + gzip on; + + root $NGINX_UPDATE_PAGE_ROOT; + index updating.html; + + location / { + try_files /updating.html =404; + } + + access_log $GRADIDO_LOG_PATH/nginx-access.update-page.log gradido_log; + error_log $GRADIDO_LOG_PATH/nginx-error.update-page.log warn; +} + diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index 554b947af..dd185861e 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -41,6 +41,10 @@ else set +o allexport fi +# set env variables dynamic if not already set in .env or .env.dist +: ${NGINX_SSL_CERTIFICATE:=/etc/letsencrypt/live/$COMMUNITY_HOST/fullchain.pem} +: ${NGINX_SSL_CERTIFICATE_KEY:=/etc/letsencrypt/live/$COMMUNITY_HOST/privkey.pem} + # lock start if [ -f $LOCK_FILE ] ; then echo "Already building!" @@ -60,13 +64,8 @@ exec > >(tee -a $UPDATE_HTML) 2>&1 # configure nginx for the update-page echo 'Configuring nginx to serve the update-page' >> $UPDATE_HTML - -ln -s $SCRIPT_PATH/nginx/sites-available/update-page.conf $SCRIPT_PATH/nginx/sites-enabled/default +ln -sf $SCRIPT_DIR/nginx/sites-available/update-page.conf $SCRIPT_DIR/nginx/sites-enabled/default sudo /etc/init.d/nginx restart -# enable https if env variable has value https -if [ "$URL_PROTOCOL" = "https" ]; then - certbot install --nginx --non-interactive --cert-name $COMMUNITY_HOST --logs-dir ./log/ --work-dir . --config-dir . -fi # stop all services echo 'Stop and delete all Gradido services' >> $UPDATE_HTML @@ -110,7 +109,11 @@ export FEDERATION_NGINX_CONF=$(< $NGINX_CONFIG_DIR/gradido-federation.conf.locat # *** 3rd generate gradido nginx config including federation modules per api-version echo 'Generate new gradido nginx config' >> $UPDATE_HTML -envsubst '$FEDERATION_NGINX_CONF' < $NGINX_CONFIG_DIR/gradido.conf.template > $NGINX_CONFIG_DIR/gradido.conf.tmp +case "$URL_PROTOCOL" in + 'https') TEMPLATE_FILE="gradido.conf.ssl.template" ;; + *) TEMPLATE_FILE="gradido.conf.template" ;; +esac +envsubst '$FEDERATION_NGINX_CONF' < $NGINX_CONFIG_DIR/$TEMPLATE_FILE > $NGINX_CONFIG_DIR/gradido.conf.tmp unset FEDERATION_NGINX_CONF envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $NGINX_CONFIG_DIR/gradido.conf.tmp > $NGINX_CONFIG_DIR/gradido.conf rm $NGINX_CONFIG_DIR/gradido.conf.tmp @@ -118,7 +121,11 @@ rm $NGINX_CONFIG_DIR/gradido-federation.conf.locations # Generate update-page.conf from template echo 'Generate new update-page nginx config' >> $UPDATE_HTML -envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $NGINX_CONFIG_DIR/update-page.conf.template > $NGINX_CONFIG_DIR/update-page.conf +case "$URL_PROTOCOL" in + 'https') TEMPLATE_FILE="update-page.conf.ssl.template" ;; + *) TEMPLATE_FILE="update-page.conf.template" ;; +esac +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $NGINX_CONFIG_DIR/$TEMPLATE_FILE > $NGINX_CONFIG_DIR/update-page.conf # Clean tmp folder - remove yarn files find /tmp -name "yarn--*" -exec rm -r {} \; @@ -261,11 +268,8 @@ done # let nginx showing gradido echo 'Configuring nginx to serve gradido again' >> $UPDATE_HTML -ln -s $SCRIPT_PATH/nginx/sites-available/gradido.conf $SCRIPT_PATH/nginx/sites-enabled/default +ln -sf $SCRIPT_DIR/nginx/sites-available/gradido.conf $SCRIPT_DIR/nginx/sites-enabled/default sudo /etc/init.d/nginx restart -if [ "$URL_PROTOCOL" = "https" ]; then - certbot install --nginx --non-interactive --cert-name $COMMUNITY_HOST --logs-dir ./log/ --work-dir . --config-dir . -fi # keep the update log cat $UPDATE_HTML >> $GRADIDO_LOG_PATH/update.$TODAY.log diff --git a/deployment/hetzner_cloud/install.sh b/deployment/hetzner_cloud/install.sh index f39ce6c32..05c73622c 100755 --- a/deployment/hetzner_cloud/install.sh +++ b/deployment/hetzner_cloud/install.sh @@ -73,11 +73,14 @@ rmdir /etc/nginx/conf.d ln -s $SCRIPT_PATH/nginx/conf.d /etc/nginx/ # setup https with certbot -certbot --nginx --non-interactive --agree-tos --domains $COMMUNITY_HOST --email $COMMUNITY_SUPPORT_MAIL +certbot certonly --nginx --non-interactive --agree-tos --domains $COMMUNITY_HOST --email $COMMUNITY_SUPPORT_MAIL -# Install node 16.x -curl -sL https://deb.nodesource.com/setup_16.x | sudo -E bash - -apt-get install -y nodejs +# Install node 16. with nvm, with nodesource is depracted +curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash +# Close and reopen your terminal to start using nvm or run the following to use it now: +export NVM_DIR="$HOME/.nvm" +[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm +nvm install 16 # first installed version will be set to default automatic # Install yarn curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - From 8b280285f6fa9b2b17d6e20faf0e0e6d75fe1f02 Mon Sep 17 00:00:00 2001 From: einhorn_b Date: Mon, 8 Jan 2024 20:49:36 +0100 Subject: [PATCH 16/34] comment --- deployment/bare_metal/.env.dist | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/bare_metal/.env.dist b/deployment/bare_metal/.env.dist index 3ce9b4cb5..326392124 100644 --- a/deployment/bare_metal/.env.dist +++ b/deployment/bare_metal/.env.dist @@ -92,7 +92,7 @@ META_AUTHOR="Bernd Hückstädt - Gradido-Akademie" # page will be fed with status changes NGINX_UPDATE_PAGE_ROOT=/home/gradido/gradido/deployment/bare_metal/nginx/update-page # NGINX SSL Setup with certbot -# will be generated by start.sh with $COMMUNITY_HOST, only need to set manual if setup differ from default +# will be generated by start.sh with $COMMUNITY_HOST, only need to setup manual if setup differ from default #NGINX_SSL_CERTIFICATE=/etc/letsencrypt/live/gddhost.tld/fullchain.pem #NGINX_SSL_CERTIFICATE_KEY=/etc/letsencrypt/live/gddhost.tld/privkey.pem NGINX_SSL_DHPARAM=/etc/letsencrypt/ssl-dhparams.pem From b9da99c20c11f53f376862e78e62667767198837 Mon Sep 17 00:00:00 2001 From: einhorn_b Date: Mon, 8 Jan 2024 21:57:13 +0100 Subject: [PATCH 17/34] fix errors from testrun --- deployment/hetzner_cloud/README.md | 1 - deployment/hetzner_cloud/install.sh | 21 ++++++++++----------- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/deployment/hetzner_cloud/README.md b/deployment/hetzner_cloud/README.md index 9f0bb94e6..5a5ae3186 100644 --- a/deployment/hetzner_cloud/README.md +++ b/deployment/hetzner_cloud/README.md @@ -106,5 +106,4 @@ will remove it and ln ../bare_metal/nginx/conf.d ```bash cd ~/gradido/deployment/hetzner_cloud -sudo chmod +x ./install.sh sudo ./install.sh \ No newline at end of file diff --git a/deployment/hetzner_cloud/install.sh b/deployment/hetzner_cloud/install.sh index 05c73622c..a18886eb6 100755 --- a/deployment/hetzner_cloud/install.sh +++ b/deployment/hetzner_cloud/install.sh @@ -65,7 +65,7 @@ echo "$SECURE_MYSQL" rm /etc/nginx/sites-enabled/default envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_PATH/nginx/sites-available/gradido.conf.template > $SCRIPT_PATH/nginx/sites-available/gradido.conf envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_PATH/nginx/sites-available/update-page.conf.template > $SCRIPT_PATH/nginx/sites-available/update-page.conf -mkdir $SCRIPT_PATH/nginx/sites-enabled +sudo -u gradido mkdir $SCRIPT_PATH/nginx/sites-enabled ln -s $SCRIPT_PATH/nginx/sites-available/update-page.conf $SCRIPT_PATH/nginx/sites-enabled/default ln -s $SCRIPT_PATH/nginx/sites-enabled/default /etc/nginx/sites-enabled ln -s $SCRIPT_PATH/nginx/common /etc/nginx/ @@ -76,11 +76,11 @@ ln -s $SCRIPT_PATH/nginx/conf.d /etc/nginx/ certbot certonly --nginx --non-interactive --agree-tos --domains $COMMUNITY_HOST --email $COMMUNITY_SUPPORT_MAIL # Install node 16. with nvm, with nodesource is depracted -curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash +sudo -u gradido curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash # Close and reopen your terminal to start using nvm or run the following to use it now: export NVM_DIR="$HOME/.nvm" [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm -nvm install 16 # first installed version will be set to default automatic +sudo -u gradido nvm install 16 # first installed version will be set to default automatic # Install yarn curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - @@ -95,7 +95,6 @@ pm2 startup # Install logrotate envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_PATH/logrotate/gradido.conf.template > $SCRIPT_PATH/logrotate/gradido.conf cp $SCRIPT_PATH/logrotate/gradido.conf /etc/logrotate.d/gradido.conf -chown root:root /etc/logrotate.d/gradido.conf # create db user export DB_USER=gradido @@ -107,27 +106,27 @@ mysql < $PROJECT_ROOT/database/.env +sudo -u gradido envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/database/.env.template > $PROJECT_ROOT/database/.env # Configure backend export JWT_SECRET=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo); -envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/backend/.env.template > $PROJECT_ROOT/backend/.env +sudo -u gradido envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/backend/.env.template > $PROJECT_ROOT/backend/.env # Configure frontend -envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/frontend/.env.template > $PROJECT_ROOT/frontend/.env +sudo -u gradido envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/frontend/.env.template > $PROJECT_ROOT/frontend/.env # Configure admin -envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/admin/.env.template > $PROJECT_ROOT/admin/.env +sudo -u gradido envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/admin/.env.template > $PROJECT_ROOT/admin/.env # Configure dht-node export FEDERATION_DHT_SEED=$(< /dev/urandom tr -dc a-f0-9 | head -c 32;echo); -envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/dht-node/.env.template > $PROJECT_ROOT/dht-node/.env +sudo -u gradido envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/dht-node/.env.template > $PROJECT_ROOT/dht-node/.env # Configure federation -envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/federation/.env.template > $PROJECT_ROOT/federation/.env +sudo -u gradido envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/federation/.env.template > $PROJECT_ROOT/federation/.env # create cronjob to delete yarn output in /tmp and for making backups regulary -sudo -u gradido crontab < $LOCAL_SCRIPT_PATH/crontabs.txt +sudo -u gradido crontab < $LOCAL_SCRIPT_DIR/crontabs.txt # Start gradido # Note: on first startup some errors will occur - nothing serious From 6cf9ae3ae82c7f588777ab055f46462f6ae619c3 Mon Sep 17 00:00:00 2001 From: einhorn_b Date: Tue, 9 Jan 2024 13:26:30 +0100 Subject: [PATCH 18/34] fix --- deployment/hetzner_cloud/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/hetzner_cloud/install.sh b/deployment/hetzner_cloud/install.sh index a18886eb6..b1a3d482f 100755 --- a/deployment/hetzner_cloud/install.sh +++ b/deployment/hetzner_cloud/install.sh @@ -76,7 +76,7 @@ ln -s $SCRIPT_PATH/nginx/conf.d /etc/nginx/ certbot certonly --nginx --non-interactive --agree-tos --domains $COMMUNITY_HOST --email $COMMUNITY_SUPPORT_MAIL # Install node 16. with nvm, with nodesource is depracted -sudo -u gradido curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash +sudo -u gradido bash -c 'curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash' # Close and reopen your terminal to start using nvm or run the following to use it now: export NVM_DIR="$HOME/.nvm" [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm From df04b9e88e2bc1909f932ed94d3525cc66d0b427 Mon Sep 17 00:00:00 2001 From: einhorn_b Date: Tue, 9 Jan 2024 14:15:36 +0100 Subject: [PATCH 19/34] update usage of yarn to make it compatible with nvm --- deployment/bare_metal/start.sh | 3 +++ deployment/hetzner_cloud/install.sh | 32 +++++++++++++++++++++-------- 2 files changed, 26 insertions(+), 9 deletions(-) diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index dd185861e..b68d5aea8 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -10,6 +10,9 @@ PROJECT_ROOT=$SCRIPT_DIR/../.. NGINX_CONFIG_DIR=$SCRIPT_DIR/nginx/sites-available set +o allexport +# enable nvm +export NVM_DIR="$HOME/.nvm" && [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" + # NOTE: all config values will be in process.env when starting # the services and will therefore take precedence over the .env diff --git a/deployment/hetzner_cloud/install.sh b/deployment/hetzner_cloud/install.sh index b1a3d482f..ae1c106ca 100755 --- a/deployment/hetzner_cloud/install.sh +++ b/deployment/hetzner_cloud/install.sh @@ -14,6 +14,25 @@ LOCAL_SCRIPT_DIR=$(dirname $SCRIPT_PATH) PROJECT_ROOT=$SCRIPT_DIR/.. set +o allexport +# If install.sh will be called more than once +# We have to load the backend .env to get DB_USERNAME, DB_PASSWORD AND JWT_SECRET +# and the dht-node .env to get FEDERATION_DHT_SEED +export_var(){ + export $1=$(grep -v '^#' $PROJECT_ROOT/backend/.env | grep -e "$1" | sed -e 's/.*=//') + export $1=$(grep -v '^#' $PROJECT_ROOT/dht-node/.env | grep -e "$1" | sed -e 's/.*=//') +} + +if [ -f "$PROJECT_ROOT/backend/.env" ]; then + export_var 'DB_USER' + export_var 'DB_PASSWORD' + export_var 'JWT_SECRET' +fi + +if [ -f "$PROJECT_ROOT/dht-node/.env" ]; then + export_var 'FEDERATION_DHT_SEED' +fi + + # Load .env or .env.dist if not present # NOTE: all config values will be in process.env when starting # the services and will therefore take precedence over the .env @@ -78,19 +97,14 @@ certbot certonly --nginx --non-interactive --agree-tos --domains $COMMUNITY_HOST # Install node 16. with nvm, with nodesource is depracted sudo -u gradido bash -c 'curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash' # Close and reopen your terminal to start using nvm or run the following to use it now: -export NVM_DIR="$HOME/.nvm" -[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm -sudo -u gradido nvm install 16 # first installed version will be set to default automatic +sudo -u gradido bash -c 'export NVM_DIR="$HOME/.nvm" && [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"' +sudo -u gradido bash -c '. $HOME/.nvm/nvm.sh && nvm install 16' # first installed version will be set to default automatic # Install yarn -curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - -echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list -apt-get update -apt-get install -y yarn +sudo -u gradido bash -c '. $HOME/.nvm/nvm.sh && npm i -g yarn' # Install pm2 -yarn global add pm2 -pm2 startup +sudo -u gradido bash -c '. $HOME/.nvm/nvm.sh && npm i -g pm2 && pm2 startup' # Install logrotate envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_PATH/logrotate/gradido.conf.template > $SCRIPT_PATH/logrotate/gradido.conf From fdfa423ab4eb9b7e134d3fd0b993813f0f4c8231 Mon Sep 17 00:00:00 2001 From: einhorn_b Date: Tue, 9 Jan 2024 16:20:51 +0100 Subject: [PATCH 20/34] add logging views --- .../src/graphql/resolver/CommunityResolver.ts | 2 +- .../graphql/resolver/TransactionsResolver.ts | 11 +++- .../backendToDb/community/Community.role.ts | 9 ++- .../community/HomeCommunity.role.ts | 4 +- .../src/logging/AbstractLogging.view.ts | 49 +++++++++++++++ .../src/logging/AccountLogging.view.ts | 30 ++++++++++ .../logging/BackendTransactionLogging.view.ts | 30 ++++++++++ .../src/logging/CommunityLogging.view.ts | 24 ++++++++ .../src/logging/CommunityRootLogging.view.ts | 18 ++++++ .../logging/ConfirmBackendTransaction.view.ts | 20 +++++++ .../ConfirmedTransactionLogging.view.ts | 24 ++++++++ .../src/logging/DecayLogging.view.ts | 20 +++++++ .../logging/GradidoCreationLogging.view.ts | 18 ++++++ .../GradidoDeferredTransferLogging.view.ts | 18 ++++++ .../logging/GradidoTransactionLogging.view.ts | 29 +++++++++ .../logging/GradidoTransferLogging.view.ts | 18 ++++++ .../logging/GroupFriendsUpdateLogging.view.ts | 16 +++++ .../logging/RegisterAddressLogging.view.ts | 22 +++++++ .../src/logging/SignatureMapLogging.view.ts | 16 +++++ .../src/logging/SignaturePairLogging.view.ts | 17 ++++++ .../logging/TransactionBodyLogging.view.ts | 45 ++++++++++++++ .../logging/TransactionDraftLogging.view.ts | 24 ++++++++ .../src/logging/TransactionLogging.view.ts | 59 +++++++++++++++++++ .../src/logging/TransferAmountLogging.view.ts | 18 ++++++ .../src/logging/UserIdentifierLogging.view.ts | 17 ++++++ dlt-connector/src/logging/UserLogging.view.ts | 19 ++++++ .../src/{server => logging}/logger.ts | 0 dlt-connector/src/server/LogError.ts | 2 +- dlt-connector/src/server/createServer.ts | 3 +- dlt-connector/src/typeorm/DataSource.ts | 2 +- dlt-connector/src/utils/typeConverter.ts | 2 +- dlt-connector/test/testSetup.ts | 2 +- 32 files changed, 575 insertions(+), 13 deletions(-) create mode 100644 dlt-connector/src/logging/AbstractLogging.view.ts create mode 100644 dlt-connector/src/logging/AccountLogging.view.ts create mode 100644 dlt-connector/src/logging/BackendTransactionLogging.view.ts create mode 100644 dlt-connector/src/logging/CommunityLogging.view.ts create mode 100644 dlt-connector/src/logging/CommunityRootLogging.view.ts create mode 100644 dlt-connector/src/logging/ConfirmBackendTransaction.view.ts create mode 100644 dlt-connector/src/logging/ConfirmedTransactionLogging.view.ts create mode 100644 dlt-connector/src/logging/DecayLogging.view.ts create mode 100644 dlt-connector/src/logging/GradidoCreationLogging.view.ts create mode 100644 dlt-connector/src/logging/GradidoDeferredTransferLogging.view.ts create mode 100644 dlt-connector/src/logging/GradidoTransactionLogging.view.ts create mode 100644 dlt-connector/src/logging/GradidoTransferLogging.view.ts create mode 100644 dlt-connector/src/logging/GroupFriendsUpdateLogging.view.ts create mode 100644 dlt-connector/src/logging/RegisterAddressLogging.view.ts create mode 100644 dlt-connector/src/logging/SignatureMapLogging.view.ts create mode 100644 dlt-connector/src/logging/SignaturePairLogging.view.ts create mode 100644 dlt-connector/src/logging/TransactionBodyLogging.view.ts create mode 100644 dlt-connector/src/logging/TransactionDraftLogging.view.ts create mode 100644 dlt-connector/src/logging/TransactionLogging.view.ts create mode 100644 dlt-connector/src/logging/TransferAmountLogging.view.ts create mode 100644 dlt-connector/src/logging/UserIdentifierLogging.view.ts create mode 100644 dlt-connector/src/logging/UserLogging.view.ts rename dlt-connector/src/{server => logging}/logger.ts (100%) diff --git a/dlt-connector/src/graphql/resolver/CommunityResolver.ts b/dlt-connector/src/graphql/resolver/CommunityResolver.ts index d4bbeb28e..741de2e6d 100644 --- a/dlt-connector/src/graphql/resolver/CommunityResolver.ts +++ b/dlt-connector/src/graphql/resolver/CommunityResolver.ts @@ -9,8 +9,8 @@ import { TransactionResult } from '@model/TransactionResult' import { CommunityRepository } from '@/data/Community.repository' import { AddCommunityContext } from '@/interactions/backendToDb/community/AddCommunity.context' +import { logger } from '@/logging/logger' import { LogError } from '@/server/LogError' -import { logger } from '@/server/logger' import { iotaTopicFromCommunityUUID } from '@/utils/typeConverter' @Resolver() diff --git a/dlt-connector/src/graphql/resolver/TransactionsResolver.ts b/dlt-connector/src/graphql/resolver/TransactionsResolver.ts index 10b55573e..cc20a1034 100755 --- a/dlt-connector/src/graphql/resolver/TransactionsResolver.ts +++ b/dlt-connector/src/graphql/resolver/TransactionsResolver.ts @@ -1,9 +1,11 @@ -import { Resolver, Arg, Mutation } from 'type-graphql' - import { TransactionDraft } from '@input/TransactionDraft' +import { Resolver, Arg, Mutation } from 'type-graphql' import { TransactionRepository } from '@/data/Transaction.repository' import { CreateTransactionRecipeContext } from '@/interactions/backendToDb/transaction/CreateTransationRecipe.context' +import { BackendTransactionLoggingView } from '@/logging/BackendTransactionLogging.view' +import { logger } from '@/logging/logger' +import { TransactionLoggingView } from '@/logging/TransactionLogging.view' import { LogError } from '@/server/LogError' import { TransactionError } from '../model/TransactionError' @@ -35,8 +37,13 @@ export class TransactionResolver { } const backendTransaction = transactionRecipe.backendTransactions[0] backendTransaction.transactionId = transactionRecipe.id + logger.debug( + 'store backendTransaction', + new BackendTransactionLoggingView(backendTransaction), + ) await backendTransaction.save() } else { + logger.debug('store transaction recipe', new TransactionLoggingView(transactionRecipe)) // we can store the transaction and with that automatic the backend transaction await transactionRecipe.save() } diff --git a/dlt-connector/src/interactions/backendToDb/community/Community.role.ts b/dlt-connector/src/interactions/backendToDb/community/Community.role.ts index 30d91bfed..2b1514ef2 100644 --- a/dlt-connector/src/interactions/backendToDb/community/Community.role.ts +++ b/dlt-connector/src/interactions/backendToDb/community/Community.role.ts @@ -3,7 +3,8 @@ import { Community } from '@entity/Community' import { TransactionErrorType } from '@/graphql/enum/TransactionErrorType' import { CommunityDraft } from '@/graphql/input/CommunityDraft' import { TransactionError } from '@/graphql/model/TransactionError' -import { logger } from '@/server/logger' +import { CommunityLoggingView } from '@/logging/CommunityLogging.view' +import { logger } from '@/logging/logger' export abstract class CommunityRole { protected self: Community @@ -17,9 +18,11 @@ export abstract class CommunityRole { this.self.foreign = communityDraft.foreign } - public store(): Promise { + public async store(): Promise { try { - return this.self.save() + const community = await this.self.save() + logger.debug('store community', new CommunityLoggingView(community)) + return community } catch (error) { logger.error('error saving new community into db: %s', error) throw new TransactionError(TransactionErrorType.DB_ERROR, 'error saving community into db') diff --git a/dlt-connector/src/interactions/backendToDb/community/HomeCommunity.role.ts b/dlt-connector/src/interactions/backendToDb/community/HomeCommunity.role.ts index 256cfe1a5..7a4798368 100644 --- a/dlt-connector/src/interactions/backendToDb/community/HomeCommunity.role.ts +++ b/dlt-connector/src/interactions/backendToDb/community/HomeCommunity.role.ts @@ -8,7 +8,8 @@ import { Mnemonic } from '@/data/Mnemonic' import { TransactionErrorType } from '@/graphql/enum/TransactionErrorType' import { CommunityDraft } from '@/graphql/input/CommunityDraft' import { TransactionError } from '@/graphql/model/TransactionError' -import { logger } from '@/server/logger' +import { CommunityLoggingView } from '@/logging/CommunityLogging.view' +import { logger } from '@/logging/logger' import { getDataSource } from '@/typeorm/DataSource' import { CreateTransactionRecipeContext } from '../transaction/CreateTransationRecipe.context' @@ -38,6 +39,7 @@ export class HomeCommunityRole extends CommunityRole { return await getDataSource().transaction(async (transactionalEntityManager) => { const community = await transactionalEntityManager.save(this.self) await transactionalEntityManager.save(this.transactionRecipe) + logger.debug('store home community', new CommunityLoggingView(community)) return community }) } catch (error) { diff --git a/dlt-connector/src/logging/AbstractLogging.view.ts b/dlt-connector/src/logging/AbstractLogging.view.ts new file mode 100644 index 000000000..3d9c2f811 --- /dev/null +++ b/dlt-connector/src/logging/AbstractLogging.view.ts @@ -0,0 +1,49 @@ +import util from 'util' + +import { Decimal } from 'decimal.js-light' + +import { Timestamp } from '@/data/proto/3_3/Timestamp' +import { TimestampSeconds } from '@/data/proto/3_3/TimestampSeconds' +import { timestampSecondsToDate, timestampToDate } from '@/utils/typeConverter' + +export abstract class AbstractLoggingView { + protected bufferStringFormat: BufferEncoding = 'hex' + + // This function gets called automatically when JSON.stringify() is called on this class instance + // eslint-disable-next-line @typescript-eslint/no-explicit-any + public abstract toJSON(): any + public toString(): string { + return JSON.stringify(this.toJSON(), null, 2) + } + + // called form console.log or log4js logging functions + [util.inspect.custom](): string { + return this.toString() + } + + public dateToString(date: Date | undefined | null): string | undefined { + if (date) { + return date.toISOString() + } + return undefined + } + + public decimalToString(number: Decimal | undefined | null): string | undefined { + if (number) { + return number.toString() + } + return undefined + } + + public timestampSecondsToDateString(timestamp: TimestampSeconds): string | undefined { + if (timestamp && timestamp.seconds) { + return timestampSecondsToDate(timestamp).toISOString() + } + } + + public timestampToDateString(timestamp: Timestamp): string | undefined { + if (timestamp && (timestamp.seconds || timestamp.nanoSeconds)) { + return timestampToDate(timestamp).toISOString() + } + } +} diff --git a/dlt-connector/src/logging/AccountLogging.view.ts b/dlt-connector/src/logging/AccountLogging.view.ts new file mode 100644 index 000000000..e4f00e272 --- /dev/null +++ b/dlt-connector/src/logging/AccountLogging.view.ts @@ -0,0 +1,30 @@ +import { Account } from '@entity/Account' + +import { AddressType } from '@/data/proto/3_3/enum/AddressType' +import { getEnumValue } from '@/utils/typeConverter' + +import { AbstractLoggingView } from './AbstractLogging.view' +import { UserLoggingView } from './UserLogging.view' + +export class AccountLoggingView extends AbstractLoggingView { + public constructor(private account: Account) { + super() + } + + // eslint-disable-next-line @typescript-eslint/no-explicit-any + public toJSON(): any { + return { + id: this.account.id, + user: this.account.user ? new UserLoggingView(this.account.user).toJSON() : null, + derivationIndex: this.account.derivationIndex, + derive2pubkey: this.account.derive2Pubkey.toString(this.bufferStringFormat), + type: getEnumValue(AddressType, this.account.type), + createdAt: this.dateToString(this.account.createdAt), + confirmedAt: this.dateToString(this.account.confirmedAt), + balanceOnConfirmation: this.decimalToString(this.account.balanceOnConfirmation), + balanceConfirmedAt: this.dateToString(this.account.balanceConfirmedAt), + balanceOnCreation: this.decimalToString(this.account.balanceOnCreation), + balanceCreatedAt: this.dateToString(this.account.balanceCreatedAt), + } + } +} diff --git a/dlt-connector/src/logging/BackendTransactionLogging.view.ts b/dlt-connector/src/logging/BackendTransactionLogging.view.ts new file mode 100644 index 000000000..d21c765aa --- /dev/null +++ b/dlt-connector/src/logging/BackendTransactionLogging.view.ts @@ -0,0 +1,30 @@ +import { BackendTransaction } from '@entity/BackendTransaction' + +import { InputTransactionType } from '@/graphql/enum/InputTransactionType' +import { getEnumValue } from '@/utils/typeConverter' + +import { AbstractLoggingView } from './AbstractLogging.view' +import { TransactionLoggingView } from './TransactionLogging.view' + +export class BackendTransactionLoggingView extends AbstractLoggingView { + public constructor(private self: BackendTransaction) { + super() + } + + // eslint-disable-next-line @typescript-eslint/no-explicit-any + public toJSON(showTransaction = true): any { + return { + id: this.self.id, + backendTransactionId: this.self.backendTransactionId, + transaction: + showTransaction && this.self.transaction + ? new TransactionLoggingView(this.self.transaction).toJSON(false) + : undefined, + type: getEnumValue(InputTransactionType, this.self.typeId), + balance: this.decimalToString(this.self.balance), + createdAt: this.dateToString(this.self.createdAt), + confirmedAt: this.dateToString(this.self.confirmedAt), + verifiedOnBackend: this.self.verifiedOnBackend, + } + } +} diff --git a/dlt-connector/src/logging/CommunityLogging.view.ts b/dlt-connector/src/logging/CommunityLogging.view.ts new file mode 100644 index 000000000..22f0a4597 --- /dev/null +++ b/dlt-connector/src/logging/CommunityLogging.view.ts @@ -0,0 +1,24 @@ +import { Community } from '@entity/Community' + +import { AbstractLoggingView } from './AbstractLogging.view' +import { AccountLoggingView } from './AccountLogging.view' + +export class CommunityLoggingView extends AbstractLoggingView { + public constructor(private self: Community) { + super() + } + + // eslint-disable-next-line @typescript-eslint/no-explicit-any + public toJSON(): any { + return { + id: this.self.id, + iotaTopic: this.self.iotaTopic, + foreign: this.self.foreign, + publicKey: this.self.rootPubkey?.toString(this.bufferStringFormat), + createdAt: this.dateToString(this.self.createdAt), + confirmedAt: this.dateToString(this.self.confirmedAt), + aufAccount: this.self.aufAccount ? new AccountLoggingView(this.self.aufAccount) : undefined, + gmwAccount: this.self.gmwAccount ? new AccountLoggingView(this.self.gmwAccount) : undefined, + } + } +} diff --git a/dlt-connector/src/logging/CommunityRootLogging.view.ts b/dlt-connector/src/logging/CommunityRootLogging.view.ts new file mode 100644 index 000000000..ba2869755 --- /dev/null +++ b/dlt-connector/src/logging/CommunityRootLogging.view.ts @@ -0,0 +1,18 @@ +import { CommunityRoot } from '@/data/proto/3_3/CommunityRoot' + +import { AbstractLoggingView } from './AbstractLogging.view' + +export class CommunityRootLoggingView extends AbstractLoggingView { + public constructor(private self: CommunityRoot) { + super() + } + + // eslint-disable-next-line @typescript-eslint/no-explicit-any + public toJSON(): any { + return { + rootPubkey: Buffer.from(this.self.rootPubkey).toString(this.bufferStringFormat), + gmwPubkey: Buffer.from(this.self.gmwPubkey).toString(this.bufferStringFormat), + aufPubkey: Buffer.from(this.self.aufPubkey).toString(this.bufferStringFormat), + } + } +} diff --git a/dlt-connector/src/logging/ConfirmBackendTransaction.view.ts b/dlt-connector/src/logging/ConfirmBackendTransaction.view.ts new file mode 100644 index 000000000..667d290dd --- /dev/null +++ b/dlt-connector/src/logging/ConfirmBackendTransaction.view.ts @@ -0,0 +1,20 @@ +import { ConfirmBackendTransaction } from '@/graphql/model/ConfirmBackendTransaction' + +import { AbstractLoggingView } from './AbstractLogging.view' + +export class ConfirmBackendTransactionView extends AbstractLoggingView { + public constructor(private self: ConfirmBackendTransaction) { + super() + } + + // eslint-disable-next-line @typescript-eslint/no-explicit-any + public toJSON(): any { + return { + transactionId: this.self.transactionId, + iotaMessageId: this.self.iotaMessageId, + gradidoId: this.self.gradidoId, + balance: this.decimalToString(this.self.balance), + balanceDate: this.self.balanceDate, + } + } +} diff --git a/dlt-connector/src/logging/ConfirmedTransactionLogging.view.ts b/dlt-connector/src/logging/ConfirmedTransactionLogging.view.ts new file mode 100644 index 000000000..8e894a35a --- /dev/null +++ b/dlt-connector/src/logging/ConfirmedTransactionLogging.view.ts @@ -0,0 +1,24 @@ +import { ConfirmedTransaction } from '@/data/proto/3_3/ConfirmedTransaction' +import { timestampSecondsToDate } from '@/utils/typeConverter' + +import { AbstractLoggingView } from './AbstractLogging.view' +import { GradidoTransactionLoggingView } from './GradidoTransactionLogging.view' + +export class ConfirmedTransactionLoggingView extends AbstractLoggingView { + public constructor(private self: ConfirmedTransaction) { + super() + } + + // eslint-disable-next-line @typescript-eslint/no-explicit-any + public toJSON(): any { + return { + id: this.self.id.toString(), + transaction: new GradidoTransactionLoggingView(this.self.transaction).toJSON(), + confirmedAt: this.dateToString(timestampSecondsToDate(this.self.confirmedAt)), + versionNumber: this.self.versionNumber, + runningHash: Buffer.from(this.self.runningHash).toString(this.bufferStringFormat), + messageId: Buffer.from(this.self.messageId).toString(this.bufferStringFormat), + accountBalance: this.self.accountBalance, + } + } +} diff --git a/dlt-connector/src/logging/DecayLogging.view.ts b/dlt-connector/src/logging/DecayLogging.view.ts new file mode 100644 index 000000000..cf7817f58 --- /dev/null +++ b/dlt-connector/src/logging/DecayLogging.view.ts @@ -0,0 +1,20 @@ +import { Decay } from '@/graphql/model/Decay' + +import { AbstractLoggingView } from './AbstractLogging.view' + +export class DecayLoggingView extends AbstractLoggingView { + public constructor(private self: Decay) { + super() + } + + public toJSON() { + return { + balance: this.decimalToString(this.self.balance), + decay: this.decimalToString(this.self.decay), + roundedDecay: this.decimalToString(this.self.roundedDecay), + start: this.dateToString(this.self.start), + end: this.dateToString(this.self.end), + duration: this.self.duration + 's', + } + } +} diff --git a/dlt-connector/src/logging/GradidoCreationLogging.view.ts b/dlt-connector/src/logging/GradidoCreationLogging.view.ts new file mode 100644 index 000000000..43e14b887 --- /dev/null +++ b/dlt-connector/src/logging/GradidoCreationLogging.view.ts @@ -0,0 +1,18 @@ +import { GradidoCreation } from '@/data/proto/3_3/GradidoCreation' + +import { AbstractLoggingView } from './AbstractLogging.view' +import { TransferAmountLoggingView } from './TransferAmountLogging.view' + +export class GradidoCreationLoggingView extends AbstractLoggingView { + public constructor(private self: GradidoCreation) { + super() + } + + // eslint-disable-next-line @typescript-eslint/no-explicit-any + public toJSON(): any { + return { + recipient: new TransferAmountLoggingView(this.self.recipient).toJSON(), + targetDate: this.timestampSecondsToDateString(this.self.targetDate), + } + } +} diff --git a/dlt-connector/src/logging/GradidoDeferredTransferLogging.view.ts b/dlt-connector/src/logging/GradidoDeferredTransferLogging.view.ts new file mode 100644 index 000000000..89a1f1a29 --- /dev/null +++ b/dlt-connector/src/logging/GradidoDeferredTransferLogging.view.ts @@ -0,0 +1,18 @@ +import { GradidoDeferredTransfer } from '@/data/proto/3_3/GradidoDeferredTransfer' + +import { AbstractLoggingView } from './AbstractLogging.view' +import { GradidoTransferLoggingView } from './GradidoTransferLogging.view' + +export class GradidoDeferredTransferLoggingView extends AbstractLoggingView { + public constructor(private self: GradidoDeferredTransfer) { + super() + } + + // eslint-disable-next-line @typescript-eslint/no-explicit-any + public toJSON(): any { + return { + ...new GradidoTransferLoggingView(this.self.transfer).toJSON(), + ...{ timeout: this.timestampSecondsToDateString(this.self.timeout) }, + } + } +} diff --git a/dlt-connector/src/logging/GradidoTransactionLogging.view.ts b/dlt-connector/src/logging/GradidoTransactionLogging.view.ts new file mode 100644 index 000000000..f23c0b05e --- /dev/null +++ b/dlt-connector/src/logging/GradidoTransactionLogging.view.ts @@ -0,0 +1,29 @@ +import { GradidoTransaction } from '@/data/proto/3_3/GradidoTransaction' +import { TransactionBody } from '@/data/proto/3_3/TransactionBody' + +import { AbstractLoggingView } from './AbstractLogging.view' +import { SignatureMapLoggingView } from './SignatureMapLogging.view' +import { TransactionBodyLoggingView } from './TransactionBodyLogging.view' + +export class GradidoTransactionLoggingView extends AbstractLoggingView { + public constructor(private self: GradidoTransaction) { + super() + } + + // eslint-disable-next-line @typescript-eslint/no-explicit-any + public toJSON(): any { + let transactionBody: TransactionBody | null | unknown = null + try { + transactionBody = new TransactionBodyLoggingView(this.self.getTransactionBody()) + } catch (e) { + transactionBody = e + } + return { + sigMap: new SignatureMapLoggingView(this.self.sigMap).toJSON(), + bodyBytes: transactionBody, + parentMessageId: this.self.parentMessageId + ? Buffer.from(this.self.parentMessageId).toString(this.bufferStringFormat) + : undefined, + } + } +} diff --git a/dlt-connector/src/logging/GradidoTransferLogging.view.ts b/dlt-connector/src/logging/GradidoTransferLogging.view.ts new file mode 100644 index 000000000..84b5fe604 --- /dev/null +++ b/dlt-connector/src/logging/GradidoTransferLogging.view.ts @@ -0,0 +1,18 @@ +import { GradidoTransfer } from '@/data/proto/3_3/GradidoTransfer' + +import { AbstractLoggingView } from './AbstractLogging.view' +import { TransferAmountLoggingView } from './TransferAmountLogging.view' + +export class GradidoTransferLoggingView extends AbstractLoggingView { + public constructor(private self: GradidoTransfer) { + super() + } + + // eslint-disable-next-line @typescript-eslint/no-explicit-any + public toJSON(): any { + return { + sender: new TransferAmountLoggingView(this.self.sender), + recipient: Buffer.from(this.self.recipient).toString(this.bufferStringFormat), + } + } +} diff --git a/dlt-connector/src/logging/GroupFriendsUpdateLogging.view.ts b/dlt-connector/src/logging/GroupFriendsUpdateLogging.view.ts new file mode 100644 index 000000000..8d1159d82 --- /dev/null +++ b/dlt-connector/src/logging/GroupFriendsUpdateLogging.view.ts @@ -0,0 +1,16 @@ +import { GroupFriendsUpdate } from '@/data/proto/3_3/GroupFriendsUpdate' + +import { AbstractLoggingView } from './AbstractLogging.view' + +export class GroupFriendsUpdateLoggingView extends AbstractLoggingView { + public constructor(private self: GroupFriendsUpdate) { + super() + } + + // eslint-disable-next-line @typescript-eslint/no-explicit-any + public toJSON(): any { + return { + colorFusion: this.self.colorFusion, + } + } +} diff --git a/dlt-connector/src/logging/RegisterAddressLogging.view.ts b/dlt-connector/src/logging/RegisterAddressLogging.view.ts new file mode 100644 index 000000000..bb857e2b8 --- /dev/null +++ b/dlt-connector/src/logging/RegisterAddressLogging.view.ts @@ -0,0 +1,22 @@ +import { AddressType } from '@/data/proto/3_3/enum/AddressType' +import { RegisterAddress } from '@/data/proto/3_3/RegisterAddress' +import { getEnumValue } from '@/utils/typeConverter' + +import { AbstractLoggingView } from './AbstractLogging.view' + +export class RegisterAddressLoggingView extends AbstractLoggingView { + public constructor(private self: RegisterAddress) { + super() + } + + // eslint-disable-next-line @typescript-eslint/no-explicit-any + public toJSON(): any { + return { + userPublicKey: Buffer.from(this.self.userPubkey).toString(this.bufferStringFormat), + addressType: getEnumValue(AddressType, this.self.addressType), + nameHash: Buffer.from(this.self.nameHash).toString(this.bufferStringFormat), + accountPublicKey: Buffer.from(this.self.accountPubkey).toString(this.bufferStringFormat), + derivationIndex: this.self.derivationIndex, + } + } +} diff --git a/dlt-connector/src/logging/SignatureMapLogging.view.ts b/dlt-connector/src/logging/SignatureMapLogging.view.ts new file mode 100644 index 000000000..89c331a64 --- /dev/null +++ b/dlt-connector/src/logging/SignatureMapLogging.view.ts @@ -0,0 +1,16 @@ +import { SignatureMap } from '@/data/proto/3_3/SignatureMap' + +import { AbstractLoggingView } from './AbstractLogging.view' +import { SignaturePairLoggingView } from './SignaturePairLogging.view' + +export class SignatureMapLoggingView extends AbstractLoggingView { + public constructor(private self: SignatureMap) { + super() + } + + public toJSON() { + return { + sigPair: this.self.sigPair.map((value) => new SignaturePairLoggingView(value).toJSON()), + } + } +} diff --git a/dlt-connector/src/logging/SignaturePairLogging.view.ts b/dlt-connector/src/logging/SignaturePairLogging.view.ts new file mode 100644 index 000000000..c3317a5ec --- /dev/null +++ b/dlt-connector/src/logging/SignaturePairLogging.view.ts @@ -0,0 +1,17 @@ +import { SignaturePair } from '@/data/proto/3_3/SignaturePair' + +import { AbstractLoggingView } from './AbstractLogging.view' + +export class SignaturePairLoggingView extends AbstractLoggingView { + public constructor(private self: SignaturePair) { + super() + } + + public toJSON() { + return { + pubkey: Buffer.from(this.self.pubKey).toString(this.bufferStringFormat), + signature: + Buffer.from(this.self.signature).subarray(0, 31).toString(this.bufferStringFormat) + '..', + } + } +} diff --git a/dlt-connector/src/logging/TransactionBodyLogging.view.ts b/dlt-connector/src/logging/TransactionBodyLogging.view.ts new file mode 100644 index 000000000..9e08bbfa6 --- /dev/null +++ b/dlt-connector/src/logging/TransactionBodyLogging.view.ts @@ -0,0 +1,45 @@ +import { getCrossGroupTypeEnumValue } from '@/data/proto/3_3/enum/CrossGroupType' +import { TransactionBody } from '@/data/proto/3_3/TransactionBody' + +import { AbstractLoggingView } from './AbstractLogging.view' +import { CommunityRootLoggingView } from './CommunityRootLogging.view' +import { GradidoCreationLoggingView } from './GradidoCreationLogging.view' +import { GradidoDeferredTransferLoggingView } from './GradidoDeferredTransferLogging.view' +import { GradidoTransferLoggingView } from './GradidoTransferLogging.view' +import { GroupFriendsUpdateLoggingView } from './GroupFriendsUpdateLogging.view' +import { RegisterAddressLoggingView } from './RegisterAddressLogging.view' + +export class TransactionBodyLoggingView extends AbstractLoggingView { + public constructor(private self: TransactionBody) { + super() + } + + // eslint-disable-next-line @typescript-eslint/no-explicit-any + public toJSON(): any { + return { + memo: this.self.memo, + createdAt: this.timestampToDateString(this.self.createdAt), + versionNumber: this.self.versionNumber, + type: getCrossGroupTypeEnumValue(this.self.type), + otherGroup: this.self.otherGroup, + transfer: this.self.transfer + ? new GradidoTransferLoggingView(this.self.transfer).toJSON() + : undefined, + creation: this.self.creation + ? new GradidoCreationLoggingView(this.self.creation).toJSON() + : undefined, + groupFriendsUpdate: this.self.groupFriendsUpdate + ? new GroupFriendsUpdateLoggingView(this.self.groupFriendsUpdate).toJSON() + : undefined, + registerAddress: this.self.registerAddress + ? new RegisterAddressLoggingView(this.self.registerAddress).toJSON() + : undefined, + deferredTransfer: this.self.deferredTransfer + ? new GradidoDeferredTransferLoggingView(this.self.deferredTransfer).toJSON() + : undefined, + communityRoot: this.self.communityRoot + ? new CommunityRootLoggingView(this.self.communityRoot).toJSON() + : undefined, + } + } +} diff --git a/dlt-connector/src/logging/TransactionDraftLogging.view.ts b/dlt-connector/src/logging/TransactionDraftLogging.view.ts new file mode 100644 index 000000000..f2115f591 --- /dev/null +++ b/dlt-connector/src/logging/TransactionDraftLogging.view.ts @@ -0,0 +1,24 @@ +import { InputTransactionType } from '@/graphql/enum/InputTransactionType' +import { TransactionDraft } from '@/graphql/input/TransactionDraft' +import { getEnumValue } from '@/utils/typeConverter' + +import { AbstractLoggingView } from './AbstractLogging.view' +import { UserIdentifierLoggingView } from './UserIdentifierLogging.view' + +export class TransactionDraftLoggingView extends AbstractLoggingView { + public constructor(private self: TransactionDraft) { + super() + } + + public toJSON() { + return { + senderUser: new UserIdentifierLoggingView(this.self.senderUser).toJSON(), + recipientUser: new UserIdentifierLoggingView(this.self.recipientUser).toJSON(), + backendTransactionId: this.self.backendTransactionId, + amount: this.decimalToString(this.self.amount), + type: getEnumValue(InputTransactionType, this.self.type), + createdAt: this.self.createdAt, + targetDate: this.self.targetDate, + } + } +} diff --git a/dlt-connector/src/logging/TransactionLogging.view.ts b/dlt-connector/src/logging/TransactionLogging.view.ts new file mode 100644 index 000000000..38443024d --- /dev/null +++ b/dlt-connector/src/logging/TransactionLogging.view.ts @@ -0,0 +1,59 @@ +import { Transaction } from '@entity/Transaction' + +import { TransactionType } from '@/data/proto/3_3/enum/TransactionType' +import { LogError } from '@/server/LogError' +import { getEnumValue } from '@/utils/typeConverter' + +import { AbstractLoggingView } from './AbstractLogging.view' +import { AccountLoggingView } from './AccountLogging.view' +import { BackendTransactionLoggingView } from './BackendTransactionLogging.view' +import { CommunityLoggingView } from './CommunityLogging.view' + +export class TransactionLoggingView extends AbstractLoggingView { + public constructor(private self: Transaction) { + super() + if (this.self.community === undefined) { + throw new LogError('sender community is zero') + } + } + + // eslint-disable-next-line @typescript-eslint/no-explicit-any + public toJSON(showBackendTransactions = true): any { + return { + id: this.self.id, + nr: this.self.nr, + bodyBytesLength: this.self.bodyBytes.length, + createdAt: this.dateToString(this.self.createdAt), + confirmedAt: this.dateToString(this.self.confirmedAt), + protocolVersion: this.self.protocolVersion, + type: getEnumValue(TransactionType, this.self.type), + signature: this.self.signature.subarray(0, 31).toString(this.bufferStringFormat) + '..', + community: new CommunityLoggingView(this.self.community).toJSON(), + otherCommunity: this.self.otherCommunity + ? new CommunityLoggingView(this.self.otherCommunity) + : undefined, + iotaMessageId: this.self.iotaMessageId + ? this.self.iotaMessageId.toString(this.bufferStringFormat) + : undefined, + signingAccount: this.self.signingAccount + ? new AccountLoggingView(this.self.signingAccount) + : undefined, + recipientAccount: this.self.recipientAccount + ? new AccountLoggingView(this.self.recipientAccount) + : undefined, + amount: this.decimalToString(this.self.amount), + accountBalanceOnCreation: this.decimalToString(this.self.accountBalanceOnCreation), + accountBalanceOnConfirmation: this.decimalToString(this.self.accountBalanceOnConfirmation), + runningHash: this.self.runningHash + ? this.self.runningHash.toString(this.bufferStringFormat) + : undefined, + iotaMilestone: this.self.iotaMilestone, + backendTransactions: + showBackendTransactions && this.self.backendTransactions + ? this.self.backendTransactions.map((backendTransaction) => + new BackendTransactionLoggingView(backendTransaction).toJSON(false), + ) + : undefined, + } + } +} diff --git a/dlt-connector/src/logging/TransferAmountLogging.view.ts b/dlt-connector/src/logging/TransferAmountLogging.view.ts new file mode 100644 index 000000000..8d320b99f --- /dev/null +++ b/dlt-connector/src/logging/TransferAmountLogging.view.ts @@ -0,0 +1,18 @@ +import { TransferAmount } from '@/data/proto/3_3/TransferAmount' + +import { AbstractLoggingView } from './AbstractLogging.view' + +export class TransferAmountLoggingView extends AbstractLoggingView { + public constructor(private self: TransferAmount) { + super() + } + + // eslint-disable-next-line @typescript-eslint/no-explicit-any + public toJSON(): any { + return { + publicKey: Buffer.from(this.self.pubkey).toString(this.bufferStringFormat), + amount: this.self.amount, + communityId: this.self.communityId, + } + } +} diff --git a/dlt-connector/src/logging/UserIdentifierLogging.view.ts b/dlt-connector/src/logging/UserIdentifierLogging.view.ts new file mode 100644 index 000000000..b49fb604c --- /dev/null +++ b/dlt-connector/src/logging/UserIdentifierLogging.view.ts @@ -0,0 +1,17 @@ +import { UserIdentifier } from '@/graphql/input/UserIdentifier' + +import { AbstractLoggingView } from './AbstractLogging.view' + +export class UserIdentifierLoggingView extends AbstractLoggingView { + public constructor(private self: UserIdentifier) { + super() + } + + public toJSON() { + return { + uuid: this.self.uuid, + communityUuid: this.self.communityUuid, + accountNr: this.self.accountNr, + } + } +} diff --git a/dlt-connector/src/logging/UserLogging.view.ts b/dlt-connector/src/logging/UserLogging.view.ts new file mode 100644 index 000000000..4db4f61fd --- /dev/null +++ b/dlt-connector/src/logging/UserLogging.view.ts @@ -0,0 +1,19 @@ +import { User } from '@entity/User' + +import { AbstractLoggingView } from './AbstractLogging.view' + +export class UserLoggingView extends AbstractLoggingView { + public constructor(private user: User) { + super() + } + + public toJSON() { + return { + id: this.user.id, + gradidoId: this.user.gradidoID, + derive1Pubkey: this.user.derive1Pubkey.toString(this.bufferStringFormat), + createdAt: this.dateToString(this.user.createdAt), + confirmedAt: this.dateToString(this.user.confirmedAt), + } + } +} diff --git a/dlt-connector/src/server/logger.ts b/dlt-connector/src/logging/logger.ts similarity index 100% rename from dlt-connector/src/server/logger.ts rename to dlt-connector/src/logging/logger.ts diff --git a/dlt-connector/src/server/LogError.ts b/dlt-connector/src/server/LogError.ts index 8e145a0ef..69aca1978 100644 --- a/dlt-connector/src/server/LogError.ts +++ b/dlt-connector/src/server/LogError.ts @@ -1,5 +1,5 @@ /* eslint-disable @typescript-eslint/no-unsafe-argument */ -import { logger } from './logger' +import { logger } from '@/logging/logger' export class LogError extends Error { // eslint-disable-next-line @typescript-eslint/no-explicit-any diff --git a/dlt-connector/src/server/createServer.ts b/dlt-connector/src/server/createServer.ts index e02cc3073..ed87d54ac 100755 --- a/dlt-connector/src/server/createServer.ts +++ b/dlt-connector/src/server/createServer.ts @@ -9,10 +9,9 @@ import express, { Express } from 'express' import { Logger } from 'log4js' import { schema } from '@/graphql/schema' +import { logger as dltLogger } from '@/logging/logger' import { Connection } from '@/typeorm/DataSource' -import { logger as dltLogger } from './logger' - type ServerDef = { apollo: ApolloServer; app: Express } interface MyContext { diff --git a/dlt-connector/src/typeorm/DataSource.ts b/dlt-connector/src/typeorm/DataSource.ts index ecdfc1b66..a86a061f3 100644 --- a/dlt-connector/src/typeorm/DataSource.ts +++ b/dlt-connector/src/typeorm/DataSource.ts @@ -5,8 +5,8 @@ import { entities } from '@entity/index' import { Migration } from '@entity/Migration' import { CONFIG } from '@/config' +import { logger } from '@/logging/logger' import { LogError } from '@/server/LogError' -import { logger } from '@/server/logger' // eslint-disable-next-line @typescript-eslint/no-extraneous-class export class Connection { diff --git a/dlt-connector/src/utils/typeConverter.ts b/dlt-connector/src/utils/typeConverter.ts index 1fc46ee4b..52dcd2a98 100644 --- a/dlt-connector/src/utils/typeConverter.ts +++ b/dlt-connector/src/utils/typeConverter.ts @@ -7,8 +7,8 @@ import { TransactionBody } from '@/data/proto/3_3/TransactionBody' import { AccountType } from '@/graphql/enum/AccountType' import { TransactionErrorType } from '@/graphql/enum/TransactionErrorType' import { TransactionError } from '@/graphql/model/TransactionError' +import { logger } from '@/logging/logger' import { LogError } from '@/server/LogError' -import { logger } from '@/server/logger' export const uuid4ToBuffer = (uuid: string): Buffer => { // Remove dashes from the UUIDv4 string diff --git a/dlt-connector/test/testSetup.ts b/dlt-connector/test/testSetup.ts index ff619e95d..1a76560ed 100644 --- a/dlt-connector/test/testSetup.ts +++ b/dlt-connector/test/testSetup.ts @@ -1,4 +1,4 @@ -import { logger } from '@/server/logger' +import { logger } from '@/logging/logger' jest.setTimeout(1000000) From 3ec740e0a5b1ab4893865bc29d7216b084a1afc0 Mon Sep 17 00:00:00 2001 From: einhorn_b Date: Tue, 9 Jan 2024 16:32:06 +0100 Subject: [PATCH 21/34] fix some bugs --- dlt-connector/jest.config.js | 2 +- .../src/data/proto/3_3/GradidoTransaction.ts | 15 ++++++++++++++ dlt-connector/src/graphql/schema.ts | 1 - .../logging/ConfirmBackendTransaction.view.ts | 20 ------------------- .../src/logging/DecayLogging.view.ts | 20 ------------------- .../logging/TransactionBodyLogging.view.ts | 5 +++-- .../logging/TransactionDraftLogging.view.ts | 4 ++-- dlt-connector/test/testSetup.ts | 4 ++-- 8 files changed, 23 insertions(+), 48 deletions(-) delete mode 100644 dlt-connector/src/logging/ConfirmBackendTransaction.view.ts delete mode 100644 dlt-connector/src/logging/DecayLogging.view.ts diff --git a/dlt-connector/jest.config.js b/dlt-connector/jest.config.js index 2de18cf50..69bc64bb2 100644 --- a/dlt-connector/jest.config.js +++ b/dlt-connector/jest.config.js @@ -6,7 +6,7 @@ module.exports = { collectCoverageFrom: ['src/**/*.ts', '!**/node_modules/**', '!src/seeds/**', '!build/**'], coverageThreshold: { global: { - lines: 71, + lines: 66, }, }, setupFiles: ['/test/testSetup.ts'], diff --git a/dlt-connector/src/data/proto/3_3/GradidoTransaction.ts b/dlt-connector/src/data/proto/3_3/GradidoTransaction.ts index 4aaa3e25c..f38bcbd1f 100644 --- a/dlt-connector/src/data/proto/3_3/GradidoTransaction.ts +++ b/dlt-connector/src/data/proto/3_3/GradidoTransaction.ts @@ -1,5 +1,8 @@ import { Field, Message } from 'protobufjs' +import { TransactionErrorType } from '@/graphql/enum/TransactionErrorType' +import { TransactionError } from '@/graphql/model/TransactionError' +import { logger } from '@/logging/logger' import { LogError } from '@/server/LogError' import { SignatureMap } from './SignatureMap' @@ -41,4 +44,16 @@ export class GradidoTransaction extends Message { } return sigPair[0] } + + getTransactionBody(): TransactionBody { + try { + return TransactionBody.decode(new Uint8Array(this.bodyBytes)) + } catch (error) { + logger.error('error decoding body from gradido transaction: %s', error) + throw new TransactionError( + TransactionErrorType.PROTO_DECODE_ERROR, + 'cannot decode body from gradido transaction', + ) + } + } } diff --git a/dlt-connector/src/graphql/schema.ts b/dlt-connector/src/graphql/schema.ts index 19a6d5566..bbd61c63f 100755 --- a/dlt-connector/src/graphql/schema.ts +++ b/dlt-connector/src/graphql/schema.ts @@ -10,7 +10,6 @@ export const schema = async (): Promise => { return buildSchema({ resolvers: [TransactionResolver, CommunityResolver], scalarsMap: [{ type: Decimal, scalar: DecimalScalar }], - emitSchemaFile: true, validate: { validationError: { target: false }, skipMissingProperties: true, diff --git a/dlt-connector/src/logging/ConfirmBackendTransaction.view.ts b/dlt-connector/src/logging/ConfirmBackendTransaction.view.ts deleted file mode 100644 index 667d290dd..000000000 --- a/dlt-connector/src/logging/ConfirmBackendTransaction.view.ts +++ /dev/null @@ -1,20 +0,0 @@ -import { ConfirmBackendTransaction } from '@/graphql/model/ConfirmBackendTransaction' - -import { AbstractLoggingView } from './AbstractLogging.view' - -export class ConfirmBackendTransactionView extends AbstractLoggingView { - public constructor(private self: ConfirmBackendTransaction) { - super() - } - - // eslint-disable-next-line @typescript-eslint/no-explicit-any - public toJSON(): any { - return { - transactionId: this.self.transactionId, - iotaMessageId: this.self.iotaMessageId, - gradidoId: this.self.gradidoId, - balance: this.decimalToString(this.self.balance), - balanceDate: this.self.balanceDate, - } - } -} diff --git a/dlt-connector/src/logging/DecayLogging.view.ts b/dlt-connector/src/logging/DecayLogging.view.ts deleted file mode 100644 index cf7817f58..000000000 --- a/dlt-connector/src/logging/DecayLogging.view.ts +++ /dev/null @@ -1,20 +0,0 @@ -import { Decay } from '@/graphql/model/Decay' - -import { AbstractLoggingView } from './AbstractLogging.view' - -export class DecayLoggingView extends AbstractLoggingView { - public constructor(private self: Decay) { - super() - } - - public toJSON() { - return { - balance: this.decimalToString(this.self.balance), - decay: this.decimalToString(this.self.decay), - roundedDecay: this.decimalToString(this.self.roundedDecay), - start: this.dateToString(this.self.start), - end: this.dateToString(this.self.end), - duration: this.self.duration + 's', - } - } -} diff --git a/dlt-connector/src/logging/TransactionBodyLogging.view.ts b/dlt-connector/src/logging/TransactionBodyLogging.view.ts index 9e08bbfa6..0c287b0a5 100644 --- a/dlt-connector/src/logging/TransactionBodyLogging.view.ts +++ b/dlt-connector/src/logging/TransactionBodyLogging.view.ts @@ -1,5 +1,6 @@ -import { getCrossGroupTypeEnumValue } from '@/data/proto/3_3/enum/CrossGroupType' +import { CrossGroupType } from '@/data/proto/3_3/enum/CrossGroupType' import { TransactionBody } from '@/data/proto/3_3/TransactionBody' +import { getEnumValue } from '@/utils/typeConverter' import { AbstractLoggingView } from './AbstractLogging.view' import { CommunityRootLoggingView } from './CommunityRootLogging.view' @@ -20,7 +21,7 @@ export class TransactionBodyLoggingView extends AbstractLoggingView { memo: this.self.memo, createdAt: this.timestampToDateString(this.self.createdAt), versionNumber: this.self.versionNumber, - type: getCrossGroupTypeEnumValue(this.self.type), + type: getEnumValue(CrossGroupType, this.self.type), otherGroup: this.self.otherGroup, transfer: this.self.transfer ? new GradidoTransferLoggingView(this.self.transfer).toJSON() diff --git a/dlt-connector/src/logging/TransactionDraftLogging.view.ts b/dlt-connector/src/logging/TransactionDraftLogging.view.ts index f2115f591..b3fbbb8ae 100644 --- a/dlt-connector/src/logging/TransactionDraftLogging.view.ts +++ b/dlt-connector/src/logging/TransactionDraftLogging.view.ts @@ -12,8 +12,8 @@ export class TransactionDraftLoggingView extends AbstractLoggingView { public toJSON() { return { - senderUser: new UserIdentifierLoggingView(this.self.senderUser).toJSON(), - recipientUser: new UserIdentifierLoggingView(this.self.recipientUser).toJSON(), + user: new UserIdentifierLoggingView(this.self.user).toJSON(), + linkedUser: new UserIdentifierLoggingView(this.self.linkedUser).toJSON(), backendTransactionId: this.self.backendTransactionId, amount: this.decimalToString(this.self.amount), type: getEnumValue(InputTransactionType, this.self.type), diff --git a/dlt-connector/test/testSetup.ts b/dlt-connector/test/testSetup.ts index 1a76560ed..71170cbf0 100644 --- a/dlt-connector/test/testSetup.ts +++ b/dlt-connector/test/testSetup.ts @@ -2,8 +2,8 @@ import { logger } from '@/logging/logger' jest.setTimeout(1000000) -jest.mock('@/server/logger', () => { - const originalModule = jest.requireActual('@/server/logger') +jest.mock('@/logging/logger', () => { + const originalModule = jest.requireActual('@/logging/logger') return { __esModule: true, ...originalModule, From 92c0c4a09074e13a81e910b478886261367fe306 Mon Sep 17 00:00:00 2001 From: einhorn_b Date: Tue, 9 Jan 2024 16:41:45 +0100 Subject: [PATCH 22/34] make more similar --- dlt-connector/src/logging/AbstractLogging.view.ts | 8 ++++---- dlt-connector/src/logging/AccountLogging.view.ts | 3 +-- dlt-connector/src/logging/SignatureMapLogging.view.ts | 3 ++- dlt-connector/src/logging/SignaturePairLogging.view.ts | 3 ++- dlt-connector/src/logging/TransactionDraftLogging.view.ts | 3 ++- dlt-connector/src/logging/UserIdentifierLogging.view.ts | 3 ++- dlt-connector/src/logging/UserLogging.view.ts | 3 ++- 7 files changed, 15 insertions(+), 11 deletions(-) diff --git a/dlt-connector/src/logging/AbstractLogging.view.ts b/dlt-connector/src/logging/AbstractLogging.view.ts index 3d9c2f811..ad52e6530 100644 --- a/dlt-connector/src/logging/AbstractLogging.view.ts +++ b/dlt-connector/src/logging/AbstractLogging.view.ts @@ -21,27 +21,27 @@ export abstract class AbstractLoggingView { return this.toString() } - public dateToString(date: Date | undefined | null): string | undefined { + protected dateToString(date: Date | undefined | null): string | undefined { if (date) { return date.toISOString() } return undefined } - public decimalToString(number: Decimal | undefined | null): string | undefined { + protected decimalToString(number: Decimal | undefined | null): string | undefined { if (number) { return number.toString() } return undefined } - public timestampSecondsToDateString(timestamp: TimestampSeconds): string | undefined { + protected timestampSecondsToDateString(timestamp: TimestampSeconds): string | undefined { if (timestamp && timestamp.seconds) { return timestampSecondsToDate(timestamp).toISOString() } } - public timestampToDateString(timestamp: Timestamp): string | undefined { + protected timestampToDateString(timestamp: Timestamp): string | undefined { if (timestamp && (timestamp.seconds || timestamp.nanoSeconds)) { return timestampToDate(timestamp).toISOString() } diff --git a/dlt-connector/src/logging/AccountLogging.view.ts b/dlt-connector/src/logging/AccountLogging.view.ts index e4f00e272..76ff7b891 100644 --- a/dlt-connector/src/logging/AccountLogging.view.ts +++ b/dlt-connector/src/logging/AccountLogging.view.ts @@ -11,8 +11,7 @@ export class AccountLoggingView extends AbstractLoggingView { super() } - // eslint-disable-next-line @typescript-eslint/no-explicit-any - public toJSON(): any { + public toJSON() { return { id: this.account.id, user: this.account.user ? new UserLoggingView(this.account.user).toJSON() : null, diff --git a/dlt-connector/src/logging/SignatureMapLogging.view.ts b/dlt-connector/src/logging/SignatureMapLogging.view.ts index 89c331a64..93feb46f9 100644 --- a/dlt-connector/src/logging/SignatureMapLogging.view.ts +++ b/dlt-connector/src/logging/SignatureMapLogging.view.ts @@ -8,7 +8,8 @@ export class SignatureMapLoggingView extends AbstractLoggingView { super() } - public toJSON() { + // eslint-disable-next-line @typescript-eslint/no-explicit-any + public toJSON(): any { return { sigPair: this.self.sigPair.map((value) => new SignaturePairLoggingView(value).toJSON()), } diff --git a/dlt-connector/src/logging/SignaturePairLogging.view.ts b/dlt-connector/src/logging/SignaturePairLogging.view.ts index c3317a5ec..e88406098 100644 --- a/dlt-connector/src/logging/SignaturePairLogging.view.ts +++ b/dlt-connector/src/logging/SignaturePairLogging.view.ts @@ -7,7 +7,8 @@ export class SignaturePairLoggingView extends AbstractLoggingView { super() } - public toJSON() { + // eslint-disable-next-line @typescript-eslint/no-explicit-any + public toJSON(): any { return { pubkey: Buffer.from(this.self.pubKey).toString(this.bufferStringFormat), signature: diff --git a/dlt-connector/src/logging/TransactionDraftLogging.view.ts b/dlt-connector/src/logging/TransactionDraftLogging.view.ts index b3fbbb8ae..5e86822ec 100644 --- a/dlt-connector/src/logging/TransactionDraftLogging.view.ts +++ b/dlt-connector/src/logging/TransactionDraftLogging.view.ts @@ -10,7 +10,8 @@ export class TransactionDraftLoggingView extends AbstractLoggingView { super() } - public toJSON() { + // eslint-disable-next-line @typescript-eslint/no-explicit-any + public toJSON(): any { return { user: new UserIdentifierLoggingView(this.self.user).toJSON(), linkedUser: new UserIdentifierLoggingView(this.self.linkedUser).toJSON(), diff --git a/dlt-connector/src/logging/UserIdentifierLogging.view.ts b/dlt-connector/src/logging/UserIdentifierLogging.view.ts index b49fb604c..54ac4b07d 100644 --- a/dlt-connector/src/logging/UserIdentifierLogging.view.ts +++ b/dlt-connector/src/logging/UserIdentifierLogging.view.ts @@ -7,7 +7,8 @@ export class UserIdentifierLoggingView extends AbstractLoggingView { super() } - public toJSON() { + // eslint-disable-next-line @typescript-eslint/no-explicit-any + public toJSON(): any { return { uuid: this.self.uuid, communityUuid: this.self.communityUuid, diff --git a/dlt-connector/src/logging/UserLogging.view.ts b/dlt-connector/src/logging/UserLogging.view.ts index 4db4f61fd..a3cbd66bc 100644 --- a/dlt-connector/src/logging/UserLogging.view.ts +++ b/dlt-connector/src/logging/UserLogging.view.ts @@ -7,7 +7,8 @@ export class UserLoggingView extends AbstractLoggingView { super() } - public toJSON() { + // eslint-disable-next-line @typescript-eslint/no-explicit-any + public toJSON(): any { return { id: this.user.id, gradidoId: this.user.gradidoID, From dc8c4b0f845efca65b5721c925fc92a8a3e74d18 Mon Sep 17 00:00:00 2001 From: einhorn_b Date: Tue, 9 Jan 2024 16:43:36 +0100 Subject: [PATCH 23/34] lint fix --- dlt-connector/src/graphql/resolver/TransactionsResolver.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dlt-connector/src/graphql/resolver/TransactionsResolver.ts b/dlt-connector/src/graphql/resolver/TransactionsResolver.ts index cc20a1034..6a5017fb1 100755 --- a/dlt-connector/src/graphql/resolver/TransactionsResolver.ts +++ b/dlt-connector/src/graphql/resolver/TransactionsResolver.ts @@ -1,6 +1,7 @@ -import { TransactionDraft } from '@input/TransactionDraft' import { Resolver, Arg, Mutation } from 'type-graphql' +import { TransactionDraft } from '@input/TransactionDraft' + import { TransactionRepository } from '@/data/Transaction.repository' import { CreateTransactionRecipeContext } from '@/interactions/backendToDb/transaction/CreateTransationRecipe.context' import { BackendTransactionLoggingView } from '@/logging/BackendTransactionLogging.view' From f5fbdb7ec6aa8ffb4abb64541792715ec96cc546 Mon Sep 17 00:00:00 2001 From: einhorn_b Date: Wed, 10 Jan 2024 21:30:01 +0100 Subject: [PATCH 24/34] split install script in root and gradido parts --- .../sites-available/gradido.conf.ssl.template | 6 +-- .../update-page.conf.ssl.template | 6 +-- deployment/hetzner_cloud/install.sh | 51 +++---------------- deployment/hetzner_cloud/install_gradido.sh | 48 +++++++++++++++++ 4 files changed, 62 insertions(+), 49 deletions(-) create mode 100644 deployment/hetzner_cloud/install_gradido.sh diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template index a99327745..b8559a0fb 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template @@ -1,16 +1,16 @@ server { - if ($host = $NGINX_SERVER_NAME) { + if ($host = $COMMUNITY_HOST) { return 301 https://$host$request_uri; } - server_name $NGINX_SERVER_NAME; + server_name $COMMUNITY_HOST; listen 80; listen [::]:80; return 404; } server { - server_name $NGINX_SERVER_NAME; + server_name $COMMUNITY_HOST; listen [::]:443 ssl ipv6only=on; listen 443 ssl; diff --git a/deployment/bare_metal/nginx/sites-available/update-page.conf.ssl.template b/deployment/bare_metal/nginx/sites-available/update-page.conf.ssl.template index ddcb9ffc1..06bc5bbc0 100644 --- a/deployment/bare_metal/nginx/sites-available/update-page.conf.ssl.template +++ b/deployment/bare_metal/nginx/sites-available/update-page.conf.ssl.template @@ -1,16 +1,16 @@ server { - if ($host = $NGINX_SERVER_NAME) { + if ($host = $COMMUNITY_HOST) { return 301 https://$host$request_uri; } - server_name $NGINX_SERVER_NAME; + server_name $COMMUNITY_HOST; listen 80; listen [::]:80; return 404; } server { - server_name $NGINX_SERVER_NAME; + server_name $COMMUNITY_HOST; listen [::]:443 ssl ipv6only=on; listen 443 ssl; diff --git a/deployment/hetzner_cloud/install.sh b/deployment/hetzner_cloud/install.sh index ae1c106ca..8a2d18a16 100755 --- a/deployment/hetzner_cloud/install.sh +++ b/deployment/hetzner_cloud/install.sh @@ -80,12 +80,15 @@ expect eof ") echo "$SECURE_MYSQL" +# create db user +export DB_USER=gradido +export DB_PASSWORD=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo); + +# run all commands which must be called in gradido user space +sudo -u gradido $LOCAL_SCRIPT_DIR/install_gradido.sh + # Configure nginx rm /etc/nginx/sites-enabled/default -envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_PATH/nginx/sites-available/gradido.conf.template > $SCRIPT_PATH/nginx/sites-available/gradido.conf -envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_PATH/nginx/sites-available/update-page.conf.template > $SCRIPT_PATH/nginx/sites-available/update-page.conf -sudo -u gradido mkdir $SCRIPT_PATH/nginx/sites-enabled -ln -s $SCRIPT_PATH/nginx/sites-available/update-page.conf $SCRIPT_PATH/nginx/sites-enabled/default ln -s $SCRIPT_PATH/nginx/sites-enabled/default /etc/nginx/sites-enabled ln -s $SCRIPT_PATH/nginx/common /etc/nginx/ rmdir /etc/nginx/conf.d @@ -94,54 +97,16 @@ ln -s $SCRIPT_PATH/nginx/conf.d /etc/nginx/ # setup https with certbot certbot certonly --nginx --non-interactive --agree-tos --domains $COMMUNITY_HOST --email $COMMUNITY_SUPPORT_MAIL -# Install node 16. with nvm, with nodesource is depracted -sudo -u gradido bash -c 'curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash' -# Close and reopen your terminal to start using nvm or run the following to use it now: -sudo -u gradido bash -c 'export NVM_DIR="$HOME/.nvm" && [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"' -sudo -u gradido bash -c '. $HOME/.nvm/nvm.sh && nvm install 16' # first installed version will be set to default automatic - -# Install yarn -sudo -u gradido bash -c '. $HOME/.nvm/nvm.sh && npm i -g yarn' - -# Install pm2 -sudo -u gradido bash -c '. $HOME/.nvm/nvm.sh && npm i -g pm2 && pm2 startup' - # Install logrotate -envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_PATH/logrotate/gradido.conf.template > $SCRIPT_PATH/logrotate/gradido.conf cp $SCRIPT_PATH/logrotate/gradido.conf /etc/logrotate.d/gradido.conf -# create db user -export DB_USER=gradido -export DB_PASSWORD=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo); +# setup db user mysql < $PROJECT_ROOT/database/.env - -# Configure backend -export JWT_SECRET=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo); -sudo -u gradido envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/backend/.env.template > $PROJECT_ROOT/backend/.env - -# Configure frontend -sudo -u gradido envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/frontend/.env.template > $PROJECT_ROOT/frontend/.env - -# Configure admin -sudo -u gradido envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/admin/.env.template > $PROJECT_ROOT/admin/.env - -# Configure dht-node -export FEDERATION_DHT_SEED=$(< /dev/urandom tr -dc a-f0-9 | head -c 32;echo); -sudo -u gradido envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/dht-node/.env.template > $PROJECT_ROOT/dht-node/.env - -# Configure federation -sudo -u gradido envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/federation/.env.template > $PROJECT_ROOT/federation/.env - -# create cronjob to delete yarn output in /tmp and for making backups regulary -sudo -u gradido crontab < $LOCAL_SCRIPT_DIR/crontabs.txt - # Start gradido # Note: on first startup some errors will occur - nothing serious sudo -u gradido $SCRIPT_PATH/start.sh \ No newline at end of file diff --git a/deployment/hetzner_cloud/install_gradido.sh b/deployment/hetzner_cloud/install_gradido.sh new file mode 100644 index 000000000..b2db53cf3 --- /dev/null +++ b/deployment/hetzner_cloud/install_gradido.sh @@ -0,0 +1,48 @@ +#!/bin/bash +# called from install.sh as gradido user +# ENV variables from install.sh are accessable by child scripts +# changing don't count for calling script + +# Configure nginx +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_PATH/nginx/sites-available/gradido.conf.template > $SCRIPT_PATH/nginx/sites-available/gradido.conf +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_PATH/nginx/sites-available/update-page.conf.template > $SCRIPT_PATH/nginx/sites-available/update-page.conf +mkdir $SCRIPT_PATH/nginx/sites-enabled +ln -s $SCRIPT_PATH/nginx/sites-available/update-page.conf $SCRIPT_PATH/nginx/sites-enabled/default + +# Install node 16. with nvm, with nodesource is depracted +curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash +# Close and reopen your terminal to start using nvm or run the following to use it now: +export NVM_DIR="$HOME/.nvm" && [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" +nvm install 16 # first installed version will be set to default automatic + +# Install yarn +npm i -g yarn + +# Install pm2 +npm i -g pm2 && pm2 startup + +# Install logrotate +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_PATH/logrotate/gradido.conf.template > $SCRIPT_PATH/logrotate/gradido.conf + +# Configure database +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/database/.env.template > $PROJECT_ROOT/database/.env + +# Configure backend +export JWT_SECRET=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo); +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/backend/.env.template > $PROJECT_ROOT/backend/.env + +# Configure frontend +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/frontend/.env.template > $PROJECT_ROOT/frontend/.env + +# Configure admin +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/admin/.env.template > $PROJECT_ROOT/admin/.env + +# Configure dht-node +export FEDERATION_DHT_SEED=$(< /dev/urandom tr -dc a-f0-9 | head -c 32;echo); +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/dht-node/.env.template > $PROJECT_ROOT/dht-node/.env + +# Configure federation +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/federation/.env.template > $PROJECT_ROOT/federation/.env + +# create cronjob to delete yarn output in /tmp and for making backups regulary +crontab < $LOCAL_SCRIPT_DIR/crontabs.txt From abc4843a0e2168ca1ef4631b4365fa696697b74d Mon Sep 17 00:00:00 2001 From: einhorn_b Date: Wed, 10 Jan 2024 21:56:12 +0100 Subject: [PATCH 25/34] make install_gradido executable --- deployment/hetzner_cloud/install_gradido.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 deployment/hetzner_cloud/install_gradido.sh diff --git a/deployment/hetzner_cloud/install_gradido.sh b/deployment/hetzner_cloud/install_gradido.sh old mode 100644 new mode 100755 From e58ec8ad346cecd83870d6e1785d559253007f75 Mon Sep 17 00:00:00 2001 From: einhorn_b Date: Wed, 10 Jan 2024 22:21:42 +0100 Subject: [PATCH 26/34] use chown after --- backend/.env.template | 2 +- deployment/bare_metal/.env.dist | 12 ++++- deployment/hetzner_cloud/install.sh | 56 +++++++++++++++++---- deployment/hetzner_cloud/install_gradido.sh | 48 ------------------ 4 files changed, 58 insertions(+), 60 deletions(-) delete mode 100755 deployment/hetzner_cloud/install_gradido.sh diff --git a/backend/.env.template b/backend/.env.template index 9133428ab..9adb09793 100644 --- a/backend/.env.template +++ b/backend/.env.template @@ -49,7 +49,7 @@ EMAIL_USERNAME=$EMAIL_USERNAME EMAIL_SENDER=$EMAIL_SENDER EMAIL_PASSWORD=$EMAIL_PASSWORD EMAIL_SMTP_URL=$EMAIL_SMTP_URL -EMAIL_SMTP_PORT=587 +EMAIL_SMTP_PORT=$EMAIL_SMTP_PORT EMAIL_LINK_VERIFICATION=$EMAIL_LINK_VERIFICATION EMAIL_LINK_SETPASSWORD=$EMAIL_LINK_SETPASSWORD EMAIL_LINK_FORGOTPASSWORD=$EMAIL_LINK_FORGOTPASSWORD diff --git a/deployment/bare_metal/.env.dist b/deployment/bare_metal/.env.dist index 326392124..ebdc9f277 100644 --- a/deployment/bare_metal/.env.dist +++ b/deployment/bare_metal/.env.dist @@ -6,13 +6,17 @@ COMMUNITY_SUPPORT_MAIL=support@supportmail.com # setup email account for sending gradido system messages to users EMAIL=true -EMAIL_TEST_MODUS=false -EMAIL_TEST_RECEIVER=test_team@gradido.net EMAIL_USERNAME=peter@lustig.de EMAIL_SENDER=peter@lustig.de EMAIL_PASSWORD=1234 EMAIL_SMTP_URL=smtp.lustig.de +EMAIL_SMTP_PORT=587 + +# how many minutes email verification code is valid +# also used for password reset code EMAIL_CODE_VALID_TIME=1440 +# how many minutes user must wait before he can request the email verification code again +# also used for password reset code EMAIL_CODE_REQUEST_TIME=10 # Need to adjust by updates @@ -31,6 +35,10 @@ URL_PROTOCOL=https # start script # only for test server DEPLOY_SEED_DATA=false +# test email +# if true all email will be send to EMAIL_TEST_RECEIVER instead of email address of user +EMAIL_TEST_MODUS=false +EMAIL_TEST_RECEIVER=test_team@gradido.net # Logging GRADIDO_LOG_PATH=/home/gradido/gradido/deployment/bare_metal/log diff --git a/deployment/hetzner_cloud/install.sh b/deployment/hetzner_cloud/install.sh index 8a2d18a16..b83cdae68 100755 --- a/deployment/hetzner_cloud/install.sh +++ b/deployment/hetzner_cloud/install.sh @@ -10,7 +10,7 @@ set -o allexport SCRIPT_PATH=$(realpath ../bare_metal) SCRIPT_DIR=$(dirname $SCRIPT_PATH) LOCAL_SCRIPT_PATH=$(realpath $0) -LOCAL_SCRIPT_DIR=$(dirname $SCRIPT_PATH) +LOCAL_SCRIPT_DIR=$(dirname $LOCAL_SCRIPT_PATH) PROJECT_ROOT=$SCRIPT_DIR/.. set +o allexport @@ -80,15 +80,12 @@ expect eof ") echo "$SECURE_MYSQL" -# create db user -export DB_USER=gradido -export DB_PASSWORD=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo); - -# run all commands which must be called in gradido user space -sudo -u gradido $LOCAL_SCRIPT_DIR/install_gradido.sh - # Configure nginx rm /etc/nginx/sites-enabled/default +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_PATH/nginx/sites-available/gradido.conf.template > $SCRIPT_PATH/nginx/sites-available/gradido.conf +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_PATH/nginx/sites-available/update-page.conf.template > $SCRIPT_PATH/nginx/sites-available/update-page.conf +mkdir $SCRIPT_PATH/nginx/sites-enabled +ln -s $SCRIPT_PATH/nginx/sites-available/update-page.conf $SCRIPT_PATH/nginx/sites-enabled/default ln -s $SCRIPT_PATH/nginx/sites-enabled/default /etc/nginx/sites-enabled ln -s $SCRIPT_PATH/nginx/common /etc/nginx/ rmdir /etc/nginx/conf.d @@ -97,16 +94,57 @@ ln -s $SCRIPT_PATH/nginx/conf.d /etc/nginx/ # setup https with certbot certbot certonly --nginx --non-interactive --agree-tos --domains $COMMUNITY_HOST --email $COMMUNITY_SUPPORT_MAIL +# Install node 16. with nvm, with nodesource is depracted +sudo -u gradido bash -c 'curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash' +# Close and reopen your terminal to start using nvm or run the following to use it now: +sudo -u gradido bash -c 'export NVM_DIR="$HOME/.nvm" && [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"' +sudo -u gradido bash -c '. $HOME/.nvm/nvm.sh && nvm install 16' # first installed version will be set to default automatic + +# Install yarn +sudo -u gradido bash -c '. $HOME/.nvm/nvm.sh && npm i -g yarn' + +# Install pm2 +sudo -u gradido bash -c '. $HOME/.nvm/nvm.sh && npm i -g pm2 && pm2 startup' + # Install logrotate +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_PATH/logrotate/gradido.conf.template > $SCRIPT_PATH/logrotate/gradido.conf cp $SCRIPT_PATH/logrotate/gradido.conf /etc/logrotate.d/gradido.conf -# setup db user +# create db user +export DB_USER=gradido +export DB_PASSWORD=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo); mysql < $PROJECT_ROOT/database/.env + +# Configure backend +export JWT_SECRET=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo); +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/backend/.env.template > $PROJECT_ROOT/backend/.env + +# Configure frontend +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/frontend/.env.template > $PROJECT_ROOT/frontend/.env + +# Configure admin +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/admin/.env.template > $PROJECT_ROOT/admin/.env + +# Configure dht-node +export FEDERATION_DHT_SEED=$(< /dev/urandom tr -dc a-f0-9 | head -c 32;echo); +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/dht-node/.env.template > $PROJECT_ROOT/dht-node/.env + +# Configure federation +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/federation/.env.template > $PROJECT_ROOT/federation/.env + +# set all created or modified files back to belonging to gradido +chown -R gradido:gradido $PROJECT_ROOT + +# create cronjob to delete yarn output in /tmp and for making backups regulary +sudo -u gradido crontab < $LOCAL_SCRIPT_DIR/crontabs.txt + # Start gradido # Note: on first startup some errors will occur - nothing serious sudo -u gradido $SCRIPT_PATH/start.sh \ No newline at end of file diff --git a/deployment/hetzner_cloud/install_gradido.sh b/deployment/hetzner_cloud/install_gradido.sh deleted file mode 100755 index b2db53cf3..000000000 --- a/deployment/hetzner_cloud/install_gradido.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/bash -# called from install.sh as gradido user -# ENV variables from install.sh are accessable by child scripts -# changing don't count for calling script - -# Configure nginx -envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_PATH/nginx/sites-available/gradido.conf.template > $SCRIPT_PATH/nginx/sites-available/gradido.conf -envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_PATH/nginx/sites-available/update-page.conf.template > $SCRIPT_PATH/nginx/sites-available/update-page.conf -mkdir $SCRIPT_PATH/nginx/sites-enabled -ln -s $SCRIPT_PATH/nginx/sites-available/update-page.conf $SCRIPT_PATH/nginx/sites-enabled/default - -# Install node 16. with nvm, with nodesource is depracted -curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash -# Close and reopen your terminal to start using nvm or run the following to use it now: -export NVM_DIR="$HOME/.nvm" && [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" -nvm install 16 # first installed version will be set to default automatic - -# Install yarn -npm i -g yarn - -# Install pm2 -npm i -g pm2 && pm2 startup - -# Install logrotate -envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_PATH/logrotate/gradido.conf.template > $SCRIPT_PATH/logrotate/gradido.conf - -# Configure database -envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/database/.env.template > $PROJECT_ROOT/database/.env - -# Configure backend -export JWT_SECRET=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo); -envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/backend/.env.template > $PROJECT_ROOT/backend/.env - -# Configure frontend -envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/frontend/.env.template > $PROJECT_ROOT/frontend/.env - -# Configure admin -envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/admin/.env.template > $PROJECT_ROOT/admin/.env - -# Configure dht-node -export FEDERATION_DHT_SEED=$(< /dev/urandom tr -dc a-f0-9 | head -c 32;echo); -envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/dht-node/.env.template > $PROJECT_ROOT/dht-node/.env - -# Configure federation -envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/federation/.env.template > $PROJECT_ROOT/federation/.env - -# create cronjob to delete yarn output in /tmp and for making backups regulary -crontab < $LOCAL_SCRIPT_DIR/crontabs.txt From 1494a9ae1e15d32b03f51465da4c85d7f8f86f24 Mon Sep 17 00:00:00 2001 From: einhorn_b Date: Wed, 10 Jan 2024 23:05:58 +0100 Subject: [PATCH 27/34] export env, move starting modules after building all modules --- deployment/bare_metal/start.sh | 37 +++++++++++++++++----------------- 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index b68d5aea8..4b6498ee0 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -48,6 +48,10 @@ fi : ${NGINX_SSL_CERTIFICATE:=/etc/letsencrypt/live/$COMMUNITY_HOST/fullchain.pem} : ${NGINX_SSL_CERTIFICATE_KEY:=/etc/letsencrypt/live/$COMMUNITY_HOST/privkey.pem} +# export env variables +export NGINX_SSL_CERTIFICATE +export NGINX_SSL_CERTIFICATE_KEY + # lock start if [ -f $LOCK_FILE ] ; then echo "Already building!" @@ -189,8 +193,7 @@ if [ "$DEPLOY_SEED_DATA" = "true" ]; then fi # TODO maybe handle this differently? export NODE_ENV=production -pm2 start --name gradido-backend "yarn --cwd $PROJECT_ROOT/backend start" -l $GRADIDO_LOG_PATH/pm2.backend.$TODAY.log --log-date-format 'YYYY-MM-DD HH:mm:ss.SSS' -pm2 save + # Install & build frontend echo 'Updating frontend' >> $UPDATE_HTML @@ -201,8 +204,6 @@ yarn install yarn build # TODO maybe handle this differently? export NODE_ENV=production -pm2 start --name gradido-frontend "yarn --cwd $PROJECT_ROOT/frontend start" -l $GRADIDO_LOG_PATH/pm2.frontend.$TODAY.log --log-date-format 'YYYY-MM-DD HH:mm:ss.SSS' -pm2 save # Install & build admin echo 'Updating admin' >> $UPDATE_HTML @@ -213,8 +214,6 @@ yarn install yarn build # TODO maybe handle this differently? export NODE_ENV=production -pm2 start --name gradido-admin "yarn --cwd $PROJECT_ROOT/admin start" -l $GRADIDO_LOG_PATH/pm2.admin.$TODAY.log --log-date-format 'YYYY-MM-DD HH:mm:ss.SSS' -pm2 save # Install & build dht-node echo 'Updating dht-node' >> $UPDATE_HTML @@ -225,15 +224,6 @@ yarn install yarn build # TODO maybe handle this differently? export NODE_ENV=production -if [ ! -z $FEDERATION_DHT_TOPIC ]; then - pm2 start --name gradido-dht-node "yarn --cwd $PROJECT_ROOT/dht-node start" -l $GRADIDO_LOG_PATH/pm2.dht-node.$TODAY.log --log-date-format 'YYYY-MM-DD HH:mm:ss.SSS' - pm2 save -else - echo "=====================================================================" >> $UPDATE_HTML - echo "WARNING: FEDERATION_DHT_TOPIC not configured. DHT-Node not started..." >> $UPDATE_HTML - echo "=====================================================================" >> $UPDATE_HTML -fi - # Install & build federation echo 'Updating federation' >> $UPDATE_HTML @@ -245,6 +235,20 @@ yarn build # TODO maybe handle this differently? export NODE_ENV=production +# start after building all to use up less ressources +pm2 start --name gradido-backend "yarn --cwd $PROJECT_ROOT/backend start" -l $GRADIDO_LOG_PATH/pm2.backend.$TODAY.log --log-date-format 'YYYY-MM-DD HH:mm:ss.SSS' +pm2 start --name gradido-frontend "yarn --cwd $PROJECT_ROOT/frontend start" -l $GRADIDO_LOG_PATH/pm2.frontend.$TODAY.log --log-date-format 'YYYY-MM-DD HH:mm:ss.SSS' +pm2 start --name gradido-admin "yarn --cwd $PROJECT_ROOT/admin start" -l $GRADIDO_LOG_PATH/pm2.admin.$TODAY.log --log-date-format 'YYYY-MM-DD HH:mm:ss.SSS' +pm2 save +if [ ! -z $FEDERATION_DHT_TOPIC ]; then + pm2 start --name gradido-dht-node "yarn --cwd $PROJECT_ROOT/dht-node start" -l $GRADIDO_LOG_PATH/pm2.dht-node.$TODAY.log --log-date-format 'YYYY-MM-DD HH:mm:ss.SSS' + pm2 save +else + echo "=====================================================================" >> $UPDATE_HTML + echo "WARNING: FEDERATION_DHT_TOPIC not configured. DHT-Node not started..." >> $UPDATE_HTML + echo "=====================================================================" >> $UPDATE_HTML +fi + # set FEDERATION_PORT from FEDERATION_COMMUNITY_APIS IFS="," read -a API_ARRAY <<< $FEDERATION_COMMUNITY_APIS for api in "${API_ARRAY[@]}" @@ -266,9 +270,6 @@ do pm2 save done - - - # let nginx showing gradido echo 'Configuring nginx to serve gradido again' >> $UPDATE_HTML ln -sf $SCRIPT_DIR/nginx/sites-available/gradido.conf $SCRIPT_DIR/nginx/sites-enabled/default From 6fe8eead938217ab20c842f0ff1fa185358486fb Mon Sep 17 00:00:00 2001 From: einhorn_b Date: Wed, 10 Jan 2024 23:20:48 +0100 Subject: [PATCH 28/34] fix minor --- backend/.env.template | 2 +- frontend/.env.template | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/backend/.env.template b/backend/.env.template index 9adb09793..d279ba705 100644 --- a/backend/.env.template +++ b/backend/.env.template @@ -1,5 +1,5 @@ # must match the CONFIG_VERSION.EXPECTED definition in scr/config/index.ts -CONFIG_VERSION=v20.2023-09-19 +CONFIG_VERSION=$BACKEND_CONFIG_VERSION # Server JWT_SECRET=$JWT_SECRET diff --git a/frontend/.env.template b/frontend/.env.template index e5662140c..c365ab8cf 100644 --- a/frontend/.env.template +++ b/frontend/.env.template @@ -16,7 +16,7 @@ COMMUNITY_DESCRIPTION=$COMMUNITY_DESCRIPTION COMMUNITY_SUPPORT_MAIL=$COMMUNITY_SUPPORT_MAIL # Meta -META_URL=$META_URL +META_URL=$COMMUNITY_HOST META_TITLE_DE=$META_TITLE_DE META_TITLE_EN=$META_TITLE_EN META_DESCRIPTION_DE=$META_DESCRIPTION_DE From 90408664f619d86119506b6037f87d103d3502f7 Mon Sep 17 00:00:00 2001 From: einhorn_b Date: Thu, 11 Jan 2024 13:15:48 +0100 Subject: [PATCH 29/34] fix missing/wrong config --- backend/.env.template | 10 +++++----- deployment/bare_metal/.env.dist | 8 +++++++- deployment/hetzner_cloud/README.md | 8 +++++++- 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/backend/.env.template b/backend/.env.template index d279ba705..1cf7d9dee 100644 --- a/backend/.env.template +++ b/backend/.env.template @@ -50,11 +50,11 @@ EMAIL_SENDER=$EMAIL_SENDER EMAIL_PASSWORD=$EMAIL_PASSWORD EMAIL_SMTP_URL=$EMAIL_SMTP_URL EMAIL_SMTP_PORT=$EMAIL_SMTP_PORT -EMAIL_LINK_VERIFICATION=$EMAIL_LINK_VERIFICATION -EMAIL_LINK_SETPASSWORD=$EMAIL_LINK_SETPASSWORD -EMAIL_LINK_FORGOTPASSWORD=$EMAIL_LINK_FORGOTPASSWORD -EMAIL_LINK_OVERVIEW=$EMAIL_LINK_OVERVIEW -EMAIL_CODE_VALID_TIME=$EMAIL_CODE_VALID_TIME +EMAIL_LINK_VERIFICATION_PATH=$EMAIL_LINK_VERIFICATION_PATH +EMAIL_LINK_SETPASSWORD_PATH=$EMAIL_LINK_SETPASSWORD_PATH +EMAIL_LINK_FORGOTPASSWORD_PATH=$EMAIL_LINK_FORGOTPASSWORD_PATH +EMAIL_LINK_OVERVIEW_PATH=$EMAIL_LINK_OVERVIEW_PATH +EMAIL_CODE_VALID_TIME=$EMAIL_CODE_VALID_TIME_PATH EMAIL_CODE_REQUEST_TIME=$EMAIL_CODE_REQUEST_TIME # Webhook diff --git a/deployment/bare_metal/.env.dist b/deployment/bare_metal/.env.dist index ebdc9f277..83fe34968 100644 --- a/deployment/bare_metal/.env.dist +++ b/deployment/bare_metal/.env.dist @@ -41,8 +41,9 @@ EMAIL_TEST_MODUS=false EMAIL_TEST_RECEIVER=test_team@gradido.net # Logging +LOG_LEVEL=WARN GRADIDO_LOG_PATH=/home/gradido/gradido/deployment/bare_metal/log -TYPEORM_LOGGING_RELATIVE_PATH=/home/gradido/gradido/deployment/bare_metal/log/typeorm.backend.log +TYPEORM_LOGGING_RELATIVE_PATH=../deployment/bare_metal/log/typeorm.backend.log # webhook WEBHOOK_GITHUB_SECRET=secret @@ -72,6 +73,7 @@ JWT_EXPIRES_IN=10m # FEDERATION_DHT_SEED=64ebcb0e3ad547848fef4197c6e2332f # the api port is the baseport, which will be added with the api-version, e.g. 1_0 = 5010 FEDERATION_COMMUNITY_API_PORT=5000 +FEDERATION_VALIDATE_COMMUNITY_TIMER=60000 # comma separated list of api-versions, which cause starting several federation modules FEDERATION_COMMUNITY_APIS=1_0,1_1 @@ -79,6 +81,10 @@ FEDERATION_COMMUNITY_APIS=1_0,1_1 # externe gradido services (more added in future) GDT_API_URL=https://gdt.gradido.net +# DLT-Connector (still in develop) +DLT_CONNECTOR=false +DLT_CONNECTOR_PORT=6010 + # used for combining a newsletter on klicktipp with this gradido community # if used, user will be subscribed on register and can unsubscribe in his account KLICKTIPP=false diff --git a/deployment/hetzner_cloud/README.md b/deployment/hetzner_cloud/README.md index 5a5ae3186..d7f7cf13a 100644 --- a/deployment/hetzner_cloud/README.md +++ b/deployment/hetzner_cloud/README.md @@ -106,4 +106,10 @@ will remove it and ln ../bare_metal/nginx/conf.d ```bash cd ~/gradido/deployment/hetzner_cloud -sudo ./install.sh \ No newline at end of file +sudo ./install.sh + +### Make yourself admin + +```mysql +insert into user_roles(user_id, role) values(276, 'ADMIN'); +``` \ No newline at end of file From b40dbf561e70b2c336cd356f31cbe269492948c3 Mon Sep 17 00:00:00 2001 From: einhorn_b Date: Thu, 11 Jan 2024 14:02:23 +0100 Subject: [PATCH 30/34] info log level --- deployment/bare_metal/.env.dist | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/bare_metal/.env.dist b/deployment/bare_metal/.env.dist index 83fe34968..eb1e45f79 100644 --- a/deployment/bare_metal/.env.dist +++ b/deployment/bare_metal/.env.dist @@ -41,7 +41,7 @@ EMAIL_TEST_MODUS=false EMAIL_TEST_RECEIVER=test_team@gradido.net # Logging -LOG_LEVEL=WARN +LOG_LEVEL=INFO GRADIDO_LOG_PATH=/home/gradido/gradido/deployment/bare_metal/log TYPEORM_LOGGING_RELATIVE_PATH=../deployment/bare_metal/log/typeorm.backend.log From 31283c509435996a9656011916168719beeddac9 Mon Sep 17 00:00:00 2001 From: einhorn_b Date: Thu, 11 Jan 2024 14:53:03 +0100 Subject: [PATCH 31/34] move call for validate federation --- backend/src/index.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/backend/src/index.ts b/backend/src/index.ts index 86f78326d..4961e880d 100644 --- a/backend/src/index.ts +++ b/backend/src/index.ts @@ -5,6 +5,8 @@ import { createServer } from './server/createServer' async function main() { const { app } = await createServer() + void startValidateCommunities(Number(CONFIG.FEDERATION_VALIDATE_COMMUNITY_TIMER)) + // app listen don't return as long as the express server is running app.listen(CONFIG.PORT, () => { // eslint-disable-next-line no-console console.log(`Server is running at http://localhost:${CONFIG.PORT}`) @@ -13,7 +15,6 @@ async function main() { console.log(`GraphIQL available at http://localhost:${CONFIG.PORT}`) } }) - void startValidateCommunities(Number(CONFIG.FEDERATION_VALIDATE_COMMUNITY_TIMER)) } main().catch((e) => { From 0982e4fa4fc0dd6d039f6206f1c7dff0243768d6 Mon Sep 17 00:00:00 2001 From: einhorn_b Date: Thu, 11 Jan 2024 15:08:12 +0100 Subject: [PATCH 32/34] never mind --- backend/src/index.ts | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/backend/src/index.ts b/backend/src/index.ts index 4961e880d..86f78326d 100644 --- a/backend/src/index.ts +++ b/backend/src/index.ts @@ -5,8 +5,6 @@ import { createServer } from './server/createServer' async function main() { const { app } = await createServer() - void startValidateCommunities(Number(CONFIG.FEDERATION_VALIDATE_COMMUNITY_TIMER)) - // app listen don't return as long as the express server is running app.listen(CONFIG.PORT, () => { // eslint-disable-next-line no-console console.log(`Server is running at http://localhost:${CONFIG.PORT}`) @@ -15,6 +13,7 @@ async function main() { console.log(`GraphIQL available at http://localhost:${CONFIG.PORT}`) } }) + void startValidateCommunities(Number(CONFIG.FEDERATION_VALIDATE_COMMUNITY_TIMER)) } main().catch((e) => { From f182c5466ae33743b7c6eb16cebb5f96b60a4bc5 Mon Sep 17 00:00:00 2001 From: einhorn_b Date: Wed, 17 Jan 2024 14:34:07 +0100 Subject: [PATCH 33/34] create mysql user and password only of not already exist --- deployment/hetzner_cloud/install.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/deployment/hetzner_cloud/install.sh b/deployment/hetzner_cloud/install.sh index b83cdae68..ee539370c 100755 --- a/deployment/hetzner_cloud/install.sh +++ b/deployment/hetzner_cloud/install.sh @@ -112,9 +112,12 @@ cp $SCRIPT_PATH/logrotate/gradido.conf /etc/logrotate.d/gradido.conf # create db user export DB_USER=gradido -export DB_PASSWORD=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo); +# create a new password only if it not already exist +if [ -z "${DB_PASSWORD}" ]; then + export DB_PASSWORD=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo); +fi mysql < Date: Wed, 17 Jan 2024 15:29:40 +0100 Subject: [PATCH 34/34] update readmeg --- deployment/hetzner_cloud/README.md | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/deployment/hetzner_cloud/README.md b/deployment/hetzner_cloud/README.md index d7f7cf13a..d03ff0b46 100644 --- a/deployment/hetzner_cloud/README.md +++ b/deployment/hetzner_cloud/README.md @@ -107,9 +107,18 @@ will remove it and ln ../bare_metal/nginx/conf.d ```bash cd ~/gradido/deployment/hetzner_cloud sudo ./install.sh +``` ### Make yourself admin +- Create an account on your new gradido instance +- Click the link in the activation email +- go back to your ssh session and copy this command + +```bash +sudo mysql -D gradido_community -e "insert into user_roles(user_id, role) values((select id from users order by id desc limit 1), 'ADMIN');" +``` + +- it will make last registered user admin +- login with you newly created user +- if you has a link to `Admin Area` it worked and you are admin -```mysql -insert into user_roles(user_id, role) values(276, 'ADMIN'); -``` \ No newline at end of file