feat: simplify deployment

getmeli · Dec 4, 2020 · c53702c · c53702c
1 parent c2ff7a2
commit c53702c
Show file tree

Hide file tree

Showing 30 changed files with 380 additions and 372 deletions.
diff --git a/README.md b/README.md
@@ -8,6 +8,8 @@
 
 > Found a security issue ? Please [let us know !](https://github.com/gomeli/meli/security/advisories/new)
 
+Docs: https://docs.meli.sh
+
 ## How it works
 
 1. Sign-in and create your organization
@@ -38,10 +40,6 @@
 - [ ] Extend integrations
 - [ ] Accessibility
 
-## Deployment
-
-TODO
-
 ## API
 
 > API docs coming soon
@@ -100,7 +98,7 @@ You need to configure your machine to allow wildcard domains for development. We
 We've configured dev.meli.sh to point to 127.0.0.1, so you can develop with it. Update your `.env`.
 
 ```
-MELI_SITES_DOMAIN=dev.meli.sh
+MELI_SITES_HOST=dev.meli.sh
 ```
 
 Your sites will be served at `*.dev.meli.sh`.
@@ -150,6 +148,13 @@ Cons: a bit complex, config required
 1. Configure your `.env` (copy `.env.example` to start with)
 1. Run `npm start`
 
+If you develop with the UI, you'll need to clone the [UI repo](https://github.com/getmeli/meli-ui), then start it.
+
+You can now browse at `http://localhost:80`:
+- `http://localhost:80/` => UI
+- `http://localhost:80/api`, `http://localhost:80/auth` and `http://localhost:80/socket.io` => API
+- `http://loopback.sh` => your sites will be served here
+
 ### SSL
 
 Use [`mkcert`](https://github.com/FiloSottile/mkcert) to generate a certificate and key:

diff --git a/caddy/config-dev.json b/caddy/config-dev.json
diff --git a/caddy/config.json b/caddy/config.json
@@ -0,0 +1,6 @@
+{
+  "admin": {
+    "disabled": false,
+    "listen": "0.0.0.0:2019"
+  }
+}
diff --git a/docker-compose-dev.yml b/docker-compose-dev.yml
@@ -9,11 +9,6 @@ services:
     ports:
       - 127.0.0.1:27017:27017
 
-  #  redis:
-  #    image: redis
-  #    ports:
-  #      - 127.0.0.1:6379:6379
-
   mailhog:
     image: mailhog/mailhog
     ports:
@@ -26,9 +21,7 @@ services:
     ports:
       - 127.0.0.1:80:80
       - 127.0.0.1:443:443
-      - 127.0.0.1:8080:8080
-      - 127.0.0.1:8043:8043
       - 127.0.0.1:2019:2019
     volumes:
       - ./data/caddy:/sites
-      - ./caddy/config-dev.json:/etc/caddy/config.json:ro
+      - ./caddy/config.json:/etc/caddy/config.json:ro
diff --git a/jest.config.js b/jest.config.js
@@ -6,8 +6,6 @@ module.exports = {
   testEnvironment: 'node',
   roots: [
     '<rootDir>/src',
-    // '<rootDir>/license',
-    // '<rootDir>/test',
   ],
   testRegex: '.(e2e-)?\\.spec\\.(ts|js)$',
   transform: {
@@ -36,7 +34,7 @@ module.exports = {
       version: '0.1.0',
       buildDate: '2020-02-01T15:19:54.093Z',
       commitHash: 'babb2a47d9f3849ff0f697b2df7f44cc9f3b121f',
-      SENTRY_RELEASE: 'meli-server-ce@tmp',
+      SENTRY_RELEASE: 'meli@test',
       SENTRY_DSN: 'https://dsn.meli',
     },
   },

diff --git a/package-lock.json b/package-lock.json
diff --git a/setupTests.js b/setupTests.js
@@ -11,7 +11,6 @@ process.env['FORCE_COLOR'] = '1';
 
 // env
 process.env.MELI_HOST = 'http://localhost:3001';
-process.env.MELI_UI_HOST = 'http://localhost:3000';
 process.env.MELI_MAIL_HOST = 'localhost';
 process.env.MELI_MAIL_PORT = '1025';
 process.env.MELI_BILLING_PRICE_ID = 'price_123';

diff --git a/src/auth/authenticate.ts b/src/auth/authenticate.ts
@@ -26,10 +26,10 @@ async function handler(req: Request, res: Response, next: NextFunction) {
     if (err) {
       return next(err);
     }
-    logger.debug(`Redirecting to ${env.MELI_UI_HOST.host} with cookie ${authCookieName} ${JSON.stringify(cookieOptions(), null, 2)}`);
+    logger.debug(`Redirecting to ${env.MELI_UI_HOST} with cookie ${authCookieName} ${JSON.stringify(cookieOptions(), null, 2)}`);
     res
       .cookie(authCookieName, token, cookieOptions())
-      .redirect(env.MELI_UI_HOST.host);
+      .redirect(env.MELI_UI_HOST);
   });
 }
 

diff --git a/src/auth/passport/gitea.ts b/src/auth/passport/gitea.ts
@@ -12,14 +12,13 @@ const logger = new Logger('meli.server.passport:gitea');
 export const gitea_redirect = '/auth/gitea';
 export const gitea_callback = '/auth/gitea/callback';
 
-const allowedOrgs = new Set(env.MELI_GITEA_ORGS);
-
 if (
   env.MELI_GITEA_URL
   && env.MELI_GITEA_CLIENT_ID
   && env.MELI_GITEA_CLIENT_SECRET
 ) {
-  const oauthCallbackUrl = `${env.MELI_HOST.host}${gitea_callback}`;
+  const allowedOrgs = env.MELI_GITEA_ORGS ? new Set(env.MELI_GITEA_ORGS) : undefined;
+  const oauthCallbackUrl = `${env.MELI_HOST.toString()}${gitea_callback}`;
   logger.debug('Enabling gitea auth', oauthCallbackUrl);
 
   passport.use('gitea', new OAuth2Strategy(
@@ -36,13 +35,13 @@ if (
       gitea
         .getUser()
         .then(giteaUser => {
-          if (giteaUser.orgs.some(org => allowedOrgs.has(org))) {
+          if (!allowedOrgs || giteaUser.orgs.some(org => allowedOrgs.has(org))) {
             cb(undefined, <PassportUser>{
               ...giteaUser,
               authProvider: 'gitea',
             });
           } else {
-            logger.warn(`User ${giteaUser.name} tried to login but is not a member of orgs ${allowedOrgs}`);
+            logger.warn(`User ${giteaUser.name} tried to login but is not a member of restricted orgs`);
             cb();
           }
         })

diff --git a/src/auth/passport/github.ts b/src/auth/passport/github.ts
@@ -12,14 +12,13 @@ const logger = new Logger('meli.server.passport:github');
 export const github_redirect = '/auth/github';
 export const github_callback = '/auth/github/callback';
 
-const allowedOrgs = new Set(env.MELI_GITHUB_ORGS);
-
 if (
   env.MELI_GITHUB_URL
   && env.MELI_GITHUB_CLIENT_ID
   && env.MELI_GITHUB_CLIENT_SECRET
 ) {
-  const oauthCallbackUrl = `${env.MELI_HOST.host}${github_callback}`;
+  const allowedOrgs = env.MELI_GITHUB_ORGS ? new Set(env.MELI_GITHUB_ORGS) : undefined;
+  const oauthCallbackUrl = `${env.MELI_HOST.toString()}${github_callback}`;
   logger.debug('Enabling github auth', oauthCallbackUrl);
 
   passport.use('github', new OAuth2Strategy(
@@ -37,13 +36,13 @@ if (
       github
         .getUser()
         .then(githubUser => {
-          if (githubUser.orgs.some(org => allowedOrgs.has(org))) {
+          if (!allowedOrgs || githubUser.orgs.some(org => allowedOrgs.has(org))) {
             cb(undefined, <PassportUser>{
               ...githubUser,
               authProvider: 'github',
             });
           } else {
-            logger.warn(`User ${githubUser.name} tried to login but is not a member of orgs ${allowedOrgs}`);
+            logger.warn(`User ${githubUser.name} tried to login but is not a member of restricted orgs`);
             cb();
           }
         })

diff --git a/src/auth/passport/gitlab.ts b/src/auth/passport/gitlab.ts
@@ -13,14 +13,13 @@ const logger = new Logger('meli.server.passport:gitlab');
 export const gitlab_redirect = '/auth/gitlab';
 export const gitlab_callback = '/auth/gitlab/callback';
 
-const allowedGroups = new Set(env.MELI_GITLAB_GROUPS);
-
 if (
   env.MELI_GITLAB_URL
   && env.MELI_GITLAB_CLIENT_ID
   && env.MELI_GITLAB_CLIENT_SECRET
 ) {
-  const oauthCallbackUrl = `${env.MELI_HOST.host}${gitlab_callback}`;
+  const allowedGroups = env.MELI_GITLAB_GROUPS ? new Set(env.MELI_GITLAB_GROUPS) : undefined;
+  const oauthCallbackUrl = `${env.MELI_HOST.toString()}${gitlab_callback}`;
   logger.debug('Enabling gitlab auth', oauthCallbackUrl);
 
   passport.use('gitlab', new OAuth2Strategy(
@@ -38,13 +37,13 @@ if (
       gitlab
         .getUser()
         .then(gitlabUser => {
-          if (gitlabUser.orgs.some(org => allowedGroups.has(org))) {
+          if (!allowedGroups || gitlabUser.orgs.some(org => allowedGroups.has(org))) {
             cb(undefined, <PassportUser>{
               ...gitlabUser,
               authProvider: 'gitlab',
             });
           } else {
-            logger.warn(`User ${gitlabUser.name} tried to login but is not a member of groups ${allowedGroups}`);
+            logger.warn(`User ${gitlabUser.name} tried to login but is not a member of restricted groups`);
             cb();
           }
         })

diff --git a/src/auth/passport/google.ts b/src/auth/passport/google.ts
@@ -15,7 +15,7 @@ if (
   env.MELI_GOOGLE_CLIENT_ID
   && env.MELI_GOOGLE_CLIENT_SECRET
 ) {
-  const oauthCallbackUrl = `${env.MELI_HOST.host}${google_callback}`;
+  const oauthCallbackUrl = `${env.MELI_HOST.toString()}${google_callback}`;
   logger.debug('Enabling google auth', oauthCallbackUrl);
 
   // TODO could we use the OAuth2 strategy ?

diff --git a/src/auth/passport/providers/github/github.ts b/src/auth/passport/providers/github/github.ts
@@ -59,7 +59,6 @@ export class Github {
     ]);
     const giteaUser: GithubUser = await $user.validateAsync(user, JOI_OPTIONS);
     const githubOrgs: GithubOrg[] = await $orgs.validateAsync(orgs, JOI_OPTIONS);
-    console.log(orgs, githubOrgs);
     const githubEmails: GithubEmail[] = await $emails.validateAsync(emails, JOI_OPTIONS);
     return {
       id: giteaUser.id,

diff --git a/src/caddy/config/api-route.ts b/src/caddy/config/api-route.ts
@@ -0,0 +1,27 @@
+import { env } from '../../env';
+import { getReverseProxyDial } from '../utils/get-reverse-proxy-dial';
+import { URL } from 'url';
+
+const melihost = new URL(env.MELI_HOST);
+
+export const apiRoute = {
+  group: 'api',
+  match: [{
+    host: [melihost.host],
+    path: [
+      '/api/*',
+      '/auth/*',
+      '/socket.io/*',
+    ],
+  }],
+  handle: [
+    // https://caddyserver.com/docs/json/apps/http/servers/routes/handle/reverse_proxy/
+    {
+      handler: 'reverse_proxy',
+      upstreams: [{
+        dial: getReverseProxyDial(env.MELI_HOST_INTERNAL.toString()),
+      }],
+    },
+  ],
+  terminal: true,
+};
diff --git a/src/caddy/config/app-server.ts b/src/caddy/config/app-server.ts
diff --git a/src/caddy/config/errors.ts b/src/caddy/config/errors.ts
@@ -11,13 +11,11 @@ export const errors = {
       }],
     },
     {
-      match: [
-        {
-          vars: {
-            status_code: '404',
-          },
+      match: [{
+        vars: {
+          status_code: '404',
         },
-      ],
+      }],
       handle: [
         {
           handler: 'rewrite',
@@ -27,7 +25,7 @@ export const errors = {
         {
           handler: 'reverse_proxy',
           upstreams: [{
-            dial: getReverseProxyDial(env.MELI_CADDY_MELI_API_HOST.host),
+            dial: getReverseProxyDial(env.MELI_HOST_INTERNAL.toString()),
           }],
           handle_response: [{
             status_code: '{http.error.status_code}',

diff --git a/src/caddy/config/fallback.ts b/src/caddy/config/fallback.ts
@@ -1,11 +1,12 @@
 import { env } from '../../env';
+import { getReverseProxyDial } from '../utils/get-reverse-proxy-dial';
 
 export const fallback = {
   group: 'fallback',
   match: [{
     host: [
-      env.MELI_SITES_DOMAIN.host,
-      `*.${env.MELI_SITES_DOMAIN.host}`,
+      env.MELI_SITES_HOST,
+      `*.${env.MELI_SITES_HOST}`,
     ],
   }],
   handle: [
@@ -17,12 +18,16 @@ export const fallback = {
     {
       handler: 'reverse_proxy',
       upstreams: [{
-        dial: env.MELI_CADDY_MELI_API_HOST.host,
+        dial: getReverseProxyDial(env.MELI_HOST_INTERNAL.toString()),
       }],
       handle_response: [{
         status_code: '404',
       }],
     },
+    // {
+    //   handler: 'static_response',
+    //   body: 'The road ends here',
+    // },
   ],
   terminal: true,
 };