hrms-bangkok/hrms-api-log
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

edit env

Browse source
This commit is contained in:
DESKTOP-2S5P7D1\Windows 10 2024-12-10 15:17:36 +07:00
parent 8c69be5bb9
commit b4f54b10b3
3 changed files with 47 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

12
.env.example
View file

@ -1,4 +1,4 @@
KC_REALM_URL= AUTH_REALM_URL=
ELASTICSEARCH_PROTOCOL= ELASTICSEARCH_PROTOCOL=
ELASTICSEARCH_HOST= ELASTICSEARCH_HOST=
@ -29,9 +29,9 @@ MAIN_MINIO_ACCESS_KEY=
MAIN_MINIO_SECRET_KEY= MAIN_MINIO_SECRET_KEY=
MAIN_MINIO_BUCKET= MAIN_MINIO_BUCKET=
BACKUP_MINIO_USE_SSL= MAIN_MINIO_USE_SSL=
BACKUP_MINIO_HOST= MAIN_MINIO_HOST=
BACKUP_MINIO_PORT= MAIN_MINIO_PORT=
BACKUP_MINIO_ACCESS_KEY= MAIN_MINIO_ACCESS_KEY=
BACKUP_MINIO_SECRET_KEY= MAIN_MINIO_SECRET_KEY=
BACKUP_MINIO_BUCKET= BACKUP_MINIO_BUCKET=

70
src/controllers/backup-controller.ts
View file

@ -27,11 +27,11 @@ const MAIN_MINIO_PORT = process.env.MAIN_MINIO_PORT;
const MAIN_MINIO_ACCESS_KEY = getEnvVar("MAIN_MINIO_ACCESS_KEY"); const MAIN_MINIO_ACCESS_KEY = getEnvVar("MAIN_MINIO_ACCESS_KEY");
const MAIN_MINIO_SECRET_KEY = getEnvVar("MAIN_MINIO_SECRET_KEY"); const MAIN_MINIO_SECRET_KEY = getEnvVar("MAIN_MINIO_SECRET_KEY");
const MAIN_MINIO_BUCKET = getEnvVar("MAIN_MINIO_BUCKET"); const MAIN_MINIO_BUCKET = getEnvVar("MAIN_MINIO_BUCKET");
const BACKUP_MINIO_USE_SSL = getEnvVar("BACKUP_MINIO_USE_SSL"); const MAIN_MINIO_USE_SSL = getEnvVar("MAIN_MINIO_USE_SSL");
const BACKUP_MINIO_HOST = getEnvVar("BACKUP_MINIO_HOST"); const MAIN_MINIO_HOST = getEnvVar("MAIN_MINIO_HOST");
const BACKUP_MINIO_PORT = process.env.BACKUP_MINIO_PORT; const MAIN_MINIO_PORT = process.env.MAIN_MINIO_PORT;
const BACKUP_MINIO_ACCESS_KEY = getEnvVar("BACKUP_MINIO_ACCESS_KEY"); const MAIN_MINIO_ACCESS_KEY = getEnvVar("MAIN_MINIO_ACCESS_KEY");
const BACKUP_MINIO_SECRET_KEY = getEnvVar("BACKUP_MINIO_SECRET_KEY"); const MAIN_MINIO_SECRET_KEY = getEnvVar("MAIN_MINIO_SECRET_KEY");
const BACKUP_MINIO_BUCKET = getEnvVar("BACKUP_MINIO_BUCKET"); const BACKUP_MINIO_BUCKET = getEnvVar("BACKUP_MINIO_BUCKET");
function jsonParseOrPlainText(str: string) { function jsonParseOrPlainText(str: string) {
@ -56,9 +56,9 @@ export class BackupController extends Controller {
"Content-Type": "application/json", "Content-Type": "application/json",
}, },
body: JSON.stringify({ body: JSON.stringify({
s3_backup_endpoint: `${BACKUP_MINIO_USE_SSL === "true" ? "https://" : "http://"}${BACKUP_MINIO_HOST}${(BACKUP_MINIO_PORT && ":" + BACKUP_MINIO_PORT) || ""}`, s3_backup_endpoint: `${MAIN_MINIO_USE_SSL === "true" ? "https://" : "http://"}${MAIN_MINIO_HOST}${(MAIN_MINIO_PORT && ":" + MAIN_MINIO_PORT) || ""}`,
s3_backup_access: BACKUP_MINIO_ACCESS_KEY, s3_backup_access: MAIN_MINIO_ACCESS_KEY,
s3_backup_secret: BACKUP_MINIO_SECRET_KEY, s3_backup_secret: MAIN_MINIO_SECRET_KEY,
s3_backup_bucket: BACKUP_MINIO_BUCKET, s3_backup_bucket: BACKUP_MINIO_BUCKET,
}), }),
}, },
@ -142,14 +142,14 @@ export class BackupController extends Controller {
s3_source_access: MAIN_MINIO_ACCESS_KEY, s3_source_access: MAIN_MINIO_ACCESS_KEY,
s3_source_secret: MAIN_MINIO_SECRET_KEY, s3_source_secret: MAIN_MINIO_SECRET_KEY,
s3_source_bucket: MAIN_MINIO_BUCKET, s3_source_bucket: MAIN_MINIO_BUCKET,
s3_dest_endpoint: `${BACKUP_MINIO_USE_SSL === "true" ? "https://" : "http://"}${BACKUP_MINIO_HOST}${(BACKUP_MINIO_PORT && ":" + BACKUP_MINIO_PORT) || ""}`, s3_dest_endpoint: `${MAIN_MINIO_USE_SSL === "true" ? "https://" : "http://"}${MAIN_MINIO_HOST}${(MAIN_MINIO_PORT && ":" + MAIN_MINIO_PORT) || ""}`,
s3_dest_access: BACKUP_MINIO_ACCESS_KEY, s3_dest_access: MAIN_MINIO_ACCESS_KEY,
s3_dest_secret: BACKUP_MINIO_SECRET_KEY, s3_dest_secret: MAIN_MINIO_SECRET_KEY,
}, },
database: { database: {
s3_endpoint: `${BACKUP_MINIO_USE_SSL === "true" ? "https://" : "http://"}${BACKUP_MINIO_HOST}${(BACKUP_MINIO_PORT && ":" + BACKUP_MINIO_PORT) || ""}`, s3_endpoint: `${MAIN_MINIO_USE_SSL === "true" ? "https://" : "http://"}${MAIN_MINIO_HOST}${(MAIN_MINIO_PORT && ":" + MAIN_MINIO_PORT) || ""}`,
s3_access: BACKUP_MINIO_ACCESS_KEY, s3_access: MAIN_MINIO_ACCESS_KEY,
s3_secret: BACKUP_MINIO_SECRET_KEY, s3_secret: MAIN_MINIO_SECRET_KEY,
s3_bucket: BACKUP_MINIO_BUCKET, s3_bucket: BACKUP_MINIO_BUCKET,
db_host: DB_HOST, db_host: DB_HOST,
db_port: DB_PORT, db_port: DB_PORT,
@ -185,14 +185,14 @@ export class BackupController extends Controller {
s3_restore_access: MAIN_MINIO_ACCESS_KEY, s3_restore_access: MAIN_MINIO_ACCESS_KEY,
s3_restore_secret: MAIN_MINIO_SECRET_KEY, s3_restore_secret: MAIN_MINIO_SECRET_KEY,
s3_restore_bucket: MAIN_MINIO_BUCKET, s3_restore_bucket: MAIN_MINIO_BUCKET,
s3_backup_endpoint: `${BACKUP_MINIO_USE_SSL === "true" ? "https://" : "http://"}${BACKUP_MINIO_HOST}${(BACKUP_MINIO_PORT && ":" + BACKUP_MINIO_PORT) || ""}`, s3_backup_endpoint: `${MAIN_MINIO_USE_SSL === "true" ? "https://" : "http://"}${MAIN_MINIO_HOST}${(MAIN_MINIO_PORT && ":" + MAIN_MINIO_PORT) || ""}`,
s3_backup_access: BACKUP_MINIO_ACCESS_KEY, s3_backup_access: MAIN_MINIO_ACCESS_KEY,
s3_backup_secret: BACKUP_MINIO_SECRET_KEY, s3_backup_secret: MAIN_MINIO_SECRET_KEY,
}, },
database: { database: {
s3_endpoint: `${BACKUP_MINIO_USE_SSL === "true" ? "https://" : "http://"}${BACKUP_MINIO_HOST}${(BACKUP_MINIO_PORT && ":" + BACKUP_MINIO_PORT) || ""}`, s3_endpoint: `${MAIN_MINIO_USE_SSL === "true" ? "https://" : "http://"}${MAIN_MINIO_HOST}${(MAIN_MINIO_PORT && ":" + MAIN_MINIO_PORT) || ""}`,
s3_access: BACKUP_MINIO_ACCESS_KEY, s3_access: MAIN_MINIO_ACCESS_KEY,
s3_secret: BACKUP_MINIO_SECRET_KEY, s3_secret: MAIN_MINIO_SECRET_KEY,
s3_bucket: BACKUP_MINIO_BUCKET, s3_bucket: BACKUP_MINIO_BUCKET,
db_host: DB_HOST, db_host: DB_HOST,
db_port: DB_PORT, db_port: DB_PORT,
@ -216,9 +216,9 @@ export class BackupController extends Controller {
}, },
body: JSON.stringify({ body: JSON.stringify({
backup_name: body.name, backup_name: body.name,
s3_backup_endpoint: `${BACKUP_MINIO_USE_SSL === "true" ? "https://" : "http://"}${BACKUP_MINIO_HOST}${(BACKUP_MINIO_PORT && ":" + BACKUP_MINIO_PORT) || ""}`, s3_backup_endpoint: `${MAIN_MINIO_USE_SSL === "true" ? "https://" : "http://"}${MAIN_MINIO_HOST}${(MAIN_MINIO_PORT && ":" + MAIN_MINIO_PORT) || ""}`,
s3_backup_access: BACKUP_MINIO_ACCESS_KEY, s3_backup_access: MAIN_MINIO_ACCESS_KEY,
s3_backup_secret: BACKUP_MINIO_SECRET_KEY, s3_backup_secret: MAIN_MINIO_SECRET_KEY,
s3_backup_bucket: BACKUP_MINIO_BUCKET, s3_backup_bucket: BACKUP_MINIO_BUCKET,
}), }),
}, },
@ -285,14 +285,14 @@ export class BackupController extends Controller {
s3_source_access: MAIN_MINIO_ACCESS_KEY, s3_source_access: MAIN_MINIO_ACCESS_KEY,
s3_source_secret: MAIN_MINIO_SECRET_KEY, s3_source_secret: MAIN_MINIO_SECRET_KEY,
s3_source_bucket: MAIN_MINIO_BUCKET, s3_source_bucket: MAIN_MINIO_BUCKET,
s3_dest_endpoint: `${BACKUP_MINIO_USE_SSL === "true" ? "https://" : "http://"}${BACKUP_MINIO_HOST}${(BACKUP_MINIO_PORT && ":" + BACKUP_MINIO_PORT) || ""}`, s3_dest_endpoint: `${MAIN_MINIO_USE_SSL === "true" ? "https://" : "http://"}${MAIN_MINIO_HOST}${(MAIN_MINIO_PORT && ":" + MAIN_MINIO_PORT) || ""}`,
s3_dest_access: BACKUP_MINIO_ACCESS_KEY, s3_dest_access: MAIN_MINIO_ACCESS_KEY,
s3_dest_secret: BACKUP_MINIO_SECRET_KEY, s3_dest_secret: MAIN_MINIO_SECRET_KEY,
}, },
database: { database: {
s3_endpoint: `${BACKUP_MINIO_USE_SSL === "true" ? "https://" : "http://"}${BACKUP_MINIO_HOST}${(BACKUP_MINIO_PORT && ":" + BACKUP_MINIO_PORT) || ""}`, s3_endpoint: `${MAIN_MINIO_USE_SSL === "true" ? "https://" : "http://"}${MAIN_MINIO_HOST}${(MAIN_MINIO_PORT && ":" + MAIN_MINIO_PORT) || ""}`,
s3_access: BACKUP_MINIO_ACCESS_KEY, s3_access: MAIN_MINIO_ACCESS_KEY,
s3_secret: BACKUP_MINIO_SECRET_KEY, s3_secret: MAIN_MINIO_SECRET_KEY,
s3_bucket: BACKUP_MINIO_BUCKET, s3_bucket: BACKUP_MINIO_BUCKET,
db_host: DB_HOST, db_host: DB_HOST,
db_port: DB_PORT, db_port: DB_PORT,
@ -336,14 +336,14 @@ export class BackupController extends Controller {
s3_source_access: MAIN_MINIO_ACCESS_KEY, s3_source_access: MAIN_MINIO_ACCESS_KEY,
s3_source_secret: MAIN_MINIO_SECRET_KEY, s3_source_secret: MAIN_MINIO_SECRET_KEY,
s3_source_bucket: MAIN_MINIO_BUCKET, s3_source_bucket: MAIN_MINIO_BUCKET,
s3_dest_endpoint: `${BACKUP_MINIO_USE_SSL === "true" ? "https://" : "http://"}${BACKUP_MINIO_HOST}${(BACKUP_MINIO_PORT && ":" + BACKUP_MINIO_PORT) || ""}`, s3_dest_endpoint: `${MAIN_MINIO_USE_SSL === "true" ? "https://" : "http://"}${MAIN_MINIO_HOST}${(MAIN_MINIO_PORT && ":" + MAIN_MINIO_PORT) || ""}`,
s3_dest_access: BACKUP_MINIO_ACCESS_KEY, s3_dest_access: MAIN_MINIO_ACCESS_KEY,
s3_dest_secret: BACKUP_MINIO_SECRET_KEY, s3_dest_secret: MAIN_MINIO_SECRET_KEY,
}, },
database: { database: {
s3_endpoint: `${BACKUP_MINIO_USE_SSL === "true" ? "https://" : "http://"}${BACKUP_MINIO_HOST}${(BACKUP_MINIO_PORT && ":" + BACKUP_MINIO_PORT) || ""}`, s3_endpoint: `${MAIN_MINIO_USE_SSL === "true" ? "https://" : "http://"}${MAIN_MINIO_HOST}${(MAIN_MINIO_PORT && ":" + MAIN_MINIO_PORT) || ""}`,
s3_access: BACKUP_MINIO_ACCESS_KEY, s3_access: MAIN_MINIO_ACCESS_KEY,
s3_secret: BACKUP_MINIO_SECRET_KEY, s3_secret: MAIN_MINIO_SECRET_KEY,
s3_bucket: BACKUP_MINIO_BUCKET, s3_bucket: BACKUP_MINIO_BUCKET,
db_host: DB_HOST, db_host: DB_HOST,
db_port: DB_PORT, db_port: DB_PORT,

12
src/middlewares/auth-provider/keycloak.ts
View file

@ -4,12 +4,12 @@ import { createDecoder, createVerifier } from "fast-jwt";
import HttpError from "../../interfaces/http-error"; import HttpError from "../../interfaces/http-error";
import HttpStatus from "../../interfaces/http-status"; import HttpStatus from "../../interfaces/http-status";
if (!process.env.KC_PUBLIC_KEY && !process.env.KC_REALM_URL) { if (!process.env.KC_PUBLIC_KEY && !process.env.AUTH_REALM_URL) {
throw new Error("Require keycloak KC_PUBLIC_KEY or KC_REALM_URL."); throw new Error("Require keycloak KC_PUBLIC_KEY or AUTH_REALM_URL.");
} }
if (process.env.KC_PUBLIC_KEY && process.env.KC_REALM_URL && !process.env.KC_PREFERRED_MODE) { if (process.env.KC_PUBLIC_KEY && process.env.AUTH_REALM_URL && !process.env.KC_PREFERRED_MODE) {
throw new Error( throw new Error(
"AUTH_PREFERRED must be specified if KC_PUBLIC_KEY and KC_REALM_URL is provided.", "AUTH_PREFERRED must be specified if KC_PUBLIC_KEY and AUTH_REALM_URL is provided.",
); );
} }
@ -44,7 +44,7 @@ export async function keycloakAuth(request: Express.Request) {
payload = await verifyOffline(token); payload = await verifyOffline(token);
break; break;
default: default:
if (process.env.KC_REALM_URL) payload = await verifyOnline(token); if (process.env.AUTH_REALM_URL) payload = await verifyOnline(token);
if (process.env.KC_PUBLIC_KEY) payload = await verifyOffline(token); if (process.env.KC_PUBLIC_KEY) payload = await verifyOffline(token);
break; break;
} }
@ -61,7 +61,7 @@ async function verifyOffline(token: string) {
} }
async function verifyOnline(token: string) { async function verifyOnline(token: string) {
const res = await fetch(`${process.env.KC_REALM_URL}/protocol/openid-connect/userinfo`, { const res = await fetch(`${process.env.AUTH_REALM_URL}/protocol/openid-connect/userinfo`, {
headers: { authorization: `Bearer ${token}` }, headers: { authorization: `Bearer ${token}` },
}).catch((e) => console.error(e)); }).catch((e) => console.error(e));