hrms-bangkok/hrms-api-log
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Merge branch 'main' into develop

Browse source
This commit is contained in:
DESKTOP-2S5P7D1\Windows 10 2024-12-24 13:40:10 +07:00
commit b88629abd3
6 changed files with 148 additions and 131 deletions
Download patch file Download diff file Expand all files Collapse all files

12
.env.example
View file

@ -1,4 +1,4 @@
KC_REALM_URL=
AUTH_REALM_URL=
ELASTICSEARCH_PROTOCOL=
ELASTICSEARCH_HOST=
@ -29,9 +29,9 @@ MAIN_MINIO_ACCESS_KEY=
MAIN_MINIO_SECRET_KEY=
MAIN_MINIO_BUCKET=
BACKUP_MINIO_USE_SSL=
BACKUP_MINIO_HOST=
BACKUP_MINIO_PORT=
BACKUP_MINIO_ACCESS_KEY=
BACKUP_MINIO_SECRET_KEY=
MAIN_MINIO_USE_SSL=
MAIN_MINIO_HOST=
MAIN_MINIO_PORT=
MAIN_MINIO_ACCESS_KEY=
MAIN_MINIO_SECRET_KEY=
BACKUP_MINIO_BUCKET=

105
.github/workflows/release.yaml vendored Normal file
View file

@ -0,0 +1,105 @@
name: release
run-name: release ${{ github.actor }}
on:
push:
tags:
- "version-[0-9]+.[0-9]+.[0-9]+"
workflow_dispatch:
env:
REGISTRY: docker.frappet.com
IMAGE_NAME: ehr/bma-ehr-log-backup
DEPLOY_HOST: frappet.com
COMPOSE_PATH: /home/frappet/docker/bma/bma-ehr-log-backup
jobs:
release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
# skip Set up QEMU because it fail on act and container
# Gen Version try to get version from tag or inut
- name: Set output tags
id: vars
run: echo "tag=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT
- name: Gen Version
id: gen_ver
run: |
if [[ $GITHUB_REF == 'refs/tags/'* ]]; then
IMAGE_VER=${{ steps.vars.outputs.tag }}
else
IMAGE_VER=${{ github.event.inputs.IMAGE_VER }}
fi
if [[ $IMAGE_VER == '' ]]; then
IMAGE_VER='test-vBeta'
fi
echo '::set-output name=image_ver::'$IMAGE_VER
- name: Check Version
run: |
echo $GITHUB_REF
echo ${{ steps.gen_ver.outputs.image_ver }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login in to registry
uses: docker/login-action@v2
with:
registry: ${{env.REGISTRY}}
username: ${{secrets.DOCKER_USER}}
password: ${{secrets.DOCKER_PASS}}
- name: Build and push docker image
uses: docker/build-push-action@v3
with:
context: .
platforms: linux/amd64
file: docker/Dockerfile
push: true
tags: ${{env.REGISTRY}}/${{env.IMAGE_NAME}}:${{ steps.gen_ver.outputs.image_ver }},${{env.REGISTRY}}/${{env.IMAGE_NAME}}:latest
# - name: Remote Deployment
# uses: appleboy/ssh-action@v0.1.8
# with:
# host: ${{env.DEPLOY_HOST}}
# username: frappet
# password: ${{ secrets.SSH_PASSWORD }}
# port: 10102
# script: |
# cd "${{env.COMPOSE_PATH}}"
# docker compose pull
# docker compose up -d
# echo "${{ steps.gen_ver.outputs.image_ver }}"> success
- name: Notify Discord Success
if: success()
run: |
curl -H "Content-Type: application/json" \
-X POST \
-d '{
"embeds": [{
"title": "✅ Deployment Success!",
"description": "**Details:**\n- Image: `${{env.IMAGE_NAME}}`\n- Version: `${{ steps.gen_ver.outputs.image_ver }}`\n- Deployed by: `${{github.actor}}`",
"color": 3066993,
"footer": {
"text": "Release Notification",
"icon_url": "https://example.com/success-icon.png"
},
"timestamp": "'$(date -u +%Y-%m-%dT%H:%M:%SZ)'"
}]
}' \
${{ secrets.DISCORD_WEBHOOK }}
- name: Notify Discord Failure
if: failure()
run: |
curl -H "Content-Type: application/json" \
-X POST \
-d '{
"embeds": [{
"title": "❌ Deployment Failed!",
"description": "**Details:**\n- Image: `${{env.IMAGE_NAME}}`\n- Version: `${{ steps.gen_ver.outputs.image_ver }}`\n- Attempted by: `${{github.actor}}`",
"color": 15158332,
"footer": {
"text": "Release Notification",
"icon_url": "https://example.com/failure-icon.png"
},
"timestamp": "'$(date -u +%Y-%m-%dT%H:%M:%SZ)'"
}]
}' \
${{ secrets.DISCORD_WEBHOOK }}

83
.github/workflows/release.yml vendored
View file

@ -1,83 +0,0 @@
name: release
run-name: Release by ${{ github.actor }}
on:
push:
tags:
- "version-[0-9]+.[0-9]+.[0-9]+"
workflow_dispatch:
env:
REGISTRY: docker.frappet.com
IMAGE_NAME: ehr/bma-ehr-log-backup
DEPLOY_HOST: 49.0.91.80
COMPOSE_PATH: /home/frappet/docker/bma/bma-ehr-log-backup
jobs:
release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set output tags
id: vars
run: echo "tag=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT
- name: Gen Version
id: gen_ver
run: |
if [[ $GITHUB_REF == 'refs/tags/'* ]]; then
IMAGE_VER=${{ steps.vars.outputs.tag }}
else
IMAGE_VER=${{ github.event.inputs.IMAGE_VER }}
fi
if [[ $IMAGE_VER == '' ]]; then
IMAGE_VER='test-vBeta'
fi
echo '::set-output name=image_ver::'$IMAGE_VER
- name: Check Version
run: |
echo $GITHUB_REF
echo ${{ steps.gen_ver.outputs.image_ver }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login in to registry
uses: docker/login-action@v2
with:
registry: ${{env.REGISTRY}}
username: ${{secrets.DOCKER_USER}}
password: ${{secrets.DOCKER_PASS}}
- name: Build and push docker image
uses: docker/build-push-action@v3
with:
context: .
platforms: linux/amd64
push: true
tags: ${{env.REGISTRY}}/${{env.IMAGE_NAME}}:${{ steps.gen_ver.outputs.image_ver }},${{env.REGISTRY}}/${{env.IMAGE_NAME}}:latest
- name: Remote Deployment
uses: appleboy/ssh-action@v0.1.8
with:
host: ${{env.DEPLOY_HOST}}
username: frappet
password: ${{ secrets.SSH_PASSWORD }}
port: 10102
script: |
cd "${{env.COMPOSE_PATH}}"
docker compose pull
docker compose up -d
echo "${{ steps.gen_ver.outputs.image_ver }}"> success
- uses: snow-actions/line-notify@v1.1.0
if: success()
with:
access_token: ${{ secrets.TOKEN_LINE }}
message: |
Image: ${{ env.IMAGE_NAME }}
Version: ${{ steps.gen_ver.outputs.IMAGE_VER }}
By: ${{github.actor}}
- uses: snow-actions/line-notify@v1.1.0
if: failure()
with:
access_token: ${{ secrets.TOKEN_LINE }}
message: |
Image: ${{ env.IMAGE_NAME }}
Version: ${{ steps.gen_ver.outputs.IMAGE_VER }}
By: ${{github.actor}}

2
Dockerfile → docker/Dockerfile
View file

@ -22,4 +22,4 @@ COPY --from=deps /app/node_modules /app/node_modules
COPY --from=build /app/dist /app/dist
COPY --from=base /app/static /app/static
CMD ["pnpm", "run", "start"]
CMD ["npm", "run", "start"]

65
src/controllers/backup-controller.ts
View file

@ -27,11 +27,6 @@ const MAIN_MINIO_PORT = process.env.MAIN_MINIO_PORT;
const MAIN_MINIO_ACCESS_KEY = getEnvVar("MAIN_MINIO_ACCESS_KEY");
const MAIN_MINIO_SECRET_KEY = getEnvVar("MAIN_MINIO_SECRET_KEY");
const MAIN_MINIO_BUCKET = getEnvVar("MAIN_MINIO_BUCKET");
const BACKUP_MINIO_USE_SSL = getEnvVar("BACKUP_MINIO_USE_SSL");
const BACKUP_MINIO_HOST = getEnvVar("BACKUP_MINIO_HOST");
const BACKUP_MINIO_PORT = process.env.BACKUP_MINIO_PORT;
const BACKUP_MINIO_ACCESS_KEY = getEnvVar("BACKUP_MINIO_ACCESS_KEY");
const BACKUP_MINIO_SECRET_KEY = getEnvVar("BACKUP_MINIO_SECRET_KEY");
const BACKUP_MINIO_BUCKET = getEnvVar("BACKUP_MINIO_BUCKET");
function jsonParseOrPlainText(str: string) {
@ -56,9 +51,9 @@ export class BackupController extends Controller {
"Content-Type": "application/json",
},
body: JSON.stringify({
s3_backup_endpoint: `${BACKUP_MINIO_USE_SSL === "true" ? "https://" : "http://"}${BACKUP_MINIO_HOST}${(BACKUP_MINIO_PORT && ":" + BACKUP_MINIO_PORT) || ""}`,
s3_backup_access: BACKUP_MINIO_ACCESS_KEY,
s3_backup_secret: BACKUP_MINIO_SECRET_KEY,
s3_backup_endpoint: `${MAIN_MINIO_USE_SSL === "true" ? "https://" : "http://"}${MAIN_MINIO_HOST}${(MAIN_MINIO_PORT && ":" + MAIN_MINIO_PORT) || ""}`,
s3_backup_access: MAIN_MINIO_ACCESS_KEY,
s3_backup_secret: MAIN_MINIO_SECRET_KEY,
s3_backup_bucket: BACKUP_MINIO_BUCKET,
}),
},
@ -142,14 +137,14 @@ export class BackupController extends Controller {
s3_source_access: MAIN_MINIO_ACCESS_KEY,
s3_source_secret: MAIN_MINIO_SECRET_KEY,
s3_source_bucket: MAIN_MINIO_BUCKET,
s3_dest_endpoint: `${BACKUP_MINIO_USE_SSL === "true" ? "https://" : "http://"}${BACKUP_MINIO_HOST}${(BACKUP_MINIO_PORT && ":" + BACKUP_MINIO_PORT) || ""}`,
s3_dest_access: BACKUP_MINIO_ACCESS_KEY,
s3_dest_secret: BACKUP_MINIO_SECRET_KEY,
s3_dest_endpoint: `${MAIN_MINIO_USE_SSL === "true" ? "https://" : "http://"}${MAIN_MINIO_HOST}${(MAIN_MINIO_PORT && ":" + MAIN_MINIO_PORT) || ""}`,
s3_dest_access: MAIN_MINIO_ACCESS_KEY,
s3_dest_secret: MAIN_MINIO_SECRET_KEY,
},
database: {
s3_endpoint: `${BACKUP_MINIO_USE_SSL === "true" ? "https://" : "http://"}${BACKUP_MINIO_HOST}${(BACKUP_MINIO_PORT && ":" + BACKUP_MINIO_PORT) || ""}`,
s3_access: BACKUP_MINIO_ACCESS_KEY,
s3_secret: BACKUP_MINIO_SECRET_KEY,
s3_endpoint: `${MAIN_MINIO_USE_SSL === "true" ? "https://" : "http://"}${MAIN_MINIO_HOST}${(MAIN_MINIO_PORT && ":" + MAIN_MINIO_PORT) || ""}`,
s3_access: MAIN_MINIO_ACCESS_KEY,
s3_secret: MAIN_MINIO_SECRET_KEY,
s3_bucket: BACKUP_MINIO_BUCKET,
db_host: DB_HOST,
db_port: DB_PORT,
@ -185,14 +180,14 @@ export class BackupController extends Controller {
s3_restore_access: MAIN_MINIO_ACCESS_KEY,
s3_restore_secret: MAIN_MINIO_SECRET_KEY,
s3_restore_bucket: MAIN_MINIO_BUCKET,
s3_backup_endpoint: `${BACKUP_MINIO_USE_SSL === "true" ? "https://" : "http://"}${BACKUP_MINIO_HOST}${(BACKUP_MINIO_PORT && ":" + BACKUP_MINIO_PORT) || ""}`,
s3_backup_access: BACKUP_MINIO_ACCESS_KEY,
s3_backup_secret: BACKUP_MINIO_SECRET_KEY,
s3_backup_endpoint: `${MAIN_MINIO_USE_SSL === "true" ? "https://" : "http://"}${MAIN_MINIO_HOST}${(MAIN_MINIO_PORT && ":" + MAIN_MINIO_PORT) || ""}`,
s3_backup_access: MAIN_MINIO_ACCESS_KEY,
s3_backup_secret: MAIN_MINIO_SECRET_KEY,
},
database: {
s3_endpoint: `${BACKUP_MINIO_USE_SSL === "true" ? "https://" : "http://"}${BACKUP_MINIO_HOST}${(BACKUP_MINIO_PORT && ":" + BACKUP_MINIO_PORT) || ""}`,
s3_access: BACKUP_MINIO_ACCESS_KEY,
s3_secret: BACKUP_MINIO_SECRET_KEY,
s3_endpoint: `${MAIN_MINIO_USE_SSL === "true" ? "https://" : "http://"}${MAIN_MINIO_HOST}${(MAIN_MINIO_PORT && ":" + MAIN_MINIO_PORT) || ""}`,
s3_access: MAIN_MINIO_ACCESS_KEY,
s3_secret: MAIN_MINIO_SECRET_KEY,
s3_bucket: BACKUP_MINIO_BUCKET,
db_host: DB_HOST,
db_port: DB_PORT,
@ -216,9 +211,9 @@ export class BackupController extends Controller {
},
body: JSON.stringify({
backup_name: body.name,
s3_backup_endpoint: `${BACKUP_MINIO_USE_SSL === "true" ? "https://" : "http://"}${BACKUP_MINIO_HOST}${(BACKUP_MINIO_PORT && ":" + BACKUP_MINIO_PORT) || ""}`,
s3_backup_access: BACKUP_MINIO_ACCESS_KEY,
s3_backup_secret: BACKUP_MINIO_SECRET_KEY,
s3_backup_endpoint: `${MAIN_MINIO_USE_SSL === "true" ? "https://" : "http://"}${MAIN_MINIO_HOST}${(MAIN_MINIO_PORT && ":" + MAIN_MINIO_PORT) || ""}`,
s3_backup_access: MAIN_MINIO_ACCESS_KEY,
s3_backup_secret: MAIN_MINIO_SECRET_KEY,
s3_backup_bucket: BACKUP_MINIO_BUCKET,
}),
},
@ -285,14 +280,14 @@ export class BackupController extends Controller {
s3_source_access: MAIN_MINIO_ACCESS_KEY,
s3_source_secret: MAIN_MINIO_SECRET_KEY,
s3_source_bucket: MAIN_MINIO_BUCKET,
s3_dest_endpoint: `${BACKUP_MINIO_USE_SSL === "true" ? "https://" : "http://"}${BACKUP_MINIO_HOST}${(BACKUP_MINIO_PORT && ":" + BACKUP_MINIO_PORT) || ""}`,
s3_dest_access: BACKUP_MINIO_ACCESS_KEY,
s3_dest_secret: BACKUP_MINIO_SECRET_KEY,
s3_dest_endpoint: `${MAIN_MINIO_USE_SSL === "true" ? "https://" : "http://"}${MAIN_MINIO_HOST}${(MAIN_MINIO_PORT && ":" + MAIN_MINIO_PORT) || ""}`,
s3_dest_access: MAIN_MINIO_ACCESS_KEY,
s3_dest_secret: MAIN_MINIO_SECRET_KEY,
},
database: {
s3_endpoint: `${BACKUP_MINIO_USE_SSL === "true" ? "https://" : "http://"}${BACKUP_MINIO_HOST}${(BACKUP_MINIO_PORT && ":" + BACKUP_MINIO_PORT) || ""}`,
s3_access: BACKUP_MINIO_ACCESS_KEY,
s3_secret: BACKUP_MINIO_SECRET_KEY,
s3_endpoint: `${MAIN_MINIO_USE_SSL === "true" ? "https://" : "http://"}${MAIN_MINIO_HOST}${(MAIN_MINIO_PORT && ":" + MAIN_MINIO_PORT) || ""}`,
s3_access: MAIN_MINIO_ACCESS_KEY,
s3_secret: MAIN_MINIO_SECRET_KEY,
s3_bucket: BACKUP_MINIO_BUCKET,
db_host: DB_HOST,
db_port: DB_PORT,
@ -336,14 +331,14 @@ export class BackupController extends Controller {
s3_source_access: MAIN_MINIO_ACCESS_KEY,
s3_source_secret: MAIN_MINIO_SECRET_KEY,
s3_source_bucket: MAIN_MINIO_BUCKET,
s3_dest_endpoint: `${BACKUP_MINIO_USE_SSL === "true" ? "https://" : "http://"}${BACKUP_MINIO_HOST}${(BACKUP_MINIO_PORT && ":" + BACKUP_MINIO_PORT) || ""}`,
s3_dest_access: BACKUP_MINIO_ACCESS_KEY,
s3_dest_secret: BACKUP_MINIO_SECRET_KEY,
s3_dest_endpoint: `${MAIN_MINIO_USE_SSL === "true" ? "https://" : "http://"}${MAIN_MINIO_HOST}${(MAIN_MINIO_PORT && ":" + MAIN_MINIO_PORT) || ""}`,
s3_dest_access: MAIN_MINIO_ACCESS_KEY,
s3_dest_secret: MAIN_MINIO_SECRET_KEY,
},
database: {
s3_endpoint: `${BACKUP_MINIO_USE_SSL === "true" ? "https://" : "http://"}${BACKUP_MINIO_HOST}${(BACKUP_MINIO_PORT && ":" + BACKUP_MINIO_PORT) || ""}`,
s3_access: BACKUP_MINIO_ACCESS_KEY,
s3_secret: BACKUP_MINIO_SECRET_KEY,
s3_endpoint: `${MAIN_MINIO_USE_SSL === "true" ? "https://" : "http://"}${MAIN_MINIO_HOST}${(MAIN_MINIO_PORT && ":" + MAIN_MINIO_PORT) || ""}`,
s3_access: MAIN_MINIO_ACCESS_KEY,
s3_secret: MAIN_MINIO_SECRET_KEY,
s3_bucket: BACKUP_MINIO_BUCKET,
db_host: DB_HOST,
db_port: DB_PORT,

12
src/middlewares/auth-provider/keycloak.ts
View file

@ -4,12 +4,12 @@ import { createDecoder, createVerifier } from "fast-jwt";
import HttpError from "../../interfaces/http-error";
import HttpStatus from "../../interfaces/http-status";
if (!process.env.KC_PUBLIC_KEY && !process.env.KC_REALM_URL) {
throw new Error("Require keycloak KC_PUBLIC_KEY or KC_REALM_URL.");
if (!process.env.KC_PUBLIC_KEY && !process.env.AUTH_REALM_URL) {
throw new Error("Require keycloak KC_PUBLIC_KEY or AUTH_REALM_URL.");
}
if (process.env.KC_PUBLIC_KEY && process.env.KC_REALM_URL && !process.env.KC_PREFERRED_MODE) {
if (process.env.KC_PUBLIC_KEY && process.env.AUTH_REALM_URL && !process.env.KC_PREFERRED_MODE) {
throw new Error(
"AUTH_PREFERRED must be specified if KC_PUBLIC_KEY and KC_REALM_URL is provided.",
"AUTH_PREFERRED must be specified if KC_PUBLIC_KEY and AUTH_REALM_URL is provided.",
);
}
@ -44,7 +44,7 @@ export async function keycloakAuth(request: Express.Request) {
payload = await verifyOffline(token);
break;
default:
if (process.env.KC_REALM_URL) payload = await verifyOnline(token);
if (process.env.AUTH_REALM_URL) payload = await verifyOnline(token);
if (process.env.KC_PUBLIC_KEY) payload = await verifyOffline(token);
break;
}
@ -61,7 +61,7 @@ async function verifyOffline(token: string) {
}
async function verifyOnline(token: string) {
const res = await fetch(`${process.env.KC_REALM_URL}/protocol/openid-connect/userinfo`, {
const res = await fetch(`${process.env.AUTH_REALM_URL}/protocol/openid-connect/userinfo`, {
headers: { authorization: `Bearer ${token}` },
}).catch((e) => console.error(e));