From c40b7858b6a45129c16f7d3c5af9b4f43002b2d5 Mon Sep 17 00:00:00 2001 From: Bright Date: Wed, 4 Dec 2024 16:29:20 +0700 Subject: [PATCH 1/4] add fields --- src/controllers/PersonalController.ts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/controllers/PersonalController.ts b/src/controllers/PersonalController.ts index cd9c5e6..bcba3e6 100644 --- a/src/controllers/PersonalController.ts +++ b/src/controllers/PersonalController.ts @@ -184,6 +184,9 @@ export class PersonalController extends Controller { personal_id: lists[i].personal_id, ordering: i + 1, name: lists[i].prefixName + lists[i].firstName + " " + lists[i].lastName, + prefix: lists[i].prefixName, + firstName: lists[i].firstName, + lastName: lists[i].lastName, idcard: lists[i].idcard, position_line: lists[i].positionName, position_level: lists[i].positionLevelName, From 798b0145c862b65a07c275f2c6daba8479ce6e2b Mon Sep 17 00:00:00 2001 From: Bright Date: Wed, 4 Dec 2024 16:37:18 +0700 Subject: [PATCH 2/4] change name --- src/controllers/PersonalController.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/controllers/PersonalController.ts b/src/controllers/PersonalController.ts index bcba3e6..22ce421 100644 --- a/src/controllers/PersonalController.ts +++ b/src/controllers/PersonalController.ts @@ -184,7 +184,7 @@ export class PersonalController extends Controller { personal_id: lists[i].personal_id, ordering: i + 1, name: lists[i].prefixName + lists[i].firstName + " " + lists[i].lastName, - prefix: lists[i].prefixName, + prefixName: lists[i].prefixName, firstName: lists[i].firstName, lastName: lists[i].lastName, idcard: lists[i].idcard, From 19381e99f7e2d38cdabed53727645cc429101894 Mon Sep 17 00:00:00 2001 From: "DESKTOP-2S5P7D1\\Windows 10" Date: Sat, 7 Dec 2024 09:30:42 +0700 Subject: [PATCH 3/4] test build discord --- .github/workflows/release.yaml | 60 ++++++++++++++++++++++------------ 1 file changed, 39 insertions(+), 21 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index f258019..fe370b6 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,5 +1,5 @@ -name: release-test -run-name: release-test ${{ github.actor }} +name: release +run-name: release ${{ github.actor }} on: push: tags: @@ -7,14 +7,13 @@ on: workflow_dispatch: env: REGISTRY: docker.frappet.com - # IMAGE_NAME: ehr/bma-ehr-node-service IMAGE_NAME: ehr/bma-ehr-probation DEPLOY_HOST: frappet.com - # COMPOSE_PATH: /home/frappet/docker/bma-ehr COMPOSE_PATH: /home/frappet/docker/bma/bma-ehr-probation + jobs: # act workflow_dispatch -W .github/workflows/release.yaml --input IMAGE_VER=test-v1 -s DOCKER_USER=sorawit -s DOCKER_PASS=P@ssword -s SSH_PASSWORD=P@ssw0rd - release-test: + release: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 @@ -68,21 +67,40 @@ jobs: docker compose pull docker compose up -d echo "${{ steps.gen_ver.outputs.image_ver }}"> success - - uses: snow-actions/line-notify@v1.1.0 + - name: Notify Discord Success if: success() - with: - access_token: ${{ secrets.TOKEN_LINE }} - message: | - -Success✅✅✅ - Image: ${{env.IMAGE_NAME}} - Version: ${{ steps.gen_ver.outputs.IMAGE_VER }} - By: ${{github.actor}} - - uses: snow-actions/line-notify@v1.1.0 + run: | + curl -H "Content-Type: application/json" \ + -X POST \ + -d '{ + "embeds": [{ + "title": "✅ Deployment Success!", + "description": "**Details:**\n- Image: `${{env.IMAGE_NAME}}`\n- Version: `${{ steps.gen_ver.outputs.image_ver }}`\n- Deployed by: `${{github.actor}}`", + "color": 3066993, + "footer": { + "text": "Release Notification", + "icon_url": "https://example.com/success-icon.png" + }, + "timestamp": "'$(date -u +%Y-%m-%dT%H:%M:%SZ)'" + }] + }' \ + ${{ secrets.DISCORD_WEBHOOK }} + + - name: Notify Discord Failure if: failure() - with: - access_token: ${{ secrets.TOKEN_LINE }} - message: | - -Failure❌❌❌ - Image: ${{env.IMAGE_NAME}} - Version: ${{ steps.gen_ver.outputs.IMAGE_VER }} - By: ${{github.actor}} + run: | + curl -H "Content-Type: application/json" \ + -X POST \ + -d '{ + "embeds": [{ + "title": "❌ Deployment Failed!", + "description": "**Details:**\n- Image: `${{env.IMAGE_NAME}}`\n- Version: `${{ steps.gen_ver.outputs.image_ver }}`\n- Attempted by: `${{github.actor}}`", + "color": 15158332, + "footer": { + "text": "Release Notification", + "icon_url": "https://example.com/failure-icon.png" + }, + "timestamp": "'$(date -u +%Y-%m-%dT%H:%M:%SZ)'" + }] + }' \ + ${{ secrets.DISCORD_WEBHOOK }} From 7a9e3c5c1160a0525869904fd2554abf3f5ce4c6 Mon Sep 17 00:00:00 2001 From: "DESKTOP-2S5P7D1\\Windows 10" Date: Sat, 14 Dec 2024 01:04:01 +0700 Subject: [PATCH 4/4] edit permission --- src/interfaces/call-api.ts | 174 +++++++++++++++++------------------ src/interfaces/permission.ts | 38 ++++++++ src/middlewares/logs.ts | 144 +++++++++++++++-------------- 3 files changed, 193 insertions(+), 163 deletions(-) diff --git a/src/interfaces/call-api.ts b/src/interfaces/call-api.ts index 78f0f14..db76a72 100644 --- a/src/interfaces/call-api.ts +++ b/src/interfaces/call-api.ts @@ -1,96 +1,86 @@ -import { - Controller, - Request, - Get, - Post, - Put, - Delete, - Patch, - Route, - Security, - Tags, - Path, -} from "tsoa"; -import axios from "axios"; -import { addLogSequence } from "./utils"; +import { Path } from "tsoa" +import axios from "axios" +import { addLogSequence } from "./utils" class CallAPI { - //Get - public async GetData(request: any, @Path() path: any) { - const token = request.headers.authorization; - const url = process.env.API_URL + path; - try { - const response = await axios.get(url, { - headers: { - Authorization: `${token}`, - "Content-Type": "application/json", - api_key: process.env.API_KEY, - }, - }); - addLogSequence(request, { - action: "request", - status: "success", - description: "connected", - request: { - method: "GET", - url: url, - response: JSON.stringify(response.data.result), - }, - }); - return response.data.result; - } catch (error) { - addLogSequence(request, { - action: "request", - status: "error", - description: "unconnected", - request: { - method: "GET", - url: url, - response: JSON.stringify(error), - }, - }); - throw error; - } - } - //Post - public async PostData(request: any, @Path() path: any, sendData: any) { - const token = request.headers.authorization; - const url = process.env.API_URL + path; - try { - const response = await axios.post(url, sendData, { - headers: { - Authorization: `${token}`, - "Content-Type": "application/json", - api_key: process.env.API_KEY, - }, - }); - addLogSequence(request, { - action: "request", - status: "success", - description: "connected", - request: { - method: "POST", - url: url, - payload: JSON.stringify(sendData), - response: JSON.stringify(response.data.result), - }, - }); - return response.data.result; - } catch (error) { - addLogSequence(request, { - action: "request", - status: "error", - description: "unconnected", - request: { - method: "POST", - url: url, - payload: JSON.stringify(sendData), - response: JSON.stringify(error), - }, - }); - throw error; - } - } + //Get + public async GetData(request: any, @Path() path: any, log = true) { + const token = "Bearer " + request.headers.authorization.replace("Bearer ", "") + const url = process.env.API_URL + path + try { + const response = await axios.get(url, { + headers: { + Authorization: `${token}`, + "Content-Type": "application/json", + api_key: process.env.API_KEY, + }, + }) + if (log) + addLogSequence(request, { + action: "request", + status: "success", + description: "connected", + request: { + method: "GET", + url: url, + response: JSON.stringify(response.data.result), + }, + }) + return response.data.result + } catch (error) { + if (log) + addLogSequence(request, { + action: "request", + status: "error", + description: "unconnected", + request: { + method: "GET", + url: url, + response: JSON.stringify(error), + }, + }) + throw error + } + } + //Post + public async PostData(request: any, @Path() path: any, sendData: any) { + const token = "Bearer " + request.headers.authorization.replace("Bearer ", "") + const url = process.env.API_URL + path + try { + const response = await axios.post(url, sendData, { + headers: { + Authorization: `${token}`, + "Content-Type": "application/json", + api_key: process.env.API_KEY, + }, + }) + addLogSequence(request, { + action: "request", + status: "success", + description: "connected", + request: { + method: "POST", + url: url, + payload: JSON.stringify(sendData), + response: JSON.stringify(response.data.result), + }, + }) + return response.data.result + } catch (error) { + addLogSequence(request, { + action: "request", + status: "error", + description: "unconnected", + request: { + method: "POST", + url: url, + payload: JSON.stringify(sendData), + response: JSON.stringify(error), + }, + }) + throw error + } + } } -export default CallAPI; +export default CallAPI diff --git a/src/interfaces/permission.ts b/src/interfaces/permission.ts index a04c877..a4b989e 100644 --- a/src/interfaces/permission.ts +++ b/src/interfaces/permission.ts @@ -3,8 +3,11 @@ import { RequestWithUser } from "../middlewares/user" import CallAPI from "./call-api" import HttpError from "./http-error" import HttpStatus from "./http-status" +import { promisify } from "util" class CheckAuth { + private redis = require("redis") + public async Permission(req: RequestWithUser, system: string, action: string) { if (req.headers.hasOwnProperty("api_key") && req.headers["api_key"] && req.headers["api_key"] == process.env.API_KEY) { return null @@ -155,6 +158,41 @@ class CheckAuth { return false }) } + public async checkOrg(token: any, keycloakId: string) { + const redisClient = await this.redis.createClient({ + host: process.env.REDIS_HOST, + port: process.env.REDIS_PORT, + }) + const getAsync = promisify(redisClient.get).bind(redisClient) + let reply = await getAsync("org_" + keycloakId) + if (reply != null) { + reply = JSON.parse(reply) + } else { + try { + if (!keycloakId) throw "Error calling API No KeycloakId" + const x = await new CallAPI().GetData( + { + headers: { authorization: token }, + }, + `/org/permission/checkOrg/${keycloakId}`, + false + ) + + const data = { + orgRootId: x.orgRootId, + orgChild1Id: x.orgChild1Id, + orgChild2Id: x.orgChild2Id, + orgChild3Id: x.orgChild3Id, + orgChild4Id: x.orgChild4Id, + } + + return data + } catch (error) { + console.error("Error calling API:", error) + throw error + } + } + } public async PermissionCreate(req: RequestWithUser, system: string) { return await this.Permission(req, system, "CREATE") } diff --git a/src/middlewares/logs.ts b/src/middlewares/logs.ts index e31fd34..44245fc 100644 --- a/src/middlewares/logs.ts +++ b/src/middlewares/logs.ts @@ -1,79 +1,81 @@ -import { NextFunction, Request, Response } from "express"; -import { Client } from "@elastic/elasticsearch"; +import { NextFunction, Request, Response } from "express" +import { Client } from "@elastic/elasticsearch" +import permission from "../interfaces/permission" if (!process.env.ELASTICSEARCH_INDEX) { - throw new Error("Require ELASTICSEARCH_INDEX to store log."); + throw new Error("Require ELASTICSEARCH_INDEX to store log.") } -const ELASTICSEARCH_INDEX = process.env.ELASTICSEARCH_INDEX; +const ELASTICSEARCH_INDEX = process.env.ELASTICSEARCH_INDEX const LOG_LEVEL_MAP: Record = { - debug: 4, - info: 3, - warning: 2, - error: 1, - none: 0, -}; - -const elasticsearch = new Client({ - node: `${process.env.ELASTICSEARCH_PROTOCOL}://${process.env.ELASTICSEARCH_HOST}:${process.env.ELASTICSEARCH_PORT}`, -}); - -async function logMiddleware(req: Request, res: Response, next: NextFunction) { - if (!req.url.startsWith("/api/")) return next(); - - let data: any; - - const originalJson = res.json; - - res.json = function (v: any) { - data = v; - return originalJson.call(this, v); - }; - - const timestamp = new Date().toISOString(); - const start = performance.now(); - - req.app.locals.logData = {}; - - res.on("finish", () => { - if (!req.url.startsWith("/api/")) return; - - const level = LOG_LEVEL_MAP[process.env.LOG_LEVEL ?? "debug"] || 4; - - if (level === 1 && res.statusCode < 500) return; - if (level === 2 && res.statusCode < 400) return; - if (level === 3 && res.statusCode < 200) return; - - const obj = { - logType: - res.statusCode >= 500 - ? "error" - : res.statusCode >= 400 - ? "warning" - : "info", - ip: req.ip, - systemName: "probation", - startTimeStamp: timestamp, - endTimeStamp: new Date().toISOString(), - processTime: performance.now() - start, - host: req.hostname, - method: req.method, - endpoint: req.url, - responseCode: String(res.statusCode === 304 ? 200 : res.statusCode), - responseDescription: data?.message, - input: (level === 4 && JSON.stringify(req.body, null, 2)) || undefined, - output: (level === 4 && JSON.stringify(data, null, 2)) || undefined, - ...req.app.locals.logData, - }; - - elasticsearch.index({ - index: ELASTICSEARCH_INDEX, - document: obj, - }); - }); - - return next(); + debug: 4, + info: 3, + warning: 2, + error: 1, + none: 0, } -export default logMiddleware; +const elasticsearch = new Client({ + node: `${process.env.ELASTICSEARCH_PROTOCOL}://${process.env.ELASTICSEARCH_HOST}:${process.env.ELASTICSEARCH_PORT}`, +}) + +async function logMiddleware(req: Request, res: Response, next: NextFunction) { + if (!req.url.startsWith("/api/")) return next() + + let data: any + + const originalJson = res.json + + res.json = function (v: any) { + data = v + return originalJson.call(this, v) + } + + const timestamp = new Date().toISOString() + const start = performance.now() + + req.app.locals.logData = {} + + res.on("finish", async () => { + if (!req.url.startsWith("/api/")) return + + const level = LOG_LEVEL_MAP[process.env.LOG_LEVEL ?? "debug"] || 4 + + if (level === 1 && res.statusCode < 500) return + if (level === 2 && res.statusCode < 400) return + if (level === 3 && res.statusCode < 200) return + + let token: any + token = req.headers["authorization"] + + const rootId = await new permission().checkOrg(token, req.app.locals.logData.userId) + + const obj = { + logType: res.statusCode >= 500 ? "error" : res.statusCode >= 400 ? "warning" : "info", + ip: req.ip, + rootId: rootId ? rootId.orgRootId : null, + systemName: "probation", + startTimeStamp: timestamp, + endTimeStamp: new Date().toISOString(), + processTime: performance.now() - start, + host: req.hostname, + method: req.method, + endpoint: req.url, + responseCode: String(res.statusCode === 304 ? 200 : res.statusCode), + responseDescription: data?.message, + input: (level === 4 && JSON.stringify(req.body, null, 2)) || undefined, + output: (level === 4 && JSON.stringify(data, null, 2)) || undefined, + ...req.app.locals.logData, + } + + elasticsearch.index({ + index: ELASTICSEARCH_INDEX, + document: obj, + }) + }) + + return next() +} + +export default logMiddleware