From d565f624e6bd791f57608c2ff50b9cb005ca924f Mon Sep 17 00:00:00 2001
From: Bastien DUMONT <bdumont@grandlyon.com>
Date: Tue, 8 Oct 2024 15:34:08 +0200
Subject: [PATCH 01/16] feat(consent): increase consent duration to 3 years
---
internal/models/sgeConsent.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/internal/models/sgeConsent.go b/internal/models/sgeConsent.go
index e382ef0..8df860c 100644
--- a/internal/models/sgeConsent.go
+++ b/internal/models/sgeConsent.go
@@ -81,7 +81,7 @@ func (dh *DataHandler) PostSgeConsent(w http.ResponseWriter, r *http.Request) {
log.Println(err.Error())
return
}
- consent.EndDate = time.Now().AddDate(1, 0, 0)
+ consent.EndDate = time.Now().AddDate(3, 0, 0)
// Create a consent in SQL
err = dh.sqlClient.Create(&consent).Error
--
GitLab
From edf65fe5dcb61929b38c2d0173c7377fc43abced Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi=20PAILHAREY?= <rpailharey@grandlyon.com>
Date: Thu, 10 Oct 2024 08:34:24 +0000
Subject: [PATCH 02/16] fix(k8s): increase memory limits
---
k8s/deployments/ecolyo-agent-database-deployment.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/k8s/deployments/ecolyo-agent-database-deployment.yml b/k8s/deployments/ecolyo-agent-database-deployment.yml
index 9c0d54f..fafc676 100644
--- a/k8s/deployments/ecolyo-agent-database-deployment.yml
+++ b/k8s/deployments/ecolyo-agent-database-deployment.yml
@@ -40,7 +40,7 @@ spec:
resources:
limits:
cpu: 100m
- memory: 512Mi
+ memory: 1Gi
requests:
cpu: 100m
- memory: 512Mi
+ memory: 1Gi
--
GitLab
From fb4fcd2cd6eaf42a37b358ff514bc4ccb27e6653 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi=20PAILHAREY?= <rpailharey@grandlyon.com>
Date: Fri, 18 Oct 2024 11:06:53 +0200
Subject: [PATCH 03/16] fix: correct access token
---
.gitlab-ci.yml | 4 ++--
k8s/README.md | 4 ++--
k8s/deployments/ecolyo-agent-server-deployment.yml | 2 +-
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 258ea31..63a57bb 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -152,7 +152,7 @@ deploy_rec:
script:
- find k8s/ -name '*.yml' -exec sed -i "s/{{NS}}/$NAMESPACE/g" {} \;
- - oc create secret -n $NAMESPACE docker-registry llle-project --docker-server=$CI_REGISTRY --docker-username=llle-project --docker-password=$READ_REGISTRY_TOKEN --dry-run=client -o yaml | oc apply -f -
+ - oc create secret -n $NAMESPACE docker-registry forge-secret --docker-server=$CI_REGISTRY --docker-username=read_registry --docker-password=$READ_REGISTRY_TOKEN --dry-run=client -o yaml | oc apply -f -
- oc apply -f k8s/secrets
- oc apply -f k8s/deployments
@@ -184,7 +184,7 @@ deploy_prod:
script:
- find k8s/ -name '*.yml' -exec sed -i "s/{{NS}}/$NAMESPACE/g" {} \;
- - oc create secret -n $NAMESPACE docker-registry llle-project --docker-server=$CI_REGISTRY --docker-username=llle-project --docker-password=$READ_REGISTRY_TOKEN --dry-run=client -o yaml | oc apply -f -
+ - oc create secret -n $NAMESPACE docker-registry forge-secret --docker-server=$CI_REGISTRY --docker-username=read_registry --docker-password=$READ_REGISTRY_TOKEN --dry-run=client -o yaml | oc apply -f -
- oc apply -f k8s/secrets
- oc apply -f k8s/deployments
diff --git a/k8s/README.md b/k8s/README.md
index abd3f18..948896b 100644
--- a/k8s/README.md
+++ b/k8s/README.md
@@ -31,10 +31,10 @@ Configuration:
- Depuis la console Web, se rendre dans la section "Workloads > Secrets"
- Cliquer sur le bouton bleu "Create" puis "Image pull secret"
- Donner les informations :
- - Secret name : llle-project
+ - Secret name : forge-secret
- Authentification type : Image registry credentials
- Registry server address : registry.forge.grandlyon.com
- - Username: llle-project
+ - Username: read_registry
- Password: demander le password
- Cliquer sur Create
diff --git a/k8s/deployments/ecolyo-agent-server-deployment.yml b/k8s/deployments/ecolyo-agent-server-deployment.yml
index 2b733b8..c37c1cb 100644
--- a/k8s/deployments/ecolyo-agent-server-deployment.yml
+++ b/k8s/deployments/ecolyo-agent-server-deployment.yml
@@ -54,4 +54,4 @@ spec:
cpu: 100m
memory: 64Mi
imagePullSecrets:
- - name: llle-project
+ - name: forge-secret
--
GitLab
From d2de6f94d7e910142f998e734970e4bbfff7390b Mon Sep 17 00:00:00 2001
From: Bastien DUMONT <bdumont@grandlyon.com>
Date: Mon, 21 Oct 2024 15:05:49 +0200
Subject: [PATCH 04/16] feat(consents): delete outdated consents
---
internal/models/consent_cleanup.go | 35 ++++++++++++++++++++++++++++++
main.go | 15 +++++++++++++
2 files changed, 50 insertions(+)
create mode 100644 internal/models/consent_cleanup.go
diff --git a/internal/models/consent_cleanup.go b/internal/models/consent_cleanup.go
new file mode 100644
index 0000000..c7fe21a
--- /dev/null
+++ b/internal/models/consent_cleanup.go
@@ -0,0 +1,35 @@
+package models
+
+import (
+ "log"
+ "time"
+)
+
+// deleteOutdatedConsents hard deletes outdated consents where end_date is more than 5 years old
+func deleteOutdatedConsents[T GrdfConsent | SgeConsent](dh *DataHandler, model *T, consentType string) {
+ log.Printf("Running %v outdated consents cleanup", consentType)
+ cutoffDate := time.Now().AddDate(-5, 0, 0)
+
+ result := dh.sqlClient.Unscoped().
+ Where("end_date < ?", cutoffDate).
+ Delete(model)
+
+ log.Printf("nb of rows %v", result.RowsAffected)
+
+ if result.Error != nil {
+ log.Printf("Error deleting outdated %s consents: %v\n", consentType, result.Error)
+ return
+ }
+
+ if result.RowsAffected > 0 {
+ log.Printf("Successfully deleted %d outdated %s consent(s) created before %v\n",
+ result.RowsAffected,
+ consentType,
+ cutoffDate.Format("2006-01-02"))
+ }
+}
+
+func DeleteOutdatedConsents(dh *DataHandler) {
+ deleteOutdatedConsents(dh, &GrdfConsent{}, "GRDF")
+ deleteOutdatedConsents(dh, &SgeConsent{}, "SGE")
+}
diff --git a/main.go b/main.go
index baa3d5c..c895f5d 100644
--- a/main.go
+++ b/main.go
@@ -59,6 +59,21 @@ func main() {
}
}()
+ // Deletes outdated consents every 24h
+ dh := models.NewDataHandler()
+ dailyTicker := time.NewTicker(time.Hour * 24)
+ go func() {
+ for {
+ select {
+ case <-dailyTicker.C:
+ models.DeleteOutdatedConsents(dh)
+ case <-quit:
+ dailyTicker.Stop()
+ return
+ }
+ }
+ }()
+
// Serve locally with https
log.Fatal(http.ListenAndServeTLS(":"+strconv.Itoa(httpsPort), "./dev_certificates/localhost.crt", "./dev_certificates/localhost.key", rootMux.Router))
// log.Fatal(http.ListenAndServe(":"+strconv.Itoa(httpsPort), rootMux.Router))
--
GitLab
From 66ead2e320ed2176331fecb22147ae93ae59deb1 Mon Sep 17 00:00:00 2001
From: Bastien DUMONT <bdumont@grandlyon.com>
Date: Mon, 21 Oct 2024 15:11:55 +0200
Subject: [PATCH 05/16] chore: add server port in logs
---
main.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/main.go b/main.go
index baa3d5c..587f060 100644
--- a/main.go
+++ b/main.go
@@ -23,7 +23,7 @@ var (
func main() {
- log.Println("--- Server is starting ---")
+ log.Printf("--- Server is starting on port %v ---", httpsPort)
// Initializations
tokens.Init("./mnt/configs/tokenskey.json", debugMode)
--
GitLab
From 1effcdd830a92d74ab13db16bf3ee46115f318f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi=20PAILHAREY?= <rpailharey@grandlyon.com>
Date: Tue, 12 Nov 2024 17:13:08 +0100
Subject: [PATCH 06/16] fix(auth): prevent too large cookie
---
internal/auth/oauth2.go | 15 ++++++++++++---
internal/rootmux/rootmux_test.go | 2 +-
internal/tokens/tokens_test.go | 5 -----
3 files changed, 13 insertions(+), 9 deletions(-)
diff --git a/internal/auth/oauth2.go b/internal/auth/oauth2.go
index 423df8e..3e9521d 100644
--- a/internal/auth/oauth2.go
+++ b/internal/auth/oauth2.go
@@ -106,11 +106,11 @@ func (m Manager) HandleOAuth2Callback() http.Handler {
}
////////////////////////////////////////////////
// UNCOMMENT THIS TO DEBUG USERINFO RESPONSE //
- // readBody, err := ioutil.ReadAll(response.Body)
+ // readBody, err := io.ReadAll(response.Body)
// if err != nil {
// panic(err)
// }
- // newBody := ioutil.NopCloser(bytes.NewBuffer(readBody))
+ // newBody := io.NopCloser(bytes.NewBuffer(readBody))
// response.Body = newBody
// if string(readBody) != "" {
// fmt.Printf("BODY : %q \n", readBody)
@@ -126,6 +126,15 @@ func (m Manager) HandleOAuth2Callback() http.Handler {
user.Roles[key] = strings.TrimPrefix(strings.Split(role, ",")[0], "CN=")
}
+ // Filter only allowed roles to reduce the cookie size
+ var filteredRoles []string
+ for _, role := range user.Roles {
+ if role == AdminRole || role == AnimatorRole {
+ filteredRoles = append(filteredRoles, role)
+ }
+ }
+ user.Roles = filteredRoles
+
// Check if user has the correct role
err = checkUserHasRole(TokenData{User: user}, []string{AdminRole, AnimatorRole})
@@ -145,7 +154,7 @@ func (m Manager) HandleOAuth2Callback() http.Handler {
}
tokenData := TokenData{User: user, XSRFToken: xsrfToken}
tokens.CreateCookie(tokenData, m.Hostname, authTokenKey, 24*time.Hour, w)
- // Log the connexion
+ // Log the connection
log.Printf("| %v (%v %v) | Login success | %v", user.Login, user.Name, user.Surname, req.RemoteAddr)
// Redirect
http.Redirect(w, r, "/", http.StatusFound)
diff --git a/internal/rootmux/rootmux_test.go b/internal/rootmux/rootmux_test.go
index 1258e60..15425b9 100644
--- a/internal/rootmux/rootmux_test.go
+++ b/internal/rootmux/rootmux_test.go
@@ -247,7 +247,7 @@ func animatorTests(t *testing.T) {
do("GET", "/api/common/monthlyReport?year=2021&month=1", noH, "", http.StatusOK, `{"year":2021,"month":1,"subject":"[Ecolyo] Votre bilan de décembre 2020","info":"Informations du mois","image":"imagebase64","newsTitle":"","newsContent":"","question":"","link":""`)
// Try to get SGE consents (must fail)
- do("GET", "/api/admin/consent?limit=50&page=0", xsrfHeader, "", http.StatusForbidden, "no user role among [ANIMATORS OTHER_GROUP] is in allowed roles ([ADMINS])")
+ do("GET", "/api/admin/consent?limit=50&page=0", xsrfHeader, "", http.StatusForbidden, "no user role among [ANIMATORS] is in allowed roles ([ADMINS])")
}
// Try to login (must pass)
do("GET", "/OAuth2Login", noH, "", http.StatusOK, "")
diff --git a/internal/tokens/tokens_test.go b/internal/tokens/tokens_test.go
index 66a24e0..66e4b5c 100644
--- a/internal/tokens/tokens_test.go
+++ b/internal/tokens/tokens_test.go
@@ -1,7 +1,6 @@
package tokens
import (
- "fmt"
"testing"
"time"
@@ -13,10 +12,6 @@ type user struct {
Password string
}
-func (u user) String() string {
- return fmt.Sprintf("Login: %v, Password: %v", u.Login, u.Password)
-}
-
func TestManagerCreateTokenUnStoreData(t *testing.T) {
key, _ := common.GenerateRandomBytes(32)
key2, _ := common.GenerateRandomBytes(32)
--
GitLab
From 97ccbfa550df46b08dab5ce27bcdbf32c95eb32d Mon Sep 17 00:00:00 2001
From: Renovate Bot <renovatebot@exemple.com>
Date: Wed, 13 Nov 2024 03:18:20 +0000
Subject: [PATCH 07/16] fix(deps): update module gorm.io/driver/mysql to v1.5.7
---
go.mod | 4 ++--
go.sum | 4 ++++
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/go.mod b/go.mod
index 1476d8b..a71fb95 100644
--- a/go.mod
+++ b/go.mod
@@ -6,9 +6,9 @@ require (
github.com/go-chi/chi/v5 v5.0.11
github.com/google/uuid v1.5.0
golang.org/x/oauth2 v0.16.0
- gorm.io/driver/mysql v1.5.2
+ gorm.io/driver/mysql v1.5.7
gorm.io/driver/sqlite v1.5.4
- gorm.io/gorm v1.25.5
+ gorm.io/gorm v1.25.7
)
require (
diff --git a/go.sum b/go.sum
index b71a4a2..335505f 100644
--- a/go.sum
+++ b/go.sum
@@ -52,8 +52,12 @@ google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7
google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
gorm.io/driver/mysql v1.5.2 h1:QC2HRskSE75wBuOxe0+iCkyJZ+RqpudsQtqkp+IMuXs=
gorm.io/driver/mysql v1.5.2/go.mod h1:pQLhh1Ut/WUAySdTHwBpBv6+JKcj+ua4ZFx1QQTBzb8=
+gorm.io/driver/mysql v1.5.7 h1:MndhOPYOfEp2rHKgkZIhJ16eVUIRf2HmzgoPmh7FCWo=
+gorm.io/driver/mysql v1.5.7/go.mod h1:sEtPWMiqiN1N1cMXoXmBbd8C6/l+TESwriotuRRpkDM=
gorm.io/driver/sqlite v1.5.4 h1:IqXwXi8M/ZlPzH/947tn5uik3aYQslP9BVveoax0nV0=
gorm.io/driver/sqlite v1.5.4/go.mod h1:qxAuCol+2r6PannQDpOP1FP6ag3mKi4esLnB/jHed+4=
gorm.io/gorm v1.25.2-0.20230530020048-26663ab9bf55/go.mod h1:L4uxeKpfBml98NYqVqwAdmV1a2nBtAec/cf3fpucW/k=
gorm.io/gorm v1.25.5 h1:zR9lOiiYf09VNh5Q1gphfyia1JpiClIWG9hQaxB/mls=
gorm.io/gorm v1.25.5/go.mod h1:hbnx/Oo0ChWMn1BIhpy1oYozzpM15i4YPuHDmfYtwg8=
+gorm.io/gorm v1.25.7 h1:VsD6acwRjz2zFxGO50gPO6AkNs7KKnvfzUjHQhZDz/A=
+gorm.io/gorm v1.25.7/go.mod h1:hbnx/Oo0ChWMn1BIhpy1oYozzpM15i4YPuHDmfYtwg8=
--
GitLab
From 06ced2415a2dc5dce6b8335d137f8177367f238f Mon Sep 17 00:00:00 2001
From: Renovate Bot <renovatebot@exemple.com>
Date: Wed, 13 Nov 2024 03:18:29 +0000
Subject: [PATCH 08/16] chore(deps): update alpine docker tag to v3.20.3
---
.gitlab-ci.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 63a57bb..8af339c 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -25,7 +25,7 @@ stages:
- deploy
import-convert-assets:
- image: alpine:3.16.2
+ image: alpine:3.20.3
stage: import-convert-assets
before_script:
- apk add inkscape curl
--
GitLab
From 61a13a0703d6850c0fbc6f860c823018f1ba3ea9 Mon Sep 17 00:00:00 2001
From: Renovate Bot <renovatebot@exemple.com>
Date: Wed, 13 Nov 2024 03:18:31 +0000
Subject: [PATCH 09/16] chore(deps): update curlimages/curl docker tag to
v8.11.0
---
Dockerfile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Dockerfile b/Dockerfile
index f4efa81..a79e9e9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -48,7 +48,7 @@ RUN chown -Rf "${UID}" ./*
##############################
# STEP 2 build a small image #
##############################
-FROM curlimages/curl:8.00.1
+FROM curlimages/curl:8.11.0
WORKDIR /app
--
GitLab
From b8eba0a1e5a69ca47a62a5f61bb6024cfe45919b Mon Sep 17 00:00:00 2001
From: Renovate Bot <renovatebot@exemple.com>
Date: Wed, 13 Nov 2024 03:18:35 +0000
Subject: [PATCH 10/16] fix(deps): update module github.com/go-chi/chi/v5 to
v5.1.0
---
go.mod | 2 +-
go.sum | 2 ++
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/go.mod b/go.mod
index 1476d8b..ca266dc 100644
--- a/go.mod
+++ b/go.mod
@@ -3,7 +3,7 @@ module forge.grandlyon.com/web-et-numerique/factory/llle_project/backoffice-serv
go 1.18
require (
- github.com/go-chi/chi/v5 v5.0.11
+ github.com/go-chi/chi/v5 v5.1.0
github.com/google/uuid v1.5.0
golang.org/x/oauth2 v0.16.0
gorm.io/driver/mysql v1.5.2
diff --git a/go.sum b/go.sum
index b71a4a2..531d086 100644
--- a/go.sum
+++ b/go.sum
@@ -1,5 +1,7 @@
github.com/go-chi/chi/v5 v5.0.11 h1:BnpYbFZ3T3S1WMpD79r7R5ThWX40TaFB7L31Y8xqSwA=
github.com/go-chi/chi/v5 v5.0.11/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
+github.com/go-chi/chi/v5 v5.1.0 h1:acVI1TYaD+hhedDJ3r54HyA6sExp3HfXq7QWEEY/xMw=
+github.com/go-chi/chi/v5 v5.1.0/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
github.com/go-sql-driver/mysql v1.7.0/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI=
github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
--
GitLab
From aae2caa4555da9f4c7fe54e091465c202516628b Mon Sep 17 00:00:00 2001
From: Pierre Ecarlat <pecarlat@grandlyon.com>
Date: Mon, 9 Dec 2024 10:53:58 +0000
Subject: [PATCH 11/16] feat: Revert 3 years consent for enedis
---
internal/models/sgeConsent.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/internal/models/sgeConsent.go b/internal/models/sgeConsent.go
index 8df860c..e382ef0 100644
--- a/internal/models/sgeConsent.go
+++ b/internal/models/sgeConsent.go
@@ -81,7 +81,7 @@ func (dh *DataHandler) PostSgeConsent(w http.ResponseWriter, r *http.Request) {
log.Println(err.Error())
return
}
- consent.EndDate = time.Now().AddDate(3, 0, 0)
+ consent.EndDate = time.Now().AddDate(1, 0, 0)
// Create a consent in SQL
err = dh.sqlClient.Create(&consent).Error
--
GitLab
From 68d363be21b5f59f64330be8d39925bcc4c4d18e Mon Sep 17 00:00:00 2001
From: Pierre Ecarlat <pecarlat@grandlyon.com>
Date: Thu, 12 Dec 2024 17:14:04 +0100
Subject: [PATCH 12/16] Added global variable to condition GRDF call
---
.env.template | 1 +
.gitlab-ci.yml | 2 ++
k8s/secrets/ecolyo-agent-server-config.yml | 1 +
main.go | 41 ++++++++++++----------
4 files changed, 27 insertions(+), 18 deletions(-)
diff --git a/.env.template b/.env.template
index 05ab3a8..3990d02 100644
--- a/.env.template
+++ b/.env.template
@@ -22,5 +22,6 @@ DATABASE_NAME
BO_API_TOKEN
+FETCH_GRDF_TOKEN=true
GRDF_CLIENT_ID
GRDF_CLIENT_SECRET
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 8af339c..a21ef17 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -142,6 +142,7 @@ deploy_rec:
- sed -i "s/{{CLIENT_ID}}/$REC_CLIENT_ID/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{CLIENT_SECRET}}/$REC_CLIENT_SECRET/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{BO_API_TOKEN}}/$REC_BO_API_TOKEN/" ./k8s/secrets/ecolyo-agent-server-config.yml
+ - sed -i "s/{{FETCH_GRDF_TOKEN}}/$FETCH_GRDF_TOKEN/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{GRDF_CLIENT_ID}}/$GRDF_CLIENT_ID/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{GRDF_CLIENT_SECRET}}/$GRDF_CLIENT_SECRET/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{HOSTNAME}}/ecolyo-agent-rec.apps.grandlyon.com/g" ./k8s/secrets/ecolyo-agent-server-config.yml
@@ -174,6 +175,7 @@ deploy_prod:
- sed -i "s/{{CLIENT_ID}}/$PROD_CLIENT_ID/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{CLIENT_SECRET}}/$PROD_CLIENT_SECRET/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{BO_API_TOKEN}}/$PROD_BO_API_TOKEN/" ./k8s/secrets/ecolyo-agent-server-config.yml
+ - sed -i "s/{{FETCH_GRDF_TOKEN}}/$FETCH_GRDF_TOKEN/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{GRDF_CLIENT_ID}}/$GRDF_CLIENT_ID/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{GRDF_CLIENT_SECRET}}/$GRDF_CLIENT_SECRET/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{HOSTNAME}}/ecolyo-agent.apps.grandlyon.com/g" ./k8s/secrets/ecolyo-agent-server-config.yml
diff --git a/k8s/secrets/ecolyo-agent-server-config.yml b/k8s/secrets/ecolyo-agent-server-config.yml
index 8beaebc..3f09d2b 100644
--- a/k8s/secrets/ecolyo-agent-server-config.yml
+++ b/k8s/secrets/ecolyo-agent-server-config.yml
@@ -20,6 +20,7 @@ stringData:
BO_API_TOKEN: {{BO_API_TOKEN}}
TOKEN_URL: {{TOKEN_URL}}
USERINFO_URL: {{USERINFO_URL}}
+ FETCH_GRDF_TOKEN: {{FETCH_GRDF_TOKEN}}
GRDF_CLIENT_ID: {{GRDF_CLIENT_ID}}
GRDF_CLIENT_SECRET: {{GRDF_CLIENT_SECRET}}
type: Opaque
diff --git a/main.go b/main.go
index 2ce10ee..1ff1d18 100644
--- a/main.go
+++ b/main.go
@@ -16,9 +16,10 @@ import (
)
var (
- httpsPort = common.IntValueFromEnv("HTTPS_PORT", 443) // HTTPS port to serve on
- debugMode = common.BoolValueFromEnv("DEBUG_MODE", false) // Debug mode, disable Secure attribute for cookies
- mockOAuth2 = common.BoolValueFromEnv("MOCK_OAUTH2", false) // Enable mock OAuth2 login
+ httpsPort = common.IntValueFromEnv("HTTPS_PORT", 443) // HTTPS port to serve on
+ debugMode = common.BoolValueFromEnv("DEBUG_MODE", false) // Debug mode, disable Secure attribute for cookies
+ mockOAuth2 = common.BoolValueFromEnv("MOCK_OAUTH2", false) // Enable mock OAuth2 login
+ fetchGrdfToken = common.BoolValueFromEnv("FETCH_GRDF_TOKEN", true) // HTTPS port to serve on
)
func main() {
@@ -41,23 +42,27 @@ func main() {
fmt.Println("Mock OAuth2 server Listening on: http://localhost" + mockOAuth2Port)
}
- // Call the function immediately when the server starts
- models.FetchGRDFAuthAPI()
-
- // then call GRDF auth api every two hours
- ticker := time.NewTicker(time.Hour * 2)
quit := make(chan struct{})
- go func() {
- for {
- select {
- case <-ticker.C:
- models.FetchGRDFAuthAPI()
- case <-quit:
- ticker.Stop()
- return
+
+ // If needed, we shall request a new GRDF token every 2-hours
+ if fetchGrdfToken {
+ // Call the function immediately when the server starts
+ models.FetchGRDFAuthAPI()
+
+ // then call GRDF auth api every two hours
+ ticker := time.NewTicker(time.Hour * 2)
+ go func() {
+ for {
+ select {
+ case <-ticker.C:
+ models.FetchGRDFAuthAPI()
+ case <-quit:
+ ticker.Stop()
+ return
+ }
}
- }
- }()
+ }()
+ }
// Deletes outdated consents every 24h
dh := models.NewDataHandler()
--
GitLab
From e16783cc4c36352295decea0751a518eb041a717 Mon Sep 17 00:00:00 2001
From: Pierre Ecarlat <pecarlat@grandlyon.com>
Date: Fri, 13 Dec 2024 10:43:04 +0100
Subject: [PATCH 13/16] rec and prod behaviors
---
.gitlab-ci.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index a21ef17..b51bcd5 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -142,7 +142,7 @@ deploy_rec:
- sed -i "s/{{CLIENT_ID}}/$REC_CLIENT_ID/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{CLIENT_SECRET}}/$REC_CLIENT_SECRET/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{BO_API_TOKEN}}/$REC_BO_API_TOKEN/" ./k8s/secrets/ecolyo-agent-server-config.yml
- - sed -i "s/{{FETCH_GRDF_TOKEN}}/$FETCH_GRDF_TOKEN/" ./k8s/secrets/ecolyo-agent-server-config.yml
+ - sed -i "s/{{FETCH_GRDF_TOKEN}}/$REC_FETCH_GRDF_TOKEN/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{GRDF_CLIENT_ID}}/$GRDF_CLIENT_ID/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{GRDF_CLIENT_SECRET}}/$GRDF_CLIENT_SECRET/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{HOSTNAME}}/ecolyo-agent-rec.apps.grandlyon.com/g" ./k8s/secrets/ecolyo-agent-server-config.yml
@@ -175,7 +175,7 @@ deploy_prod:
- sed -i "s/{{CLIENT_ID}}/$PROD_CLIENT_ID/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{CLIENT_SECRET}}/$PROD_CLIENT_SECRET/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{BO_API_TOKEN}}/$PROD_BO_API_TOKEN/" ./k8s/secrets/ecolyo-agent-server-config.yml
- - sed -i "s/{{FETCH_GRDF_TOKEN}}/$FETCH_GRDF_TOKEN/" ./k8s/secrets/ecolyo-agent-server-config.yml
+ - sed -i "s/{{FETCH_GRDF_TOKEN}}/$PROD_FETCH_GRDF_TOKEN/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{GRDF_CLIENT_ID}}/$GRDF_CLIENT_ID/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{GRDF_CLIENT_SECRET}}/$GRDF_CLIENT_SECRET/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{HOSTNAME}}/ecolyo-agent.apps.grandlyon.com/g" ./k8s/secrets/ecolyo-agent-server-config.yml
--
GitLab
From f2422f28517a771d99dc3226edfc069e1d6e1251 Mon Sep 17 00:00:00 2001
From: Pierre Ecarlat <pecarlat@grandlyon.com>
Date: Fri, 13 Dec 2024 09:56:21 +0000
Subject: [PATCH 14/16] feat: Add the ability to deactivate GRDF token
---
.env.template | 1 +
.gitlab-ci.yml | 2 ++
k8s/secrets/ecolyo-agent-server-config.yml | 1 +
main.go | 41 ++++++++++++----------
4 files changed, 27 insertions(+), 18 deletions(-)
diff --git a/.env.template b/.env.template
index 05ab3a8..3990d02 100644
--- a/.env.template
+++ b/.env.template
@@ -22,5 +22,6 @@ DATABASE_NAME
BO_API_TOKEN
+FETCH_GRDF_TOKEN=true
GRDF_CLIENT_ID
GRDF_CLIENT_SECRET
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 8af339c..b51bcd5 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -142,6 +142,7 @@ deploy_rec:
- sed -i "s/{{CLIENT_ID}}/$REC_CLIENT_ID/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{CLIENT_SECRET}}/$REC_CLIENT_SECRET/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{BO_API_TOKEN}}/$REC_BO_API_TOKEN/" ./k8s/secrets/ecolyo-agent-server-config.yml
+ - sed -i "s/{{FETCH_GRDF_TOKEN}}/$REC_FETCH_GRDF_TOKEN/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{GRDF_CLIENT_ID}}/$GRDF_CLIENT_ID/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{GRDF_CLIENT_SECRET}}/$GRDF_CLIENT_SECRET/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{HOSTNAME}}/ecolyo-agent-rec.apps.grandlyon.com/g" ./k8s/secrets/ecolyo-agent-server-config.yml
@@ -174,6 +175,7 @@ deploy_prod:
- sed -i "s/{{CLIENT_ID}}/$PROD_CLIENT_ID/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{CLIENT_SECRET}}/$PROD_CLIENT_SECRET/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{BO_API_TOKEN}}/$PROD_BO_API_TOKEN/" ./k8s/secrets/ecolyo-agent-server-config.yml
+ - sed -i "s/{{FETCH_GRDF_TOKEN}}/$PROD_FETCH_GRDF_TOKEN/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{GRDF_CLIENT_ID}}/$GRDF_CLIENT_ID/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{GRDF_CLIENT_SECRET}}/$GRDF_CLIENT_SECRET/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{HOSTNAME}}/ecolyo-agent.apps.grandlyon.com/g" ./k8s/secrets/ecolyo-agent-server-config.yml
diff --git a/k8s/secrets/ecolyo-agent-server-config.yml b/k8s/secrets/ecolyo-agent-server-config.yml
index 8beaebc..3f09d2b 100644
--- a/k8s/secrets/ecolyo-agent-server-config.yml
+++ b/k8s/secrets/ecolyo-agent-server-config.yml
@@ -20,6 +20,7 @@ stringData:
BO_API_TOKEN: {{BO_API_TOKEN}}
TOKEN_URL: {{TOKEN_URL}}
USERINFO_URL: {{USERINFO_URL}}
+ FETCH_GRDF_TOKEN: {{FETCH_GRDF_TOKEN}}
GRDF_CLIENT_ID: {{GRDF_CLIENT_ID}}
GRDF_CLIENT_SECRET: {{GRDF_CLIENT_SECRET}}
type: Opaque
diff --git a/main.go b/main.go
index 2ce10ee..1ff1d18 100644
--- a/main.go
+++ b/main.go
@@ -16,9 +16,10 @@ import (
)
var (
- httpsPort = common.IntValueFromEnv("HTTPS_PORT", 443) // HTTPS port to serve on
- debugMode = common.BoolValueFromEnv("DEBUG_MODE", false) // Debug mode, disable Secure attribute for cookies
- mockOAuth2 = common.BoolValueFromEnv("MOCK_OAUTH2", false) // Enable mock OAuth2 login
+ httpsPort = common.IntValueFromEnv("HTTPS_PORT", 443) // HTTPS port to serve on
+ debugMode = common.BoolValueFromEnv("DEBUG_MODE", false) // Debug mode, disable Secure attribute for cookies
+ mockOAuth2 = common.BoolValueFromEnv("MOCK_OAUTH2", false) // Enable mock OAuth2 login
+ fetchGrdfToken = common.BoolValueFromEnv("FETCH_GRDF_TOKEN", true) // HTTPS port to serve on
)
func main() {
@@ -41,23 +42,27 @@ func main() {
fmt.Println("Mock OAuth2 server Listening on: http://localhost" + mockOAuth2Port)
}
- // Call the function immediately when the server starts
- models.FetchGRDFAuthAPI()
-
- // then call GRDF auth api every two hours
- ticker := time.NewTicker(time.Hour * 2)
quit := make(chan struct{})
- go func() {
- for {
- select {
- case <-ticker.C:
- models.FetchGRDFAuthAPI()
- case <-quit:
- ticker.Stop()
- return
+
+ // If needed, we shall request a new GRDF token every 2-hours
+ if fetchGrdfToken {
+ // Call the function immediately when the server starts
+ models.FetchGRDFAuthAPI()
+
+ // then call GRDF auth api every two hours
+ ticker := time.NewTicker(time.Hour * 2)
+ go func() {
+ for {
+ select {
+ case <-ticker.C:
+ models.FetchGRDFAuthAPI()
+ case <-quit:
+ ticker.Stop()
+ return
+ }
}
- }
- }()
+ }()
+ }
// Deletes outdated consents every 24h
dh := models.NewDataHandler()
--
GitLab
From 6c39cd99eaff5a8e5833fa346640432d21986ad3 Mon Sep 17 00:00:00 2001
From: Pierre Ecarlat <pecarlat@grandlyon.com>
Date: Fri, 13 Dec 2024 11:22:27 +0100
Subject: [PATCH 15/16] feat: Upadted the CI/CD to handle boolean
---
.gitlab-ci.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index b51bcd5..2513364 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -142,7 +142,7 @@ deploy_rec:
- sed -i "s/{{CLIENT_ID}}/$REC_CLIENT_ID/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{CLIENT_SECRET}}/$REC_CLIENT_SECRET/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{BO_API_TOKEN}}/$REC_BO_API_TOKEN/" ./k8s/secrets/ecolyo-agent-server-config.yml
- - sed -i "s/{{FETCH_GRDF_TOKEN}}/$REC_FETCH_GRDF_TOKEN/" ./k8s/secrets/ecolyo-agent-server-config.yml
+ - sed -i "s/{{FETCH_GRDF_TOKEN}}/\"$REC_FETCH_GRDF_TOKEN\"/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{GRDF_CLIENT_ID}}/$GRDF_CLIENT_ID/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{GRDF_CLIENT_SECRET}}/$GRDF_CLIENT_SECRET/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{HOSTNAME}}/ecolyo-agent-rec.apps.grandlyon.com/g" ./k8s/secrets/ecolyo-agent-server-config.yml
@@ -175,7 +175,7 @@ deploy_prod:
- sed -i "s/{{CLIENT_ID}}/$PROD_CLIENT_ID/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{CLIENT_SECRET}}/$PROD_CLIENT_SECRET/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{BO_API_TOKEN}}/$PROD_BO_API_TOKEN/" ./k8s/secrets/ecolyo-agent-server-config.yml
- - sed -i "s/{{FETCH_GRDF_TOKEN}}/$PROD_FETCH_GRDF_TOKEN/" ./k8s/secrets/ecolyo-agent-server-config.yml
+ - sed -i "s/{{FETCH_GRDF_TOKEN}}/\"$PROD_FETCH_GRDF_TOKEN\"/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{GRDF_CLIENT_ID}}/$GRDF_CLIENT_ID/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{GRDF_CLIENT_SECRET}}/$GRDF_CLIENT_SECRET/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{HOSTNAME}}/ecolyo-agent.apps.grandlyon.com/g" ./k8s/secrets/ecolyo-agent-server-config.yml
--
GitLab
From ed815a67bd7aada0323fe7a76e59f431f83cf96a Mon Sep 17 00:00:00 2001
From: Pierre Ecarlat <pecarlat@grandlyon.com>
Date: Wed, 12 Feb 2025 15:26:51 +0000
Subject: [PATCH 16/16] feat: remove search consents limit
---
internal/common/common.go | 6 ------
1 file changed, 6 deletions(-)
diff --git a/internal/common/common.go b/internal/common/common.go
index 7030f4e..d818a5f 100644
--- a/internal/common/common.go
+++ b/internal/common/common.go
@@ -203,12 +203,6 @@ func PageLimitFromRequest(r *http.Request) (page int, limit int, err error) {
if page < 0 {
page = 0
}
- switch {
- case limit > 100:
- limit = 100
- case limit < 10:
- limit = 10
- }
return page, limit, nil
}
--
GitLab