feat: pass bootstrap

2024-12-04 16:20:13 +01:00 · 2024-01-02 20:50:26 +01:00 · 2024-01-02 20:50:26 +01:00 · 4f5b657613
commit 4f5b657613
parent f3706182cc
11 changed files with 196 additions and 0 deletions
--- a/.env
+++ b/.env
@ -13,3 +13,5 @@ WEBSOCKET_LISTEN_ADDR=:8081
 SECURITY_RATE_LIMIT_IP=1000
 SECURITY_RATE_LIMIT_BE=100
 SECURITY_RATE_LIMIT_MOBILE=100
+
+PASS_ADDR=:8084
--- a/cmd/pass/main.go
+++ b/cmd/pass/main.go
@ -0,0 +1,25 @@
+package main
+
+import (
+	"github.com/kelseyhightower/envconfig"
+
+	"github.com/twofas/2fas-server/config"
+	"github.com/twofas/2fas-server/internal/common/logging"
+	"github.com/twofas/2fas-server/internal/pass"
+)
+
+func main() {
+	logging.WithDefaultField("service_name", "pass")
+
+	var cfg config.PassConfig
+	err := envconfig.Process("", &cfg)
+	if err != nil {
+		logging.Fatal(err.Error())
+	}
+
+	server := pass.NewServer(cfg.Addr)
+
+	if err := server.Run(); err != nil {
+		logging.Fatal(err.Error())
+	}
+}
--- a/config/pass_config.go
+++ b/config/pass_config.go
@ -0,0 +1,5 @@
+package config
+
+type PassConfig struct {
+	Addr string `envconfig:"PASS_ADDR" default:":8084"`
+}
--- a/deployments/pass/appspec.yml
+++ b/deployments/pass/appspec.yml
@ -0,0 +1,9 @@
+version: 0.0
+Resources:
+  - TargetService:
+      Type: AWS::ECS::Service
+      Properties:
+        TaskDefinition: <TASK_DEFINITION>
+        LoadBalancerInfo:
+          ContainerName: "2fas-pass"
+          ContainerPort: 8082
--- a/deployments/pass/buildspec.yml
+++ b/deployments/pass/buildspec.yml
@ -0,0 +1,38 @@
+version: 0.2
+
+env:
+  secrets-manager:
+    DOCKERHUB_USERNAME: hub.docker.com:username
+    DOCKERHUB_PASS: hub.docker.com:password
+
+phases:
+  pre_build:
+    commands:
+      - IMAGE_TAG=$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION | cut -c 1-7)
+      - REPOSITORY_URI=$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME
+      - echo Logging in to Docker HUB to avoid rate limit
+      - echo "$DOCKERHUB_PASS" | docker login --username $DOCKERHUB_USERNAME --password-stdin
+      - echo Logging in to Amazon ECR
+      - aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com
+
+  build:
+    commands:
+      - echo Build started on `date`
+      - echo Building the Docker image
+      - docker build -f docker/pass/Dockerfile -t $REPOSITORY_URI:latest .
+      - docker tag $REPOSITORY_URI:latest $REPOSITORY_URI:$IMAGE_TAG
+
+  post_build:
+    commands:
+      - echo Build completed on `date`
+      - echo Pushing the Docker images latest, $IMAGE_TAG
+      - docker push $REPOSITORY_URI:latest
+      - docker push $REPOSITORY_URI:$IMAGE_TAG
+      - sed -i 's/<AWS_ACCOUNT_ID>/'$AWS_ACCOUNT_ID'/g' deployments/pass/taskdef.json
+      - sed -i 's/<IMAGE_NAME>/'$AWS_ACCOUNT_ID'\.dkr\.ecr\.'$AWS_DEFAULT_REGION'\.amazonaws.com\/'$IMAGE_REPO_NAME'\:'$IMAGE_TAG'/g' deployments/pass/taskdef.json
+
+artifacts:
+  files:
+    - imageDetail.json
+    - deployments/pass/appspec.yml
+    - deployments/pass/taskdef.json
--- a/deployments/pass/taskdef.json
+++ b/deployments/pass/taskdef.json
@ -0,0 +1,40 @@
+{
+  "executionRoleArn": "arn:aws:iam::<AWS_ACCOUNT_ID>:role/2fas-pass_ecsTaskExecutionRole",
+  "containerDefinitions": [
+    {
+      "name": "2fas-pass",
+      "image": "<IMAGE_NAME>",
+      "essential": true,
+      "portMappings": [
+        {
+          "hostPort": 8082,
+          "protocol": "tcp",
+          "containerPort": 8082
+        }
+      ],
+      "environmentFiles": [
+        {
+          "value": "arn:aws:s3:::2fas-production-env/pass.env",
+          "type": "s3"
+        }
+      ],
+      "secrets": [
+      ],
+      "logConfiguration": {
+        "logDriver": "awslogs",
+        "options": {
+          "awslogs-group" : "/ecs/2fas-pass",
+          "awslogs-region": "us-east-2",
+          "awslogs-stream-prefix": "ecs"
+        }
+      }
+    }
+  ],
+  "requiresCompatibilities": [
+    "FARGATE"
+  ],
+  "networkMode": "awsvpc",
+  "family": "2fas-pass-api",
+  "cpu": "256",
+  "memory": "512"
+}
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -82,6 +82,16 @@ services:
      - shared-volume:/tmp/2fas
    command: chown -R 1000:1000 /tmp/2fas

+  pass:
+    build:
+      context: .
+      dockerfile: docker/pass/Dockerfile
+    group_add:
+      - '1000'
+    ports:
+      - "8084:8084"
+    env_file:
+      - .env

 volumes:
  go-modules:
--- a/docker/pass/Dockerfile
+++ b/docker/pass/Dockerfile
@ -0,0 +1,30 @@
+FROM golang:1.21-alpine as build
+
+ENV GO111MODULE=on \
+    CGO_ENABLED=0 \
+    GOOS=linux \
+    GOARCH=amd64
+
+WORKDIR /go/src/2fas
+
+COPY go.mod go.sum ./
+
+RUN go mod download -x
+
+COPY . .
+
+RUN mkdir -p bin
+
+RUN go build -trimpath -o bin/pass ./cmd/pass/main.go
+
+FROM alpine:latest
+
+RUN adduser 2fas -D
+
+USER 2fas
+
+WORKDIR /home/2fas/
+
+COPY --from=build /go/src/2fas/bin/* /usr/local/bin/
+
+CMD ["pass"]
--- a/go.mod
+++ b/go.mod
@ -60,6 +60,7 @@ require (
 	github.com/jinzhu/now v1.1.5 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/kelseyhightower/envconfig v1.4.0 // indirect
 	github.com/klauspost/cpuid/v2 v2.2.5 // indirect
 	github.com/leodido/go-urn v1.2.4 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
--- a/go.sum
+++ b/go.sum
@ -255,6 +255,8 @@ github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs=
 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
+github.com/kelseyhightower/envconfig v1.4.0 h1:Im6hONhd3pLkfDFsbRgu68RDNkGF1r3dvMUtDTo2cv8=
+github.com/kelseyhightower/envconfig v1.4.0/go.mod h1:cccZRl6mQpaq41TPp5QxidR+Sa3axMbJDNb//FQX6Gg=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
 github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/qbZg=
--- a/internal/pass/app.go
+++ b/internal/pass/app.go
@ -0,0 +1,34 @@
+package pass
+
+import (
+	"github.com/gin-gonic/gin"
+	"github.com/twofas/2fas-server/internal/common/http"
+	"github.com/twofas/2fas-server/internal/common/recovery"
+)
+
+type Server struct {
+	router *gin.Engine
+	addr   string
+}
+
+func NewServer(addr string) *Server {
+	router := gin.New()
+
+	router.Use(recovery.RecoveryMiddleware())
+	router.Use(http.RequestIdMiddleware())
+	router.Use(http.CorrelationIdMiddleware())
+	router.Use(http.RequestJsonLogger())
+
+	router.GET("/health", func(context *gin.Context) {
+		context.Status(200)
+	})
+
+	return &Server{
+		router: router,
+		addr:   addr,
+	}
+}
+
+func (s *Server) Run() error {
+	return s.router.Run(s.addr)
+}