search

rebus-ink / ink-API

Hobb API Server: backend for the Rebus Reader system
GNU Affero General Public License v3.0
4 stars 5 forks source link

Setup Docker environment #725

Closed nicholasjhenry closed 2 years ago

nicholasjhenry commented 2 years ago

See #724

Docker commands for development

docker compose up -d
docker compose exec api npm install
docker compose exec api npx knex migrate:latest
docker compose exec api npm run test

Docker commands for deployment image/container

Build:

docker image build -t ink-api .

Run:

docker container run --rm -it -p 8080:8080 --env-file .env -v "$(pwd)/secrets.tar.enc:/app/secrets.tar.env.json" -e SECRETORKEY=kick-opossum-snowiness -e ISSUER=auth.reader-api.test -e DOMAIN=http://localhost:8080 ink-api node index.js

Notes

Update

Also, it looks like the tables are being removed before the test is run. This is super frustrating and should be the next thing we look at.

Previously

Due to the case-sensitive names for the Postgres tables on MacOS (MacOS runs with a case-insenstive file system, i.e. Reader should be reader), I could not run npm run test and have the tests run successfully. I was getting the following errors (note it was expecting reader):

/app/node_modules/db-errors/lib/dbErrors.js:19
      return new result.node.error(result.args);
             ^
DBError: select "Reader".* from "Reader" where "authId" = $1 - relation "Reader" does not exist
    at wrapError (/app/node_modules/db-errors/lib/dbErrors.js:19:14)
    at handleExecuteError (/app/node_modules/objection/lib/queryBuilder/QueryBuilder.js:1123:32)
    at QueryBuilder.execute (/app/node_modules/objection/lib/queryBuilder/QueryBuilder.js:449:20)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at Function.checkIfExistsByAuthId (/app/models/Reader.js:118:21)
    at /app/routes/readers/reader-post.js:41:22

However, I'm confident that this is a valid development environment. There would need some tweaking to make the case-sensitive names work somehow. That will require some work. The defacto standard is to have tables names snake_case (lowercase).

github-actions[bot] commented 2 years ago 
# npm audit report

ajv  <6.12.3
Severity: moderate
Prototype Pollution in Ajv - https://github.com/advisories/GHSA-v88g-cgmw-v5xw
fix available via `npm audit fix`
node_modules/oas-validator/node_modules/ajv
  oas-validator  <=4.0.8
  Depends on vulnerable versions of ajv
  Depends on vulnerable versions of oas-resolver
  node_modules/oas-validator
    swagger2openapi  2.2.1 - 6.2.3
    Depends on vulnerable versions of oas-resolver
    Depends on vulnerable versions of oas-validator
    Depends on vulnerable versions of yargs
    node_modules/swagger2openapi
      widdershins  1.1.0 - 1.1.1 || 2.2.1 - 2.2.11 || >=3.0.0-beta0.0
      Depends on vulnerable versions of oas-resolver
      Depends on vulnerable versions of swagger2openapi
      Depends on vulnerable versions of yargs
      node_modules/widdershins

ejs  <3.1.7
Severity: critical
Template injection in ejs - https://github.com/advisories/GHSA-phwq-j96m-2c2q
fix available via `npm audit fix`
node_modules/ejs

jsonpointer  <5.0.0
Severity: moderate
Prototype Pollution in node-jsonpointer - https://github.com/advisories/GHSA-282f-qqgm-c34q
fix available via `npm audit fix`
node_modules/better-ajv-errors/node_modules/jsonpointer
  better-ajv-errors  <=0.8.1
  Depends on vulnerable versions of jsonpointer
  node_modules/better-ajv-errors

markdown-it  <12.3.2
Severity: moderate
Uncontrolled Resource Consumption in markdown-it - https://github.com/advisories/GHSA-6vfc-qv3f-vr6c
No fix available
node_modules/markdown-it
  shins  *
  Depends on vulnerable versions of markdown-it
  Depends on vulnerable versions of sanitize-html
  node_modules/shins
    api2html  *
    Depends on vulnerable versions of shins
    node_modules/api2html

protobufjs  <6.11.3
Severity: high
Prototype Pollution in protobufjs - https://github.com/advisories/GHSA-g954-5hwp-pp24
fix available via `npm audit fix`
node_modules/protobufjs
  google-gax  2.2.1-pre - 2.2.1-pre.2 || 2.11.3-pre || 2.21.1 - 2.30.4 || 3.0.0 - 3.0.1
  Depends on vulnerable versions of protobufjs
  node_modules/google-gax

sanitize-html  <=2.3.1
Severity: moderate
Improper Input Validation in sanitize-html - https://github.com/advisories/GHSA-mjxr-4v3x-q3m4
Improper Input Validation in sanitize-html - https://github.com/advisories/GHSA-rjqq-98f6-6j3r
No fix available
node_modules/sanitize-html
  shins  *
  Depends on vulnerable versions of markdown-it
  Depends on vulnerable versions of sanitize-html
  node_modules/shins
    api2html  *
    Depends on vulnerable versions of shins
    node_modules/api2html

yargs-parser  6.0.0 - 13.1.1
Severity: moderate
Prototype Pollution in yargs-parser - https://github.com/advisories/GHSA-p9pc-299p-vxgp
fix available via `npm audit fix`
node_modules/oas-resolver/node_modules/yargs-parser
node_modules/swagger2openapi/node_modules/yargs-parser
node_modules/widdershins/node_modules/yargs-parser
  yargs  8.0.0-candidate.0 - 12.0.5
  Depends on vulnerable versions of yargs-parser
  node_modules/oas-resolver/node_modules/yargs
  node_modules/swagger2openapi/node_modules/yargs
  node_modules/widdershins/node_modules/yargs
    oas-resolver  <=2.3.1
    Depends on vulnerable versions of yargs
    node_modules/oas-resolver
      oas-validator  <=4.0.8
      Depends on vulnerable versions of ajv
      Depends on vulnerable versions of oas-resolver
      node_modules/oas-validator
        swagger2openapi  2.2.1 - 6.2.3
        Depends on vulnerable versions of oas-resolver
        Depends on vulnerable versions of oas-validator
        Depends on vulnerable versions of yargs
        node_modules/swagger2openapi
          widdershins  1.1.0 - 1.1.1 || 2.2.1 - 2.2.11 || >=3.0.0-beta0.0
          Depends on vulnerable versions of oas-resolver
          Depends on vulnerable versions of swagger2openapi
          Depends on vulnerable versions of yargs
          node_modules/widdershins

16 vulnerabilities (13 moderate, 2 high, 1 critical)

To address issues that do not require attention, run:
  npm audit fix

Some issues need review, and may require choosing
a different dependency.
github-actions[bot] commented 2 years ago 
# npm audit report

ajv  <6.12.3
Severity: moderate
Prototype Pollution in Ajv - https://github.com/advisories/GHSA-v88g-cgmw-v5xw
fix available via `npm audit fix`
node_modules/oas-validator/node_modules/ajv
  oas-validator  <=4.0.8
  Depends on vulnerable versions of ajv
  Depends on vulnerable versions of oas-resolver
  node_modules/oas-validator
    swagger2openapi  2.2.1 - 6.2.3
    Depends on vulnerable versions of oas-resolver
    Depends on vulnerable versions of oas-validator
    Depends on vulnerable versions of yargs
    node_modules/swagger2openapi
      widdershins  1.1.0 - 1.1.1 || 2.2.1 - 2.2.11 || >=3.0.0-beta0.0
      Depends on vulnerable versions of oas-resolver
      Depends on vulnerable versions of swagger2openapi
      Depends on vulnerable versions of yargs
      node_modules/widdershins

ejs  <3.1.7
Severity: critical
Template injection in ejs - https://github.com/advisories/GHSA-phwq-j96m-2c2q
fix available via `npm audit fix`
node_modules/ejs

jsonpointer  <5.0.0
Severity: moderate
Prototype Pollution in node-jsonpointer - https://github.com/advisories/GHSA-282f-qqgm-c34q
fix available via `npm audit fix`
node_modules/better-ajv-errors/node_modules/jsonpointer
  better-ajv-errors  <=0.8.1
  Depends on vulnerable versions of jsonpointer
  node_modules/better-ajv-errors

markdown-it  <12.3.2
Severity: moderate
Uncontrolled Resource Consumption in markdown-it - https://github.com/advisories/GHSA-6vfc-qv3f-vr6c
No fix available
node_modules/markdown-it
  shins  *
  Depends on vulnerable versions of markdown-it
  Depends on vulnerable versions of sanitize-html
  node_modules/shins
    api2html  *
    Depends on vulnerable versions of shins
    node_modules/api2html

protobufjs  <6.11.3
Severity: high
Prototype Pollution in protobufjs - https://github.com/advisories/GHSA-g954-5hwp-pp24
fix available via `npm audit fix`
node_modules/protobufjs
  google-gax  2.2.1-pre - 2.2.1-pre.2 || 2.11.3-pre || 2.21.1 - 2.30.4 || 3.0.0 - 3.0.1
  Depends on vulnerable versions of protobufjs
  node_modules/google-gax

sanitize-html  <=2.3.1
Severity: moderate
Improper Input Validation in sanitize-html - https://github.com/advisories/GHSA-mjxr-4v3x-q3m4
Improper Input Validation in sanitize-html - https://github.com/advisories/GHSA-rjqq-98f6-6j3r
No fix available
node_modules/sanitize-html
  shins  *
  Depends on vulnerable versions of markdown-it
  Depends on vulnerable versions of sanitize-html
  node_modules/shins
    api2html  *
    Depends on vulnerable versions of shins
    node_modules/api2html

yargs-parser  6.0.0 - 13.1.1
Severity: moderate
Prototype Pollution in yargs-parser - https://github.com/advisories/GHSA-p9pc-299p-vxgp
fix available via `npm audit fix`
node_modules/oas-resolver/node_modules/yargs-parser
node_modules/swagger2openapi/node_modules/yargs-parser
node_modules/widdershins/node_modules/yargs-parser
  yargs  8.0.0-candidate.0 - 12.0.5
  Depends on vulnerable versions of yargs-parser
  node_modules/oas-resolver/node_modules/yargs
  node_modules/swagger2openapi/node_modules/yargs
  node_modules/widdershins/node_modules/yargs
    oas-resolver  <=2.3.1
    Depends on vulnerable versions of yargs
    node_modules/oas-resolver
      oas-validator  <=4.0.8
      Depends on vulnerable versions of ajv
      Depends on vulnerable versions of oas-resolver
      node_modules/oas-validator
        swagger2openapi  2.2.1 - 6.2.3
        Depends on vulnerable versions of oas-resolver
        Depends on vulnerable versions of oas-validator
        Depends on vulnerable versions of yargs
        node_modules/swagger2openapi
          widdershins  1.1.0 - 1.1.1 || 2.2.1 - 2.2.11 || >=3.0.0-beta0.0
          Depends on vulnerable versions of oas-resolver
          Depends on vulnerable versions of swagger2openapi
          Depends on vulnerable versions of yargs
          node_modules/widdershins

16 vulnerabilities (13 moderate, 2 high, 1 critical)

To address issues that do not require attention, run:
  npm audit fix

Some issues need review, and may require choosing
a different dependency.
github-actions[bot] commented 2 years ago 
# npm audit report

ajv  <6.12.3
Severity: moderate
Prototype Pollution in Ajv - https://github.com/advisories/GHSA-v88g-cgmw-v5xw
fix available via `npm audit fix`
node_modules/oas-validator/node_modules/ajv
  oas-validator  <=4.0.8
  Depends on vulnerable versions of ajv
  Depends on vulnerable versions of oas-resolver
  node_modules/oas-validator
    swagger2openapi  2.2.1 - 6.2.3
    Depends on vulnerable versions of oas-resolver
    Depends on vulnerable versions of oas-validator
    Depends on vulnerable versions of yargs
    node_modules/swagger2openapi
      widdershins  1.1.0 - 1.1.1 || 2.2.1 - 2.2.11 || >=3.0.0-beta0.0
      Depends on vulnerable versions of oas-resolver
      Depends on vulnerable versions of swagger2openapi
      Depends on vulnerable versions of yargs
      node_modules/widdershins

ejs  <3.1.7
Severity: critical
Template injection in ejs - https://github.com/advisories/GHSA-phwq-j96m-2c2q
fix available via `npm audit fix`
node_modules/ejs

jsonpointer  <5.0.0
Severity: moderate
Prototype Pollution in node-jsonpointer - https://github.com/advisories/GHSA-282f-qqgm-c34q
fix available via `npm audit fix`
node_modules/better-ajv-errors/node_modules/jsonpointer
  better-ajv-errors  <=0.8.1
  Depends on vulnerable versions of jsonpointer
  node_modules/better-ajv-errors

markdown-it  <12.3.2
Severity: moderate
Uncontrolled Resource Consumption in markdown-it - https://github.com/advisories/GHSA-6vfc-qv3f-vr6c
No fix available
node_modules/markdown-it
  shins  *
  Depends on vulnerable versions of markdown-it
  Depends on vulnerable versions of sanitize-html
  node_modules/shins
    api2html  *
    Depends on vulnerable versions of shins
    node_modules/api2html

protobufjs  <6.11.3
Severity: high
Prototype Pollution in protobufjs - https://github.com/advisories/GHSA-g954-5hwp-pp24
fix available via `npm audit fix`
node_modules/protobufjs
  google-gax  2.2.1-pre - 2.2.1-pre.2 || 2.11.3-pre || 2.21.1 - 2.30.4 || 3.0.0 - 3.0.1
  Depends on vulnerable versions of protobufjs
  node_modules/google-gax

sanitize-html  <=2.3.1
Severity: moderate
Improper Input Validation in sanitize-html - https://github.com/advisories/GHSA-mjxr-4v3x-q3m4
Improper Input Validation in sanitize-html - https://github.com/advisories/GHSA-rjqq-98f6-6j3r
No fix available
node_modules/sanitize-html
  shins  *
  Depends on vulnerable versions of markdown-it
  Depends on vulnerable versions of sanitize-html
  node_modules/shins
    api2html  *
    Depends on vulnerable versions of shins
    node_modules/api2html

yargs-parser  6.0.0 - 13.1.1
Severity: moderate
Prototype Pollution in yargs-parser - https://github.com/advisories/GHSA-p9pc-299p-vxgp
fix available via `npm audit fix`
node_modules/oas-resolver/node_modules/yargs-parser
node_modules/swagger2openapi/node_modules/yargs-parser
node_modules/widdershins/node_modules/yargs-parser
  yargs  8.0.0-candidate.0 - 12.0.5
  Depends on vulnerable versions of yargs-parser
  node_modules/oas-resolver/node_modules/yargs
  node_modules/swagger2openapi/node_modules/yargs
  node_modules/widdershins/node_modules/yargs
    oas-resolver  <=2.3.1
    Depends on vulnerable versions of yargs
    node_modules/oas-resolver
      oas-validator  <=4.0.8
      Depends on vulnerable versions of ajv
      Depends on vulnerable versions of oas-resolver
      node_modules/oas-validator
        swagger2openapi  2.2.1 - 6.2.3
        Depends on vulnerable versions of oas-resolver
        Depends on vulnerable versions of oas-validator
        Depends on vulnerable versions of yargs
        node_modules/swagger2openapi
          widdershins  1.1.0 - 1.1.1 || 2.2.1 - 2.2.11 || >=3.0.0-beta0.0
          Depends on vulnerable versions of oas-resolver
          Depends on vulnerable versions of swagger2openapi
          Depends on vulnerable versions of yargs
          node_modules/widdershins

16 vulnerabilities (13 moderate, 2 high, 1 critical)

To address issues that do not require attention, run:
  npm audit fix

Some issues need review, and may require choosing
a different dependency.
github-actions[bot] commented 2 years ago 
# npm audit report

ajv  <6.12.3
Severity: moderate
Prototype Pollution in Ajv - https://github.com/advisories/GHSA-v88g-cgmw-v5xw
fix available via `npm audit fix`
node_modules/oas-validator/node_modules/ajv
  oas-validator  <=4.0.8
  Depends on vulnerable versions of ajv
  Depends on vulnerable versions of oas-resolver
  node_modules/oas-validator
    swagger2openapi  2.2.1 - 6.2.3
    Depends on vulnerable versions of oas-resolver
    Depends on vulnerable versions of oas-validator
    Depends on vulnerable versions of yargs
    node_modules/swagger2openapi
      widdershins  1.1.0 - 1.1.1 || 2.2.1 - 2.2.11 || >=3.0.0-beta0.0
      Depends on vulnerable versions of oas-resolver
      Depends on vulnerable versions of swagger2openapi
      Depends on vulnerable versions of yargs
      node_modules/widdershins

ejs  <3.1.7
Severity: critical
Template injection in ejs - https://github.com/advisories/GHSA-phwq-j96m-2c2q
fix available via `npm audit fix`
node_modules/ejs

jsonpointer  <5.0.0
Severity: moderate
Prototype Pollution in node-jsonpointer - https://github.com/advisories/GHSA-282f-qqgm-c34q
fix available via `npm audit fix`
node_modules/better-ajv-errors/node_modules/jsonpointer
  better-ajv-errors  <=0.8.1
  Depends on vulnerable versions of jsonpointer
  node_modules/better-ajv-errors

markdown-it  <12.3.2
Severity: moderate
Uncontrolled Resource Consumption in markdown-it - https://github.com/advisories/GHSA-6vfc-qv3f-vr6c
No fix available
node_modules/markdown-it
  shins  *
  Depends on vulnerable versions of markdown-it
  Depends on vulnerable versions of sanitize-html
  node_modules/shins
    api2html  *
    Depends on vulnerable versions of shins
    node_modules/api2html

protobufjs  <6.11.3
Severity: high
Prototype Pollution in protobufjs - https://github.com/advisories/GHSA-g954-5hwp-pp24
fix available via `npm audit fix`
node_modules/protobufjs
  google-gax  2.2.1-pre - 2.2.1-pre.2 || 2.11.3-pre || 2.21.1 - 2.30.4 || 3.0.0 - 3.0.1
  Depends on vulnerable versions of protobufjs
  node_modules/google-gax

sanitize-html  <=2.3.1
Severity: moderate
Improper Input Validation in sanitize-html - https://github.com/advisories/GHSA-mjxr-4v3x-q3m4
Improper Input Validation in sanitize-html - https://github.com/advisories/GHSA-rjqq-98f6-6j3r
No fix available
node_modules/sanitize-html
  shins  *
  Depends on vulnerable versions of markdown-it
  Depends on vulnerable versions of sanitize-html
  node_modules/shins
    api2html  *
    Depends on vulnerable versions of shins
    node_modules/api2html

yargs-parser  6.0.0 - 13.1.1
Severity: moderate
Prototype Pollution in yargs-parser - https://github.com/advisories/GHSA-p9pc-299p-vxgp
fix available via `npm audit fix`
node_modules/oas-resolver/node_modules/yargs-parser
node_modules/swagger2openapi/node_modules/yargs-parser
node_modules/widdershins/node_modules/yargs-parser
  yargs  8.0.0-candidate.0 - 12.0.5
  Depends on vulnerable versions of yargs-parser
  node_modules/oas-resolver/node_modules/yargs
  node_modules/swagger2openapi/node_modules/yargs
  node_modules/widdershins/node_modules/yargs
    oas-resolver  <=2.3.1
    Depends on vulnerable versions of yargs
    node_modules/oas-resolver
      oas-validator  <=4.0.8
      Depends on vulnerable versions of ajv
      Depends on vulnerable versions of oas-resolver
      node_modules/oas-validator
        swagger2openapi  2.2.1 - 6.2.3
        Depends on vulnerable versions of oas-resolver
        Depends on vulnerable versions of oas-validator
        Depends on vulnerable versions of yargs
        node_modules/swagger2openapi
          widdershins  1.1.0 - 1.1.1 || 2.2.1 - 2.2.11 || >=3.0.0-beta0.0
          Depends on vulnerable versions of oas-resolver
          Depends on vulnerable versions of swagger2openapi
          Depends on vulnerable versions of yargs
          node_modules/widdershins

16 vulnerabilities (13 moderate, 2 high, 1 critical)

To address issues that do not require attention, run:
  npm audit fix

Some issues need review, and may require choosing
a different dependency.