Merge pull request #159 from autonomys/improve-docker-setup

update: improve docker setup
autonomys · Jan 30, 2025 · de3bfd7 · de3bfd7
2 parents 0696f36 + aedbcd7
commit de3bfd7
Show file tree

Hide file tree

Showing 16 changed files with 695 additions and 585 deletions.
diff --git a/.env.dev b/.env.dev
@@ -0,0 +1,26 @@
+# Common
+DATABASE_URL=postgres://postgres:postgres@postgres:5432/postgres
+
+HASURA_GRAPHQL_ADMIN_SECRET=hasura-admin
+HASURA_GRAPHQL_JWT_SECRET='{"type":"HS256","key":"my-jwt-secret-key-with-at-least-32-chars"}'
+HASURA_GRAPHQL_ENABLE_CONSOLE=true
+HASURA_GRAPHQL_CORS_DOMAIN="*"
+HASURA_GRAPHQL_PORT=6565
+
+FILES_GATEWAY_URL=https://example.com
+FILES_GATEWAY_TOKEN=1234567890 
+PORT=3000
+RPC_ENDPOINT=wss://rpc.taurus.subspace.foundation/ws
+PRIVATE_KEYS_PATH='<private-keys-path>'
+CORS_ALLOWED_ORIGINS=*
+OBJECT_MAPPING_ARCHIVER_URL=wss://indexer.taurus.autonomys.xyz
+MAX_CACHE_SIZE=1073741824
+AUTH_SERVICE_URL=http://auth:3030
+AUTH_SERVICE_API_KEY=1234567890
+
+# Auth
+AUTH_PORT=3030
+JWT_SECRET=my-jwt-secret-key-with-at-least-32-chars
+JWT_SECRET=$(echo $JWT_SECRET | base64)
+JWT_SECRET_ALGORITHM=HS256
+API_SECRET=1234567890
diff --git a/auth/.dockerignore b/auth/.dockerignore
@@ -0,0 +1,5 @@
+node_modules/
+Dockerfile
+docker-compose.yml
+dist/
+.env
diff --git a/auth/.env.sample b/auth/.env.sample
@@ -0,0 +1,5 @@
+DATABASE_URL=postgresql://postgres:postgres@localhost:5432/postgres
+JWT_SECRET=mytest
+JWT_SECRET_ALGORITHM=HS256
+API_SECRET=test
+AWS_REGION=us-east-2
diff --git a/auth/Dockerfile b/auth/Dockerfile
@@ -8,8 +8,8 @@ RUN rm -rf node_modules
 RUN yarn install
 RUN yarn build
 
-EXPOSE 3000
+EXPOSE 3030
 
-HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 CMD curl -f http://localhost:3000/health || exit 1
+HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 CMD curl -f http://localhost:3030/health || exit 1
 
-CMD ["bash", "start-server.sh"]
+CMD ["bash", "start-server.sh"]
diff --git a/auth/package.json b/auth/package.json
@@ -12,6 +12,7 @@
     "lambda:build": "yarn build && esbuild src/lambda.ts --bundle --platform=node --target=node18 --outfile=build/index.js"
   },
   "dependencies": {
+    "@aws-sdk/dsql-signer": "^3.734.0",
     "@types/express": "^5.0.0",
     "@types/jsonwebtoken": "^9.0.7",
     "@types/pg": "^8.11.10",

diff --git a/auth/src/config.ts b/auth/src/config.ts
@@ -11,5 +11,6 @@ export const config = {
   },
   corsAllowedOrigins: process.env.CORS_ALLOWED_ORIGINS,
   jwtSecret: env("JWT_SECRET"),
+  jwtSecretAlgorithm: env("JWT_SECRET_ALGORITHM", "RS256"),
   apiSecret: env("API_SECRET"),
 };
diff --git a/auth/src/services/authManager/providers/custom.ts b/auth/src/services/authManager/providers/custom.ts
@@ -1,6 +1,5 @@
 import jwt from "jsonwebtoken";
 import { OAuthUser, UserRole } from "../../../models/index";
-import { createPrivateKey } from "crypto";
 import {
   CustomAccessTokenPayload,
   CustomRefreshTokenPayload,
@@ -12,12 +11,13 @@ import { UsersUseCases } from "../../../useCases/index";
 import { config } from "../../../config";
 
 const JWT_SECRET = Buffer.from(config.jwtSecret, "base64").toString("utf-8");
+const JWT_SECRET_ALGORITHM = config.jwtSecretAlgorithm as jwt.Algorithm;
 
 const getUserFromAccessToken = async (
   accessToken: string
 ): Promise<OAuthUser> => {
   const decoded = jwt.verify(accessToken, JWT_SECRET, {
-    algorithms: ["RS256"],
+    algorithms: [JWT_SECRET_ALGORITHM],
   }) as CustomAccessTokenPayload;
   if (typeof decoded === "string") {
     throw new Error("Invalid access token");
@@ -68,7 +68,7 @@ const createAccessToken = async (
 
   return jwt.sign(payload, JWT_SECRET, {
     expiresIn: "1h",
-    algorithm: "RS256",
+    algorithm: JWT_SECRET_ALGORITHM,
   });
 };
 
@@ -84,7 +84,7 @@ const createRefreshToken = async (user: OAuthUser) => {
 
   return jwt.sign(payload, JWT_SECRET, {
     expiresIn: "7d",
-    algorithm: "RS256",
+    algorithm: JWT_SECRET_ALGORITHM,
   });
 };
 
@@ -106,7 +106,7 @@ const getUserFromRefreshToken = async (
   refreshToken: string
 ): Promise<OAuthUser> => {
   const decoded = jwt.verify(refreshToken, JWT_SECRET, {
-    algorithms: ["RS256"],
+    algorithms: [JWT_SECRET_ALGORITHM],
   }) as CustomAccessTokenPayload;
   if (typeof decoded === "string") {
     throw new Error("Invalid refresh token");
@@ -130,7 +130,7 @@ const getUserFromRefreshToken = async (
 
 const refreshAccessToken = async (refreshToken: string): Promise<string> => {
   const decoded = jwt.verify(refreshToken, JWT_SECRET, {
-    algorithms: ["RS256"],
+    algorithms: [JWT_SECRET_ALGORITHM],
   }) as CustomRefreshTokenPayload;
   if (typeof decoded === "string") {
     throw new Error("Invalid refresh token");
@@ -143,7 +143,7 @@ const refreshAccessToken = async (refreshToken: string): Promise<string> => {
 
 const invalidateRefreshToken = async (refreshOrAccessToken: string) => {
   const decoded = jwt.verify(refreshOrAccessToken, JWT_SECRET, {
-    algorithms: ["RS256"],
+    algorithms: [JWT_SECRET_ALGORITHM],
   }) as CustomTokenPayload;
 
   if (typeof decoded === "string") {