diff --git a/.gitea/workflows/deployProd.yml b/.gitea/workflows/deployProd.yml new file mode 100644 index 0000000..1acf9c5 --- /dev/null +++ b/.gitea/workflows/deployProd.yml @@ -0,0 +1,23 @@ +name: Deploy +run-name: ${{ gitea.actor }} build image and push to container registry + +on: + push: + branches: + - 'main' + +jobs: + CreateImage: + runs-on: [hubstaging] + uses: http://gitea.pena/PenaDevops/actions.git/.gitea/workflows/build-image.yml@v1.1.6-p + with: + runner: hubstaging + secrets: + REGISTRY_USER: ${{ secrets.REGISTRY_USER }} + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} + DeployService: + runs-on: [hubprod] + needs: CreateImage + uses: http://gitea.pena/PenaDevops/actions.git/.gitea/workflows/deploy.yml@v1.1.4-p7 + with: + runner: hubprod diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deployStaging.yml similarity index 97% rename from .gitea/workflows/deploy.yml rename to .gitea/workflows/deployStaging.yml index 5d17c60..253c2d4 100644 --- a/.gitea/workflows/deploy.yml +++ b/.gitea/workflows/deployStaging.yml @@ -4,7 +4,6 @@ run-name: ${{ gitea.actor }} build image and push to container registry on: push: branches: - - 'main' - 'staging' jobs: diff --git a/deployments/main/docker-compose.yaml b/deployments/main/docker-compose.yaml index 4e10edc..c14673d 100644 --- a/deployments/main/docker-compose.yaml +++ b/deployments/main/docker-compose.yaml @@ -1,44 +1,36 @@ -version: '3.3' - services: codeword: - hostname: codeword - container_name: codeword - image: $CI_REGISTRY_IMAGE/main:$CI_COMMIT_REF_SLUG.$CI_PIPELINE_ID + image: gitea.pena/penaside/codeword/main:$GITHUB_RUN_NUMBER tty: true environment: APP_NAME: 'codeword' - HTTP_HOST: '0.0.0.0' - HTTP_PORT: '3000' - MONGO_HOST: '10.8.0.8' - MONGO_PORT: '27017' - MONGO_USER: 'auth-service-user-prod' - MONGO_PASSWORD: 'LFYFpTvqtxSzXDJV' - MONGO_DB: 'auth' - MONGO_AUTH: 'auth' - PUBLIC_CURVE_KEY: "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAEbnIvjIMle4rqVol6K2XUqOxHy1KJoNoZdKJrRUPKL4=\n-----END PUBLIC KEY-----" - PRIVATE_CURVE_KEY: "-----BEGIN PRIVATE KEY-----\nMC4CAQAwBQYDK2VwBCIEIKn0BKwF3vZvODgWAnUIwQhd8de5oZhY48gc23EWfrfs\n-----END PRIVATE KEY-----" - SIGN_SECRET: 'pena-auth-microservice-group' - REDIS_ADDR: '10.8.0.9:6379' - REDIS_PASS: 'Redalert2' + CLIENT_HTTP_URL: '0.0.0.0:3000' + ADMIN_HTTP_URL: '0.0.0.0:3001' + GRPC_URL: '0.0.0.0:9000' + MONGO_URL: mongodb://auth-service-user-prod:LFYFpTvqtxSzXDJV@10.8.0.226:27017/?authSource=auth + MONGO_DB_NAME: auth + ENCRYPT_PUBLIC_KEY: "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAEbnIvjIMle4rqVol6K2XUqOxHy1KJoNoZdKJrRUPKL4=\n-----END PUBLIC KEY-----" + ENCRYPT_PRIVATE_KEY: "-----BEGIN PRIVATE KEY-----\nMC4CAQAwBQYDK2VwBCIEIKn0BKwF3vZvODgWAnUIwQhd8de5oZhY48gc23EWfrfs\n-----END PRIVATE KEY-----" + ENCRYPT_SIGN_SECRET: 'pena-auth-microservice-group' + REDIS_HOST: '10.8.0.226:6379' + REDIS_PASSWORD: 'Redalert2' REDIS_DB: 3 - SMTP_API_URL: 'https://api.smtp.bz/v1/smtp/send' - SMTP_HOST: 'connect.smtp.bz' - SMTP_PORT: '587' - SMTP_UNAME: 'team@pena.digital' - SMTP_PASS: 'AyMfwqA9LkQH' - SMTP_API_KEY: '8tv2xcsfCMBX3TCQxzgeeEwAEYyQrPUp0ggw' - SMTP_SENDER: 'recovery@noreply.pena.digital' + API_URL: 'https://api.smtp.bz/v1/smtp/send' + MAIL_API_KEY: '8tv2xcsfCMBX3TCQxzgeeEwAEYyQrPUp0ggw' + MAIL_SENDER: 'recovery@noreply.pena.digital' DEFAULT_REDIRECTION_URL: 'https://hub.pena.digital/' - AUTH_EXCHANGE_URL: 'http://10.8.0.8:59300/auth/exchange' - RECOVER_URL: 'https://hub.pena.digital/codeword/recover/' + AUTH_EXCHANGE_URL: 'http://10.8.0.226:59300/auth/exchange' + MAIL_RECOVERY_URL: 'https://hub.pena.digital/codeword/v1.0.0/recover/' JWT_AUDIENCE: 'pena' JWT_ISSUER: 'pena-auth-service' - JWT_PUBLIC_KEY: $JWT_PUBLIC_KEY - DISCOUNT_ADDRESS: "10.8.0.8:9001" - KAFKA_BROKERS: "10.8.0.8:9092" + JWT_PUBLIC_KEY: "-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLW1tlHyKC9AG0hGpmkksET2DE\nr7ojSPemxFWAgFgcPJWQ7x3uNbsdJ3bIZFoA/FClaWKMCZmjnH9tv0bKZtY/CDhM\nZEyHpMruRSn6IKrxjtQZWy4uv/w6MzUeyBYG0OvNCiYpdvz5SkAGAUHD5ZNFqn2w\nKKFD0I2Dr59BFVSGJwIDAQAB\n-----END PUBLIC KEY-----" + DISCOUNT_MICROSERVICE_GRPC_URL: "10.8.0.226:9001" + KAFKA_BROKERS: "10.8.0.226:9092" KAFKA_TOPIC_TARIFF: "tariffs" + GRPC_HOST: "0.0.0.0" + TRASH_LOG_HOST: "10.8.0.200:7123" + AUTH_MICROSERVICE_URL: http://10.8.0.226:59300 ports: - - 10.8.0.8:59664:3000 - networks: - - default + - 10.8.0.226:19100:3000 + - 10.8.0.226:29100:3001 + - 10.8.0.226:39100:9000 diff --git a/deployments/staging/docker-compose.yaml b/deployments/staging/docker-compose.yaml index 7eaff22..e6cb76a 100644 --- a/deployments/staging/docker-compose.yaml +++ b/deployments/staging/docker-compose.yaml @@ -1,5 +1,3 @@ -version: '3.3' - services: codewordv1.0.0: image: gitea.pena:3000/penaside/codeword/staging:$GITHUB_RUN_NUMBER diff --git a/internal/adapters/client/mail.go b/internal/adapters/client/mail.go index 2c3e491..dfafc5a 100644 --- a/internal/adapters/client/mail.go +++ b/internal/adapters/client/mail.go @@ -41,7 +41,7 @@ func (r *RecoveryEmailSender) SendRecoveryEmail(email string, signature string) message := fmt.Sprintf(`Здравствуйте, ваша ссылка для восстановление пароля(доступна всего 15 минут) -Если это были не вы, напишите пожалуйста в техническую поддержку.`, r.recoveryUrl+signature) +Если это были не вы, напишите пожалуйста в техническую поддержку.`, signature) form := new(bytes.Buffer) writer := multipart.NewWriter(form) diff --git a/internal/controller/client/client_promocode/promocode_controller.go b/internal/controller/client/client_promocode/promocode_controller.go index 8b82236..a64d1f5 100644 --- a/internal/controller/client/client_promocode/promocode_controller.go +++ b/internal/controller/client/client_promocode/promocode_controller.go @@ -60,7 +60,7 @@ func (p *PromoCodeController) Activate(c *fiber.Ctx) error { case errors.Is(err, repository.ErrPromoCodeExpired): hlogger.Emit(models.InfoPromocodeDeadlined{ - CtxID: promocode.ID.String(), + CtxID: req.Codeword, }) return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": err.Error()}) case errors.Is(err, repository.ErrPromoCodeExhausted): diff --git a/internal/controller/client/client_recovery/recovery_controller.go b/internal/controller/client/client_recovery/recovery_controller.go index 81d23f2..393c1cc 100644 --- a/internal/controller/client/client_recovery/recovery_controller.go +++ b/internal/controller/client/client_recovery/recovery_controller.go @@ -10,6 +10,7 @@ import ( "go.uber.org/zap" "gitea.pena/PenaSide/common/log_mw" "time" + "strings" ) type Deps struct { @@ -47,7 +48,7 @@ func (r *RecoveryController) HandleRecoveryRequest(c *fiber.Ctx) error { return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "email is required"}) } - referralURL := c.Get("Referrer") + referralURL := c.Get("Referer") if req.RedirectionURL == "" && referralURL != "" { req.RedirectionURL = referralURL @@ -67,7 +68,7 @@ func (r *RecoveryController) HandleRecoveryRequest(c *fiber.Ctx) error { return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": "Internal Server Error"}) } - signUrl := req.RedirectionURL + signUrl := referralURL +"/codeword/v1.0.0/recover" sign := base64.URLEncoding.EncodeToString(key) id, err := r.service.StoreRecoveryRecord(c.Context(), models.StoreRecDeps{ @@ -83,7 +84,12 @@ func (r *RecoveryController) HandleRecoveryRequest(c *fiber.Ctx) error { signWithID := sign + id // подпись с id записи - err = r.service.RecoveryEmailTask(c.Context(), models.RecEmailDeps{UserID: user.ID.Hex(), Email: req.Email, SignWithID: signWithID, ID: id}) + err = r.service.RecoveryEmailTask(c.Context(), models.RecEmailDeps{ + UserID: user.ID.Hex(), + Email: req.Email, + SignWithID: strings.Replace(signUrl, "/changepwd","",1) + "/"+signWithID, + ID: id, + }) if err != nil { r.logger.Error("Failed to send recovery email", zap.Error(err)) @@ -111,7 +117,7 @@ func (r *RecoveryController) HandleRecoveryLink(c *fiber.Ctx) error { record, err := r.service.GetRecoveryRecord(c.Context(), sign) if err != nil { r.logger.Error("Recovery link expired", zap.String("signature", sign)) - return c.Redirect("https://shub.pena.digital/recover/expired") + return c.Redirect("https://hub.pena.digital/recover/expired") } if time.Since(record.CreatedAt) > 15*time.Minute { @@ -147,5 +153,5 @@ func (r *RecoveryController) HandleRecoveryLink(c *fiber.Ctx) error { CtxUserID: record.UserID, }) - return c.Redirect(record.SignUrl + "?auth=" + tokens["accessToken"]) + return c.Redirect("https://" + strings.Replace(record.SignUrl,"/codeword/v1.0.0/recover","/changepwd",1) + "?auth=" + tokens["accessToken"]) }