Infrastructure/logto
0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2024-12-16 20:26:19 -05:00
Code Issues Activity

refactor: fix cloud env (#3179)

Browse source
This commit is contained in:
Gao Sun 2023-02-22 12:38:30 +08:00 committed by GitHub
parent 7a7a7c3245
commit 1c2766be89
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 57 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
Dockerfile
View file

@ -1,34 +1,34 @@
# Build stage ###### [STAGE] Build ######
FROM node:18-alpine as builder FROM node:18-alpine as builder
WORKDIR /etc/logto WORKDIR /etc/logto
ENV CI=true ENV CI=true
# No need for build # No need for Docker build
ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true
# Install toolchain ### Install toolchain ###
RUN npm add --location=global pnpm@^7.14.0 RUN npm add --location=global pnpm@^7.14.0
# https://github.com/nodejs/docker-node/blob/main/docs/BestPractices.md#node-gyp-alpine # https://github.com/nodejs/docker-node/blob/main/docs/BestPractices.md#node-gyp-alpine
RUN apk add --no-cache python3 make g++ RUN apk add --no-cache python3 make g++
COPY . . COPY . .
# Install dependencies and build ### Install dependencies and build ###
RUN node .scripts/update-parcelrc.js RUN node .scripts/update-parcelrc.js
RUN pnpm i RUN pnpm i
RUN pnpm -r build RUN pnpm -r build
# Add official connectors ### Add official connectors ###
RUN pnpm cli connector add --official -p . RUN pnpm cli connector add --official -p .
# Prune dependencies for production ### Prune dependencies for production ###
RUN rm -rf node_modules packages/**/node_modules RUN rm -rf node_modules packages/**/node_modules
RUN NODE_ENV=production pnpm i RUN NODE_ENV=production pnpm i
# Clean up ### Clean up ###
RUN rm -rf .scripts .parcel-cache pnpm-*.yaml RUN rm -rf .scripts .parcel-cache pnpm-*.yaml packages/cloud
# Seal stage ###### [STAGE] Seal ######
FROM node:18-alpine as app FROM node:18-alpine as app
WORKDIR /etc/logto WORKDIR /etc/logto
COPY --from=builder /etc/logto . COPY --from=builder /etc/logto .

31
Dockerfile.cloud
View file

@ -1,31 +1,40 @@
# Build stage ###### [STAGE] Build ######
FROM node:18-alpine as builder FROM node:18-alpine as builder
WORKDIR /etc/logto WORKDIR /etc/logto
ENV CI=true ENV CI=true
# No need for build # No need for Docker build
ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true
# Install toolchain ### Install toolchain ###
RUN npm add --location=global pnpm@^7.14.0 RUN npm add --location=global pnpm@^7.14.0
# https://github.com/nodejs/docker-node/blob/main/docs/BestPractices.md#node-gyp-alpine # https://github.com/nodejs/docker-node/blob/main/docs/BestPractices.md#node-gyp-alpine
RUN apk add --no-cache python3 make g++ RUN apk add --no-cache python3 make g++
COPY . . COPY . .
# Install dependencies and build ### Install dependencies ###
RUN node .scripts/update-parcelrc.js RUN node .scripts/update-parcelrc.js
RUN pnpm i RUN pnpm i
RUN pnpm prepack
RUN cd packages/cloud && pnpm build
# Prune dependencies for production ### Build ###
# Admin Console build env
ENV CONSOLE_PUBLIC_URL=/
# Temporarily use it for Admin Console build, will try to use runtime technique later
ENV ADMIN_TENANT_ENDPOINT=https://admin.app.logto.dev/
RUN pnpm prepack
RUN pnpm -r --filter @logto/console --filter @logto/cloud build
### Prune dependencies for production ###
RUN rm -rf node_modules packages/**/node_modules RUN rm -rf node_modules packages/**/node_modules
RUN NODE_ENV=production pnpm i RUN NODE_ENV=production pnpm i
# Seal stage ### Clean up ###
RUN rm -rf .scripts .parcel-cache pnpm-*.yaml
###### [STAGE] Seal ######
FROM node:18-alpine as app FROM node:18-alpine as app
WORKDIR /etc/logto WORKDIR /etc/logto-cloud
COPY --from=builder /etc/logto/packages/cloud . COPY --from=builder /etc/logto .
EXPOSE 3003 EXPOSE 3003
ENTRYPOINT ["npm", "start"] ENTRYPOINT ["npm", "run", "start:cloud"]

1
package.json
View file

@ -12,6 +12,7 @@
"start:dev": "pnpm -r --parallel --filter=!@logto/integration-tests --filter=!@logto/cloud dev", "start:dev": "pnpm -r --parallel --filter=!@logto/integration-tests --filter=!@logto/cloud dev",
"start:dev:cloud": "CONSOLE_PUBLIC_URL=/ pnpm -r --parallel --filter=!@logto/integration-tests dev", "start:dev:cloud": "CONSOLE_PUBLIC_URL=/ pnpm -r --parallel --filter=!@logto/integration-tests dev",
"start": "cd packages/core && NODE_ENV=production node .", "start": "cd packages/core && NODE_ENV=production node .",
"start:cloud": "cd packages/cloud && NODE_ENV=production node .",
"cli": "logto", "cli": "logto",
"alteration": "logto db alt", "alteration": "logto db alt",
"//": "# `changeset version` won't run version lifecycle scripts, see https://github.com/changesets/changesets/issues/860", "//": "# `changeset version` won't run version lifecycle scripts, see https://github.com/changesets/changesets/issues/860",

2
packages/cloud/package.json
View file

@ -16,7 +16,7 @@
"lint": "eslint --ext .ts src", "lint": "eslint --ext .ts src",
"lint:report": "pnpm lint --format json --output-file report.json", "lint:report": "pnpm lint --format json --output-file report.json",
"dev": "rm -rf build/ && nodemon", "dev": "rm -rf build/ && nodemon",
"start": "NODE_ENV=production node build/index.js" "start": "NODE_ENV=production node ."
}, },
"dependencies": { "dependencies": {
"@logto/core-kit": "workspace:*", "@logto/core-kit": "workspace:*",

5
packages/cloud/src/env-set/index.ts
View file

@ -1,7 +1,10 @@
const getEnv = (key: string) => process.env[key]; const getEnv = (key: string) => process.env[key];
class GlobalValues { class GlobalValues {
public readonly logtoEndpoint = new URL(getEnv('LOGTO_ENDPOINT') ?? 'http://localhost:3002'); public readonly logtoEndpoint = new URL(
getEnv('ADMIN_TENANT_ENDPOINT') ?? 'http://localhost:3002'
);
public readonly dbUrl = getEnv('DB_URL'); public readonly dbUrl = getEnv('DB_URL');
public readonly isProduction = getEnv('NODE_ENV') === 'production'; public readonly isProduction = getEnv('NODE_ENV') === 'production';
} }

2
packages/core/package.json
View file

@ -18,7 +18,7 @@
"lint": "eslint --ext .ts src", "lint": "eslint --ext .ts src",
"lint:report": "pnpm lint --format json --output-file report.json", "lint:report": "pnpm lint --format json --output-file report.json",
"dev": "rm -rf build/ && pnpm run copyfiles && nodemon", "dev": "rm -rf build/ && pnpm run copyfiles && nodemon",
"start": "NODE_ENV=production node build/index.js", "start": "NODE_ENV=production node .",
"test:only": "NODE_OPTIONS=\"--experimental-vm-modules --max_old_space_size=4096\" jest --logHeapUsage", "test:only": "NODE_OPTIONS=\"--experimental-vm-modules --max_old_space_size=4096\" jest --logHeapUsage",
"test": "pnpm build:test && pnpm test:only", "test": "pnpm build:test && pnpm test:only",
"test:ci": "pnpm test:only --coverage --silent", "test:ci": "pnpm test:only --coverage --silent",

22
packages/core/src/middleware/koa-cors.ts
View file

@ -2,6 +2,7 @@ import cors from '@koa/cors';
import type { MiddlewareType } from 'koa'; import type { MiddlewareType } from 'koa';
import type UrlSet from '#src/env-set/UrlSet.js'; import type UrlSet from '#src/env-set/UrlSet.js';
import { EnvSet } from '#src/env-set/index.js';
export default function koaCors<StateT, ContextT, ResponseBodyT>( export default function koaCors<StateT, ContextT, ResponseBodyT>(
...urlSets: UrlSet[] ...urlSets: UrlSet[]
@ -10,12 +11,21 @@ export default function koaCors<StateT, ContextT, ResponseBodyT>(
origin: (ctx) => { origin: (ctx) => {
const { origin } = ctx.request.headers; const { origin } = ctx.request.headers;
return origin && if (
urlSets origin &&
.flatMap((set) => set.deduplicated()) urlSets.some((set) =>
.some((value) => new URL(value).origin === origin) set.deduplicated().some(
? origin (url) =>
: ''; url.origin === origin &&
// Disable localhost CORS in production since it's unsafe
!(EnvSet.values.isProduction && url.hostname === 'localhost')
)
)
) {
return origin;
}
return '';
}, },
exposeHeaders: '*', exposeHeaders: '*',
}); });

8
packages/core/src/oidc/adapter.ts
View file

@ -15,9 +15,11 @@ import { getConstantClientMetadata } from './utils.js';
const buildAdminConsoleClientMetadata = (envSet: EnvSet): AllClientMetadata => { const buildAdminConsoleClientMetadata = (envSet: EnvSet): AllClientMetadata => {
const { adminUrlSet, cloudUrlSet } = EnvSet.values; const { adminUrlSet, cloudUrlSet } = EnvSet.values;
const urls = [...adminUrlSet.deduplicated(), ...cloudUrlSet.deduplicated()].map((url) => const urls = [
appendPath(url, '/console').toString() ...adminUrlSet.deduplicated().map((url) => appendPath(url, '/console').toString()),
); // Logto Cloud uses `https://some.cloud.endpoint/[tenantId]` to serve Admin Console for specific Tenant ID
...cloudUrlSet.deduplicated().map((url) => appendPath(url, '/' + envSet.tenantId).toString()),
];
return { return {
...getConstantClientMetadata(envSet, ApplicationType.SPA), ...getConstantClientMetadata(envSet, ApplicationType.SPA),