Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
T
templateService
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Bazarbay Tulenov
templateService
Commits
64503f77
Commit
64503f77
authored
Dec 25, 2023
by
Bazarbay Tulenov
Browse files
Options
Browse Files
Download
Plain Diff
Merge remote-tracking branch 'origin/master'
parents
09c2b98a
66a9e279
Changes
8
Hide whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
146 additions
and
68 deletions
+146
-68
.gitlab-ci.yml
.gitlab-ci.yml
+70
-0
Dockerfile
Dockerfile
+17
-8
docker-compose.yaml
docker-compose.yaml
+29
-21
src/main/java/kz/project/printedFormsService/config/SecurityConfiguration.java
...ect/printedFormsService/config/SecurityConfiguration.java
+11
-19
src/main/java/kz/project/printedFormsService/config/SecurityContextUtils.java
...ject/printedFormsService/config/SecurityContextUtils.java
+0
-1
src/main/java/kz/project/printedFormsService/converter/JwtAuthConverter.java
...oject/printedFormsService/converter/JwtAuthConverter.java
+14
-14
src/main/java/kz/project/printedFormsService/data/repository/DocumentJdbcRepository.java
...dFormsService/data/repository/DocumentJdbcRepository.java
+2
-2
src/main/resources/application.yml
src/main/resources/application.yml
+3
-3
No files found.
.gitlab-ci.yml
0 → 100644
View file @
64503f77
default
:
image
:
docker:24.0.5
services
:
-
name
:
docker:24.0.5-dind
command
:
[
"
--insecure-registry=registry.nitec.kz:8200"
]
before_script
:
-
docker info
-
docker login -u $NEXUS_USERNAME -p $NEXUS_PASSWORD registry.nitec.kz:8200
-
mkdir -p ~/.ssh
-
echo "$GITLAB_SSH_KEY" > ~/.ssh/id_rsa
-
chmod 600 ~/.ssh/id_rsa
-
ssh-keyscan $PROD_JUMP_HOST >> ~/.ssh/known_hosts
variables
:
DOCKER_TLS_CERTDIR
:
"
/certs"
CONTAINER_IMAGE
:
registry.nitec.kz:8200/qaztech/ui/template-service:latest
.deploy_app
:
script
:
-
echo "Install app to server $CURRENT_DEPLOYMENT_SERVER"
-
echo $CURRENT_DEPLOYMENT_SERVER
-
|
cat > ~/.ssh/config << EOF
Host jumphost
HostName $CURRENT_JUMP_HOST
User $GITLAB_SSH_USER
Host $CURRENT_DEPLOYMENT_SERVER
ProxyJump jumphost
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null
User $GITLAB_SSH_USER
EOF
-
cat ~/.ssh/config
-
ssh -i ~/.ssh/id_rsa $CURRENT_DEPLOYMENT_SERVER 'sudo -i ls -la ~'
-
scp -i ~/.ssh/id_rsa ./docker-compose.yaml $CURRENT_DEPLOYMENT_SERVER:/opt/printform/templateservice/docker-compose.yaml
# - scp -i ~/.ssh/id_rsa bpms.tar $CURRENT_DEPLOYMENT_SERVER:~/
# - scp -i ~/.ssh/id_rsa .env $CURRENT_DEPLOYMENT_SERVER:~/
# - ssh -i ~/.ssh/id_rsa $CURRENT_DEPLOYMENT_SERVER 'sudo -i ls -la /opt/applatform/backend/'
# - ssh -i ~/.ssh/id_rsa $CURRENT_DEPLOYMENT_SERVER 'sudo -i docker load -i ~/bpms.tar'
# - ssh -i ~/.ssh/id_rsa $CURRENT_DEPLOYMENT_SERVER 'sudo docker stop acgateway || true'
# - ssh -i ~/.ssh/id_rsa $CURRENT_DEPLOYMENT_SERVER 'sudo docker rm acgateway_backup || true'
# - ssh -i ~/.ssh/id_rsa $CURRENT_DEPLOYMENT_SERVER 'sudo docker rename acgateway acgateway_backup || true'
-
ssh -i ~/.ssh/id_rsa $CURRENT_DEPLOYMENT_SERVER 'cd /opt/printform/templateservice/ && sudo docker-compose up --build -d'
-
sleep
30
-
ssh -i ~/.ssh/id_rsa $CURRENT_DEPLOYMENT_SERVER 'sudo docker ps'
# - ssh -i ~/.ssh/id_rsa $CURRENT_DEPLOYMENT_SERVER 'sudo docker logs acgateway'
# - ssh -i ~/.ssh/id_rsa $CURRENT_DEPLOYMENT_SERVER 'sudo docker system prune -f'
-
echo "Successfully deploy to $CURRENT_DEPLOYMENT_SERVER"
build
:
stage
:
build
script
:
-
docker build -t $CONTAINER_IMAGE -f Dockerfile .
-
docker push $CONTAINER_IMAGE
# - docker tag $CONTAINER_IMAGE bpms:latest
# - docker save bpms:latest -o bpms.tar
-
export CURRENT_DEPLOYMENT_SERVER=$PROD_DEPLOY_HOST
-
export CURRENT_JUMP_HOST=$PROD_JUMP_HOST
-
!reference
[
.deploy_app
,
script
]
# - export CURRENT_DEPLOYMENT_SERVER=$DEV_DEPLOY_HOST2
# - !reference [.deploy_app, script]
tags
:
-
govtech-ic-docker
# rules:
# - when: manual
# - docker
Dockerfile
View file @
64503f77
FROM
xldevops/jdk17-lts
FROM
gradle:jdk18 as builder
USER
root
RUN
addgroup builder
&&
adduser
--ingroup
builder builder
COPY
--chown=builder:builder . /home/builder
USER
builder
WORKDIR
/home/builder
RUN
gradle build
--info
-x
test
ARG
JAR_FILE=build/libs/printedFormsService-app.jar
#RUN mkdir /app
COPY
${JAR_FILE} /spring-boot-application.jar
ENTRYPOINT
["java", "-Djava.security.egd=file:/dev/./urandom", "-jar","/spring-boot-application.jar"]
FROM
openjdk:18.0-slim
WORKDIR
/app
RUN
groupadd
--system
appuser
&&
\
useradd
--system
--gid
appuser appuser
&&
\
chown
-R
appuser:appuser /app
USER
appuser
WORKDIR
/app
COPY
--chown=appuser:appuser --from=builder /home/builder/build/libs/printedFormsService-app.jar /app
EXPOSE
8081
ENTRYPOINT
exec java ${JVM_OPTS} -Djava.security.egd=file:/dev/./urandom -jar /app/printedFormsService-app.jar
docker-compose.yaml
View file @
64503f77
version
:
'
3'
services
:
postgres
:
image
:
postgres
network_mode
:
host
environment
:
POSTGRES_DB
:
template_db
POSTGRES_USER
:
postgres
POSTGRES_PASSWORD
:
password
expose
:
-
5432
ports
:
-
"
5432:5432"
# postgres:
# image: postgres
# networks:
# - test
# environment:
# POSTGRES_DB: template_db
# POSTGRES_USER: postgres
# POSTGRES_PASSWORD: password
# expose:
# - 5432
# ports:
# - "5432:5432"
client-backend
:
image
:
templete-service:latest
build
:
context
:
./
dockerfile
:
Dockerfile
image
:
registry.nitec.kz:8200/qaztech/ui/template-service:latest
extra_hosts
:
-
idp.applatform.qaztech.gov.kz:172.22.229.115
networks
:
-
printform
ports
:
-
"
808
1
:8081"
depends_on
:
-
postgres
-
"
808
5
:8081"
#
depends_on:
#
- postgres
environment
:
-
SERVER_PORT=
8081
-
SERVER_PORT=8081
-
KEYCLOAK_REALM=applatform
-
SPRING_DATASOURCE_URL=jdbc:postgresql://postgres:5432/template_db
-
KEYCLOAK_URI= https://keycloak.portal.btsd.kz
-
KEYCLOAK_CLIENT_SECRET= F3ldvoA1iBLF142bhfHZNOtZZ0wjRiE4
-
KEYCLOAK_URI=https://idp.applatform.qaztech.gov.kz
-
KEYCLOAK_CLIENT_SECRET=1NYLMNlWXpPDW3QKeZ4VjlY76DuzNtaB
networks
:
printform
:
external
:
true
name
:
printform
\ No newline at end of file
src/main/java/kz/project/printedFormsService/config/SecurityConfiguration.java
View file @
64503f77
...
...
@@ -30,12 +30,9 @@ import static kz.project.printedFormsService.controller.TemplateController.BASE_
@EnableMethodSecurity
public
class
SecurityConfiguration
{
private
static
final
String
PROJECT_A_CREATOR
=
"projecta_creator"
;
private
static
final
String
PROJECT_B_CREATOR
=
"projectb_creator"
;
private
static
final
String
PROJECT_A_DELETE
=
"projecta_delete"
;
private
static
final
String
PROJECT_B_DELETE
=
"projectb_delete"
;
private
static
final
String
PROJECT_A_EDITOR
=
"projecta_editor"
;
private
static
final
String
PROJECT_B_EDITOR
=
"projectb_editor"
;
private
static
final
String
CREATOR
=
"creator"
;
private
static
final
String
DELETE
=
"delete"
;
private
static
final
String
EDITOR
=
"editor"
;
private
static
final
String
ADMIN
=
"admin"
;
@Bean
...
...
@@ -66,33 +63,28 @@ public class SecurityConfiguration {
.
permitAll
()
.
requestMatchers
(
BASE_PATH
+
TemplateController
.
SAVE
)
.
hasAnyRole
(
PROJECT_A_CREATOR
,
PROJECT_B_
CREATOR
,
ADMIN
)
.
hasAnyRole
(
CREATOR
,
ADMIN
)
.
requestMatchers
(
BASE_PATH
+
TemplateController
.
GET_TEMPLATE_DATA
)
.
hasAnyRole
(
PROJECT_A_CREATOR
,
PROJECT_B_CREATOR
,
PROJECT_A_EDITOR
,
PROJECT_B_EDITOR
,
PROJECT_A_DELETE
,
PROJECT_B_DELETE
,
ADMIN
)
.
hasAnyRole
(
CREATOR
,
EDITOR
,
DELETE
,
ADMIN
)
.
requestMatchers
(
BASE_PATH
+
TemplateController
.
EDIT
)
.
hasAnyRole
(
PROJECT_A_EDITOR
,
PROJECT_B_
EDITOR
,
ADMIN
)
.
hasAnyRole
(
EDITOR
,
ADMIN
)
.
requestMatchers
(
BASE_PATH
+
TemplateController
.
DELETE
)
.
hasAnyRole
(
PROJECT_A_DELETE
,
PROJECT_B_
DELETE
,
ADMIN
)
.
hasAnyRole
(
DELETE
,
ADMIN
)
.
requestMatchers
(
BASE_PATH
+
TemplateController
.
GET_ALL
)
.
hasAnyRole
(
PROJECT_A_CREATOR
,
PROJECT_B_CREATOR
,
PROJECT_A_EDITOR
,
PROJECT_B_EDITOR
,
PROJECT_A_DELETE
,
PROJECT_B_DELETE
,
ADMIN
)
.
hasAnyRole
(
CREATOR
,
EDITOR
,
DELETE
,
ADMIN
)
.
requestMatchers
(
BASE_PATH
+
TemplateController
.
GET_ALL_BY_CODE
)
.
hasAnyRole
(
PROJECT_A_CREATOR
,
PROJECT_B_CREATOR
,
PROJECT_A_EDITOR
,
PROJECT_B_EDITOR
,
PROJECT_A_DELETE
,
PROJECT_B_DELETE
,
ADMIN
)
.
hasAnyRole
(
CREATOR
,
EDITOR
,
DELETE
,
ADMIN
)
.
requestMatchers
(
DocumentsController
.
BY_DAY
)
.
hasAnyRole
(
PROJECT_A_CREATOR
,
PROJECT_B_CREATOR
,
PROJECT_A_EDITOR
,
PROJECT_B_EDITOR
,
PROJECT_A_DELETE
,
PROJECT_B_DELETE
,
ADMIN
)
.
hasAnyRole
(
CREATOR
,
EDITOR
,
DELETE
,
ADMIN
)
.
requestMatchers
(
DocumentsController
.
BY_TEMPLATE
)
.
hasAnyRole
(
PROJECT_A_CREATOR
,
PROJECT_B_CREATOR
,
PROJECT_A_EDITOR
,
PROJECT_B_EDITOR
,
PROJECT_A_DELETE
,
PROJECT_B_DELETE
,
ADMIN
)
.
hasAnyRole
(
CREATOR
,
EDITOR
,
DELETE
,
ADMIN
)
.
anyRequest
().
authenticated
()
);
...
...
src/main/java/kz/project/printedFormsService/config/SecurityContextUtils.java
View file @
64503f77
...
...
@@ -35,7 +35,6 @@ public class SecurityContextUtils {
.
map
(
GrantedAuthority:
:
getAuthority
)
.
map
(
role
->
role
.
replace
(
"ROLE_"
,
""
))
.
filter
(
role
->
role
.
contains
(
PROJECT_ROLE_SPLITTER
))
.
filter
(
role
->
role
.
startsWith
(
"project"
))
.
collect
(
Collectors
.
toMap
(
role
->
role
.
split
(
PROJECT_ROLE_SPLITTER
)[
0
],
role
->
new
ArrayList
<>(
List
.
of
(
role
.
split
(
PROJECT_ROLE_SPLITTER
)[
1
])),
...
...
src/main/java/kz/project/printedFormsService/converter/JwtAuthConverter.java
View file @
64503f77
...
...
@@ -11,10 +11,7 @@ import org.springframework.security.oauth2.jwt.Jwt;
import
org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken
;
import
org.springframework.stereotype.Component
;
import
java.util.ArrayList
;
import
java.util.Collection
;
import
java.util.List
;
import
java.util.Map
;
import
java.util.*
;
@Component
public
class
JwtAuthConverter
implements
Converter
<
Jwt
,
AbstractAuthenticationToken
>
{
...
...
@@ -28,18 +25,21 @@ public class JwtAuthConverter implements Converter<Jwt, AbstractAuthenticationTo
}
private
Collection
<
GrantedAuthority
>
extractAuthorities
(
Jwt
jwt
)
{
if
(
jwt
.
getClaim
(
"realm_access"
)
!=
null
)
{
Map
<
String
,
Object
>
realmAccess
=
jwt
.
getClaim
(
"realm_access"
);
ObjectMapper
mapper
=
new
ObjectMapper
();
List
<
String
>
roles
=
mapper
.
convertValue
(
realmAccess
.
get
(
"roles"
),
new
TypeReference
<>()
{
});
List
<
GrantedAuthority
>
authorities
=
new
ArrayList
<>();
for
(
String
role
:
roles
)
{
authorities
.
add
(
new
SimpleGrantedAuthority
(
"ROLE_"
+
role
));
if
(
jwt
.
getClaim
(
"resource_access"
)
!=
null
)
{
Map
<
String
,
Map
<
String
,
Object
>>
resourceAccess
=
jwt
.
getClaim
(
"resource_access"
);
if
(
resourceAccess
.
containsKey
(
"print_form"
)){
ObjectMapper
mapper
=
new
ObjectMapper
();
List
<
String
>
roles
=
mapper
.
convertValue
(
resourceAccess
.
get
(
"print_form"
).
get
(
"roles"
),
new
TypeReference
<>()
{
});
Set
<
GrantedAuthority
>
authorities
=
new
HashSet
<>();
for
(
String
role
:
roles
)
{
authorities
.
add
(
new
SimpleGrantedAuthority
(
"ROLE_"
+
role
.
substring
(
role
.
lastIndexOf
(
'_'
)+
1
)));
}
return
authorities
;
}
return
authorities
;
}
return
new
ArrayList
<>();
}
...
...
src/main/java/kz/project/printedFormsService/data/repository/DocumentJdbcRepository.java
View file @
64503f77
...
...
@@ -33,7 +33,7 @@ public class DocumentJdbcRepository {
WHERE
DATE_TRUNC('day',created_at) >= :startDate
AND DATE_TRUNC('day',created_at) <= :endDate
AND project in(:projects)
--
AND project in(:projects)
GROUP BY
date
ORDER BY
...
...
@@ -65,7 +65,7 @@ public class DocumentJdbcRepository {
WHERE
DATE_TRUNC('day',created_at) >= :startDate
AND DATE_TRUNC('day',created_at) <= :endDate
AND d.project in(:projects)
--
AND d.project in(:projects)
GROUP BY
d.template_id, t.name
ORDER BY
...
...
src/main/resources/application.yml
View file @
64503f77
...
...
@@ -6,7 +6,7 @@ spring:
oauth2
:
resourceserver
:
jwt
:
jwk-set-uri
:
${KEYCLOAK_URI:http://94.247.129.11:8080}/realms/
selfserviceportal
/protocol/openid-connect/certs
jwk-set-uri
:
${KEYCLOAK_URI:http://94.247.129.11:8080}/realms/
${KEYCLOAK_REALM:}
/protocol/openid-connect/certs
client
:
registration
:
keycloak
:
...
...
@@ -18,8 +18,8 @@ spring:
authorization-grant-type
:
authorization_code
provider
:
keycloak
:
jwk-set-uri
:
${KEYCLOAK_URI:http://94.247.129.11:8080}/realms/
selfserviceportal
/protocol/openid-connect/certs
issuer-uri
:
${KEYCLOAK_URI:http://94.247.129.11:8080}/realms/
selfserviceportal
jwk-set-uri
:
${KEYCLOAK_URI:http://94.247.129.11:8080}/realms/
${KEYCLOAK_REALM}
/protocol/openid-connect/certs
issuer-uri
:
${KEYCLOAK_URI:http://94.247.129.11:8080}/realms/
${KEYCLOAK_REALM}
jpa
:
hibernate
:
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment