diff --git a/dd-sso/.gitignore b/dd-sso/.gitignore index 20afd7d..c0efa48 100644 --- a/dd-sso/.gitignore +++ b/dd-sso/.gitignore @@ -6,9 +6,6 @@ docker-compose.yml **/custom.yaml **/system.yaml -admin/src/node_modules -admin/src/admin/node_modules/ - # Byte-compiled / optimized / DLL files __pycache__/ *.py[cod] diff --git a/dd-sso/admin/docker/Dockerfile b/dd-sso/admin/docker/Dockerfile index 27dbd7c..b1d4f9d 100644 --- a/dd-sso/admin/docker/Dockerfile +++ b/dd-sso/admin/docker/Dockerfile @@ -20,6 +20,9 @@ FROM alpine:3.12.0 as production MAINTAINER isard +# Ensure python dependencies +COPY admin/docker/requirements.pip3 /requirements.pip3 + RUN apk add python3 py3-pip py3-pyldap~=3.2.0 RUN pip3 install --upgrade pip RUN apk add --no-cache --virtual .build_deps \ @@ -27,37 +30,19 @@ RUN apk add --no-cache --virtual .build_deps \ python3-dev \ libffi-dev \ gcc python3-dev linux-headers musl-dev postgresql-dev -COPY admin/docker/requirements.pip3 /requirements.pip3 RUN pip3 install --no-cache-dir -r requirements.pip3 RUN apk del .build_deps RUN apk add --no-cache curl py3-yaml yarn libpq openssl py3-pillow +# Add catalan words list (issue with newer diceweare) RUN wget -O /usr/lib/python3.8/site-packages/diceware/wordlists/wordlist_cat_ascii.txt https://raw.githubusercontent.com/1ma/diceware-cat/master/cat-wordlist-ascii.txt -# SSH configuration -# ARG SSH_ROOT_PWD -# RUN apk add openssh -# RUN echo "root:$SSH_ROOT_PWD" |chpasswd -# RUN sed -i \ -# -e 's|[#]*PermitRootLogin prohibit-password|PermitRootLogin yes|g' \ -# -e 's|[#]*PasswordAuthentication yes|PasswordAuthentication yes|g' \ -# -e 's|[#]*ChallengeResponseAuthentication yes|ChallengeResponseAuthentication yes|g' \ -# -e 's|[#]*UsePAM yes|UsePAM yes|g' \ -# -e 's|[#]#Port 22|Port 22|g' \ -# /etc/ssh/sshd_config - -# Let's test 0.26.1 python-keycloak version -# RUN apk add --no-cache git && \ -# git clone -b delete_realm_roles https://github.com/isard-vdi/python-keycloak.git && \ -# cd python-keycloak && \ -# python3 setup.py install && \ -# apk del git - +# Add code and entrypoint COPY admin/src /admin -RUN cd /admin/admin && yarn install - COPY admin/docker/run.sh /run.sh -#EXPOSE 7039 -CMD [ "/run.sh" ] \ No newline at end of file +# Ensure node dependencies +RUN cd /admin/admin && HOME=/tmp su -s /bin/sh -m nobody -c "yarn install" + +CMD [ "/run.sh" ] diff --git a/dd-sso/admin/docker/run.sh b/dd-sso/admin/docker/run.sh index 5f17e3d..9221577 100755 --- a/dd-sso/admin/docker/run.sh +++ b/dd-sso/admin/docker/run.sh @@ -18,13 +18,14 @@ # along with DD. If not, see . # # SPDX-License-Identifier: AGPL-3.0-or-later -# ssh-keygen -A -## Only in development -cd /admin/admin -yarn install -## End Only in development + +# We possibly need to fix bad old permissions +chown -R nobody:nogroup \ + /admin/custom \ + /admin/moodledata/saml2 /admin/saml_certs \ + "${DATA_FOLDER}" \ + "${LEGAL_PATH}" + cd /admin export PYTHONWARNINGS="ignore:Unverified HTTPS request" -python3 start.py -#& -# /usr/sbin/sshd -D -e -f /etc/ssh/sshd_config \ No newline at end of file +exec su -s /bin/sh -m nobody -c 'python3 start.py' diff --git a/dd-sso/admin/src/admin/flaskapp.py b/dd-sso/admin/src/admin/flaskapp.py index 19a7b7b..903872a 100644 --- a/dd-sso/admin/src/admin/flaskapp.py +++ b/dd-sso/admin/src/admin/flaskapp.py @@ -73,6 +73,7 @@ class AdminFlaskApp(Flask): custom_dir: str data_dir: str domain : str + node_modules_dir : str ready: bool = False def __init__(self, *args: Any, **kwargs: Any): @@ -141,6 +142,7 @@ class AdminFlaskApp(Flask): try: self.data_dir = os.environ.get("DATA_FOLDER", ".") self.custom_dir = os.environ.get("CUSTOM_FOLDER", ".") + self.node_modules_dir = os.environ.get("NODE_MODULES_FOLDER", "node_modules") # Handle secrets like Flask's session key secret_key_file = os.path.join(self.secrets_dir, "secret_key") if not os.path.exists(self.secrets_dir): @@ -202,19 +204,19 @@ class AdminFlaskApp(Flask): @self.route("/build/") def send_build(path: str) -> Response: return send_from_directory( - os.path.join(self.root_path, "node_modules/gentelella/build"), path + os.path.join(self.node_modules_dir, "gentelella/build"), path ) @self.route("/vendors/") def send_vendors(path: str) -> Response: return send_from_directory( - os.path.join(self.root_path, "node_modules/gentelella/vendors"), path + os.path.join(self.node_modules_dir, "gentelella/vendors"), path ) @self.route("/node_modules/") def send_nodes(path: str) -> Response: return send_from_directory( - os.path.join(self.root_path, "node_modules"), path + self.node_modules_dir, path ) @self.route("/templates/") diff --git a/dd-sso/docker-compose-parts/admin.yml b/dd-sso/docker-compose-parts/admin.yml index 91c87b1..164d51a 100644 --- a/dd-sso/docker-compose-parts/admin.yml +++ b/dd-sso/docker-compose-parts/admin.yml @@ -25,20 +25,14 @@ services: context: ${BUILD_SSO_ROOT_PATH} dockerfile: admin/docker/Dockerfile target: production - # args: ## DEVELOPMENT - # SSH_ROOT_PWD: ${IPA_ADMIN_PWD} - # SSH_PORT: 2022 networks: - dd_net - # ports: - # - "2022:22" - # - "9000:9000" restart: unless-stopped volumes: - /etc/localtime:/etc/localtime:ro - - ${BUILD_SSO_ROOT_PATH}/admin/src:/admin # Revome in production + - ${BUILD_SSO_ROOT_PATH}/admin/src:/admin:ro - ${BUILD_SSO_ROOT_PATH}/init/keycloak/jsons:/admin/keycloak-init:ro - - ${CUSTOM_PATH}/custom:/admin/custom + - ${CUSTOM_PATH}/custom:/admin/custom:rw - ${DATA_FOLDER}/avatars:/admin/avatars:ro - ${DATA_FOLDER}/moodle/saml2:/admin/moodledata/saml2:rw - ${DATA_FOLDER}/saml_certs:/admin/saml_certs:rw @@ -52,3 +46,4 @@ services: - MANAGED_EMAIL_DOMAIN=${MANAGED_EMAIL_DOMAIN} - DATA_FOLDER=/data - CUSTOM_FOLDER=/admin/custom + - LEGAL_PATH=/admin/admin/static/templates/pages/legal