Merge branch 'main' into bc-5639-poc-feathers-update

hpi-schul-cloud · Nov 14, 2023 · 11f85a1 · 11f85a1
2 parents 8e1569c + e28eee0
commit 11f85a1
Show file tree

Hide file tree

Showing 817 changed files with 22,118 additions and 8,299 deletions.
diff --git a/.eslintrc.js b/.eslintrc.js
@@ -65,22 +65,24 @@ module.exports = {
 	overrides: [
 		{
 			files: ['apps/**/*.ts'],
+			env: {
+				node: true,
+				es6: true,
+			},
 			parser: '@typescript-eslint/parser',
-			plugins: ['@typescript-eslint/eslint-plugin'],
+			parserOptions: {
+				project: 'apps/server/tsconfig.lint.json',
+				sourceType: 'module',
+			},
+			plugins: ['@typescript-eslint/eslint-plugin', 'import'],
 			extends: [
 				'airbnb-typescript/base',
 				'plugin:@typescript-eslint/recommended',
 				'plugin:@typescript-eslint/recommended-requiring-type-checking',
 				'prettier',
 				'plugin:promise/recommended',
+				'plugin:import/typescript',
 			],
-			parserOptions: {
-				project: 'apps/server/tsconfig.lint.json',
-			},
-			env: {
-				node: true,
-				es6: true,
-			},
 			rules: {
 				'import/no-unresolved': 'off', // better handled by ts resolver
 				'import/no-extraneous-dependencies': 'off', // better handles by ts resolver
@@ -98,6 +100,17 @@ module.exports = {
 						allowSingleExtends: true,
 					},
 				],
+				'@typescript-eslint/no-restricted-imports': [
+					'warn',
+					{
+						patterns: [
+							{
+								group: ['@infra/*/*', '@modules/*/*', '!*.module'],
+								message: 'Do not deep import from a module',
+							},
+						],
+					},
+				],
 			},
 			overrides: [
 				{

diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
@@ -172,7 +172,7 @@ jobs:
         uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: 'trivy-results.sarif'
-
+  
   end-to-end-tests:
     needs:
       - build_and_push

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -5,6 +5,7 @@ on:
     branches: [ main ]
   pull_request:
     branches: [ main ]
+  workflow_dispatch:
 
 permissions:
   contents: read

diff --git a/ansible/roles/schulcloud-server-core/tasks/main.yml b/ansible/roles/schulcloud-server-core/tasks/main.yml
@@ -58,20 +58,50 @@
       kubeconfig: ~/.kube/config
       namespace: "{{ NAMESPACE }}"
       template: deployment.yml.j2
+
+  - name: Ingress
+    kubernetes.core.k8s:
+      kubeconfig: ~/.kube/config
+      namespace: "{{ NAMESPACE }}"
+      template: ingress.yml.j2
+      apply: yes
 
   - name: FileStorageDeployment
     kubernetes.core.k8s:
       kubeconfig: ~/.kube/config
       namespace: "{{ NAMESPACE }}"
       template: api-files-deployment.yml.j2
 
+  - name: FileStorageDeployment
+    kubernetes.core.k8s:
+      kubeconfig: ~/.kube/config
+      namespace: "{{ NAMESPACE }}"
+      template: api-files-deployment.yml.j2
+
+  - name: File Storage Ingress
+    kubernetes.core.k8s:
+      kubeconfig: ~/.kube/config
+      namespace: "{{ NAMESPACE }}"
+      template: api-files-ingress.yml.j2
+      apply: yes
+
   - name: FwuLearningContentsDeployment
     kubernetes.core.k8s:
       kubeconfig: ~/.kube/config
       namespace: "{{ NAMESPACE }}"
       template: api-fwu-deployment.yml.j2
     when: FEATURE_FWU_CONTENT_ENABLED is defined and FEATURE_FWU_CONTENT_ENABLED|bool
 
+  - name: Fwu Learning Contents Ingress Remove
+    kubernetes.core.k8s:
+      kubeconfig: ~/.kube/config
+      namespace: "{{ NAMESPACE }}"
+      state: absent
+      api_version: networking.k8s.io/v1
+      kind: Ingress
+      name: "{{ NAMESPACE }}-api-fwu-ingress"
+    when: FEATURE_FWU_CONTENT_ENABLED is defined and FEATURE_FWU_CONTENT_ENABLED|bool
+
   - name: Delete Files CronJob
     kubernetes.core.k8s:
       kubeconfig: ~/.kube/config

diff --git a/ansible/roles/schulcloud-server-core/templates/api-files-ingress.yml.j2 b/ansible/roles/schulcloud-server-core/templates/api-files-ingress.yml.j2
@@ -0,0 +1,41 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ NAMESPACE }}-api-files-ingress
+  namespace: {{ NAMESPACE }}
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABELD|default("false") }}"
+    nginx.ingress.kubernetes.io/proxy-body-size: "{{ INGRESS_MAX_BODY_SIZE|default("2560") }}m"
+    nginx.org/client-max-body-size: "{{ INGRESS_MAX_BODY_SIZE|default("2560") }}m"
+    # The following properties added with BC-3606.
+    # The header size of the request is too big. For e.g. state and the permanent growing jwt.
+    # Nginx throws away the Location header, resulting in the 502 Bad Gateway.
+    nginx.ingress.kubernetes.io/client-header-buffer-size: 100k
+    nginx.ingress.kubernetes.io/http2-max-header-size: 96k
+    nginx.ingress.kubernetes.io/large-client-header-buffers: 4 100k
+    nginx.ingress.kubernetes.io/proxy-buffer-size: 96k
+{% if CLUSTER_ISSUER is defined %}
+    cert-manager.io/cluster-issuer: {{ CLUSTER_ISSUER }}
+{% endif %}
+
+spec:
+  ingressClassName: nginx
+{% if CLUSTER_ISSUER is defined or (TLS_ENABELD is defined and TLS_ENABELD|bool) %}
+  tls:
+  - hosts:
+      - {{ DOMAIN }}
+{% if CLUSTER_ISSUER is defined %}
+    secretName: {{ DOMAIN }}-tls
+{% endif %}
+{% endif %}
+  rules:
+  - host: {{ DOMAIN }}
+    http:
+      paths:
+      - path: /api/v3/file/
+        backend:
+          service:
+            name: api-files-svc
+            port:
+              number: {{ PORT_FILE_SERVICE }}
+        pathType: Prefix
diff --git a/ansible/roles/schulcloud-server-core/templates/ingress.yml.j2 b/ansible/roles/schulcloud-server-core/templates/ingress.yml.j2
@@ -0,0 +1,41 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ NAMESPACE }}-api-ingress
+  namespace: {{ NAMESPACE }}
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABELD|default("false") }}"
+    nginx.ingress.kubernetes.io/proxy-body-size: "{{ INGRESS_MAX_BODY_SIZE|default("2560") }}m"
+    nginx.org/client-max-body-size: "{{ INGRESS_MAX_BODY_SIZE|default("2560") }}m"
+    # The following properties added with BC-3606.
+    # The header size of the request is too big. For e.g. state and the permanent growing jwt.
+    # Nginx throws away the Location header, resulting in the 502 Bad Gateway.
+    nginx.ingress.kubernetes.io/client-header-buffer-size: 100k
+    nginx.ingress.kubernetes.io/http2-max-header-size: 96k
+    nginx.ingress.kubernetes.io/large-client-header-buffers: 4 100k
+    nginx.ingress.kubernetes.io/proxy-buffer-size: 96k
+{% if CLUSTER_ISSUER is defined %}
+    cert-manager.io/cluster-issuer: {{ CLUSTER_ISSUER }}
+{% endif %}
+
+spec:
+  ingressClassName: nginx
+{% if CLUSTER_ISSUER is defined or (TLS_ENABELD is defined and TLS_ENABELD|bool) %}
+  tls:
+  - hosts:
+      - {{ DOMAIN }}
+{% if CLUSTER_ISSUER is defined %}
+    secretName: {{ DOMAIN }}-tls
+{% endif %}
+{% endif %}
+  rules:
+  - host: {{ DOMAIN }}
+    http:
+      paths:
+      - path: /api/v3/
+        backend:
+          service:
+            name: api-svc
+            port:
+              number: {{ PORT_SERVER }}
+        pathType: Prefix
diff --git a/ansible/roles/schulcloud-server-h5p/tasks/main.yml b/ansible/roles/schulcloud-server-h5p/tasks/main.yml
@@ -1,4 +1,4 @@
-  - name: H5pEditorService
+  - name: H5PEditorProvider
     kubernetes.core.k8s:
       kubeconfig: ~/.kube/config
       namespace: "{{ NAMESPACE }}"
@@ -11,4 +11,12 @@
       namespace: "{{ NAMESPACE }}"
       template: api-h5p-deployment.yml.j2
     when: WITH_H5P_EDITOR is defined and WITH_H5P_EDITOR|bool
+
+  - name: H5p Editor Ingress
+    kubernetes.core.k8s:
+      kubeconfig: ~/.kube/config
+      namespace: "{{ NAMESPACE }}"
+      template: api-h5p-ingress.yml.j2
+      apply: yes
+    when: WITH_H5P_EDITOR is defined and WITH_H5P_EDITOR|bool
 
diff --git a/ansible/roles/schulcloud-server-h5p/templates/api-h5p-ingress.yml.j2 b/ansible/roles/schulcloud-server-h5p/templates/api-h5p-ingress.yml.j2
@@ -0,0 +1,41 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ NAMESPACE }}-api-h5p-ingress
+  namespace: {{ NAMESPACE }}
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABELD|default("false") }}"
+    nginx.ingress.kubernetes.io/proxy-body-size: "{{ INGRESS_MAX_BODY_SIZE|default("2560") }}m"
+    nginx.org/client-max-body-size: "{{ INGRESS_MAX_BODY_SIZE|default("2560") }}m"
+    # The following properties added with BC-3606.
+    # The header size of the request is too big. For e.g. state and the permanent growing jwt.
+    # Nginx throws away the Location header, resulting in the 502 Bad Gateway.
+    nginx.ingress.kubernetes.io/client-header-buffer-size: 100k
+    nginx.ingress.kubernetes.io/http2-max-header-size: 96k
+    nginx.ingress.kubernetes.io/large-client-header-buffers: 4 100k
+    nginx.ingress.kubernetes.io/proxy-buffer-size: 96k
+{% if CLUSTER_ISSUER is defined %}
+    cert-manager.io/cluster-issuer: {{ CLUSTER_ISSUER }}
+{% endif %}
+
+spec:
+  ingressClassName: nginx
+{% if CLUSTER_ISSUER is defined or (TLS_ENABELD is defined and TLS_ENABELD|bool) %}
+  tls:
+  - hosts:
+      - {{ DOMAIN }}
+{% if CLUSTER_ISSUER is defined %}
+    secretName: {{ DOMAIN }}-tls
+{% endif %}
+{% endif %}
+  rules:
+  - host: {{ DOMAIN }}
+    http:
+      paths:
+      - path: /api/v3/h5p-editor/
+        backend:
+          service:
+            name: api-h5p-svc
+            port:
+              number: 4448
+        pathType: Prefix
diff --git a/ansible/roles/schulcloud-server-init/templates/configmap_file_init.yml.j2 b/ansible/roles/schulcloud-server-init/templates/configmap_file_init.yml.j2
@@ -390,8 +390,8 @@ data:
                       }'
 
             # Add Bettermarks' tools configuration as an external tool
-            # (stored in the 'external_tools' collection) that uses OAuth.
-            mongosh $DATABASE__URL --eval 'db.external_tools.replaceOne(
+            # (stored in the 'external-tools' collection) that uses OAuth.
+            mongosh $DATABASE__URL --eval 'db.external-tools.replaceOne(
                 {
                   "name": "bettermarks",
                   "config_type": "oauth2"
@@ -486,9 +486,9 @@ data:
          echo "POSTed nextcloud to hydra."
 
          # Add Nextcloud' tools configuration as an external tool
-         # (stored in the 'external_tools' collection) that uses OAuth.
-         echo "Inserting nextcloud to external_tools..."
-         mongosh $DATABASE__URL --eval 'db.external_tools.update(
+         # (stored in the 'external-tools' collection) that uses OAuth.
+         echo "Inserting nextcloud to external-tools..."
+         mongosh $DATABASE__URL --eval 'db.external-tools.update(
              {
                "name": "nextcloud",
                "config_type": "oauth2"
@@ -512,7 +512,7 @@ data:
                "upsert": true
              }
          );'
-         echo "Inserted nextcloud to external_tools."
+         echo "Inserted nextcloud to external-tools."
 
          echo "Nextcloud config data init performed successfully."
     fi

diff --git a/apps/server/doc/summary.json b/apps/server/doc/summary.json
@@ -61,7 +61,7 @@
 			},
 			{
 				"title": "S3ClientModule",
-				"file": "../src/shared/infra/s3-client/README.md"
+				"file": "../src/infra/s3-client/README.md"
 			}
 		]
 	}

diff --git a/apps/server/src/apps/h5p-editor.app.ts b/apps/server/src/apps/h5p-editor.app.ts
@@ -19,6 +19,7 @@ async function bootstrap() {
 	const nestExpress = express();
 
 	const nestExpressAdapter = new ExpressAdapter(nestExpress);
+
 	const nestApp = await NestFactory.create(H5PEditorModule, nestExpressAdapter);
 	// WinstonLogger
 	nestApp.useLogger(await nestApp.resolve(LegacyLogger));

diff --git a/apps/server/src/apps/helpers/prometheus-metrics.spec.ts b/apps/server/src/apps/helpers/prometheus-metrics.spec.ts
@@ -5,7 +5,7 @@ import {
 	PrometheusMetricsConfig,
 	createAPIResponseTimeMetricMiddleware,
 	createPrometheusMetricsApp,
-} from '@shared/infra/metrics';
+} from '@infra/metrics';
 import { Logger } from '@src/core/logger';
 import express, { Express, NextFunction, Request, RequestHandler, Response } from 'express';
 import {
@@ -15,9 +15,9 @@ import {
 	createAndStartPrometheusMetricsAppIfEnabled,
 } from './prometheus-metrics';
 
-jest.mock('@shared/infra/metrics', () => {
+jest.mock('@infra/metrics', () => {
 	const moduleMock: unknown = {
-		...jest.requireActual('@shared/infra/metrics'),
+		...jest.requireActual('@infra/metrics'),
 		createAPIResponseTimeMetricMiddleware: jest.fn(),
 		createPrometheusMetricsApp: jest.fn(),
 	};

diff --git a/apps/server/src/apps/helpers/prometheus-metrics.ts b/apps/server/src/apps/helpers/prometheus-metrics.ts
@@ -4,7 +4,7 @@ import {
 	PrometheusMetricsConfig,
 	createAPIResponseTimeMetricMiddleware,
 	createPrometheusMetricsApp,
-} from '@shared/infra/metrics';
+} from '@infra/metrics';
 import { LogMessage, Loggable, Logger } from '@src/core/logger';
 import { AppStartLoggable } from './app-start-loggable';
 

diff --git a/apps/server/src/apps/server.app.ts b/apps/server/src/apps/server.app.ts
@@ -2,25 +2,25 @@
 // application imports
 /* eslint-disable no-console */
 import { MikroORM } from '@mikro-orm/core';
-import { AccountService } from '@modules/account/services/account.service';
+import { NestFactory } from '@nestjs/core';
+import { ExpressAdapter } from '@nestjs/platform-express';
+import { enableOpenApiDocs } from '@shared/controller/swagger';
+import { Mail, MailService } from '@infra/mail';
+import { LegacyLogger, Logger } from '@src/core/logger';
+import { AccountService } from '@modules/account';
+import { TeamService } from '@modules/teams/service/team.service';
 import { AccountValidationService } from '@modules/account/services/account.validation.service';
 import { AccountUc } from '@modules/account/uc/account.uc';
 import { CollaborativeStorageUc } from '@modules/collaborative-storage/uc/collaborative-storage.uc';
 import { GroupService } from '@modules/group';
 import { RocketChatService } from '@modules/rocketchat';
 import { ServerModule } from '@modules/server';
-import { TeamService } from '@modules/teams/service/team.service';
-import { NestFactory } from '@nestjs/core';
-import { ExpressAdapter } from '@nestjs/platform-express';
-import { enableOpenApiDocs } from '@shared/controller/swagger';
-import { Mail, MailService } from '@shared/infra/mail';
-import { LegacyLogger, Logger } from '@src/core/logger';
 import express from 'express';
 import { join } from 'path';
 
 // register source-map-support for debugging
-import { FeathersRosterService } from '@modules/pseudonym';
 import { install as sourceMapInstall } from 'source-map-support';
+import { FeathersRosterService } from '@modules/pseudonym';
 import legacyAppPromise = require('../../../../src/app');
 
 import { AppStartLoggable } from './helpers/app-start-loggable';

diff --git a/apps/server/src/console/api-test/database-management.console.api.spec.ts b/apps/server/src/console/api-test/database-management.console.api.spec.ts
@@ -1,5 +1,5 @@
 import { INestApplicationContext } from '@nestjs/common';
-import { ConsoleWriterService } from '@shared/infra/console';
+import { ConsoleWriterService } from '@infra/console';
 import { ServerConsoleModule } from '@src/console/console.module';
 import { CommanderError } from 'commander';
 import { BootstrapConsole, ConsoleService } from 'nestjs-console';

diff --git a/apps/server/src/console/api-test/server-console.api.spec.ts b/apps/server/src/console/api-test/server-console.api.spec.ts
@@ -2,7 +2,7 @@ import { INestApplicationContext } from '@nestjs/common';
 
 import { BootstrapConsole, ConsoleService } from 'nestjs-console';
 import { ServerConsoleModule } from '@src/console/console.module';
-import { ConsoleWriterService } from '@shared/infra/console';
+import { ConsoleWriterService } from '@infra/console';
 import { execute, TestBootstrapConsole } from './test-bootstrap.console';
 
 describe('ServerConsole (API)', () => {
-Original file line number
+Diff line change
@@ Expand Up / @@ -61,7 +61,7 @@ @@
     			},
     			{
     				"title": "S3ClientModule",
-    				"file": "../src/shared/infra/s3-client/README.md"
+    				"file": "../src/infra/s3-client/README.md"
     			}
     		]
     	}
@@ Expand Down @@