diff --git a/Dockerfile.tools b/Dockerfile.tools index a06c63464..52d3d57ac 100644 --- a/Dockerfile.tools +++ b/Dockerfile.tools @@ -15,8 +15,9 @@ RUN ["make", "service-build"] CMD ["make", "service-start"] # Production -FROM mongo:4.2.14 AS production -ENV ENV="/home/tidepool/.bashrc" DEBIAN_FRONTEND="noninteractive" +FROM mongo:6.0.5 AS production +# this statically set $HOME is non-ideal, but is to combat it being hardcoded to /data/db upstream +ENV HOME="/home/tidepool/" DEBIAN_FRONTEND="noninteractive" RUN apt -y update && \ apt -y install ca-certificates tzdata && \ adduser --disabled-password tidepool diff --git a/auth/client/client_test.go b/auth/client/client_test.go index eb8db4f0a..7de2e3631 100644 --- a/auth/client/client_test.go +++ b/auth/client/client_test.go @@ -51,6 +51,7 @@ var _ = Describe("Client", func() { Expect(config).ToNot(BeNil()) Expect(config.Config).ToNot(BeNil()) config.Config.Address = testHttp.NewAddress() + config.ExternalConfig.PathPrefix = "auth" config.Config.UserAgent = testHttp.NewUserAgent() config.Config.ServiceSecret = authTest.NewServiceSecret() config.ExternalConfig.Address = testHttp.NewAddress() @@ -112,6 +113,7 @@ var _ = Describe("Client", func() { Expect(config).ToNot(BeNil()) Expect(config.Config).ToNot(BeNil()) config.Config.Address = server.URL() + config.ExternalConfig.PathPrefix = "auth" config.Config.UserAgent = testHttp.NewUserAgent() config.Config.ServiceSecret = authTest.NewServiceSecret() config.ExternalConfig.Address = server.URL() diff --git a/auth/client/external.go b/auth/client/external.go index 54db9ab2c..33a592f36 100644 --- a/auth/client/external.go +++ b/auth/client/external.go @@ -60,6 +60,8 @@ type ExternalConfig struct { *platform.Config ServerSessionTokenSecret string ServerSessionTokenTimeout time.Duration + // PathPrefix is the prefix to include in all calls to the external service, if any. + PathPrefix string } func NewExternalConfig() *ExternalConfig { @@ -83,6 +85,7 @@ func (e *ExternalConfig) Load(configReporter config.Reporter) error { } e.ServerSessionTokenTimeout = time.Duration(serverSessionTokenTimeoutInteger) * time.Second } + e.PathPrefix = configReporter.GetWithDefault("path_prefix", "auth") return nil } @@ -110,6 +113,7 @@ type External struct { serverSessionTokenTimeout time.Duration serverSessionTokenMutex sync.Mutex serverSessionTokenSafe string + pathPrefix string closingChannel chan chan bool } @@ -139,6 +143,7 @@ func NewExternal(cfg *ExternalConfig, authorizeAs platform.AuthorizeAs, name str name: name, serverSessionTokenSecret: cfg.ServerSessionTokenSecret, serverSessionTokenTimeout: cfg.ServerSessionTokenTimeout, + pathPrefix: cfg.PathPrefix, }, nil } @@ -204,7 +209,7 @@ func (e *External) ValidateSessionToken(ctx context.Context, token string) (requ IsServer bool UserID string } - if err := e.client.RequestData(ctx, "GET", e.client.ConstructURL("auth", "token", token), nil, nil, &result); err != nil { + if err := e.client.RequestData(ctx, "GET", e.client.ConstructURL(e.pathPrefix, "token", token), nil, nil, &result); err != nil { return nil, err } @@ -305,7 +310,7 @@ func (e *External) refreshServerSessionToken() error { e.logger.Debug("Refreshing server session token") requestMethod := "POST" - requestURL := e.client.ConstructURL("auth", "serverlogin") + requestURL := e.client.ConstructURL(e.pathPrefix, "serverlogin") request, err := http.NewRequest(requestMethod, requestURL, nil) if err != nil { return errors.Wrapf(err, "unable to create new request for %s %s", requestMethod, requestURL) diff --git a/client/client.go b/client/client.go index eb4682250..7802ff56a 100644 --- a/client/client.go +++ b/client/client.go @@ -40,7 +40,11 @@ func New(cfg *Config) (*Client, error) { func (c *Client) ConstructURL(paths ...string) string { segments := []string{} for _, path := range paths { - segments = append(segments, url.PathEscape(strings.Trim(path, "/"))) + escapedPath := url.PathEscape(strings.Trim(path, "/")) + if escapedPath == "" { + continue + } + segments = append(segments, escapedPath) } return fmt.Sprintf("%s/%s", strings.TrimRight(c.address, "/"), strings.Join(segments, "/")) } diff --git a/env.sh b/env.sh index 83e56e7f8..dad312de3 100644 --- a/env.sh +++ b/env.sh @@ -30,6 +30,7 @@ export TIDEPOOL_PERMISSION_CLIENT_ADDRESS="http://localhost:8009" export TIDEPOOL_TASK_CLIENT_ADDRESS="http://localhost:8009" export TIDEPOOL_USER_CLIENT_ADDRESS="http://localhost:8009" +export TIDEPOOL_AUTH_CLIENT_EXTERNAL_PATH_PREFIX="auth" export TIDEPOOL_AUTH_CLIENT_EXTERNAL_ADDRESS="http://localhost:8009" export TIDEPOOL_AUTH_CLIENT_EXTERNAL_SERVER_SESSION_TOKEN_SECRET="This needs to be the same secret everywhere. YaHut75NsK1f9UKUXuWqxNN0RUwHFBCy" diff --git a/tools/ashrc b/tools/ashrc index 4b9827a08..63e8147d9 100644 --- a/tools/ashrc +++ b/tools/ashrc @@ -1,7 +1,7 @@ # NOTE: admin and readonly usernames are assembled by attaching mongo-*-readonly and mongo-*-admin around the last dashed term in the service TIDEPOOL_STORE_USERNAME -alias mongo=$'/usr/bin/mongo "${TIDEPOOL_STORE_SCHEME}://${TIDEPOOL_STORE_ADDRESSES}/${TIDEPOOL_STORE_DATABASE}?${TIDEPOOL_STORE_OPT_PARAMS}" $( [ "$TIDEPOOL_STORE_TLS" == "true" ] && echo "--tls" ) --username "mongo-${TIDEPOOL_STORE_USERNAME##*-}-readonly" ${TIDEPOOL_STORE_PASSWORD:+-p "$TIDEPOOL_STORE_PASSWORD"}' +alias mongo=$'/usr/bin/mongosh "${TIDEPOOL_STORE_SCHEME}://${TIDEPOOL_STORE_ADDRESSES}/${TIDEPOOL_STORE_DATABASE}?${TIDEPOOL_STORE_OPT_PARAMS}" $( [ "$TIDEPOOL_STORE_TLS" == "true" ] && echo "--tls" ) --username "mongo-${TIDEPOOL_STORE_USERNAME##*-}-readonly" ${TIDEPOOL_STORE_PASSWORD:+-p "$TIDEPOOL_STORE_PASSWORD"}' -alias mongow=$'/usr/bin/mongo "${TIDEPOOL_STORE_SCHEME}://${TIDEPOOL_STORE_ADDRESSES}/${TIDEPOOL_STORE_DATABASE}?${TIDEPOOL_STORE_OPT_PARAMS}" $( [ "$TIDEPOOL_STORE_TLS" == "true" ] && echo "--tls" ) --username "$TIDEPOOL_STORE_USERNAME -p' +alias mongow=$'/usr/bin/mongosh "${TIDEPOOL_STORE_SCHEME}://${TIDEPOOL_STORE_ADDRESSES}/${TIDEPOOL_STORE_DATABASE}?${TIDEPOOL_STORE_OPT_PARAMS}" $( [ "$TIDEPOOL_STORE_TLS" == "true" ] && echo "--tls" ) --username "$TIDEPOOL_STORE_USERNAME -p' -alias mongoa=$'/usr/bin/mongo "${TIDEPOOL_STORE_SCHEME}://${TIDEPOOL_STORE_ADDRESSES}/${TIDEPOOL_STORE_DATABASE}?${TIDEPOOL_STORE_OPT_PARAMS}" $( [ "$TIDEPOOL_STORE_TLS" == "true" ] && echo "--tls" ) --username "mongo-${TIDEPOOL_STORE_USERNAME##*-}-admin" -p' +alias mongoa=$'/usr/bin/mongosh "${TIDEPOOL_STORE_SCHEME}://${TIDEPOOL_STORE_ADDRESSES}/${TIDEPOOL_STORE_DATABASE}?${TIDEPOOL_STORE_OPT_PARAMS}" $( [ "$TIDEPOOL_STORE_TLS" == "true" ] && echo "--tls" ) --username "mongo-${TIDEPOOL_STORE_USERNAME##*-}-admin" -p'