From ccffea5432423a322c8f13a41e5adb5ca55b0c64 Mon Sep 17 00:00:00 2001 From: LaurenceYang1218 Date: Mon, 26 May 2025 19:25:21 +0800 Subject: [PATCH 01/14] modify ci --- .github/workflows/ci-test.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci-test.yml b/.github/workflows/ci-test.yml index 785c1f5..85f4cea 100644 --- a/.github/workflows/ci-test.yml +++ b/.github/workflows/ci-test.yml @@ -57,3 +57,4 @@ jobs: service: dc-manager-backend image: asia-east1-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/dc-manager-backend/dc-manager-backend-cloud:${{ github.sha }} region: asia-east1 + env_vars: PORT=4000 From 22269614fcab3144946748bd3cb36ec70f113259 Mon Sep 17 00:00:00 2001 From: LaurenceYang1218 Date: Mon, 26 May 2025 19:30:22 +0800 Subject: [PATCH 02/14] modify ci --- .github/workflows/ci-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-test.yml b/.github/workflows/ci-test.yml index 85f4cea..210d6e7 100644 --- a/.github/workflows/ci-test.yml +++ b/.github/workflows/ci-test.yml @@ -57,4 +57,4 @@ jobs: service: dc-manager-backend image: asia-east1-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/dc-manager-backend/dc-manager-backend-cloud:${{ github.sha }} region: asia-east1 - env_vars: PORT=4000 + flags: --port=4000 \ No newline at end of file From 940e9a16238889a03f8c79fe4b9352d31374115c Mon Sep 17 00:00:00 2001 From: LaurenceYang1218 Date: Mon, 26 May 2025 19:49:20 +0800 Subject: [PATCH 03/14] modify ci --- .github/workflows/ci-test.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci-test.yml b/.github/workflows/ci-test.yml index 210d6e7..173dd44 100644 --- a/.github/workflows/ci-test.yml +++ b/.github/workflows/ci-test.yml @@ -57,4 +57,7 @@ jobs: service: dc-manager-backend image: asia-east1-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/dc-manager-backend/dc-manager-backend-cloud:${{ github.sha }} region: asia-east1 - flags: --port=4000 \ No newline at end of file + flags: --port=4000,--add-cloudsql-instances=${{ secrets.CLOUD_SQL_INSTANCE }} + env_vars: | + DATABASE_URL=postgres://${{ secrets.DB_USER }}:${{ secrets.DB_PASSWORD }}@/\ + ${{ secrets.DB_NAME }}?host=/cloudsql/${{ secrets.CLOUD_SQL_INSTANCE }} \ No newline at end of file From b655e0c5febf01e711f468c224f00919f1f373d0 Mon Sep 17 00:00:00 2001 From: LaurenceYang1218 Date: Mon, 26 May 2025 19:53:38 +0800 Subject: [PATCH 04/14] modify ci --- .github/workflows/ci-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-test.yml b/.github/workflows/ci-test.yml index 173dd44..3e59282 100644 --- a/.github/workflows/ci-test.yml +++ b/.github/workflows/ci-test.yml @@ -57,7 +57,7 @@ jobs: service: dc-manager-backend image: asia-east1-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/dc-manager-backend/dc-manager-backend-cloud:${{ github.sha }} region: asia-east1 - flags: --port=4000,--add-cloudsql-instances=${{ secrets.CLOUD_SQL_INSTANCE }} + flags: --port=4000 --add-cloudsql-instances=${{ secrets.CLOUD_SQL_INSTANCE }} env_vars: | DATABASE_URL=postgres://${{ secrets.DB_USER }}:${{ secrets.DB_PASSWORD }}@/\ ${{ secrets.DB_NAME }}?host=/cloudsql/${{ secrets.CLOUD_SQL_INSTANCE }} \ No newline at end of file From 2a150c50365f6e0c0b597a843efc7b271c11d0ee Mon Sep 17 00:00:00 2001 From: eric891224 Date: Mon, 26 May 2025 20:05:58 +0800 Subject: [PATCH 05/14] add IPPool, IPAddress to rbac --- src/domain/rbac/policy.ts | 10 ++++++++++ src/presentation/server/middleware/auth.middleware.ts | 2 ++ 2 files changed, 12 insertions(+) diff --git a/src/domain/rbac/policy.ts b/src/domain/rbac/policy.ts index 81d7f2a..957da5f 100644 --- a/src/domain/rbac/policy.ts +++ b/src/domain/rbac/policy.ts @@ -11,6 +11,8 @@ const resources = [ "Machine", "Service", "Subnet", + "IPPool", + "IPAddress" "User" ] as const export type Resource = (typeof resources)[number] @@ -56,6 +58,14 @@ export const POLICY: RBACPolicy = { resource: "Subnet", action: ["read"] }, + { + resource: "IPPool", + action: ["read"] + }, + { + resource: "IPAddress", + action: ["read"] + }, { resource: "User", action: ["*"] diff --git a/src/presentation/server/middleware/auth.middleware.ts b/src/presentation/server/middleware/auth.middleware.ts index 213a346..b5bf5d1 100644 --- a/src/presentation/server/middleware/auth.middleware.ts +++ b/src/presentation/server/middleware/auth.middleware.ts @@ -67,6 +67,8 @@ const resourceToResourceMap: Record = { machine: "Machine", service: "Service", subnet: "Subnet", + "ip-pool": "IPPool", + "ip-address": "IPAddress", user: "User", auth: "User" } From 944b8bc31d526a5372e435514c907e1eb43da992 Mon Sep 17 00:00:00 2001 From: eric891224 Date: Mon, 26 May 2025 20:10:16 +0800 Subject: [PATCH 06/14] add , --- src/domain/rbac/policy.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/domain/rbac/policy.ts b/src/domain/rbac/policy.ts index 957da5f..acf9702 100644 --- a/src/domain/rbac/policy.ts +++ b/src/domain/rbac/policy.ts @@ -12,7 +12,7 @@ const resources = [ "Service", "Subnet", "IPPool", - "IPAddress" + "IPAddress", "User" ] as const export type Resource = (typeof resources)[number] From 613aa036f719f4e957479aa73638fb09bd998d58 Mon Sep 17 00:00:00 2001 From: LaurenceYang1218 Date: Mon, 26 May 2025 20:19:30 +0800 Subject: [PATCH 07/14] update ci --- .github/workflows/ci-test.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci-test.yml b/.github/workflows/ci-test.yml index 3e59282..aa898f5 100644 --- a/.github/workflows/ci-test.yml +++ b/.github/workflows/ci-test.yml @@ -60,4 +60,6 @@ jobs: flags: --port=4000 --add-cloudsql-instances=${{ secrets.CLOUD_SQL_INSTANCE }} env_vars: | DATABASE_URL=postgres://${{ secrets.DB_USER }}:${{ secrets.DB_PASSWORD }}@/\ - ${{ secrets.DB_NAME }}?host=/cloudsql/${{ secrets.CLOUD_SQL_INSTANCE }} \ No newline at end of file + ${{ secrets.DB_NAME }}?host=/cloudsql/${{ secrets.CLOUD_SQL_INSTANCE }} + ACCESS_SECRET=${{ secrets.ACCESS_SECRET }} + REFRESH_SECRET=${{ secrets.REFRESH_SECRET }} \ No newline at end of file From 9fe5ec4052e08db2d9fa3078f9588dbeb75d808f Mon Sep 17 00:00:00 2001 From: LaurenceYang1218 Date: Mon, 26 May 2025 20:33:39 +0800 Subject: [PATCH 08/14] update ci --- .github/workflows/ci-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-test.yml b/.github/workflows/ci-test.yml index 3e59282..aa0b6fc 100644 --- a/.github/workflows/ci-test.yml +++ b/.github/workflows/ci-test.yml @@ -57,7 +57,7 @@ jobs: service: dc-manager-backend image: asia-east1-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/dc-manager-backend/dc-manager-backend-cloud:${{ github.sha }} region: asia-east1 - flags: --port=4000 --add-cloudsql-instances=${{ secrets.CLOUD_SQL_INSTANCE }} + flags: --port=4000 --allow-unauthenticated --add-cloudsql-instances=${{ secrets.CLOUD_SQL_INSTANCE }} env_vars: | DATABASE_URL=postgres://${{ secrets.DB_USER }}:${{ secrets.DB_PASSWORD }}@/\ ${{ secrets.DB_NAME }}?host=/cloudsql/${{ secrets.CLOUD_SQL_INSTANCE }} \ No newline at end of file From de9c9bd4871b76878368e589a188a55260b51f22 Mon Sep 17 00:00:00 2001 From: LaurenceYang1218 Date: Mon, 26 May 2025 20:45:19 +0800 Subject: [PATCH 09/14] update ci --- .github/workflows/ci-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-test.yml b/.github/workflows/ci-test.yml index aa898f5..0f4adeb 100644 --- a/.github/workflows/ci-test.yml +++ b/.github/workflows/ci-test.yml @@ -57,7 +57,7 @@ jobs: service: dc-manager-backend image: asia-east1-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/dc-manager-backend/dc-manager-backend-cloud:${{ github.sha }} region: asia-east1 - flags: --port=4000 --add-cloudsql-instances=${{ secrets.CLOUD_SQL_INSTANCE }} + flags: --port=4000 --allow-authenticated --add-cloudsql-instances=${{ secrets.CLOUD_SQL_INSTANCE }} env_vars: | DATABASE_URL=postgres://${{ secrets.DB_USER }}:${{ secrets.DB_PASSWORD }}@/\ ${{ secrets.DB_NAME }}?host=/cloudsql/${{ secrets.CLOUD_SQL_INSTANCE }} From fb2a98e0c3721690a08a2ca9b103399778ea571e Mon Sep 17 00:00:00 2001 From: LaurenceYang1218 Date: Mon, 26 May 2025 20:47:24 +0800 Subject: [PATCH 10/14] update ci --- .github/workflows/ci-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-test.yml b/.github/workflows/ci-test.yml index 0f4adeb..dd22f5b 100644 --- a/.github/workflows/ci-test.yml +++ b/.github/workflows/ci-test.yml @@ -57,7 +57,7 @@ jobs: service: dc-manager-backend image: asia-east1-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/dc-manager-backend/dc-manager-backend-cloud:${{ github.sha }} region: asia-east1 - flags: --port=4000 --allow-authenticated --add-cloudsql-instances=${{ secrets.CLOUD_SQL_INSTANCE }} + flags: --port=4000 --allow-unauthenticated --add-cloudsql-instances=${{ secrets.CLOUD_SQL_INSTANCE }} env_vars: | DATABASE_URL=postgres://${{ secrets.DB_USER }}:${{ secrets.DB_PASSWORD }}@/\ ${{ secrets.DB_NAME }}?host=/cloudsql/${{ secrets.CLOUD_SQL_INSTANCE }} From 46497a73d160b26f2cd0714d1bc7662ca93b2bf9 Mon Sep 17 00:00:00 2001 From: LaurenceYang1218 Date: Mon, 26 May 2025 21:10:16 +0800 Subject: [PATCH 11/14] update ci flow --- .github/workflows/ci-test.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci-test.yml b/.github/workflows/ci-test.yml index dd22f5b..8a32eae 100644 --- a/.github/workflows/ci-test.yml +++ b/.github/workflows/ci-test.yml @@ -29,7 +29,11 @@ jobs: - name: Run Tests run: npm run test - + deploy: + needs: test + runs-on: ubuntu-latest + + steps: - name: Authenticate to Google Cloud uses: google-github-actions/auth@v2 with: From e611044f84edf9e858ed75cd01fd18b6ab48463e Mon Sep 17 00:00:00 2001 From: LaurenceYang1218 Date: Mon, 26 May 2025 21:12:02 +0800 Subject: [PATCH 12/14] update ci flow --- .github/workflows/ci-test.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci-test.yml b/.github/workflows/ci-test.yml index 8a32eae..5f45bf5 100644 --- a/.github/workflows/ci-test.yml +++ b/.github/workflows/ci-test.yml @@ -32,8 +32,11 @@ jobs: deploy: needs: test runs-on: ubuntu-latest - + steps: + - name: Checkout Repository + uses: actions/checkout@v4 + - name: Authenticate to Google Cloud uses: google-github-actions/auth@v2 with: From 897f236869c093dacad227971987023ff58622d9 Mon Sep 17 00:00:00 2001 From: LaurenceYang1218 Date: Mon, 26 May 2025 21:26:29 +0800 Subject: [PATCH 13/14] update cookie policy --- src/presentation/server/controllers/auth.controller.ts | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/presentation/server/controllers/auth.controller.ts b/src/presentation/server/controllers/auth.controller.ts index 7c2819e..42ab7d3 100644 --- a/src/presentation/server/controllers/auth.controller.ts +++ b/src/presentation/server/controllers/auth.controller.ts @@ -25,8 +25,8 @@ export async function userRegister(req: Request, res: Response) { ) res.cookie('refreshToken', refreshToken, { httpOnly: true, - secure: false, - sameSite: 'strict' + secure: process.env.NODE_ENV === 'prod', + sameSite: process.env.NODE_ENV === 'prod' ? 'none' : 'strict' }) res.status(201).json({ @@ -59,8 +59,8 @@ export async function userLogin(req: Request, res: Response) { ) res.cookie('refreshToken', refreshToken, { httpOnly: true, - secure: false, - sameSite: 'strict' + secure: process.env.NODE_ENV === 'prod', + sameSite: process.env.NODE_ENV === 'prod' ? 'none' : 'strict' }) res.status(200).json({ From 1fdd5d94700265a8602705ce11cb14af9617330c Mon Sep 17 00:00:00 2001 From: LaurenceYang1218 Date: Mon, 26 May 2025 21:27:53 +0800 Subject: [PATCH 14/14] update ci --- .github/workflows/ci-test.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci-test.yml b/.github/workflows/ci-test.yml index 5f45bf5..a6e99bd 100644 --- a/.github/workflows/ci-test.yml +++ b/.github/workflows/ci-test.yml @@ -66,6 +66,7 @@ jobs: region: asia-east1 flags: --port=4000 --allow-unauthenticated --add-cloudsql-instances=${{ secrets.CLOUD_SQL_INSTANCE }} env_vars: | + NODE_ENV=prod DATABASE_URL=postgres://${{ secrets.DB_USER }}:${{ secrets.DB_PASSWORD }}@/\ ${{ secrets.DB_NAME }}?host=/cloudsql/${{ secrets.CLOUD_SQL_INSTANCE }} ACCESS_SECRET=${{ secrets.ACCESS_SECRET }}