From fa0598603579ea38fd2fc9e3031985b704197b0e Mon Sep 17 00:00:00 2001 From: alexeh Date: Sat, 21 Sep 2024 07:25:21 +0200 Subject: [PATCH] add new env vars to repo and docker build --- .github/workflows/deploy.yml | 8 ++++++-- api/Dockerfile | 16 ++++++++++++---- infrastructure/main.tf | 2 +- infrastructure/modules/env/api_env_vars.tf | 19 +++++++++++++++++-- 4 files changed, 36 insertions(+), 9 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index bb71aed8..978230d4 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -130,8 +130,12 @@ jobs: DB_NAME=${{ secrets.DB_NAME }} DB_USERNAME=${{ secrets.DB_USERNAME }} DB_PASSWORD=${{ secrets.DB_PASSWORD }} - JWT_SECRET=${{ secrets.JWT_SECRET }} - JWT_EXPIRES_IN=${{ vars.JWT_EXPIRES_IN }} + ACCESS_TOKEN_SECRET=${{ secrets.ACCESS_TOKEN_SECRET }} + ACCESS_TOKEN_SECRET=${{ vars.ACCESS_TOKEN_SECRET }} + RESET_PASSWORD_TOKEN_SECRET=${{ secrets.ACCESS_TOKEN_SECRET }} + RESET_PASSWORD_TOKEN_EXPIRES_IN=${{ secrets.RESET_PASSWORD_TOKEN_EXPIRES_IN }} + EMAIL_CONFIRMATION_TOKEN_SECRET=${{ secrets.EMAIL_CONFIRMATION_TOKEN_SECRET }} + EMAIL_CONFIRMATION_TOKEN_EXPIRES_IN=${{ secrets.EMAIL_CONFIRMATION_TOKEN_EXPIRES_IN }} AWS_SES_ACCESS_KEY_ID=${{ secrets.AWS_SES_ACCESS_KEY_ID }} AWS_SES_ACCESS_KEY_SECRET=${{ secrets.AWS_SES_ACCESS_KEY_SECRET }} AWS_SES_DOMAIN=${{ secrets.AWS_SES_DOMAIN }} diff --git a/api/Dockerfile b/api/Dockerfile index a5054074..1227ee64 100644 --- a/api/Dockerfile +++ b/api/Dockerfile @@ -5,8 +5,12 @@ ARG DB_PORT ARG DB_NAME ARG DB_USERNAME ARG DB_PASSWORD -ARG JWT_SECRET -ARG JWT_EXPIRES_IN +ARG ACCESS_TOKEN_SECRET +ARG ACCESS_TOKEN_EXPIRES_IN +ARG RESET_PASSWORD_TOKEN_SECRET +ARG RESET_PASSWORD_TOKEN_EXPIRES_IN +ARG EMAIL_CONFIRMATION_TOKEN_SECRET +ARG EMAIL_CONFIRMATION_TOKEN_EXPIRES_IN ARG AWS_SES_ACCESS_KEY_ID ARG AWS_SES_ACCESS_KEY_SECRET ARG AWS_SES_DOMAIN @@ -17,8 +21,12 @@ ENV DB_PORT $DB_PORT ENV DB_NAME $DB_NAME ENV DB_USERNAME $DB_USERNAME ENV DB_PASSWORD $DB_PASSWORD -ENV JWT_SECRET $JWT_SECRET -ENV JWT_EXPIRES_IN $JWT_EXPIRES_IN +ENV ACCESS_TOKEN_SECRET $ACCESS_TOKEN_SECRET +ENV ACCESS_TOKEN_SECRET $ACCESS_TOKEN_EXPIRES_IN +ENV RESET_PASSWORD_TOKEN_SECRET $RESET_PASSWORD_TOKEN_SECRET +ENV RESET_PASSWORD_TOKEN_EXPIRES_IN $RESET_PASSWORD_TOKEN_EXPIRES_IN +ENV EMAIL_CONFIRMATION_TOKEN_SECRET $EMAIL_CONFIRMATION_TOKEN_SECRET +ENV EMAIL_CONFIRMATION_TOKEN_EXPIRES_IN $EMAIL_CONFIRMATION_TOKEN_EXPIRES_IN ENV AWS_SES_ACCESS_KEY_ID $AWS_SES_ACCESS_KEY_ID ENV AWS_SES_ACCESS_KEY_SECRET $AWS_SES_ACCESS_KEY_SECRET ENV AWS_SES_DOMAIN $AWS_SES_DOMAIN diff --git a/infrastructure/main.tf b/infrastructure/main.tf index dc766353..fee86b17 100644 --- a/infrastructure/main.tf +++ b/infrastructure/main.tf @@ -119,7 +119,7 @@ module "dev" { elasticbeanstalk_iam_service_linked_role_name = aws_iam_service_linked_role.elasticbeanstalk.name cname_prefix = "blue-carbon-cost-tool-dev-environment" rds_instance_class = "db.t3.micro" - rds_engine_version = "15.5" + rds_engine_version = "15.7" rds_backup_retention_period = 3 repo_name = var.project_name github_owner = var.github_owner diff --git a/infrastructure/modules/env/api_env_vars.tf b/infrastructure/modules/env/api_env_vars.tf index a5664ff0..6fcbd0e7 100644 --- a/infrastructure/modules/env/api_env_vars.tf +++ b/infrastructure/modules/env/api_env_vars.tf @@ -1,5 +1,15 @@ +resource "random_password" "access_token_secret" { + length = 32 + special = true + override_special = "!#%&*()-_=+[]{}<>:?" +} -resource "random_password" "jwt_secret" { +resource "random_password" "reset_password_token_secret" { + length = 32 + special = true + override_special = "!#%&*()-_=+[]{}<>:?" +} +resource "random_password" "email_confirmation_token_secret" { length = 32 special = true override_special = "!#%&*()-_=+[]{}<>:?" @@ -16,7 +26,12 @@ locals { DB_PASSWORD = module.postgresql.password DB_USERNAME = module.postgresql.username DB_PORT = module.postgresql.port - JWT_SECRET = random_password.jwt_secret.result + ACCESS_TOKEN_SECRET = random_password.access_token_secret.result + ACCESS_TOKEN_EXPIRES_IN = "24h" + RESET_PASSWORD_TOKEN_SECRET = random_password.reset_password_token_secret.result + RESET_PASSWORD_TOKEN_EXPIRES_IN = "24h" + EMAIL_CONFIRMATION_TOKEN_SECRET = random_password.email_confirmation_token_secret.result + EMAIL_CONFIRMATION_TOKEN_EXPIRES_IN = "24h" AWS_SES_ACCESS_KEY_ID = aws_iam_access_key.email_user_access_key.id AWS_SES_ACCESS_KEY_SECRET = aws_iam_access_key.email_user_access_key.secret AWS_SES_DOMAIN = module.email.mail_from_domain