[Closes #160] Update CloudFormation template to use LaunchTemplate (#161

)

* Update Dockerfile postgres install

* Fix env vars, create config to support LaunchTemplate

* Generate prisma client as part of build

* Generate 32 byte session secret

Dockerfile

@@ -7,11 +7,14 @@ ARG TARGETARCH
 ENV APP_HOME=/opt/node/app
 
 # Install postgres dependencies
-RUN wget -q https://www.postgresql.org/media/keys/ACCC4CF8.asc -O - | apt-key add - && \
-    echo "deb http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main" >> /etc/apt/sources.list.d/pgdg.list && \
-    apt-get update -y && \
-    apt-get install -y postgresql-client-17 && \
-    apt-get clean
+RUN apt update -y && \
+    apt install -y curl ca-certificates && \
+    install -d /usr/share/postgresql-common/pgdg && \
+    curl -o /usr/share/postgresql-common/pgdg/apt.postgresql.org.asc --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc && \
+    sh -c 'echo "deb [signed-by=/usr/share/postgresql-common/pgdg/apt.postgresql.org.asc] https://apt.postgresql.org/pub/repos/apt bookworm-pgdg main" > /etc/apt/sources.list.d/pgdg.list' && \
+    apt update -y && \
+    apt install -y postgresql-client-17 && \
+    apt clean
 
 # Install docker dependencies
 RUN install -m 0755 -d /etc/apt/keyrings && \
@@ -21,12 +24,12 @@ RUN install -m 0755 -d /etc/apt/keyrings && \
         "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
         $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
         tee /etc/apt/sources.list.d/docker.list > /dev/null && \
-    apt-get update -y && \
-    apt-get install -y docker-ce-cli docker-buildx-plugin && \
-    apt-get clean
+    apt update -y && \
+    apt install -y docker-ce-cli docker-buildx-plugin && \
+    apt clean
 
 # Install AWS cli dependencies
-RUN apt-get install -y jq less zip && \
+RUN apt install -y jq less zip && \
     if [ "$TARGETARCH" = "amd64" ]; then \
         curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"; \
     elif [ "$TARGETARCH" = "arm64" ]; then \
@@ -47,9 +50,10 @@ RUN mkdir -p $APP_HOME
 ADD . $APP_HOME
 WORKDIR $APP_HOME
 
-# Install dependencies, build client app
+# Install dependencies, build client app, generate server prisma client
 RUN npm install && \
-    npm run build -w client
+    npm run build -w client && \
+    npm run prisma:generate -w server
 
 # Set up default command to run Node on port 3000
 EXPOSE 3000

deploy/aws/create

@@ -13,7 +13,7 @@ read -p "Dry run (staging SSL certs)? [y/n]: " DRY_RUN
 [[ $DRY_RUN = "n" ]] && LETSENCRYPT_OPTS="" || LETSENCRYPT_OPTS="--test-cert"
 
 DB_PASSWORD=`echo $RANDOM | md5sum | head -c 20`
-SESSION_SECRET=`echo $RANDOM | md5sum | head -c 32`
+SESSION_SECRET=`echo $RANDOM | md5sum | head -c 32``echo $RANDOM | md5sum | head -c 32`
 
 SOLUTION_STACK_NAME=`aws elasticbeanstalk list-available-solution-stacks --output text | grep -m 1 -oP "SOLUTIONSTACKS\t\K64bit Amazon Linux 2023 v4\.[^ ]+ running ECS"`
 

deploy/aws/create.cfn.json

@@ -496,6 +496,11 @@
             "OptionName": "RootVolumeSize",
             "Value": 16
           },
+          {
+            "Namespace": "aws:autoscaling:launchconfiguration",
+            "OptionName": "RootVolumeType",
+            "Value": "gp3"
+          },
           {
             "Namespace": "aws:autoscaling:launchconfiguration",
             "OptionName": "SecurityGroups",

server/example.env

@@ -2,18 +2,19 @@ AWS_CLOUDFRONT_DOMAIN=
 AWS_CLOUDFRONT_KEYPAIR_ID=
 AWS_CLOUDFRONT_PRIVATE_KEY=
 AWS_S3_ACCESS_KEY_ID=
-AWS_S3_SECRET_ACCESS_KEY=
 AWS_S3_BUCKET=
 AWS_S3_ENDPOINT=
 AWS_S3_REGION=
+AWS_S3_SECRET_ACCESS_KEY=
 AWS_S3_SIGNER_ENDPOINT=
-AWS_SES_REGION=
 AWS_SES_ACCESS_KEY_ID=
+AWS_SES_REGION=
 AWS_SES_SECRET_ACCESS_KEY=
 BASE_URL=http://localhost:5000
 DATABASE_URL=
-MAILER_FROM=[email protected]
-SESSION_SECRET_KEY=f0d10894891af0dd21871df84e613ba648c2a21995266fd5cb663bff7de9147c
+SESSION_SECRET=f0d10894891af0dd21871df84e613ba648c2a21995266fd5cb663bff7de9147c
+SMTP_ENABLED=true
+SMTP_FROM_EMAIL_ADDRESS=[email protected]
 SMTP_HOST=
 SMTP_PORT=
 SMTP_USER=

server/lib/mailer.js

@@ -44,7 +44,7 @@ const transport = nodemailer.createTransport(options);
 
 const mailer = new Email({
   message: {
-    from: process.env.MAILER_FROM,
+    from: process.env.SMTP_FROM_EMAIL_ADDRESS,
   },
   send: true,
   transport,
@@ -57,6 +57,9 @@ const mailer = new Email({
 });
 
 async function send (options) {
+  if (process.env.SMTP_ENABLED !== 'true') {
+    return;
+  }
   options.locals ||= {};
   options.locals._layout = {
     BASE_URL: process.env.BASE_URL,

server/package.json

@@ -10,6 +10,7 @@
     "dev": "fastify start -w -l info -P app.js",
     "lint": "eslint --fix",
     "pretest": "eslint",
+    "prisma:generate": "prisma generate",
     "prisma:studio": "prisma studio",
     "start": "fastify start -l info app.js",
     "test": "node --test $(find test -name '*.test.js')"

server/plugins/auth.js

@@ -6,7 +6,7 @@ import User from '#models/user.js';
 export default fp(async function (fastify) {
   // set up secure encrypted cookie-based sessions
   await fastify.register(import('@fastify/secure-session'), {
-    key: Buffer.from(process.env.SESSION_SECRET_KEY, 'hex'),
+    key: Buffer.from(process.env.SESSION_SECRET, 'hex'),
     cookie: {
       path: '/',
       httpOnly: true,