Merge branch 'main' into fix/sentry-no-user

kordis-leitstelle · Feb 1, 2024 · 78a6520 · 78a6520
2 parents 40cdd38 + beb0d5b
commit 78a6520
Show file tree

Hide file tree

Showing 8 changed files with 92 additions and 16 deletions.
diff --git a/apps/api/Dockerfile b/apps/api/Dockerfile
@@ -13,9 +13,9 @@ RUN npm --omit=dev ci
 COPY ./dist/apps/api ./
 
 # Use distroless for maximum security: https://github.com/GoogleContainerTools/distroless
-FROM gcr.io/distroless/nodejs${NODE_VERSION}-debian11
+FROM gcr.io/distroless/nodejs${NODE_VERSION}-debian12:nonroot
 
-COPY --from=builder /app /app
+COPY --chown=root:root --chmod=655 --from=builder /app /app
 WORKDIR /app
 
 ENV PORT=3333

diff --git a/apps/api/src/app/app.module.ts b/apps/api/src/app/app.module.ts
@@ -18,6 +18,7 @@ import { SharedKernel, errorFormatterFactory } from '@kordis/api/shared';
 import { AppResolver } from './app.resolver';
 import { AppService } from './app.service';
 import { GraphqlSubscriptionsController } from './controllers/graphql-subscriptions.controller';
+import { HealthCheckController } from './controllers/health-check.controller';
 import environment from './environment';
 
 const FEATURE_MODULES = [OrganizationModule];
@@ -69,6 +70,6 @@ const UTILITY_MODULES = [
 		...FEATURE_MODULES,
 	],
 	providers: [AppService, AppResolver],
-	controllers: [GraphqlSubscriptionsController],
+	controllers: [GraphqlSubscriptionsController, HealthCheckController],
 })
 export class AppModule {}
diff --git a/apps/api/src/app/controllers/health-check.controller.spec.ts b/apps/api/src/app/controllers/health-check.controller.spec.ts
@@ -0,0 +1,19 @@
+import { Test, TestingModule } from '@nestjs/testing';
+
+import { HealthCheckController } from './health-check.controller';
+
+describe('HealthCheckController', () => {
+	let controller: HealthCheckController;
+
+	beforeEach(async () => {
+		const module: TestingModule = await Test.createTestingModule({
+			controllers: [HealthCheckController],
+		}).compile();
+
+		controller = module.get<HealthCheckController>(HealthCheckController);
+	});
+
+	it('should return a resolved promise for the healthCheck method', async () => {
+		await expect(controller.healthCheck()).resolves.toBeUndefined();
+	});
+});
diff --git a/apps/api/src/app/controllers/health-check.controller.ts b/apps/api/src/app/controllers/health-check.controller.ts
@@ -0,0 +1,10 @@
+import { All, Controller, HttpCode } from '@nestjs/common';
+
+@Controller('health-check')
+export class HealthCheckController {
+	@All()
+	@HttpCode(200)
+	healthCheck(): Promise<void> {
+		return Promise.resolve();
+	}
+}
diff --git a/libs/api/auth/src/lib/interceptors/auth.interceptor.spec.ts b/libs/api/auth/src/lib/interceptors/auth.interceptor.spec.ts
@@ -3,7 +3,10 @@ import { CallHandler, UnauthorizedException } from '@nestjs/common';
 import { Observable, firstValueFrom, of } from 'rxjs';
 
 import { KordisRequest } from '@kordis/api/shared';
-import { createGqlContextForRequest } from '@kordis/api/test-helpers';
+import {
+	createGqlContextForRequest,
+	createHttpContextForRequest,
+} from '@kordis/api/test-helpers';
 import { AuthUser } from '@kordis/shared/auth';
 
 import { AuthUserExtractorStrategy } from '../auth-user-extractor-strategies/auth-user-extractor.strategy';
@@ -38,7 +41,7 @@ describe('AuthInterceptor', () => {
 		).rejects.toThrow(UnauthorizedException);
 	});
 
-	it('should continue request pipeline', async () => {
+	it('should continue request pipeline for authenticated request', async () => {
 		jest.spyOn(mockAuthUserExtractor, 'getUserFromRequest').mockReturnValue({
 			id: '123',
 			firstName: 'foo',
@@ -65,4 +68,25 @@ describe('AuthInterceptor', () => {
 			firstValueFrom(service.intercept(httpCtx, handler)),
 		).resolves.toBeTruthy();
 	});
+
+	it('should continue request pipeline for health-check request', async () => {
+		const handler = createMock<CallHandler>({
+			handle(): Observable<boolean> {
+				return of(true);
+			},
+		});
+
+		await expect(
+			firstValueFrom(
+				service.intercept(
+					createHttpContextForRequest(
+						createMock<KordisRequest>({
+							path: '/health-check',
+						}),
+					),
+					handler,
+				),
+			),
+		).resolves.toBeTruthy();
+	});
 });
diff --git a/libs/api/auth/src/lib/interceptors/auth.interceptor.ts b/libs/api/auth/src/lib/interceptors/auth.interceptor.ts
@@ -27,6 +27,10 @@ export class AuthInterceptor implements NestInterceptor {
 			req = ctx.getContext<KordisGqlContext>().req;
 		} else {
 			req = context.switchToHttp().getRequest<KordisRequest>();
+
+			if (req.path === '/health-check') {
+				return next.handle();
+			}
 		}
 
 		const possibleAuthUser = this.authUserExtractor.getUserFromRequest(req);

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -50,7 +50,7 @@
     "@trivago/prettier-plugin-sort-imports": "^4.1.1",
     "@types/dompurify": "^3.0.5",
     "@types/jest": "29.4.4",
-    "@types/node": "20.11.13",
+    "@types/node": "20.11.14",
     "@types/trusted-types": "^2.0.7",
     "@typescript-eslint/eslint-plugin": "6.14.0",
     "@typescript-eslint/parser": "6.14.0",
@@ -97,7 +97,7 @@
     "@nestjs/mongoose": "^10.0.2",
     "@nestjs/platform-express": "10.2.4",
     "@opentelemetry/instrumentation-graphql": "^0.37.0",
-    "@opentelemetry/instrumentation-mongoose": "^0.34.0",
+    "@opentelemetry/instrumentation-mongoose": "^0.35.0",
     "@opentelemetry/instrumentation-pino": "^0.34.0",
     "@opentelemetry/sdk-node": "^0.48.0",
     "@opentelemetry/sdk-trace-base": "^1.14.0",