diff --git a/.env.sample b/.env.sample index 74a004c..8e66b3e 100644 --- a/.env.sample +++ b/.env.sample @@ -1,8 +1,27 @@ -AVM_MICROSERVICE_HOST=localhost:7200 -FIREBASE_CREDENTIALS= -FIREBASE_PROJECT_ID= -ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY= -ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY= -ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT= -RAILS_LOG_LEVEL= -ROOT_URL_REDIRECT= \ No newline at end of file +# ---- required in all environments ---- +ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=wdquAMgEOvYATXZzH2qWYhAT-d33R5s9NBaT3u0NTuE # random base64 encoded 32 bytes (should result in 44 characters) +ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=uY3Dcm4RmTeSaILJZvD3Bk34zB7FttZLDwIMoM3YutE # random base64 encoded 32 bytes (should result in 44 characters) +ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=Gsx8gdeRzLlWS6qWnpPglEIDI_mn2t4tyUkoeChZ7Ho # random base64 encoded 32 bytes (should result in 44 characters) +AVM_MICROSERVICE_HOST=localhost:7200 # host of the AVM service + + +# ---- required in produciton environment ---- +DATABASE_URL=postgres://avm_server:password@pg-host:5432/avm_server_production +SECRET_KEY_BASE=be48dd3219138cc04cbdb48fb5324a4fb1a043c3db892ecf00087d895b97ea21bc5a64fddaa3835373cf2d3d62d8c4546a0359b68f6cc42278a5cc64bdfa9a5a # random 64 bytes in hex + + +# ---- rails app envs ---- +RAILS_ENV=development # development, test, production +RAILS_LOG_LEVEL=info # error, warn, info +RAILS_LOG_TO_STDOUT=true # true, false - defaults to false in production; recommended to set to true for containered deployments + + +# ---- optional ---- +APPLE_APP_SITE_ASSOCIATION=e30= # Base64 encoded content of Apple's /.well-known/apple-app-site-associaton file +ANDROID_ASSTELINKS=e30= # Base64 encoded contant of Andorid's /.well-known/assetlink.json file + +FIREBASE_CREDENTIALS= # needed for Firebase Cloud Messaging - notifications +FIREBASE_PROJECT_ID= # needed for Firebase Cloud Messaging - notifications + +ROOT_URL_REDIRECT=https://example.com/ # where to redirect root path request "/" +QR_CODE_URL_REDIRECT=https://example.com/ # where to redirect "/qr-code" request diff --git a/.gitlab/auto-deploy-values.yaml b/.gitlab/auto-deploy-values.yaml index 84ee94a..34430b1 100644 --- a/.gitlab/auto-deploy-values.yaml +++ b/.gitlab/auto-deploy-values.yaml @@ -34,10 +34,3 @@ persistence: accessMode: ReadWriteMany size: 1Gi storageClass: nfs-client - - name: autogram-server-well-known - mount: - path: /app/public/.well-known - claim: - accessMode: ReadWriteMany - size: 1Mi - storageClass: nfs-client diff --git a/README.md b/README.md index 2229fe0..cab9af4 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,8 @@ Projekt sa skladá z viacerých častí: ## Ako si to rozbehnúť +### Development prostredie + - Je potrebné si nainštalovať správnu verziu Ruby. To sa najlepšie robí cez [RVM](https://rvm.io/) alebo [Rbenv](https://github.com/rbenv/rbenv). - Aplikácia vyžaduje PostgreSQL databázu. - Skopírovať `.env.sample` do `.env` a nastaviť hodnoty. @@ -28,6 +30,17 @@ bundle exec rails db:setup bundle esec rails s ``` +### Produkčné nasadenie v kontajneri + +- Je potrebné si vybuildiť Docker image na základe poskytnutého Dockerfile. +- Volume pre šifrované ukladanie podpisovaných súborov v `/app/storage` +- Premenné prosredia sú bližšie popísané v `.env.sample`, pričom tieto sú nevyhnutné pre produkčné nasadenie: + - PostgreSQL a connection string v `DATABASE_URL` + - Adresa [AVM Service](https://github.com/slovensko-digital/avm-service) inštnacie v `AVM_MICROSERVICE_HOST` + - Nastavené ENVs `ACTIVE_RECORD_ENCRYPTION_*` + - Nastavený ENV `SECRET_KEY_BASE` + - Nastavený ENV `RAILS_ENV=production` + ## Architektúra riešenia diff --git a/app/controllers/apple_controller.rb b/app/controllers/apple_controller.rb deleted file mode 100644 index 41c7f0f..0000000 --- a/app/controllers/apple_controller.rb +++ /dev/null @@ -1,20 +0,0 @@ -class AppleController < ApplicationController - def apple_app_site_association - render :json => { - "applinks": { - "details": [ - { - "appIDs": [ - "44U4JSRX4Z.digital.slovensko.avm" - ], - "components": [ - { - "/": "/api/*" - } - ] - } - ] - } - } - end -end diff --git a/app/controllers/assetlinks_controller.rb b/app/controllers/assetlinks_controller.rb new file mode 100644 index 0000000..d229edd --- /dev/null +++ b/app/controllers/assetlinks_controller.rb @@ -0,0 +1,9 @@ +class AssetlinksController < ApplicationController + def apple_app_site_association + render :json => JSON.load(Base64.decode64 ENV.fetch('APPLE_APP_SITE_ASSOCIATION', 'e30=')) + end + + def android_assetlinks + render :json => JSON.load(Base64.decode64 ENV.fetch('ANDROID_ASSETLINKS', 'e30=')) + end +end diff --git a/config/routes.rb b/config/routes.rb index 8deed54..aa7f396 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -20,11 +20,12 @@ resources :integration_devices, path: '/integration-devices', only: [:index, :destroy] resource :sign_request, path: '/sign-request', only: [:create] - get '/qr-code', to: redirect('https://sluzby.slovensko.digital/autogram-v-mobile/#download', status: 302) + get '/qr-code', to: redirect(ENV.fetch("QR_CODE_URL_REDIRECT", 'https://sluzby.slovensko.digital/autogram-v-mobile/#download'), status: 302) end end - get '/.well-known/apple-app-site-association' => 'apple#apple_app_site_association' + get '/.well-known/apple-app-site-association' => 'assetlinks#apple_app_site_association' + get '/.well-known/assetlinks.json' => 'assetlinks#android_assetlinks' # Define your application routes per the DSL in https://guides.rubyonrails.org/routing.html # Reveal health status on /up that returns 200 if the app boots with no exceptions, otherwise 500.