From ddad87a6e05ae2256bf9f73f0dd842b55ddf690a Mon Sep 17 00:00:00 2001 From: Paulo Gomes da Cruz Junior Date: Mon, 4 Mar 2024 10:30:26 -0800 Subject: [PATCH 01/48] ci: adding zap on the CI for verification --- .github/workflows/pr-open.yml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml index 8b2717aa2c..bb59a88332 100644 --- a/.github/workflows/pr-open.yml +++ b/.github/workflows/pr-open.yml @@ -347,3 +347,26 @@ jobs: name: cypress-videos path: cypress/cypress/videos retention-days: 7 + + post-validation: + name: Post Validation + runs-on: ubuntu-22.04 + needs: + - deploy + - cypress-run + - pr-validation + env: + DOMAIN: apps.silver.devops.gov.bc.ca + PREFIX: ${{ github.event.repository.name }}-${{ needs.pr-validation.outputs.url_zone }} + strategy: + matrix: + name: [backend, frontend] + steps: + - name: ZAP Scan + uses: zaproxy/action-full-scan@v0.9.0 + with: + allow_issue_writing: true + artifact_name: "zap_${{ github.event.number }}_${{ matrix.name }}" + cmd_options: "-a" + issue_title: "ZAP PR #${{ github.event.number }}: ${{ matrix.name }}" + target: https://nr-forest-client-${{ env.PREFIX }}-${{ matrix.name }}.${{ env.DOMAIN }} From a3c36eeff1a61be6b0f2e78bcb8e9dab29884b8c Mon Sep 17 00:00:00 2001 From: Paulo Gomes da Cruz Junior Date: Mon, 4 Mar 2024 11:08:23 -0800 Subject: [PATCH 02/48] fix(zap:fe): fixing Content Security Policy (CSP) Header Not Set --- frontend/Caddyfile | 1 + frontend/openshift.deploy.yml | 2 ++ 2 files changed, 3 insertions(+) diff --git a/frontend/Caddyfile b/frontend/Caddyfile index b5e25a7508..e15b4c8e4f 100644 --- a/frontend/Caddyfile +++ b/frontend/Caddyfile @@ -6,6 +6,7 @@ } } +header Content-Security-Policy "default-src 'self'; script-src 'self' {$BACKEND_URL}; img-src 'self';" :3000 root * /srv respond /config 200 { diff --git a/frontend/openshift.deploy.yml b/frontend/openshift.deploy.yml index 5233de1b41..dd524a86ae 100644 --- a/frontend/openshift.deploy.yml +++ b/frontend/openshift.deploy.yml @@ -154,6 +154,8 @@ objects: env: - name: LOG_LEVEL value: ${LOG_LEVEL} + - name: BACKEND_URL + value: https://${NAME}-${URL_ZONE}-backend.${DOMAIN} imagePullPolicy: Always name: ${NAME} volumeMounts: From ce70efd2b4ddb8a2b7346c1c87c28c09768dd621 Mon Sep 17 00:00:00 2001 From: Paulo Gomes da Cruz Junior Date: Mon, 4 Mar 2024 11:53:17 -0800 Subject: [PATCH 03/48] fix: updating caddy --- frontend/Caddyfile | 54 +++++++++++++++++++++++++--------------------- 1 file changed, 29 insertions(+), 25 deletions(-) diff --git a/frontend/Caddyfile b/frontend/Caddyfile index e15b4c8e4f..24ef5cc596 100644 --- a/frontend/Caddyfile +++ b/frontend/Caddyfile @@ -6,33 +6,37 @@ } } -header Content-Security-Policy "default-src 'self'; script-src 'self' {$BACKEND_URL}; img-src 'self';" -:3000 -root * /srv -respond /config 200 { - body `{"APP_TITLE":{$VITE_APP_TITLE}}` - close -} +:3000 { -file_server + header Content-Security-Policy "default-src 'self'; script-src 'self' {$BACKEND_URL}; img-src 'self';" + + root * /srv -@www_host { - host www.{$HOST_ROUTE} -} -redir @www_host http://{$HOST_ROUTE}{path} + respond /config 200 { + body `{"APP_TITLE":{$VITE_APP_TITLE}}` + close + } -@unspecified_path { - not path_regexp ^\/0.0.0.0 -} -handle @unspecified_path { - try_files {path} {path}/ /?_url={uri} -} + file_server -encode { - gzip 7 -} + @www_host { + host www.{$HOST_ROUTE} + } + redir @www_host http://{$HOST_ROUTE}{path} -log { - output stdout - level {$LOG_LEVEL} -} + @unspecified_path { + not path_regexp ^\/0.0.0.0 + } + handle @unspecified_path { + try_files {path} {path}/ /?_url={uri} + } + + encode { + gzip 7 + } + + log { + output stdout + level {$LOG_LEVEL} + } +} \ No newline at end of file From e190a56db7bf956b4f946681b683255033ea1f12 Mon Sep 17 00:00:00 2001 From: Paulo Gomes da Cruz Junior Date: Mon, 4 Mar 2024 12:37:25 -0800 Subject: [PATCH 04/48] fix(FSADT1-1234): adding nonce value --- frontend/Caddyfile | 2 +- frontend/Dockerfile | 7 ++++++- frontend/entrypoint.sh | 7 +++++++ frontend/index.html | 2 +- frontend/openshift.deploy.yml | 6 ++++++ 5 files changed, 21 insertions(+), 3 deletions(-) create mode 100644 frontend/entrypoint.sh diff --git a/frontend/Caddyfile b/frontend/Caddyfile index 24ef5cc596..ca46d4f179 100644 --- a/frontend/Caddyfile +++ b/frontend/Caddyfile @@ -8,7 +8,7 @@ :3000 { - header Content-Security-Policy "default-src 'self'; script-src 'self' {$BACKEND_URL}; img-src 'self';" + header Content-Security-Policy "default-src 'self'; script-src 'self' {$BACKEND_URL} 'nonce-{$RANDOM_NONCE}'; img-src 'self'; connect-src 'self' {$BACKEND_URL};" root * /srv diff --git a/frontend/Dockerfile b/frontend/Dockerfile index b5b8040f64..899c65e807 100644 --- a/frontend/Dockerfile +++ b/frontend/Dockerfile @@ -15,12 +15,17 @@ FROM caddy:2.7.6-alpine # Copy static files and config COPY --from=build /app/dist /srv COPY Caddyfile /etc/caddy/Caddyfile +COPY entrypoint.sh /entrypoint.sh # Packages and caddy format RUN apk add --no-cache ca-certificates && \ - caddy fmt --overwrite /etc/caddy/Caddyfile + caddy fmt --overwrite /etc/caddy/Caddyfile && \ + chmod +x /entrypoint.sh # Port, health check and non-root user EXPOSE 3000 HEALTHCHECK --interval=30s --timeout=3s CMD curl -f http://localhost:3000/ + +# Use the entrypoint script USER 1001 +ENTRYPOINT ["/entrypoint.sh"] diff --git a/frontend/entrypoint.sh b/frontend/entrypoint.sh new file mode 100644 index 0000000000..58ab3604c5 --- /dev/null +++ b/frontend/entrypoint.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +# Replace the placeholder in index.html with the actual NONCE value. +sed -i "s/{NONCE}/$RANDOM_NONCE/g" /srv/index.html + +# Execute the original entrypoint command of Caddy. +exec /usr/bin/caddy run --config /etc/caddy/Caddyfile --adapter caddyfile diff --git a/frontend/index.html b/frontend/index.html index 31b4a2fa90..3e32a39bbc 100644 --- a/frontend/index.html +++ b/frontend/index.html @@ -11,7 +11,7 @@
- diff --git a/frontend/openshift.deploy.yml b/frontend/openshift.deploy.yml index dd524a86ae..5cc80d3cf8 100644 --- a/frontend/openshift.deploy.yml +++ b/frontend/openshift.deploy.yml @@ -74,6 +74,10 @@ parameters: - name: COGNITO_LOGOUT_URI description: Cognito redirect url once logged out required: true + - name: RANDOM_NONCE + description: Generates a random nonce value for the application + from: "[a-zA-Z0-9]{16}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{6}" + generate: expression objects: objects: - kind: ImageStream @@ -156,6 +160,8 @@ objects: value: ${LOG_LEVEL} - name: BACKEND_URL value: https://${NAME}-${URL_ZONE}-backend.${DOMAIN} + - name: RANDOM_NONCE + value: ${RANDOM_NONCE} imagePullPolicy: Always name: ${NAME} volumeMounts: From 098a7ad6fb1a3fbd8eaf4a4e2af6fe007288c342 Mon Sep 17 00:00:00 2001 From: Paulo Gomes da Cruz Junior Date: Mon, 4 Mar 2024 12:50:21 -0800 Subject: [PATCH 05/48] fix(FSADT1-1234): fixing index file permission --- frontend/Dockerfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/frontend/Dockerfile b/frontend/Dockerfile index 899c65e807..e499fd1879 100644 --- a/frontend/Dockerfile +++ b/frontend/Dockerfile @@ -26,6 +26,10 @@ RUN apk add --no-cache ca-certificates && \ EXPOSE 3000 HEALTHCHECK --interval=30s --timeout=3s CMD curl -f http://localhost:3000/ +USER root +RUN chown caddy:caddy /srv/index.html && \ + chmod 644 /srv/index.html + # Use the entrypoint script USER 1001 ENTRYPOINT ["/entrypoint.sh"] From 4d6790bcaf15257020bb44e4dc583e8f9dd3286e Mon Sep 17 00:00:00 2001 From: Paulo Gomes da Cruz Junior Date: Mon, 4 Mar 2024 13:05:39 -0800 Subject: [PATCH 06/48] chore: fixing nonce --- frontend/Dockerfile | 14 ++++---------- frontend/entrypoint.sh | 7 ------- 2 files changed, 4 insertions(+), 17 deletions(-) delete mode 100644 frontend/entrypoint.sh diff --git a/frontend/Dockerfile b/frontend/Dockerfile index e499fd1879..1f0e7b130f 100644 --- a/frontend/Dockerfile +++ b/frontend/Dockerfile @@ -15,21 +15,15 @@ FROM caddy:2.7.6-alpine # Copy static files and config COPY --from=build /app/dist /srv COPY Caddyfile /etc/caddy/Caddyfile -COPY entrypoint.sh /entrypoint.sh + +ENV RANDOM_NONCE=0 # Packages and caddy format RUN apk add --no-cache ca-certificates && \ caddy fmt --overwrite /etc/caddy/Caddyfile && \ - chmod +x /entrypoint.sh + sed -i "s/{NONCE}/$RANDOM_NONCE/g" /srv/index.html # Port, health check and non-root user EXPOSE 3000 HEALTHCHECK --interval=30s --timeout=3s CMD curl -f http://localhost:3000/ - -USER root -RUN chown caddy:caddy /srv/index.html && \ - chmod 644 /srv/index.html - -# Use the entrypoint script -USER 1001 -ENTRYPOINT ["/entrypoint.sh"] +USER 1001 \ No newline at end of file diff --git a/frontend/entrypoint.sh b/frontend/entrypoint.sh deleted file mode 100644 index 58ab3604c5..0000000000 --- a/frontend/entrypoint.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -# Replace the placeholder in index.html with the actual NONCE value. -sed -i "s/{NONCE}/$RANDOM_NONCE/g" /srv/index.html - -# Execute the original entrypoint command of Caddy. -exec /usr/bin/caddy run --config /etc/caddy/Caddyfile --adapter caddyfile From d19c4051fab443df4b288dc793194bf4781e7eaf Mon Sep 17 00:00:00 2001 From: Paulo Gomes da Cruz Junior Date: Mon, 4 Mar 2024 13:30:26 -0800 Subject: [PATCH 07/48] fix: fixing nonce hash --- frontend/Caddyfile | 2 +- frontend/Dockerfile | 3 +-- frontend/index.html | 2 +- frontend/openshift.deploy.yml | 10 +++------- 4 files changed, 6 insertions(+), 11 deletions(-) diff --git a/frontend/Caddyfile b/frontend/Caddyfile index ca46d4f179..243766d70b 100644 --- a/frontend/Caddyfile +++ b/frontend/Caddyfile @@ -8,7 +8,7 @@ :3000 { - header Content-Security-Policy "default-src 'self'; script-src 'self' {$BACKEND_URL} 'nonce-{$RANDOM_NONCE}'; img-src 'self'; connect-src 'self' {$BACKEND_URL};" + header Content-Security-Policy "default-src 'self'; script-src 'self' {$BACKEND_URL} 'nonce-sha256-78ZXazjC54Vyx/bLgKdM8JyK8U1O4A8TfYVLwFADf5o='; img-src 'self'; connect-src 'self' {$BACKEND_URL} https://cognito-idp.{$COGNITO_REGION}.amazonaws.com;" root * /srv diff --git a/frontend/Dockerfile b/frontend/Dockerfile index 1f0e7b130f..cabfbbbadf 100644 --- a/frontend/Dockerfile +++ b/frontend/Dockerfile @@ -20,8 +20,7 @@ ENV RANDOM_NONCE=0 # Packages and caddy format RUN apk add --no-cache ca-certificates && \ - caddy fmt --overwrite /etc/caddy/Caddyfile && \ - sed -i "s/{NONCE}/$RANDOM_NONCE/g" /srv/index.html + caddy fmt --overwrite /etc/caddy/Caddyfile # Port, health check and non-root user EXPOSE 3000 diff --git a/frontend/index.html b/frontend/index.html index 3e32a39bbc..31b4a2fa90 100644 --- a/frontend/index.html +++ b/frontend/index.html @@ -11,7 +11,7 @@
- diff --git a/frontend/openshift.deploy.yml b/frontend/openshift.deploy.yml index 5cc80d3cf8..fe0e09ec49 100644 --- a/frontend/openshift.deploy.yml +++ b/frontend/openshift.deploy.yml @@ -74,10 +74,6 @@ parameters: - name: COGNITO_LOGOUT_URI description: Cognito redirect url once logged out required: true - - name: RANDOM_NONCE - description: Generates a random nonce value for the application - from: "[a-zA-Z0-9]{16}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{6}" - generate: expression objects: objects: - kind: ImageStream @@ -159,9 +155,9 @@ objects: - name: LOG_LEVEL value: ${LOG_LEVEL} - name: BACKEND_URL - value: https://${NAME}-${URL_ZONE}-backend.${DOMAIN} - - name: RANDOM_NONCE - value: ${RANDOM_NONCE} + value: https://${NAME}-${URL_ZONE}-backend.${DOMAIN} + - name: COGNITO_REGION + value: ${COGNITO_REGION} imagePullPolicy: Always name: ${NAME} volumeMounts: From 68f6bcc6c3ae2183ad12258f96942ac8c668e1b7 Mon Sep 17 00:00:00 2001 From: Paulo Gomes da Cruz Junior Date: Mon, 4 Mar 2024 13:40:46 -0800 Subject: [PATCH 08/48] fix: fixing sha --- frontend/Caddyfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frontend/Caddyfile b/frontend/Caddyfile index 243766d70b..750a07c0c6 100644 --- a/frontend/Caddyfile +++ b/frontend/Caddyfile @@ -8,7 +8,7 @@ :3000 { - header Content-Security-Policy "default-src 'self'; script-src 'self' {$BACKEND_URL} 'nonce-sha256-78ZXazjC54Vyx/bLgKdM8JyK8U1O4A8TfYVLwFADf5o='; img-src 'self'; connect-src 'self' {$BACKEND_URL} https://cognito-idp.{$COGNITO_REGION}.amazonaws.com;" + header Content-Security-Policy "default-src 'self'; script-src 'self' {$BACKEND_URL} 'sha256-78ZXazjC54Vyx/bLgKdM8JyK8U1O4A8TfYVLwFADf5o=' 'sha256-Qs6++yhvyp3S1k2F02oXxvTs1oQRWRgd1/4EUgvgWlc='; img-src 'self'; connect-src 'self' {$BACKEND_URL} https://cognito-idp.{$COGNITO_REGION}.amazonaws.com;" root * /srv From 8bb7c4dc0c7cd820f8419e02b60ae51c02a99c83 Mon Sep 17 00:00:00 2001 From: Paulo Gomes da Cruz Junior Date: Mon, 4 Mar 2024 14:14:36 -0800 Subject: [PATCH 09/48] fix(FSADT1-1234): adding Permission Policy header --- frontend/Caddyfile | 2 ++ frontend/Dockerfile | 2 -- frontend/openshift.deploy.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/frontend/Caddyfile b/frontend/Caddyfile index 750a07c0c6..d441bed514 100644 --- a/frontend/Caddyfile +++ b/frontend/Caddyfile @@ -9,6 +9,8 @@ :3000 { header Content-Security-Policy "default-src 'self'; script-src 'self' {$BACKEND_URL} 'sha256-78ZXazjC54Vyx/bLgKdM8JyK8U1O4A8TfYVLwFADf5o=' 'sha256-Qs6++yhvyp3S1k2F02oXxvTs1oQRWRgd1/4EUgvgWlc='; img-src 'self'; connect-src 'self' {$BACKEND_URL} https://cognito-idp.{$COGNITO_REGION}.amazonaws.com;" + header Permissions-Policy "geolocation=(), microphone=(), camera=(), speaker=(), usb=(), bluetooth=(), payment=(), interest-cohort=(), storage=(self)" + root * /srv diff --git a/frontend/Dockerfile b/frontend/Dockerfile index cabfbbbadf..bef945143d 100644 --- a/frontend/Dockerfile +++ b/frontend/Dockerfile @@ -16,8 +16,6 @@ FROM caddy:2.7.6-alpine COPY --from=build /app/dist /srv COPY Caddyfile /etc/caddy/Caddyfile -ENV RANDOM_NONCE=0 - # Packages and caddy format RUN apk add --no-cache ca-certificates && \ caddy fmt --overwrite /etc/caddy/Caddyfile diff --git a/frontend/openshift.deploy.yml b/frontend/openshift.deploy.yml index fe0e09ec49..eb62f25fdb 100644 --- a/frontend/openshift.deploy.yml +++ b/frontend/openshift.deploy.yml @@ -155,7 +155,7 @@ objects: - name: LOG_LEVEL value: ${LOG_LEVEL} - name: BACKEND_URL - value: https://${NAME}-${URL_ZONE}-backend.${DOMAIN} + value: https://${NAME}-${URL_ZONE}-backend.${DOMAIN} - name: COGNITO_REGION value: ${COGNITO_REGION} imagePullPolicy: Always From 22d645fd786f053c806cd8dadbfcf499c5e042e6 Mon Sep 17 00:00:00 2001 From: Paulo Gomes da Cruz Junior Date: Mon, 4 Mar 2024 14:30:25 -0800 Subject: [PATCH 10/48] fix(FSADT1-1234): adding Strict-Transport-Security header --- frontend/Caddyfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/frontend/Caddyfile b/frontend/Caddyfile index d441bed514..75975e5461 100644 --- a/frontend/Caddyfile +++ b/frontend/Caddyfile @@ -9,8 +9,8 @@ :3000 { header Content-Security-Policy "default-src 'self'; script-src 'self' {$BACKEND_URL} 'sha256-78ZXazjC54Vyx/bLgKdM8JyK8U1O4A8TfYVLwFADf5o=' 'sha256-Qs6++yhvyp3S1k2F02oXxvTs1oQRWRgd1/4EUgvgWlc='; img-src 'self'; connect-src 'self' {$BACKEND_URL} https://cognito-idp.{$COGNITO_REGION}.amazonaws.com;" - header Permissions-Policy "geolocation=(), microphone=(), camera=(), speaker=(), usb=(), bluetooth=(), payment=(), interest-cohort=(), storage=(self)" - + header Permissions-Policy "geolocation=(), microphone=(), camera=(), speaker=(), usb=(), bluetooth=(), payment=(), interest-cohort=(), storage-access=(self)" + header Strict-Transport-Security "max-age=259200; includeSubDomains;" root * /srv From 8973fe5233c7d429a4e73afbff1c4c85deb4a05a Mon Sep 17 00:00:00 2001 From: Paulo Gomes da Cruz Junior Date: Mon, 4 Mar 2024 15:13:16 -0800 Subject: [PATCH 11/48] fix(FSADT1-1234): adding cache contrl and strict transport --- frontend/Caddyfile | 5 +++-- frontend/index.html | 1 + 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/frontend/Caddyfile b/frontend/Caddyfile index 75975e5461..ae51f97bde 100644 --- a/frontend/Caddyfile +++ b/frontend/Caddyfile @@ -10,8 +10,9 @@ header Content-Security-Policy "default-src 'self'; script-src 'self' {$BACKEND_URL} 'sha256-78ZXazjC54Vyx/bLgKdM8JyK8U1O4A8TfYVLwFADf5o=' 'sha256-Qs6++yhvyp3S1k2F02oXxvTs1oQRWRgd1/4EUgvgWlc='; img-src 'self'; connect-src 'self' {$BACKEND_URL} https://cognito-idp.{$COGNITO_REGION}.amazonaws.com;" header Permissions-Policy "geolocation=(), microphone=(), camera=(), speaker=(), usb=(), bluetooth=(), payment=(), interest-cohort=(), storage-access=(self)" - header Strict-Transport-Security "max-age=259200; includeSubDomains;" - + header Strict-Transport-Security "max-age=2592000; includeSubDomains;" + header Cache-Control "public, max-age=31536000" + root * /srv respond /config 200 { diff --git a/frontend/index.html b/frontend/index.html index 31b4a2fa90..c549517d83 100644 --- a/frontend/index.html +++ b/frontend/index.html @@ -4,6 +4,7 @@ + Forest Client From 2844632ae01365cd44b8f9b975d373d95b327a53 Mon Sep 17 00:00:00 2001 From: Paulo Gomes da Cruz Junior Date: Mon, 4 Mar 2024 15:43:30 -0800 Subject: [PATCH 12/48] fix(FSADT1-1234): adding some missing headers --- frontend/Caddyfile | 7 +++++-- frontend/Dockerfile | 1 + frontend/robots.txt | 3 +++ 3 files changed, 9 insertions(+), 2 deletions(-) create mode 100644 frontend/robots.txt diff --git a/frontend/Caddyfile b/frontend/Caddyfile index ae51f97bde..2f10a691d8 100644 --- a/frontend/Caddyfile +++ b/frontend/Caddyfile @@ -8,10 +8,13 @@ :3000 { - header Content-Security-Policy "default-src 'self'; script-src 'self' {$BACKEND_URL} 'sha256-78ZXazjC54Vyx/bLgKdM8JyK8U1O4A8TfYVLwFADf5o=' 'sha256-Qs6++yhvyp3S1k2F02oXxvTs1oQRWRgd1/4EUgvgWlc='; img-src 'self'; connect-src 'self' {$BACKEND_URL} https://cognito-idp.{$COGNITO_REGION}.amazonaws.com;" - header Permissions-Policy "geolocation=(), microphone=(), camera=(), speaker=(), usb=(), bluetooth=(), payment=(), interest-cohort=(), storage-access=(self)" + header Content-Security-Policy "default-src 'self'; script-src 'self' {$BACKEND_URL} 'sha256-78ZXazjC54Vyx/bLgKdM8JyK8U1O4A8TfYVLwFADf5o=' 'sha256-Qs6++yhvyp3S1k2F02oXxvTs1oQRWRgd1/4EUgvgWlc='; img-src 'self'; connect-src 'self' {$BACKEND_URL} https://cognito-idp.{$COGNITO_REGION}.amazonaws.com; frame-ancestors 'none';" + header Permissions-Policy "geolocation=(), microphone=(), camera=(), speaker=(), usb=(), bluetooth=(), payment=(), interest-cohort=()" header Strict-Transport-Security "max-age=2592000; includeSubDomains;" header Cache-Control "public, max-age=31536000" + header Referrer-Policy "no-referrer, strict-origin-when-cross-origin" + header X-Content-Type-Options "nosniff" + header X-Frame-Options "DENY" root * /srv diff --git a/frontend/Dockerfile b/frontend/Dockerfile index bef945143d..47a095f868 100644 --- a/frontend/Dockerfile +++ b/frontend/Dockerfile @@ -15,6 +15,7 @@ FROM caddy:2.7.6-alpine # Copy static files and config COPY --from=build /app/dist /srv COPY Caddyfile /etc/caddy/Caddyfile +COPY robots.txt /srv/robots.txt # Packages and caddy format RUN apk add --no-cache ca-certificates && \ diff --git a/frontend/robots.txt b/frontend/robots.txt new file mode 100644 index 0000000000..b0ed14cc1f --- /dev/null +++ b/frontend/robots.txt @@ -0,0 +1,3 @@ +# Stop all search engines from crawling this site +User-agent: * +Disallow: / \ No newline at end of file From 06c9353bec777e582b1420538f2b94466680c80a Mon Sep 17 00:00:00 2001 From: Paulo Gomes da Cruz Junior Date: Tue, 5 Mar 2024 09:28:15 -0800 Subject: [PATCH 13/48] chore: removing some actions --- .github/workflows/pr-open.yml | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml index bb59a88332..48ba4699b5 100644 --- a/.github/workflows/pr-open.yml +++ b/.github/workflows/pr-open.yml @@ -24,23 +24,7 @@ jobs: id: calculate run: | echo "url_zone=$((${{ github.event.number }} % 50))" >> $GITHUB_OUTPUT - - - uses: actions/checkout@v4 - - - name: Pull request size and stability labels - uses: actions/labeler@v5 - continue-on-error: true - with: - repo-token: "${{ secrets.GITHUB_TOKEN }}" - - - name: Conventional Label - uses: bcoe/conventional-release-labels@v1 - continue-on-error: true - with: - token: ${{ secrets.GITHUB_TOKEN }} - ignored_types: '["chore","pr"]' - type_labels: '{"feat": "feature", "fix": "fix", "bug": "fix", "doc": "documentation", "ci": "ci", "chore": "chore", "breaking": "breaking", "BREAKING CHANGE": "breaking"}' - + - name: Checkout branch uses: actions/checkout@v4 with: From 3d928177bf4ba6579cd21c6558503cb4823242f6 Mon Sep 17 00:00:00 2001 From: Paulo Gomes da Cruz Junior Date: Tue, 5 Mar 2024 09:28:42 -0800 Subject: [PATCH 14/48] chore: adding self url --- backend/openshift.deploy.yml | 2 ++ backend/src/main/resources/application.yml | 1 + 2 files changed, 3 insertions(+) diff --git a/backend/openshift.deploy.yml b/backend/openshift.deploy.yml index c345a57e89..96ad51c471 100644 --- a/backend/openshift.deploy.yml +++ b/backend/openshift.deploy.yml @@ -109,6 +109,8 @@ objects: value: https://${NAME}-${URL_ZONE}-frontend.${DOMAIN} - name: LEGACY_URL value: http://${NAME}-${ZONE}-legacy/api + - name: SELF_URI + value: https://${NAME}-${URL_ZONE}-${COMPONENT}.${DOMAIN} - name: CHES_CLIENT_ID valueFrom: secretKeyRef: diff --git a/backend/src/main/resources/application.yml b/backend/src/main/resources/application.yml index 691a380232..003bace6ef 100644 --- a/backend/src/main/resources/application.yml +++ b/backend/src/main/resources/application.yml @@ -94,6 +94,7 @@ ca: gov: nrs: submissionLimit: ${SUBMISSION_LIMIT:7D} + self-uri: ${SELF_URI:http://localhost:8080} ches: uri: ${CHES_API_URL:http://127.0.0.1:10010/chess/uri} tokenUrl: ${CHES_TOKEN_URL:http://127.0.0.1:10010/token/uri} From 2f71be2434b9398bce3857e5e1bdf9b93cf077ce Mon Sep 17 00:00:00 2001 From: Paulo Gomes da Cruz Junior Date: Tue, 5 Mar 2024 09:29:28 -0800 Subject: [PATCH 15/48] fix(FSADT1-1234): adding header customizer --- .../configuration/SecurityConfiguration.java | 7 +++- .../bc/gov/app/controller/BaseController.java | 24 ++++++++++++ .../security/ForestExchangeCustomizer.java | 2 +- .../app/security/ForestHeadersCustomizer.java | 37 +++++++++++++++++++ 4 files changed, 67 insertions(+), 3 deletions(-) create mode 100644 backend/src/main/java/ca/bc/gov/app/controller/BaseController.java create mode 100644 backend/src/main/java/ca/bc/gov/app/security/ForestHeadersCustomizer.java diff --git a/backend/src/main/java/ca/bc/gov/app/configuration/SecurityConfiguration.java b/backend/src/main/java/ca/bc/gov/app/configuration/SecurityConfiguration.java index d5d6d16132..9749b1426d 100644 --- a/backend/src/main/java/ca/bc/gov/app/configuration/SecurityConfiguration.java +++ b/backend/src/main/java/ca/bc/gov/app/configuration/SecurityConfiguration.java @@ -3,6 +3,7 @@ import ca.bc.gov.app.ApplicationConstant; import ca.bc.gov.app.security.ForestCorsCustomizer; import ca.bc.gov.app.security.ForestExchangeCustomizer; +import ca.bc.gov.app.security.ForestHeadersCustomizer; import ca.bc.gov.app.security.ForestOauth2Customizer; import java.util.List; import org.springframework.context.annotation.Bean; @@ -37,8 +38,8 @@ public class SecurityConfiguration { * @param http The ServerHttpSecurity object to be customized. * @param corsSpecCustomizer The customizer for the CORS settings. * @param exchangeCustomizer The customizer for the authorization rules. - * @param csrfSpecCustomizer The customizer for the CSRF settings. * @param oauth2SpecCustomizer The customizer for the OAuth2 resource server settings. + * @param headersCustomizer The customizer for the headers settings. * @return The configured SecurityWebFilterChain. */ @Bean @@ -46,9 +47,11 @@ SecurityWebFilterChain springSecurityFilterChain( ServerHttpSecurity http, ForestCorsCustomizer corsSpecCustomizer, ForestExchangeCustomizer exchangeCustomizer, - ForestOauth2Customizer oauth2SpecCustomizer + ForestOauth2Customizer oauth2SpecCustomizer, + ForestHeadersCustomizer headersCustomizer ) { http + .headers(headersCustomizer) .authorizeExchange(exchangeCustomizer) .oauth2ResourceServer(oauth2SpecCustomizer) .cors(corsSpecCustomizer) diff --git a/backend/src/main/java/ca/bc/gov/app/controller/BaseController.java b/backend/src/main/java/ca/bc/gov/app/controller/BaseController.java new file mode 100644 index 0000000000..73d800d7da --- /dev/null +++ b/backend/src/main/java/ca/bc/gov/app/controller/BaseController.java @@ -0,0 +1,24 @@ +package ca.bc.gov.app.controller; + +import io.micrometer.observation.annotation.Observed; +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import org.springframework.http.MediaType; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; +import reactor.core.publisher.Mono; + +@RestController +@Slf4j +@RequestMapping(produces = MediaType.APPLICATION_JSON_VALUE) +@RequiredArgsConstructor +@Observed +public class BaseController { + + @GetMapping + public Mono base() { + return Mono.just("{\"message\": \"Nothing to see here, move along\"}"); + } + +} diff --git a/backend/src/main/java/ca/bc/gov/app/security/ForestExchangeCustomizer.java b/backend/src/main/java/ca/bc/gov/app/security/ForestExchangeCustomizer.java index 344f6b5ee0..bd9f474c51 100644 --- a/backend/src/main/java/ca/bc/gov/app/security/ForestExchangeCustomizer.java +++ b/backend/src/main/java/ca/bc/gov/app/security/ForestExchangeCustomizer.java @@ -23,7 +23,7 @@ public class ForestExchangeCustomizer implements Customizer { + + @Value("${ca.bc.gov.nrs.self-uri}") + String selfUri; + + @Override + public void customize(HeaderSpec headerSpec) { + + String policyDirectives = String.format("default-src 'none'; connect-src 'self' %s;", selfUri); + + headerSpec + .frameOptions(frameOptionsSpec -> frameOptionsSpec.mode(Mode.SAMEORIGIN)) + .contentSecurityPolicy( + contentSecurityPolicySpec -> contentSecurityPolicySpec.policyDirectives( + policyDirectives)) + .hsts(hstsSpec -> hstsSpec.maxAge(Duration.ofDays(30)).includeSubdomains(true)) + .xssProtection(XssProtectionSpec::disable) + .contentTypeOptions(Customizer.withDefaults()) + .referrerPolicy(Customizer.withDefaults()) + .permissionsPolicy(permissionsPolicySpec -> permissionsPolicySpec.policy( + "geolocation=(), microphone=(), camera=(), speaker=(), usb=(), bluetooth=(), payment=(), interest-cohort=()")) + ; + } +} From c0f700336624a5abdf01c1727d826017e5ea217a Mon Sep 17 00:00:00 2001 From: Paulo Gomes da Cruz Junior Date: Tue, 5 Mar 2024 09:36:37 -0800 Subject: [PATCH 16/48] ci: adding mozilla observatory --- .github/workflows/pr-open.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml index 48ba4699b5..c6c563adbf 100644 --- a/.github/workflows/pr-open.yml +++ b/.github/workflows/pr-open.yml @@ -354,3 +354,13 @@ jobs: cmd_options: "-a" issue_title: "ZAP PR #${{ github.event.number }}: ${{ matrix.name }}" target: https://nr-forest-client-${{ env.PREFIX }}-${{ matrix.name }}.${{ env.DOMAIN }} + - name: Test Observatory + uses: simonireilly/observatory-github-action@v0.1.3 + id: observatory + with: + web_host: https://nr-forest-client-${{ env.PREFIX }}-${{ matrix.name }}.${{ env.DOMAIN }} + + - name: Create commit comment + uses: peter-evans/commit-comment@v1 + with: + body: "# ${{ matrix.name }} ${{ steps.observatory.outputs.observatory-report }}" From a3130aed2ca28c4ea1b1f541efba264d818beab8 Mon Sep 17 00:00:00 2001 From: Paulo Gomes da Cruz Junior Date: Tue, 5 Mar 2024 09:59:50 -0800 Subject: [PATCH 17/48] fix(FSADT1-1234): updating headers --- .../bc/gov/app/controller/BaseController.java | 24 ------------------- .../security/ForestExchangeCustomizer.java | 2 +- .../app/security/ForestHeadersCustomizer.java | 17 ++++++++++--- 3 files changed, 15 insertions(+), 28 deletions(-) delete mode 100644 backend/src/main/java/ca/bc/gov/app/controller/BaseController.java diff --git a/backend/src/main/java/ca/bc/gov/app/controller/BaseController.java b/backend/src/main/java/ca/bc/gov/app/controller/BaseController.java deleted file mode 100644 index 73d800d7da..0000000000 --- a/backend/src/main/java/ca/bc/gov/app/controller/BaseController.java +++ /dev/null @@ -1,24 +0,0 @@ -package ca.bc.gov.app.controller; - -import io.micrometer.observation.annotation.Observed; -import lombok.RequiredArgsConstructor; -import lombok.extern.slf4j.Slf4j; -import org.springframework.http.MediaType; -import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RestController; -import reactor.core.publisher.Mono; - -@RestController -@Slf4j -@RequestMapping(produces = MediaType.APPLICATION_JSON_VALUE) -@RequiredArgsConstructor -@Observed -public class BaseController { - - @GetMapping - public Mono base() { - return Mono.just("{\"message\": \"Nothing to see here, move along\"}"); - } - -} diff --git a/backend/src/main/java/ca/bc/gov/app/security/ForestExchangeCustomizer.java b/backend/src/main/java/ca/bc/gov/app/security/ForestExchangeCustomizer.java index bd9f474c51..344f6b5ee0 100644 --- a/backend/src/main/java/ca/bc/gov/app/security/ForestExchangeCustomizer.java +++ b/backend/src/main/java/ca/bc/gov/app/security/ForestExchangeCustomizer.java @@ -23,7 +23,7 @@ public class ForestExchangeCustomizer implements Customizer { @Override public void customize(HeaderSpec headerSpec) { - String policyDirectives = String.format("default-src 'none'; connect-src 'self' %s;", selfUri); + String policyDirectives = String.join("; ", + "default-src 'none'", + "connect-src 'self' " + selfUri, + "script-src 'strict-dynamic' 'unsafe-inline' 'nonce-" + UUID.randomUUID() + + "' http: https:", + "object-src 'none'", + "base-uri 'none'", + "require-trusted-types-for 'script'", + "report-uri " + selfUri + ); headerSpec - .frameOptions(frameOptionsSpec -> frameOptionsSpec.mode(Mode.SAMEORIGIN)) + .frameOptions(frameOptionsSpec -> frameOptionsSpec.mode(Mode.DENY)) .contentSecurityPolicy( contentSecurityPolicySpec -> contentSecurityPolicySpec.policyDirectives( policyDirectives)) .hsts(hstsSpec -> hstsSpec.maxAge(Duration.ofDays(30)).includeSubdomains(true)) .xssProtection(XssProtectionSpec::disable) .contentTypeOptions(Customizer.withDefaults()) - .referrerPolicy(Customizer.withDefaults()) + .referrerPolicy(referrerPolicySpec -> referrerPolicySpec.policy(ReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN)) .permissionsPolicy(permissionsPolicySpec -> permissionsPolicySpec.policy( "geolocation=(), microphone=(), camera=(), speaker=(), usb=(), bluetooth=(), payment=(), interest-cohort=()")) ; From 828aedb84c2c4d835adad511d439aaca0987676a Mon Sep 17 00:00:00 2001 From: Paulo Gomes da Cruz Junior Date: Tue, 5 Mar 2024 10:03:02 -0800 Subject: [PATCH 18/48] ci: fixing ci --- .github/workflows/pr-open.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml index c6c563adbf..9ba2f43016 100644 --- a/.github/workflows/pr-open.yml +++ b/.github/workflows/pr-open.yml @@ -353,12 +353,12 @@ jobs: artifact_name: "zap_${{ github.event.number }}_${{ matrix.name }}" cmd_options: "-a" issue_title: "ZAP PR #${{ github.event.number }}: ${{ matrix.name }}" - target: https://nr-forest-client-${{ env.PREFIX }}-${{ matrix.name }}.${{ env.DOMAIN }} + target: https://${{ env.PREFIX }}-${{ matrix.name }}.${{ env.DOMAIN }} - name: Test Observatory uses: simonireilly/observatory-github-action@v0.1.3 id: observatory with: - web_host: https://nr-forest-client-${{ env.PREFIX }}-${{ matrix.name }}.${{ env.DOMAIN }} + web_host: https://${{ env.PREFIX }}-${{ matrix.name }}.${{ env.DOMAIN }} - name: Create commit comment uses: peter-evans/commit-comment@v1 From 319a7969fd4287c26e3be927d73e4996e3ff6400 Mon Sep 17 00:00:00 2001 From: Paulo Gomes da Cruz Junior Date: Tue, 5 Mar 2024 10:28:45 -0800 Subject: [PATCH 19/48] chore: fixing a few bits --- .github/workflows/pr-open.yml | 4 ++-- .../java/ca/bc/gov/app/security/ForestHeadersCustomizer.java | 1 + frontend/Caddyfile | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml index 9ba2f43016..1aaeb4b36e 100644 --- a/.github/workflows/pr-open.yml +++ b/.github/workflows/pr-open.yml @@ -353,12 +353,12 @@ jobs: artifact_name: "zap_${{ github.event.number }}_${{ matrix.name }}" cmd_options: "-a" issue_title: "ZAP PR #${{ github.event.number }}: ${{ matrix.name }}" - target: https://${{ env.PREFIX }}-${{ matrix.name }}.${{ env.DOMAIN }} + target: "https://${{ env.PREFIX }}-${{ matrix.name }}.${{ env.DOMAIN }}" - name: Test Observatory uses: simonireilly/observatory-github-action@v0.1.3 id: observatory with: - web_host: https://${{ env.PREFIX }}-${{ matrix.name }}.${{ env.DOMAIN }} + web_host: "https://${{ env.PREFIX }}-${{ matrix.name }}.${{ env.DOMAIN }}" - name: Create commit comment uses: peter-evans/commit-comment@v1 diff --git a/backend/src/main/java/ca/bc/gov/app/security/ForestHeadersCustomizer.java b/backend/src/main/java/ca/bc/gov/app/security/ForestHeadersCustomizer.java index b8ab9b9d3a..f18fed5558 100644 --- a/backend/src/main/java/ca/bc/gov/app/security/ForestHeadersCustomizer.java +++ b/backend/src/main/java/ca/bc/gov/app/security/ForestHeadersCustomizer.java @@ -28,6 +28,7 @@ public void customize(HeaderSpec headerSpec) { + "' http: https:", "object-src 'none'", "base-uri 'none'", + "frame-ancestors 'none'", "require-trusted-types-for 'script'", "report-uri " + selfUri ); diff --git a/frontend/Caddyfile b/frontend/Caddyfile index 2f10a691d8..aff18d32da 100644 --- a/frontend/Caddyfile +++ b/frontend/Caddyfile @@ -8,7 +8,7 @@ :3000 { - header Content-Security-Policy "default-src 'self'; script-src 'self' {$BACKEND_URL} 'sha256-78ZXazjC54Vyx/bLgKdM8JyK8U1O4A8TfYVLwFADf5o=' 'sha256-Qs6++yhvyp3S1k2F02oXxvTs1oQRWRgd1/4EUgvgWlc='; img-src 'self'; connect-src 'self' {$BACKEND_URL} https://cognito-idp.{$COGNITO_REGION}.amazonaws.com; frame-ancestors 'none';" + header Content-Security-Policy "default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-rAnd0m123' {$BACKEND_URL} 'sha256-78ZXazjC54Vyx/bLgKdM8JyK8U1O4A8TfYVLwFADf5o=' 'sha256-Qs6++yhvyp3S1k2F02oXxvTs1oQRWRgd1/4EUgvgWlc='; img-src 'self'; connect-src 'self' {$BACKEND_URL} https://cognito-idp.{$COGNITO_REGION}.amazonaws.com; frame-ancestors 'none'; object-src 'none'; base-uri 'none'; require-trusted-types-for 'script';" header Permissions-Policy "geolocation=(), microphone=(), camera=(), speaker=(), usb=(), bluetooth=(), payment=(), interest-cohort=()" header Strict-Transport-Security "max-age=2592000; includeSubDomains;" header Cache-Control "public, max-age=31536000" From 0efedf51b0428f5a6118668058389677a600a5e7 Mon Sep 17 00:00:00 2001 From: Paulo Gomes da Cruz Junior Date: Tue, 5 Mar 2024 10:53:30 -0800 Subject: [PATCH 20/48] fix(FSADT1-1234): fixing allowlist --- frontend/Caddyfile | 5 +++-- frontend/openshift.deploy.yml | 2 ++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/frontend/Caddyfile b/frontend/Caddyfile index aff18d32da..bb95762b9c 100644 --- a/frontend/Caddyfile +++ b/frontend/Caddyfile @@ -8,13 +8,14 @@ :3000 { - header Content-Security-Policy "default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-rAnd0m123' {$BACKEND_URL} 'sha256-78ZXazjC54Vyx/bLgKdM8JyK8U1O4A8TfYVLwFADf5o=' 'sha256-Qs6++yhvyp3S1k2F02oXxvTs1oQRWRgd1/4EUgvgWlc='; img-src 'self'; connect-src 'self' {$BACKEND_URL} https://cognito-idp.{$COGNITO_REGION}.amazonaws.com; frame-ancestors 'none'; object-src 'none'; base-uri 'none'; require-trusted-types-for 'script';" + header Content-Security-Policy "default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-rAnd0m123' {$BACKEND_URL} {$FRONTEND_URL} 'sha256-78ZXazjC54Vyx/bLgKdM8JyK8U1O4A8TfYVLwFADf5o=' 'sha256-Qs6++yhvyp3S1k2F02oXxvTs1oQRWRgd1/4EUgvgWlc='; img-src 'self'; connect-src 'self' {$BACKEND_URL} {$FRONTEND_URL} https://cognito-idp.{$COGNITO_REGION}.amazonaws.com; frame-ancestors 'none'; object-src 'none'; base-uri 'none'; require-trusted-types-for 'script';" header Permissions-Policy "geolocation=(), microphone=(), camera=(), speaker=(), usb=(), bluetooth=(), payment=(), interest-cohort=()" header Strict-Transport-Security "max-age=2592000; includeSubDomains;" header Cache-Control "public, max-age=31536000" header Referrer-Policy "no-referrer, strict-origin-when-cross-origin" header X-Content-Type-Options "nosniff" - header X-Frame-Options "DENY" + header X-Frame-Options "DENY" + header -Server root * /srv diff --git a/frontend/openshift.deploy.yml b/frontend/openshift.deploy.yml index eb62f25fdb..ada9ac11e0 100644 --- a/frontend/openshift.deploy.yml +++ b/frontend/openshift.deploy.yml @@ -156,6 +156,8 @@ objects: value: ${LOG_LEVEL} - name: BACKEND_URL value: https://${NAME}-${URL_ZONE}-backend.${DOMAIN} + - name: FRONTEND_URL + value: https://${NAME}-${URL_ZONE}-frontend.${DOMAIN} - name: COGNITO_REGION value: ${COGNITO_REGION} imagePullPolicy: Always From 749d395b3d7d009bed54e76bd973da82a7224be8 Mon Sep 17 00:00:00 2001 From: Paulo Gomes da Cruz Junior Date: Tue, 5 Mar 2024 10:59:14 -0800 Subject: [PATCH 21/48] fix(FSADT1-1234): fixing BE headers --- .../ca/bc/gov/app/security/ForestHeadersCustomizer.java | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/backend/src/main/java/ca/bc/gov/app/security/ForestHeadersCustomizer.java b/backend/src/main/java/ca/bc/gov/app/security/ForestHeadersCustomizer.java index f18fed5558..e9c36c8afe 100644 --- a/backend/src/main/java/ca/bc/gov/app/security/ForestHeadersCustomizer.java +++ b/backend/src/main/java/ca/bc/gov/app/security/ForestHeadersCustomizer.java @@ -3,6 +3,7 @@ import java.time.Duration; import java.util.UUID; import lombok.RequiredArgsConstructor; +import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Value; import org.springframework.security.config.Customizer; import org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec; @@ -17,6 +18,8 @@ public class ForestHeadersCustomizer implements Customizer { @Value("${ca.bc.gov.nrs.self-uri}") String selfUri; + @Value("${ca.bc.gov.nrs.security.environment:PROD}") + String environment; @Override public void customize(HeaderSpec headerSpec) { @@ -24,8 +27,8 @@ public void customize(HeaderSpec headerSpec) { String policyDirectives = String.join("; ", "default-src 'none'", "connect-src 'self' " + selfUri, - "script-src 'strict-dynamic' 'unsafe-inline' 'nonce-" + UUID.randomUUID() - + "' http: https:", + "script-src 'strict-dynamic' 'nonce-" + UUID.randomUUID() + + "' " + ( "local".equalsIgnoreCase(environment) ? "http: " : StringUtils.EMPTY) + "https:", "object-src 'none'", "base-uri 'none'", "frame-ancestors 'none'", From d4749369fb4b0e715033eaf76d4247385ef16a17 Mon Sep 17 00:00:00 2001 From: Paulo Gomes da Cruz Junior Date: Tue, 5 Mar 2024 11:21:28 -0800 Subject: [PATCH 22/48] fix(FSADT1-1234): updating headers --- frontend/Caddyfile | 2 +- frontend/index.html | 13 +++++++++++-- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/frontend/Caddyfile b/frontend/Caddyfile index bb95762b9c..b1dd6fa4e7 100644 --- a/frontend/Caddyfile +++ b/frontend/Caddyfile @@ -8,7 +8,7 @@ :3000 { - header Content-Security-Policy "default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-rAnd0m123' {$BACKEND_URL} {$FRONTEND_URL} 'sha256-78ZXazjC54Vyx/bLgKdM8JyK8U1O4A8TfYVLwFADf5o=' 'sha256-Qs6++yhvyp3S1k2F02oXxvTs1oQRWRgd1/4EUgvgWlc='; img-src 'self'; connect-src 'self' {$BACKEND_URL} {$FRONTEND_URL} https://cognito-idp.{$COGNITO_REGION}.amazonaws.com; frame-ancestors 'none'; object-src 'none'; base-uri 'none'; require-trusted-types-for 'script';" + header Content-Security-Policy "default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-rAnd0m123' {$BACKEND_URL} {$FRONTEND_URL} 'sha256-78ZXazjC54Vyx/bLgKdM8JyK8U1O4A8TfYVLwFADf5o=' 'sha256-Qs6++yhvyp3S1k2F02oXxvTs1oQRWRgd1/4EUgvgWlc=' 'sha256-a1be32b87ddb35acde245bdaeb389118111ac51bf5f53068daee561e1f99b325' 'sha256-c92a6461c1246d5869f97a5a266dca60b648153514fbd4f332c4740d995e543a'; img-src 'self'; connect-src 'self' {$BACKEND_URL} {$FRONTEND_URL} https://cognito-idp.{$COGNITO_REGION}.amazonaws.com; frame-ancestors 'none'; object-src 'none'; base-uri 'none'; require-trusted-types-for 'script';" header Permissions-Policy "geolocation=(), microphone=(), camera=(), speaker=(), usb=(), bluetooth=(), payment=(), interest-cohort=()" header Strict-Transport-Security "max-age=2592000; includeSubDomains;" header Cache-Control "public, max-age=31536000" diff --git a/frontend/index.html b/frontend/index.html index c549517d83..b7be5a162a 100644 --- a/frontend/index.html +++ b/frontend/index.html @@ -5,13 +5,22 @@ - + Forest Client
- + Forest Client From 379f793e2f8a764feb3b4925b299994e674a477f Mon Sep 17 00:00:00 2001 From: Paulo Gomes da Cruz Junior Date: Tue, 5 Mar 2024 12:00:55 -0800 Subject: [PATCH 24/48] ci: replacing sha for nonce --- frontend/Caddyfile | 2 +- frontend/index.html | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/frontend/Caddyfile b/frontend/Caddyfile index b1dd6fa4e7..c2b4578ae9 100644 --- a/frontend/Caddyfile +++ b/frontend/Caddyfile @@ -8,7 +8,7 @@ :3000 { - header Content-Security-Policy "default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-rAnd0m123' {$BACKEND_URL} {$FRONTEND_URL} 'sha256-78ZXazjC54Vyx/bLgKdM8JyK8U1O4A8TfYVLwFADf5o=' 'sha256-Qs6++yhvyp3S1k2F02oXxvTs1oQRWRgd1/4EUgvgWlc=' 'sha256-a1be32b87ddb35acde245bdaeb389118111ac51bf5f53068daee561e1f99b325' 'sha256-c92a6461c1246d5869f97a5a266dca60b648153514fbd4f332c4740d995e543a'; img-src 'self'; connect-src 'self' {$BACKEND_URL} {$FRONTEND_URL} https://cognito-idp.{$COGNITO_REGION}.amazonaws.com; frame-ancestors 'none'; object-src 'none'; base-uri 'none'; require-trusted-types-for 'script';" + header Content-Security-Policy "default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-a1be32b87ddb35acde245bdaeb389118111ac51bf5f53068daee561e1f99b325' 'nonce-c92a6461c1246d5869f97a5a266dca60b648153514fbd4f332c4740d995e543a' {$BACKEND_URL} {$FRONTEND_URL} 'sha256-78ZXazjC54Vyx/bLgKdM8JyK8U1O4A8TfYVLwFADf5o=' 'sha256-Qs6++yhvyp3S1k2F02oXxvTs1oQRWRgd1/4EUgvgWlc='; img-src 'self'; connect-src 'self' {$BACKEND_URL} {$FRONTEND_URL} https://cognito-idp.{$COGNITO_REGION}.amazonaws.com; frame-ancestors 'none'; object-src 'none'; base-uri 'none'; require-trusted-types-for 'script';" header Permissions-Policy "geolocation=(), microphone=(), camera=(), speaker=(), usb=(), bluetooth=(), payment=(), interest-cohort=()" header Strict-Transport-Security "max-age=2592000; includeSubDomains;" header Cache-Control "public, max-age=31536000" diff --git a/frontend/index.html b/frontend/index.html index 1739056f0a..9b44e2d89e 100644 --- a/frontend/index.html +++ b/frontend/index.html @@ -7,7 +7,7 @@ Forest Client @@ -18,7 +18,7 @@ + Forest Client @@ -18,8 +14,6 @@ + diff --git a/frontend/src/pages/SubmissionReviewPage.vue b/frontend/src/pages/SubmissionReviewPage.vue index 9dc45b9cd0..e83739c805 100644 --- a/frontend/src/pages/SubmissionReviewPage.vue +++ b/frontend/src/pages/SubmissionReviewPage.vue @@ -169,7 +169,6 @@ const submit = (approved: boolean) => { watch(response, (response) => { if (response.status) { - console.log(response); router.push({ name: "internal" }); const toastNotification: ModalNotification = { kind: "Success", diff --git a/frontend/src/pages/bceidform/BusinessInformationWizardStep.vue b/frontend/src/pages/bceidform/BusinessInformationWizardStep.vue index 9cd7f20a39..cbf636cb85 100644 --- a/frontend/src/pages/bceidform/BusinessInformationWizardStep.vue +++ b/frontend/src/pages/bceidform/BusinessInformationWizardStep.vue @@ -215,8 +215,7 @@ watch([detailsData], () => { ]; formData.value.location.addresses = exportAddress( forestClientDetails.addresses - ); - console.log(forestClientDetails.goodStanding === null ? false : (forestClientDetails.goodStanding ? false : true),forestClientDetails.goodStanding === null ? null : (forestClientDetails.goodStanding ? "Y" : "N")); + ); formData.value.businessInformation.goodStandingInd = forestClientDetails.goodStanding === null ? null : (forestClientDetails.goodStanding ? "Y" : "N"); toggleErrorMessages(forestClientDetails.goodStanding === null ? false : (forestClientDetails.goodStanding ? false : true), null); diff --git a/frontend/src/routes.ts b/frontend/src/routes.ts index 89539f41f1..a526f55cec 100644 --- a/frontend/src/routes.ts +++ b/frontend/src/routes.ts @@ -14,12 +14,14 @@ import UserLoadingPage from "@/pages/UserLoadingPage.vue"; import LandingPage from "@/pages/LandingPage.vue"; import ErrorPage from "@/pages/ErrorPage.vue"; import NotFoundPage from "@/pages/NotFoundPage.vue"; +import LogoutPage from "@/pages/LogoutPage.vue"; import ForestClientUserSession from "@/helpers/ForestClientUserSession"; import { nodeEnv } from "@/CoreConstants"; const CONFIRMATION_ROUTE_NAME = "confirmation"; const targetPathStorage = useLocalStorage("targetPath", ""); +const userProviderInfo = useLocalStorage("userProviderInfo", ""); const routes = [ { @@ -206,6 +208,23 @@ const routes = [ sideMenu: false, profile: false, }, + { + path: "/logout", + name: "logout", + component: LogoutPage, + props: true, + meta: { + format: "full", + hideHeader: true, + requireAuth: false, + showLoggedIn: false, + visibleTo: [], + }, + style: "content", + headersStyle: "headers", + sideMenu: false, + profile: false, + }, { path: "/:pathMatch(.*)*", name: "not-found", @@ -258,6 +277,10 @@ router.beforeEach(async (to, from, next) => { if (to.meta.requireAuth) { // User is logged in if (user) { + + // Save user provider info for logout + userProviderInfo.value = user.provider; + // If user can see this page, continue, otherwise go to specific page or error if (to.meta.visibleTo.includes(user.provider)) { // If there is a target path, redirect to it and clear the storage From a7f523e0f159de13fb736b3e7dde6c1e022227a1 Mon Sep 17 00:00:00 2001 From: Paulo Gomes da Cruz Junior Date: Wed, 13 Mar 2024 11:59:26 -0700 Subject: [PATCH 43/48] fix: removing unwanted parameters --- .github/workflows/merge.yml | 20 ++++---------------- .github/workflows/pr-open.yml | 12 +++--------- backend/openshift.deploy.yml | 14 +++++--------- common/openshift.init.yml | 24 ++---------------------- frontend/Caddyfile | 2 +- 5 files changed, 15 insertions(+), 57 deletions(-) diff --git a/.github/workflows/merge.yml b/.github/workflows/merge.yml index d8265fa942..b73c9cd943 100644 --- a/.github/workflows/merge.yml +++ b/.github/workflows/merge.yml @@ -77,13 +77,8 @@ jobs: -p CHES_CLIENT_SECRET=${{ secrets.CHES_CLIENT_SECRET }} -p ADDRESS_COMPLETE_KEY=${{ secrets.ADDRESS_COMPLETE_KEY }} -p DB_PASSWORD=${{ secrets.DB_PASSWORD }} - -p COGNITO_REGION=${{ secrets.COGNITO_REGION }} - -p COGNITO_CLIENT_ID=${{ secrets.COGNITO_CLIENT_ID }} -p COGNITO_USER_POOL=${{ secrets.COGNITO_USER_POOL }} - -p COGNITO_DOMAIN=${{ secrets.COGNITO_DOMAIN }} -p COGNITO_ENVIRONMENT=TEST - -p COGNITO_REDIRECT_URI=https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}/dashboard - -p COGNITO_LOGOUT_URI='https://logontest7.gov.bc.ca/clp-cgi/logoff.cgi?retnow=1&returl=https://test.loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/logout?redirect_uri=${{ secrets.COGNITO_LOGOUT_URI }}' -p CHES_MAIL_COPY=${{ secrets.CHES_MAIL_COPY }} - name: Conventional Changelog Update @@ -168,7 +163,6 @@ jobs: -p CHES_API_URL='https://ches.api.gov.bc.ca/api/v1/email' -p BCREGISTRY_URI='https://bcregistry-prod.apigee.net' -p COGNITO_REGION=ca-central-1 - -p COGNITO_COOKIE_DOMAIN=gov.bc.ca -p URL_ZONE=${{ env.ZONE }} - name: Dev data replacement @@ -214,8 +208,8 @@ jobs: -p COGNITO_USER_POOL=${{ secrets.COGNITO_USER_POOL }} -p COGNITO_DOMAIN=${{ secrets.COGNITO_DOMAIN }} -p COGNITO_ENVIRONMENT=TEST - -p COGNITO_REDIRECT_URI=https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}/dashboard - -p COGNITO_LOGOUT_URI='https://logontest7.gov.bc.ca/clp-cgi/logoff.cgi?retnow=1&returl=https://test.loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/logout?redirect_uri=${{ secrets.COGNITO_LOGOUT_URI }}' + -p LANDING_URL='${{ secrets.COGNITO_LOGOUT_URI }}' + -p FRONTEND_URL='https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}' # change for vanity url later - name: Deploy Processor uses: bcgov-nr/action-deployer-openshift@v2.1.0 @@ -282,13 +276,8 @@ jobs: -p CHES_CLIENT_SECRET=${{ secrets.CHES_CLIENT_SECRET }} -p ADDRESS_COMPLETE_KEY=${{ secrets.ADDRESS_COMPLETE_KEY }} -p DB_PASSWORD=${{ secrets.DB_PASSWORD }} - -p COGNITO_REGION=${{ secrets.COGNITO_REGION }} - -p COGNITO_CLIENT_ID=${{ secrets.COGNITO_CLIENT_ID }} -p COGNITO_USER_POOL=${{ secrets.COGNITO_USER_POOL }} - -p COGNITO_DOMAIN=${{ secrets.COGNITO_DOMAIN }} -p COGNITO_ENVIRONMENT=PROD - -p COGNITO_REDIRECT_URI=https://forestclient.nrs.gov.bc.ca/dashboard - -p COGNITO_LOGOUT_URI='https://logon7.gov.bc.ca/clp-cgi/logoff.cgi?retnow=1&returl=https://loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/logout?redirect_uri=${{ secrets.COGNITO_LOGOUT_URI }}' -p CHES_MAIL_COPY=${{ secrets.CHES_MAIL_COPY }} prod-deploy: @@ -351,7 +340,6 @@ jobs: -p CHES_API_URL='https://ches.api.gov.bc.ca/api/v1/email' -p BCREGISTRY_URI='https://bcregistry-prod.apigee.net' -p COGNITO_REGION=ca-central-1 - -p COGNITO_COOKIE_DOMAIN=gov.bc.ca -p URL_ZONE=${{ env.ZONE }} - name: Deploy Legacy @@ -387,8 +375,8 @@ jobs: -p COGNITO_USER_POOL=${{ secrets.COGNITO_USER_POOL }} -p COGNITO_DOMAIN=${{ secrets.COGNITO_DOMAIN }} -p COGNITO_ENVIRONMENT=PROD - -p COGNITO_REDIRECT_URI=https://forestclient.nrs.gov.bc.ca/dashboard - -p COGNITO_LOGOUT_URI='https://logon7.gov.bc.ca/clp-cgi/logoff.cgi?retnow=1&returl=https://loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/logout?redirect_uri=${{ secrets.COGNITO_LOGOUT_URI }}' + -p LANDING_URL='${{ secrets.COGNITO_LOGOUT_URI }}' + -p FRONTEND_URL='https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}' # change for vanity url later - name: Deploy Processor uses: bcgov-nr/action-deployer-openshift@v2.1.0 diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml index c02e92dd3a..a024281a3f 100644 --- a/.github/workflows/pr-open.yml +++ b/.github/workflows/pr-open.yml @@ -100,13 +100,8 @@ jobs: -p CHES_CLIENT_SECRET=${{ secrets.CHES_CLIENT_SECRET }} -p ADDRESS_COMPLETE_KEY=${{ secrets.ADDRESS_COMPLETE_KEY }} -p DB_PASSWORD=$(echo ${{github.ref}}${{github.event.number}}|md5sum|cut -d' ' -f1) - -p COGNITO_REGION=${{ secrets.COGNITO_REGION }} - -p COGNITO_CLIENT_ID=${{ secrets.COGNITO_CLIENT_ID }} -p COGNITO_USER_POOL=${{ secrets.COGNITO_USER_POOL }} - -p COGNITO_DOMAIN=${{ secrets.COGNITO_DOMAIN }} - -p COGNITO_ENVIRONMENT=DEV - -p COGNITO_REDIRECT_URI=https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}/dashboard - -p COGNITO_LOGOUT_URI='https://logontest7.gov.bc.ca/clp-cgi/logoff.cgi?retnow=1&returl=https://dev.loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/logout?redirect_uri=https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}' + -p COGNITO_ENVIRONMENT=DEV -p CHES_MAIL_COPY=${{ secrets.CHES_MAIL_COPY }} - name: Deploy Database Backup @@ -159,7 +154,6 @@ jobs: -p CHES_API_URL='https://ches.api.gov.bc.ca/api/v1/email' -p BCREGISTRY_URI='https://bcregistry-prod.apigee.net' -p COGNITO_REGION=ca-central-1 - -p COGNITO_COOKIE_DOMAIN=gov.bc.ca -p URL_ZONE=${{ needs.vars.outputs.url_zone }} - name: Dev data replacement @@ -205,8 +199,8 @@ jobs: -p COGNITO_USER_POOL=${{ secrets.COGNITO_USER_POOL }} -p COGNITO_DOMAIN=${{ secrets.COGNITO_DOMAIN }} -p COGNITO_ENVIRONMENT=DEV - -p COGNITO_REDIRECT_URI=https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}/dashboard - -p COGNITO_LOGOUT_URI='https://logontest7.gov.bc.ca/clp-cgi/logoff.cgi?retnow=1&returl=https://dev.loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/logout?redirect_uri=https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}' + -p LANDING_URL='https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}' + -p FRONTEND_URL='https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}' - name: Deploy Processor uses: bcgov-nr/action-deployer-openshift@v2.1.0 diff --git a/backend/openshift.deploy.yml b/backend/openshift.deploy.yml index 64aab9a8bb..1a66309f34 100644 --- a/backend/openshift.deploy.yml +++ b/backend/openshift.deploy.yml @@ -44,13 +44,12 @@ parameters: - name: COGNITO_REGION description: Cognito region to be used required: true - - name: COGNITO_COOKIE_DOMAIN - description: Cognito cookie domain to be used - required: true - default: gov.bc.ca - name: URL_ZONE description: Zone to use for URL required: true + - name: FRONTEND_URL + description: Frontend URL + required: true objects: - kind: ImageStream apiVersion: v1 @@ -106,7 +105,7 @@ objects: name: ${NAME} env: - name: FRONTEND_URL - value: https://${NAME}-${URL_ZONE}-frontend.${DOMAIN} + value: https://${FRONTEND_URL} - name: LEGACY_URL value: http://${NAME}-${ZONE}-legacy/api - name: SELF_URI @@ -175,10 +174,7 @@ objects: name: ${NAME}-${ZONE} key: cognito-environment - name: COGNITO_REGION - valueFrom: - secretKeyRef: - name: ${NAME}-${ZONE} - key: cognito-region + value: ${COGNITO_REGION} - name: PROCESSOR_SERVICE_ACCOUNT_NAME valueFrom: secretKeyRef: diff --git a/common/openshift.init.yml b/common/openshift.init.yml index fa366bbc66..95c6d8c504 100644 --- a/common/openshift.init.yml +++ b/common/openshift.init.yml @@ -65,27 +65,12 @@ parameters: displayName: Database Backup Volume Capacity required: true value: 256Mi - - name: COGNITO_REGION - description: Cognito region information - required: true - - name: COGNITO_CLIENT_ID - description: Cognito client id - required: true - name: COGNITO_USER_POOL description: Cognito user pool id required: true - - name: COGNITO_DOMAIN - description: Cognito domain - required: true - name: COGNITO_ENVIRONMENT description: Cognito environment required: true - - name: COGNITO_REDIRECT_URI - description: Cognito redirect url once logged in - required: true - - name: COGNITO_LOGOUT_URI - description: Cognito redirect url once logged out - required: true - name: CHES_MAIL_COPY description: Email address to copy all CHES emails to required: true @@ -116,14 +101,9 @@ objects: ches-client-secret: ${CHES_CLIENT_SECRET} bcregistry-key: ${BCREGISTRY_KEY} bcregistry-account: ${BCREGISTRY_ACCOUNT} - address-complete-key: ${ADDRESS_COMPLETE_KEY} - cognito-region: ${COGNITO_REGION} - cognito-client-id: ${COGNITO_CLIENT_ID} + address-complete-key: ${ADDRESS_COMPLETE_KEY} cognito-user-pool: ${COGNITO_USER_POOL} - cognito-domain: ${COGNITO_DOMAIN} - cognito-environment: ${COGNITO_ENVIRONMENT} - cognito-redirect-uri: ${COGNITO_REDIRECT_URI} - cognito-logout-uri: ${COGNITO_LOGOUT_URI} + cognito-environment: ${COGNITO_ENVIRONMENT} ches-mail-copy: ${CHES_MAIL_COPY} processor-service-account-secret: ${PROCESSOR_SERVICE_ACCOUNT_SECRET} processor-service-account-name: processor-service-account diff --git a/frontend/Caddyfile b/frontend/Caddyfile index 8102663bc7..0f71bc98a8 100644 --- a/frontend/Caddyfile +++ b/frontend/Caddyfile @@ -8,7 +8,7 @@ :3000 { header { - Content-Security-Policy "default-src 'self'; script-src 'self' {$BACKEND_URL} 'sha256-78ZXazjC54Vyx/bLgKdM8JyK8U1O4A8TfYVLwFADf5o=' 'sha256-Qs6++yhvyp3S1k2F02oXxvTs1oQRWRgd1/4EUgvgWlc=' 'sha256-{$ENTRY_CHKSM}' 'sha256-{$DATA_CHKSM}'; img-src 'self'; connect-src 'self' {$BACKEND_URL} https://cognito-idp.{$COGNITO_REGION}.amazonaws.com https://{$COGNITO_DOMAIN}.auth.{$COGNITO_REGION}.amazoncognito.com; frame-ancestors 'none'; form-action 'self' {$BACKEND_URL}; frame-src: 'none'; manifers-src: 'self'; worker-src: 'self'; upgrade-insecure-requests; block-all-mixed-content;" + Content-Security-Policy "default-src 'self'; script-src 'self' {$BACKEND_URL} 'sha256-78ZXazjC54Vyx/bLgKdM8JyK8U1O4A8TfYVLwFADf5o=' 'sha256-Qs6++yhvyp3S1k2F02oXxvTs1oQRWRgd1/4EUgvgWlc=' 'sha256-{$ENTRY_CHKSM}' 'sha256-{$DATA_CHKSM}'; img-src 'self'; connect-src 'self' {$BACKEND_URL} https://cognito-idp.{$COGNITO_REGION}.amazonaws.com https://{$COGNITO_DOMAIN}.auth.{$COGNITO_REGION}.amazoncognito.com; frame-ancestors 'none'; form-action 'self' {$BACKEND_URL}; frame-src: 'none'; manifest-src: 'self'; worker-src: 'self'; upgrade-insecure-requests; block-all-mixed-content;" Permissions-Policy "geolocation=(), microphone=(), camera=(), speaker=(), usb=(), bluetooth=(), payment=(), interest-cohort=()" Strict-Transport-Security "max-age=2592000; includeSubDomains;" Cache-Control "public, max-age=31536000" From ae64b8fa972609c4d2d8aa170bdfbe61c9bbdc31 Mon Sep 17 00:00:00 2001 From: Paulo Gomes da Cruz Junior Date: Wed, 13 Mar 2024 13:53:24 -0700 Subject: [PATCH 44/48] fix: fixing backend parameter --- .github/workflows/merge.yml | 2 ++ .github/workflows/pr-open.yml | 1 + 2 files changed, 3 insertions(+) diff --git a/.github/workflows/merge.yml b/.github/workflows/merge.yml index b73c9cd943..0389742877 100644 --- a/.github/workflows/merge.yml +++ b/.github/workflows/merge.yml @@ -164,6 +164,7 @@ jobs: -p BCREGISTRY_URI='https://bcregistry-prod.apigee.net' -p COGNITO_REGION=ca-central-1 -p URL_ZONE=${{ env.ZONE }} + -p FRONTEND_URL='https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}' # change for vanity url later - name: Dev data replacement uses: bcgov-nr/action-deployer-openshift@v2.1.0 @@ -341,6 +342,7 @@ jobs: -p BCREGISTRY_URI='https://bcregistry-prod.apigee.net' -p COGNITO_REGION=ca-central-1 -p URL_ZONE=${{ env.ZONE }} + -p FRONTEND_URL='https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}' # change for vanity url later - name: Deploy Legacy uses: bcgov-nr/action-deployer-openshift@v2.1.0 diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml index a024281a3f..8215e5ff26 100644 --- a/.github/workflows/pr-open.yml +++ b/.github/workflows/pr-open.yml @@ -155,6 +155,7 @@ jobs: -p BCREGISTRY_URI='https://bcregistry-prod.apigee.net' -p COGNITO_REGION=ca-central-1 -p URL_ZONE=${{ needs.vars.outputs.url_zone }} + -p FRONTEND_URL='https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}' - name: Dev data replacement uses: bcgov-nr/action-deployer-openshift@v2.1.0 From c5e368560a7e737775c74a45f9eb8ba955914c33 Mon Sep 17 00:00:00 2001 From: Paulo Gomes da Cruz Junior Date: Wed, 13 Mar 2024 13:58:29 -0700 Subject: [PATCH 45/48] chore: updating parameters --- .github/workflows/merge.yml | 8 ++++---- .github/workflows/pr-open.yml | 2 +- frontend/.devcontainer/frontend.code-workspace | 3 +-- frontend/.vscode/extensions.json | 1 - 4 files changed, 6 insertions(+), 8 deletions(-) diff --git a/.github/workflows/merge.yml b/.github/workflows/merge.yml index 0389742877..d4beb1d8c9 100644 --- a/.github/workflows/merge.yml +++ b/.github/workflows/merge.yml @@ -164,7 +164,7 @@ jobs: -p BCREGISTRY_URI='https://bcregistry-prod.apigee.net' -p COGNITO_REGION=ca-central-1 -p URL_ZONE=${{ env.ZONE }} - -p FRONTEND_URL='https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}' # change for vanity url later + -p FRONTEND_URL='${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}' # change for vanity url later - name: Dev data replacement uses: bcgov-nr/action-deployer-openshift@v2.1.0 @@ -210,7 +210,7 @@ jobs: -p COGNITO_DOMAIN=${{ secrets.COGNITO_DOMAIN }} -p COGNITO_ENVIRONMENT=TEST -p LANDING_URL='${{ secrets.COGNITO_LOGOUT_URI }}' - -p FRONTEND_URL='https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}' # change for vanity url later + -p FRONTEND_URL='${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}' # change for vanity url later - name: Deploy Processor uses: bcgov-nr/action-deployer-openshift@v2.1.0 @@ -342,7 +342,7 @@ jobs: -p BCREGISTRY_URI='https://bcregistry-prod.apigee.net' -p COGNITO_REGION=ca-central-1 -p URL_ZONE=${{ env.ZONE }} - -p FRONTEND_URL='https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}' # change for vanity url later + -p FRONTEND_URL='${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}' # change for vanity url later - name: Deploy Legacy uses: bcgov-nr/action-deployer-openshift@v2.1.0 @@ -378,7 +378,7 @@ jobs: -p COGNITO_DOMAIN=${{ secrets.COGNITO_DOMAIN }} -p COGNITO_ENVIRONMENT=PROD -p LANDING_URL='${{ secrets.COGNITO_LOGOUT_URI }}' - -p FRONTEND_URL='https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}' # change for vanity url later + -p FRONTEND_URL='${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}' # change for vanity url later - name: Deploy Processor uses: bcgov-nr/action-deployer-openshift@v2.1.0 diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml index 8215e5ff26..bc5bb7fd87 100644 --- a/.github/workflows/pr-open.yml +++ b/.github/workflows/pr-open.yml @@ -155,7 +155,7 @@ jobs: -p BCREGISTRY_URI='https://bcregistry-prod.apigee.net' -p COGNITO_REGION=ca-central-1 -p URL_ZONE=${{ needs.vars.outputs.url_zone }} - -p FRONTEND_URL='https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}' + -p FRONTEND_URL='${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}' - name: Dev data replacement uses: bcgov-nr/action-deployer-openshift@v2.1.0 diff --git a/frontend/.devcontainer/frontend.code-workspace b/frontend/.devcontainer/frontend.code-workspace index 7a2c6b8e08..98d5f8231d 100644 --- a/frontend/.devcontainer/frontend.code-workspace +++ b/frontend/.devcontainer/frontend.code-workspace @@ -10,13 +10,12 @@ "editor.defaultFormatter": "rvest.vs-code-prettier-eslint", "editor.formatOnPaste": false, "editor.formatOnSave": true, - "editor.codeActionsOnSave": { + "editor.codeActionsOnSave": { "source.fixAll.eslint": "explicit" }, "editor.tabSize": 2, "vs-code-prettier-eslint.prettierLast": true, "eslint.enable": true, - "eslint.alwaysShowStatus": true, "eslint.validate": [ "javascript", "typescript", diff --git a/frontend/.vscode/extensions.json b/frontend/.vscode/extensions.json index 4bf3749a55..f81959f3b5 100644 --- a/frontend/.vscode/extensions.json +++ b/frontend/.vscode/extensions.json @@ -1,7 +1,6 @@ { "recommendations": [ "vue.volar", - "vue.vscode-typescript-vue-plugin", "ms-vscode.vscode-typescript-next", "antfu.vite", "zixuanchen.vitest-explorer", From 332c31d48a3e9545599f0913c3791eedc179e2a3 Mon Sep 17 00:00:00 2001 From: Paulo Gomes da Cruz Junior Date: Wed, 13 Mar 2024 14:01:22 -0700 Subject: [PATCH 46/48] fix: adding fallback in case of missing provider --- frontend/src/pages/LogoutPage.vue | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/frontend/src/pages/LogoutPage.vue b/frontend/src/pages/LogoutPage.vue index 02ad04dced..8129dc1910 100644 --- a/frontend/src/pages/LogoutPage.vue +++ b/frontend/src/pages/LogoutPage.vue @@ -1,6 +1,6 @@