fix: patch vulnerabilities and add arm64 support (#13)

* fix: update vite version for directus/extension (#12) Co-authored-by: Kristoffer <zs-ko@users.noreply.github.com> * update lock * fix: add override for vite dependency * fix: add error messages on cache * fix: add blank to username/password if undefined * fix: add missing configurations to redis. add more catch statemsnts * doc: add REDIS_JWT_DB * add arm64 * fix: resolve vulnerabilities in get-func-name,postcss,zod * fix: update chai * disable default attestations * fix: correct image build for arm * fix: remove quemu * fix: typo in runner name * fix runner * fix: add platform to build and push resolves arm64 * fix: resolve invalid lock file --------- Co-authored-by: Kristoffer <zs-ko@users.noreply.github.com>
2023-10-13 18:29:25 +02:00
parent 2d455a0a64
commit 2a7514a923
7 changed files with 329 additions and 239 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -12,6 +12,7 @@ permissions:
 env:
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository }}
+  BUILDX_NO_DEFAULT_ATTESTATIONS: 1


 jobs:
@@ -43,6 +44,8 @@ jobs:
      
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2
+        with:
+          platforms: 'arm64,amd64'

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
@@ -80,9 +83,10 @@ jobs:
            type=raw,value=latest,enable={{is_default_branch}}
        
      - name: Build and push Docker image
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
        with:
          context: .
+          platforms: linux/amd64,linux/arm64
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
--- a/README.md
+++ b/README.md
@@ -23,3 +23,4 @@ all configuration options listed here are an extension to directus default confi
 | AUTH_PROVIDER_JWT_USEDB      | Bool              | If enabled/true the plugin will resolve the user and roles from the directus database using the token. For OIDC the sub is used. Should not be used without a Redis Cache enabled.
 | CACHE_JWT_NAMESPACE          | String            | What namespace to use in cache store.
 | CACHE_JWT_TTL                | Number            | Time to live for the cached user entry, default 5000 (5 seconds)
+| REDIS_JWT_DB                 | Number            | What database to use in Redis cache, default 2
--- a/package.json
+++ b/package.json
@@ -123,8 +123,8 @@
 		"dotenv": "^16.3.1",
 		"eslint": "^8.48.0",
 		"eslint-config-standard-with-typescript": "^37.0.0",
-		"eslint-plugin-import": "^2.25.2",
-		"eslint-plugin-n": "^15.0.0",
+		"eslint-plugin-import": "^2.28.1",
+		"eslint-plugin-n": "^15.7.0",
 		"eslint-plugin-no-loops": "^0.3.0",
 		"eslint-plugin-promise": "^6.1.1",
 		"fs-extra": "^11.1.1",
@@ -141,14 +141,17 @@
 	},
 	"dependencies": {
 		"@keyv/redis": "^2.7.0",
-		"jsonwebtoken": "^9.0.1",
+		"jsonwebtoken": "^9.0.2",
 		"jwks-rsa": "^3.0.1",
 		"keyv": "^4.5.3",
 		"openid-client": "^5.4.3"
 	},
-	"overrides": {
-		"@directus/extensions-sdk": {
-		  "vite": "4.3.9"
+	"pnpm": {
+		"overrides": {
+			"vite": "^4.3.9",
+			"get-func-name@<2.0.1": ">=2.0.1",
+			"zod@<=3.22.2": ">=3.22.3",
+			"postcss@<8.4.31": ">=8.4.31"
 		}
-	  }
+	}
 }
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
--- a/1
+++ b/1
@@ -0,0 +1 @@
+asd
--- a/src/external-jwt/cache.ts
+++ b/src/external-jwt/cache.ts
@@ -1,10 +1,14 @@
 import {default as Keyv, Store} from 'keyv';
 import env from './config/config';
 import {default as KeyvRedis} from '@keyv/redis';
+
 // check if redis is defined

 const cache: Keyv | null = getCache();

+
+
+
 function getCache(): Keyv | null {
    if(env['CACHE_ENABLED'] !== true) return null;

@@ -25,18 +29,35 @@ function getCache(): Keyv | null {
        uri = env['REDIS']
        
        if(uri == null || uri === '') {
-            uri = `redis://${env['REDIS_USERNAME']}:${env['REDIS_PASSWORD']}@${env['REDIS_HOST']}:${env['REDIS_PORT']}`;
+            uri = `redis://${env['REDIS_USERNAME'] || '' }:${env['REDIS_PASSWORD'] || ''}@${env['REDIS_HOST']}:${env['REDIS_PORT'] || '6379'} /${env['REDIS_JWT_DB'] || '2'}`;
        }

-        store = new KeyvRedis(uri);
+        try {
+            store = new KeyvRedis(uri);
+        } catch(e) {
+            throw new Error("CACHE: could not connect to database: " + e)
+        }
        
    }

-    return new Keyv(uri, {
-        namespace: namespace,
-        ttl,
-        store: store
-    });
+    try {
+        const keyv = new Keyv(uri, {
+            namespace: namespace,
+            ttl,
+            store: store
+        });
+
+        keyv.on('error', (err) => {
+            throw new Error("CACHE: could not connect: " + err)
+        });
+    
+        return  keyv
+    } catch(e) {
+        throw new Error("CACHE: could not connect to database: " + e)
+    }
+    
+
+    
 }

 export function CacheEnabled(): boolean {
--- a/src/external-jwt/config/config.ts
+++ b/src/external-jwt/config/config.ts
@@ -33,6 +33,8 @@ const allowedEnvironmentVars = [
 	'REDIS_PORT',
 	'REDIS_USERNAME',
 	'REDIS_PASSWORD',
+	'REDIS_PASSWORD_FILE',
+	'REDIS_JWT_DB',
 	// auth
 	'AUTH_PROVIDERS',
 	'AUTH_.+_DRIVER',