From fdf651d1888643f877cc6180d95e1606bd520d5e Mon Sep 17 00:00:00 2001 From: mr Date: Fri, 6 Feb 2026 08:49:43 +0100 Subject: [PATCH] Add Security on NATS PEER CREATE flow + drone test --- .drone.yml | 30 ++++++++++++++++++++++++++++++ Makefile | 11 +++++++++-- controllers/peer.go | 15 +++++++++++++++ infrastructure/nats.go | 9 ++++++++- 4 files changed, 62 insertions(+), 3 deletions(-) create mode 100644 .drone.yml diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..ebdd918 --- /dev/null +++ b/.drone.yml @@ -0,0 +1,30 @@ +kind: pipeline +type: docker +name: build-and-push + +trigger: + branch: + - main + +steps: + - name: docker-login-build-push + image: docker:26 + volumes: + - name: docker_sock + path: /var/run/docker.sock + environment: + DOCKER_USERNAME: + from_secret: docker-user + DOCKER_PASSWORD: + from_secret: docker_password + DOCKER_REGISTRY: + from_secret: docker-pw + IMAGE_NAME: ghcr.io/mon-org/mon-app + commands: + - echo "$DOCKER_PASSWORD" | docker login opencloudregistry -u "$DOCKER_USERNAME" --password-stdin + - make ci + +volumes: + - name: docker_sock + host: + path: /var/run/docker.sock \ No newline at end of file diff --git a/Makefile b/Makefile index 9460927..f77c764 100644 --- a/Makefile +++ b/Makefile @@ -35,8 +35,15 @@ docker-deploy: run-docker: docker publish-kind publish-registry docker-deploy +prepare-multiarch: + docker buildx create --name multiarch --driver docker-container --use + docker run --privileged --rm tonistiigi/binfmt --install all | true + +docker-multiarch: + DOCKER_BUILDKIT=1 docker buildx build --platform linux/amd64,linux/arm64,linux/arm/v7 -t opencloudregistry/oc-peer:latest --push . + +ci: prepare-multiarch docker-multiarch + all: docker publish-kind -ci: docker publish-registry - .PHONY: build run clean docker publish-kind publish-registry diff --git a/controllers/peer.go b/controllers/peer.go index 3d9445f..93d20f0 100644 --- a/controllers/peer.go +++ b/controllers/peer.go @@ -1,7 +1,10 @@ package controllers import ( + "encoding/json" + oclib "cloud.o-forge.io/core/oc-lib" + "cloud.o-forge.io/core/oc-lib/config" "cloud.o-forge.io/core/oc-lib/dbs" "cloud.o-forge.io/core/oc-lib/models/peer" "cloud.o-forge.io/core/oc-lib/tools" @@ -199,6 +202,16 @@ func (o *PeerController) changeRelation(dest *peer.Peer, relation peer.PeerRelat "relation": relation, }, dest.GetID()) + if data.Err != "" && data.Data != nil { + b, _ := json.Marshal(data.Data) + go tools.NewNATSCaller().SetNATSPub(tools.CREATE_RESOURCE, tools.NATSResponse{ + FromApp: config.GetAppName(), + Datatype: tools.DataType(tools.PEER), + Method: int(tools.CREATE_PEER), + Payload: b, + }) + } + o.Data["json"] = data o.ServeJSON() return @@ -211,6 +224,8 @@ func (o *PeerController) changeRelation(dest *peer.Peer, relation peer.PeerRelat o.ServeJSON() } +// TODO : link + // @Title DeleteState // @Description delete state peer by peerid // @Param id path string true "the peer id you want to delete state" diff --git a/infrastructure/nats.go b/infrastructure/nats.go index 8b290e2..401e941 100644 --- a/infrastructure/nats.go +++ b/infrastructure/nats.go @@ -5,6 +5,7 @@ import ( "fmt" oclib "cloud.o-forge.io/core/oc-lib" + "cloud.o-forge.io/core/oc-lib/config" "cloud.o-forge.io/core/oc-lib/models" "cloud.o-forge.io/core/oc-lib/models/peer" "cloud.o-forge.io/core/oc-lib/tools" @@ -14,6 +15,9 @@ func ListenNATS() { fmt.Println("ListenNATS") tools.NewNATSCaller().ListenNats(map[tools.NATSMethod]func(tools.NATSResponse){ tools.CREATE_PEER: func(resp tools.NATSResponse) { + if resp.FromApp == config.GetAppName() { + return + } logger := oclib.GetLogger() m := map[string]interface{}{} err := json.Unmarshal(resp.Payload, &m) @@ -33,7 +37,10 @@ func ListenNATS() { } }, - tools.REMOVE_PEER: func(tools.NATSResponse) { + tools.REMOVE_PEER: func(resp tools.NATSResponse) { + if resp.FromApp == config.GetAppName() { + return + } p := &peer.Peer{} access := oclib.NewRequestAdmin(oclib.LibDataEnum(oclib.PEER), nil) access.DeleteOne(p.GetID())