Add Security on NATS PEER CREATE flow + drone test

.drone.yml

@@ -0,0 +1,30 @@
+kind: pipeline
+type: docker
+name: build-and-push
+
+trigger:
+  branch:
+    - main
+
+steps:
+  - name: docker-login-build-push
+    image: docker:26
+    volumes:
+      - name: docker_sock
+        path: /var/run/docker.sock
+    environment:
+      DOCKER_USERNAME:
+        from_secret: docker-user
+      DOCKER_PASSWORD:
+        from_secret: docker_password
+      DOCKER_REGISTRY:
+        from_secret: docker-pw
+      IMAGE_NAME: ghcr.io/mon-org/mon-app
+    commands:
+      - echo "$DOCKER_PASSWORD" | docker login opencloudregistry -u "$DOCKER_USERNAME" --password-stdin
+      - make ci
+
+volumes:
+  - name: docker_sock
+    host:
+      path: /var/run/docker.sock

Makefile

@@ -35,8 +35,15 @@ docker-deploy:
 
 run-docker: docker publish-kind publish-registry docker-deploy
 
+prepare-multiarch:
+	docker buildx create --name multiarch --driver docker-container --use
+	docker run --privileged --rm tonistiigi/binfmt --install all | true
+
+docker-multiarch:
+	DOCKER_BUILDKIT=1 docker buildx build --platform linux/amd64,linux/arm64,linux/arm/v7 -t opencloudregistry/oc-peer:latest --push .
+
+ci: prepare-multiarch docker-multiarch
+
 all: docker publish-kind 
 
-ci: docker publish-registry
-
 .PHONY: build run clean docker publish-kind publish-registry

controllers/peer.go

@@ -1,7 +1,10 @@
 package controllers
 
 import (
+	"encoding/json"
+
 	oclib "cloud.o-forge.io/core/oc-lib"
+	"cloud.o-forge.io/core/oc-lib/config"
 	"cloud.o-forge.io/core/oc-lib/dbs"
 	"cloud.o-forge.io/core/oc-lib/models/peer"
 	"cloud.o-forge.io/core/oc-lib/tools"
@@ -199,6 +202,16 @@ func (o *PeerController) changeRelation(dest *peer.Peer, relation peer.PeerRelat
 			"relation": relation,
 		}, dest.GetID())
 
+		if data.Err != "" && data.Data != nil {
+			b, _ := json.Marshal(data.Data)
+			go tools.NewNATSCaller().SetNATSPub(tools.CREATE_RESOURCE, tools.NATSResponse{
+				FromApp:  config.GetAppName(),
+				Datatype: tools.DataType(tools.PEER),
+				Method:   int(tools.CREATE_PEER),
+				Payload:  b,
+			})
+		}
+
 		o.Data["json"] = data
 		o.ServeJSON()
 		return
@@ -211,6 +224,8 @@ func (o *PeerController) changeRelation(dest *peer.Peer, relation peer.PeerRelat
 	o.ServeJSON()
 }
 
+// TODO : link
+
 // @Title DeleteState
 // @Description delete state peer by peerid
 // @Param	id		path 	string	true		"the peer id you want to delete state"

infrastructure/nats.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 
 	oclib "cloud.o-forge.io/core/oc-lib"
+	"cloud.o-forge.io/core/oc-lib/config"
 	"cloud.o-forge.io/core/oc-lib/models"
 	"cloud.o-forge.io/core/oc-lib/models/peer"
 	"cloud.o-forge.io/core/oc-lib/tools"
@@ -14,6 +15,9 @@ func ListenNATS() {
 	fmt.Println("ListenNATS")
 	tools.NewNATSCaller().ListenNats(map[tools.NATSMethod]func(tools.NATSResponse){
 		tools.CREATE_PEER: func(resp tools.NATSResponse) {
+			if resp.FromApp == config.GetAppName() {
+				return
+			}
 			logger := oclib.GetLogger()
 			m := map[string]interface{}{}
 			err := json.Unmarshal(resp.Payload, &m)
@@ -33,7 +37,10 @@ func ListenNATS() {
 			}
 
 		},
-		tools.REMOVE_PEER: func(tools.NATSResponse) {
+		tools.REMOVE_PEER: func(resp tools.NATSResponse) {
+			if resp.FromApp == config.GetAppName() {
+				return
+			}
 			p := &peer.Peer{}
 			access := oclib.NewRequestAdmin(oclib.LibDataEnum(oclib.PEER), nil)
 			access.DeleteOne(p.GetID())