build: devconnect deploy

dm3-org · Nov 30, 2023 · b81af55 · b81af55
1 parent a6e1b3e
commit b81af55
Show file tree

Hide file tree

Showing 12 changed files with 113 additions and 37 deletions.
diff --git a/.github/workflows/deploy-billboard.yml b/.github/workflows/deploy-billboard.yml
@@ -3,9 +3,9 @@ on: push
 
 jobs:
     messenger-demo-deploy:
+        environment: devconnect2023
         runs-on: ubuntu-latest
         # if: ${{ contains( github.ref, vars.STAGING_BRANCH) }}
-        environment: staging-billboard
         steps:
             - uses: actions/checkout@v2
             - uses: actions/setup-node@v3
@@ -28,15 +28,16 @@ jobs:
             - name: Create .env file
               env:
                   TARGET_HOST: ${{ secrets.STAGING_HOST }}
+                  TARGET_IP: ${{ secrets.IP_ADDRESS }}
               run: |
-                  echo "REACT_APP_ADDR_ENS_SUBDOMAIN=.bb-addr.dm3.eth" >> ./.env.react
-                  echo "REACT_APP_BACKEND=http://${{ secrets.STAGING_HOST }}/api" >> ./.env.react
-                  echo "REACT_APP_DEFAULT_DELIVERY_SERVICE=beta-ds.dm3.eth" >> ./.env.react
-                  echo "REACT_APP_DEFAULT_SERVICE=http://${{ secrets.STAGING_HOST }}/api" >> ./.env.react
+                  echo "REACT_APP_ADDR_ENS_SUBDOMAIN=.addr.devconnect.dm3.eth" >> ./.env.react
+                  echo "REACT_APP_BACKEND=https://${{ secrets.STAGING_HOST }}/api" >> ./.env.react
+                  echo "REACT_APP_DEFAULT_DELIVERY_SERVICE=bb-ds.devconnect.dm3.eth" >> ./.env.react
+                  echo "REACT_APP_DEFAULT_SERVICE=https://${{ secrets.STAGING_HOST }}/api" >> ./.env.react
                   echo "REACT_APP_ETHEREUM_PROVIDER=${{ secrets.REACT_APP_ETHEREUM_PROVIDER }}" >> ./.env.react
-                  echo "REACT_APP_PROFILE_BASE_URL=http://${{ secrets.STAGING_HOST }}/api" >> ./.env.react
-                  echo "REACT_APP_RESOLVER_BACKEND=http://${{ secrets.STAGING_HOST }}/resolver-handler" >> ./.env.react
-                  echo "REACT_APP_USER_ENS_SUBDOMAIN=.beta-user.dm3.eth" >> ./.env.react
+                  echo "REACT_APP_PROFILE_BASE_URL=https://${{ secrets.STAGING_HOST }}/api" >> ./.env.react
+                  echo "REACT_APP_RESOLVER_BACKEND=https://${{ secrets.STAGING_HOST }}/resolver-handler" >> ./.env.react
+                  echo "REACT_APP_USER_ENS_SUBDOMAIN=.user.devconnect.dm3.eth" >> ./.env.react
                   echo "REACT_APP_WALLET_CONNECT_PROJECT_ID=${{ secrets.REACT_APP_WALLET_CONNECT_PROJECT_ID }}" >> ./.env.react
                   echo "REACT_APP_COMMIT_HASH=${{ env.sha_short }}" >> ./.env.react
                   echo "REACT_APP_BRANCH=${{ env.branch }}" >> ./.env.react
@@ -55,7 +56,9 @@ jobs:
                   echo "interceptor=${{ secrets.INTERCEPTOR }}" >> ./.env
                   echo "DISABLE_SESSION_CHECK='true'" >> ./.env
                   echo "BILLBOARD_NAMES=${{ secrets.BILLBOARD_NAMES }}" >> ./.env
-                  envsubst '${SSL_CERTIFICATE_BASE_LOC} ${TLS_CERTIFICATE_LOCATION} ${TARGET_HOST}' < ./docker/billboard/nginx.conf > ./nginx.conf
+                  echo "CERT_MAIL=${{ secrets.CERT_MAIL }}" >> ./.env
+                  echo "URL=${{ secrets.STAGING_HOST }}" >> ./.env
+                  envsubst '${TARGET_HOST}' < ./docker/billboard/nginx.conf > ./nginx.conf
                   cat ./.env
             - name: Build docker image
               run: |
@@ -82,7 +85,7 @@ jobs:
             - name: Firewall config
               run: |
                   ssh -i ./ssh-key root@${{ secrets.STAGING_HOST }} "\
-                  ufw allow from 172.18.0.1/16 proto tcp to ${{ secrets.STAGING_HOST }} port 80"
+                  ufw allow from 172.18.0.1/16 proto tcp to ${{ secrets.IP_ADDRESS }} port 80"
             - name: Start
               run: |
                   ssh -i ./ssh-key app@${{ secrets.STAGING_HOST }} "\

diff --git a/docker/billboard/docker-compose.yml b/docker/billboard/docker-compose.yml
@@ -11,6 +11,9 @@ services:
       - ccip-resolver
     volumes:
       - ./nginx.conf:/etc/nginx/nginx.conf
+      - web-root:/var/www/html
+      - certbot-etc:/etc/letsencrypt
+      - certbot-var:/var/lib/letsencrypt
     ports:
       - "80:80"
       - "443:443"
@@ -92,6 +95,17 @@ services:
   #     REACT_APP_WALLET_CONNECT_PROJECT_ID: ${REACT_APP_WALLET_CONNECT_PROJECT_ID}
   #     RESOLVER_ADDR: ${RESOLVER_ADDR}
 
+  certbot:
+    image: certbot/certbot
+    container_name: certbot
+    volumes:
+      - certbot-etc:/etc/letsencrypt
+      - certbot-var:/var/lib/letsencrypt
+      - web-root:/var/www/html
+    depends_on:
+      - nginx
+    command: certonly --webroot --webroot-path=/var/www/html --email ${CERT_MAIL} --agree-tos --no-eff-email -d ${URL}
+
   ccip-resolver:
     image: dm3org/ccip-resolver:v0.2.7
     restart: always
@@ -103,10 +117,18 @@ services:
       LOG_LEVEL: debug
       CONFIG: |
         {
-          "0x26139b2349282de5ee2bd9c7a53171a28d6a6c84": {
+          "0xc9bf092673b3a066df088a2a911e23e9b69b82f2": {
             "type": "signing",
             "handlerUrl": "http://offchain-resolver:8082"
           }
         }
       PORT: 8181
-
+volumes:
+  certbot-etc:
+  certbot-var:
+  web-root:
+    driver: local
+    driver_opts:
+      type: none
+      device: /home/app/dm3/webroot/
+      o: bind
diff --git a/docker/billboard/nginx.conf b/docker/billboard/nginx.conf
@@ -11,6 +11,23 @@ http {
         listen 80;
         server_name ${TARGET_HOST};
 
+        return 301 https://$server_name$request_uri;
+    }
+
+    server {
+        listen 80;
+        server_name ${TARGET_IP};
+
+        return 301 https://${TARGET_HOST}$request_uri;
+    }
+
+    server {
+        listen 443 ssl;
+        server_name ${TARGET_HOST};
+
+        ssl_certificate /etc/letsencrypt/live/${TARGET_HOST}/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/${TARGET_HOST}/privkey.pem;
+
         # location  / {
         #     limit_req zone=standardlimit burst=50;
         #     proxy_pass http://web:8080;
@@ -30,7 +47,7 @@ http {
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header X-Forwarded-Proto $scheme;
-
+            proxy_ssl_verify off;
             proxy_redirect off;
         }
 
@@ -42,7 +59,7 @@ http {
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header X-Forwarded-Proto $scheme;
-
+            proxy_ssl_verify off;
             proxy_redirect off;
         }
 
@@ -54,7 +71,7 @@ http {
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header X-Forwarded-Proto $scheme;
-
+            proxy_ssl_verify off;
             proxy_redirect off;
         }
 
@@ -66,7 +83,7 @@ http {
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header X-Forwarded-Proto $scheme;
-
+            proxy_ssl_verify off;
             proxy_redirect off;
         }
 
@@ -79,6 +96,7 @@ http {
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-Proto $scheme;
             proxy_redirect off;
+            proxy_ssl_verify off;
             proxy_set_header Host $host;
         }
 
@@ -95,6 +113,11 @@ http {
             proxy_set_header Host $host;
         }
 
+        location ~ /.well-known/acme-challenge {
+            allow all;
+            root /var/www/html;
+        }
+
 
     }
 }
diff --git a/packages/backend/src/rpc/methods/handleSubmitMessage.ts b/packages/backend/src/rpc/methods/handleSubmitMessage.ts
@@ -62,7 +62,7 @@ export async function handleSubmitMessage(
     } catch (error) {
         global.logger.warn({
             method: 'RPC SUBMIT MESSAGE',
-            error,
+            error: JSON.stringify(error),
         });
         logError({
             text: '[handleSubmitMessage]',

diff --git a/packages/billboard-client/test/helper/mockUserProfile.ts b/packages/billboard-client/test/helper/mockUserProfile.ts
@@ -1,6 +1,7 @@
 import { createStorageKey, getStorageKeyCreationMessage } from 'dm3-lib-crypto';
 import {
     Account,
+    DEFAULT_NONCE,
     ProfileKeys,
     SignedUserProfile,
     UserProfile,
@@ -24,17 +25,14 @@ export const mockUserProfile = async (
     stringified: string;
 }> => {
     const storageKeyCreationMessage = getStorageKeyCreationMessage(
-        '0xca8f04fdc80d659997f69b02',
+        DEFAULT_NONCE,
         wallet.address,
     );
 
     const storageKeySig = await wallet.signMessage(storageKeyCreationMessage);
 
     const storageKey = await createStorageKey(storageKeySig);
-    const profileKeys = await createProfileKeys(
-        storageKey,
-        '0xca8f04fdc80d659997f69b02',
-    );
+    const profileKeys = await createProfileKeys(storageKey, DEFAULT_NONCE);
 
     const profile: UserProfile = {
         publicSigningKey: profileKeys.signingKeyPair.publicKey,
@@ -43,6 +41,7 @@ export const mockUserProfile = async (
     };
     const createUserProfileMessage = getProfileCreationMessage(
         stringify(profile),
+        wallet.address,
     );
     const userProfileSig = await wallet.signMessage(createUserProfileMessage);
 

diff --git a/packages/billboard-widget/src/hooks/useAuth.ts b/packages/billboard-widget/src/hooks/useAuth.ts
@@ -88,7 +88,7 @@ export const useAuth = (
             wallet.address,
         );
 
-        const ensName = `${clientProps.siweAddress}.bb-user.dm3.eth`;
+        const ensName = `${clientProps.siweAddress}.${clientProps.userEnsDoamin}`;
 
         //Finally we've to submmit the profile to the deliveryService
         const token = await DeliveryServiceClient(

diff --git a/packages/billboard-widget/src/types.ts b/packages/billboard-widget/src/types.ts
@@ -66,4 +66,5 @@ export type ClientProps = {
     siweAddress?: string;
     siweSig?: string;
     siweMessage?: string;
+    userEnsDoamin: string;
 };
diff --git a/packages/cli/profile/index.ts b/packages/cli/profile/index.ts
@@ -6,6 +6,7 @@ import {
     getProfileCreationMessage,
     SignedUserProfile,
     UserProfile,
+    DEFAULT_NONCE,
 } from 'dm3-lib-profile';
 import { ethers } from 'ethers';
 import { getSanitizedWallet } from '../sanitizer/getSanitizedWallet';
@@ -18,25 +19,23 @@ const newProfile = async (program: Command) => {
             'error: option --deliveryService <deliveryService> argument missing',
         );
     }
-    const storageKeyCreationMessage = getStorageKeyCreationMessage(
-        '0xca8f04fdc80d659997f69b02',
-    );
 
     const profileWallet = getSanitizedWallet(
         program,
         profilePk ?? ethers.Wallet.createRandom().privateKey,
         'profilePk',
     );
+    const storageKeyCreationMessage = getStorageKeyCreationMessage(
+        DEFAULT_NONCE,
+        profileWallet.address,
+    );
 
     const storageKeySig = await profileWallet.signMessage(
         storageKeyCreationMessage,
     );
 
     const storageKey = await createStorageKey(storageKeySig);
-    const profileKeys = await createProfileKeys(
-        storageKey,
-        '0xca8f04fdc80d659997f69b02',
-    );
+    const profileKeys = await createProfileKeys(storageKey, DEFAULT_NONCE);
 
     const profile: UserProfile = {
         publicSigningKey: profileKeys.signingKeyPair.publicKey,
@@ -55,6 +54,7 @@ const newProfile = async (program: Command) => {
 
     const profileCreationMessage = getProfileCreationMessage(
         stringify(profile),
+        profileWallet.address,
     );
 
     const profileSig = await profileWallet.signMessage(profileCreationMessage);

diff --git a/packages/lib/delivery/src/Messages.ts b/packages/lib/delivery/src/Messages.ts
@@ -138,12 +138,18 @@ export async function incomingMessage(
 
     if (!tokenIsValid) {
         //Token is invalid
+        logDebug({
+            text: 'incomingMessage token invalid',
+        });
         throw Error('Token check failed');
     }
 
     //Retrives the session of the receiver
     const receiverSession = await getSession(deliveryInformation.to);
     if (!receiverSession) {
+        logDebug({
+            text: 'incomingMessage unknown session',
+        });
         throw Error('unknown session');
     }
     logDebug({
@@ -155,6 +161,9 @@ export async function incomingMessage(
 
     //Checkes if the message is spam
     if (await isSpam(provider, receiverSession, deliveryInformation)) {
+        logDebug({
+            text: 'incomingMessage is spam',
+        });
         throw Error('Message does not match spam criteria');
     }
 

diff --git a/packages/lib/delivery/src/Session.ts b/packages/lib/delivery/src/Session.ts
@@ -1,5 +1,6 @@
 import { ethers } from 'ethers';
 import { ProfileExtension, SignedUserProfile } from 'dm3-lib-profile';
+import { logDebug } from 'dm3-lib-shared';
 
 //1Year
 const TTL = 31536000000;
@@ -23,30 +24,45 @@ export async function checkToken(
     ensName: string,
     token: string,
 ): Promise<boolean> {
+    logDebug({
+        text: 'checkToken',
+    });
     const address = await provider.resolveName(ensName);
 
     if (!address) {
         // Couln't resolve ENS name
+        logDebug({
+            text: `checkToken - Couln't resolve ENS name`,
+        });
         return false;
     }
 
     const session = await getSession(ensName.toLocaleLowerCase());
 
-    //There is now account for the requesting accoung
+    //There is no account for the requesting accoung
     if (!session) {
+        logDebug({
+            text: `checkToken - There is no account for the requesting accoung`,
+        });
         return false;
     }
 
     const tokenIsValid = token === session.token;
 
     //The account has a session but the token is wrong
     if (!tokenIsValid) {
+        logDebug({
+            text: `checkToken - The account has a session but the token is wrong`,
+        });
         return false;
     }
 
     const isTokenExpired = session.createdAt + TTL < new Date().getTime();
     //The token is exceeded
     if (isTokenExpired) {
+        logDebug({
+            text: `checkToken - The token is exceeded`,
+        });
         return false;
     }