diff --git a/Dockerfiles/Dockerfile_frontend b/Dockerfiles/Dockerfile_frontend index c7941bc..9438070 100644 --- a/Dockerfiles/Dockerfile_frontend +++ b/Dockerfiles/Dockerfile_frontend @@ -7,15 +7,25 @@ COPY Dockerfiles/frontend_build.env /home/node/app/.env RUN npm install RUN npm run build +FROM golang:bookworm as gobuilder + +WORKDIR /usr/src/app +COPY Dockerfiles/prestart.go ./main.go +COPY Dockerfiles/go.mod ./ + +RUN go build -v -o /usr/src/app/prestart + FROM registry.access.redhat.com/ubi9/nginx-120 USER 0 RUN dnf update -y RUN chown -R 1001 /var/log/nginx ADD Dockerfiles/nginx.conf "${NGINX_DEFAULT_CONF_PATH}" COPY --from=builder /home/node/app/dist /opt/app-root/src +COPY --from=gobuilder /usr/src/app/prestart /bin/prestart + RUN chgrp -R 0 /opt/app-root/src/ && chmod -R g+rwX /opt/app-root/src/ USER 1001 -CMD sed -i "s@replaceobpapihost@$VITE_OBP_API_HOST@g" /home/app/dist/index*.js ; nginx -g "daemon off;" +CMD /bin/prestart ; nginx -g "daemon off;" diff --git a/Dockerfiles/frontend_build.env b/Dockerfiles/frontend_build.env index 4dad90d..bcd5a95 100644 --- a/Dockerfiles/frontend_build.env +++ b/Dockerfiles/frontend_build.env @@ -1,4 +1,4 @@ -VITE_OBP_API_HOST=replaceobpapihost -VITE_OBP_API_MANAGER_HOST=replaceobpapimanagerhost +VITE_OBP_API_HOST=VITE_OBP_API_HOST +VITE_OBP_API_MANAGER_HOST=VITE_OBP_API_MANAGER_HOST VITE_OBP_API_VERSION=v5.1.0 diff --git a/Dockerfiles/go.mod b/Dockerfiles/go.mod new file mode 100644 index 0000000..dacd30d --- /dev/null +++ b/Dockerfiles/go.mod @@ -0,0 +1,3 @@ +module GoHelpers + +go 1.21 diff --git a/Dockerfiles/prestart.go b/Dockerfiles/prestart.go new file mode 100644 index 0000000..c9c6e85 --- /dev/null +++ b/Dockerfiles/prestart.go @@ -0,0 +1,76 @@ +package main + +import ( + "log" + "net/url" + "os" + "path/filepath" + "regexp" + "strings" +) + +func main() { + config := []string{"VITE_OBP_API_HOST", "VITE_OBP_API_MANAGER_HOST"} + configMap := make(map[string]string) + + for _, key := range config { + rawURL := os.Getenv(key) + if rawURL == "" { + continue + } + cleanURL := checkURL(rawURL) + configMap[key] = cleanURL + } + + dir := "/opt/app-root/src/assets" + pattern := "index-.*\\.js$" + + re, err := regexp.Compile(pattern) + if err != nil { + log.Fatal(err) + } + + files, err := os.ReadDir(dir) + if err != nil { + log.Fatal(err) + } + + for _, file := range files { + if re.MatchString(file.Name()) { + filePath := filepath.Join(dir, file.Name()) + content, err := os.ReadFile(filePath) + if err != nil { + panic(err) + } + modifiedContent := string(content) + for old, new := range configMap { + modifiedContent = strings.Replace(modifiedContent, old, new, -1) + } + err = os.WriteFile(filePath, []byte(modifiedContent), 0644) + if err != nil { + panic(err) + } + } + } + +} + +func checkURL(rawURL string) string { + + parsedURL, err := url.Parse(rawURL) + if err != nil { + log.Fatal(err) + } + + validURL := regexp.MustCompile(`^https?:\/\/[^\s/$.?#].[^\s]*$`) + if !validURL.MatchString(rawURL) { + log.Fatal("Invalid URL or potential code injection detected") + } + + cleanURL := &url.URL{ + Scheme: parsedURL.Scheme, + Host: parsedURL.Host, + Path: parsedURL.Path, + } + return cleanURL.String() +}