diff --git a/.env.example b/.env.example index d0156c1d..6b5ae503 100644 --- a/.env.example +++ b/.env.example @@ -17,7 +17,7 @@ NEXT_PUBLIC_IDNOT_BASE_URL=https://qual-connexion.idnot.fr NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=/IdPOAuth2/authorize/idnot_idp_v1 NEXT_PUBLIC_IDNOT_CLIENT_ID=default_client_id NEXT_PUBLIC_IDNOT_REDIRECT_URI=http://localhost:3000/authorized-client -NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED=http://local.4nkweb.com:3000/authorized-client +NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED=https://lecoffreio.4nkweb.com/authorized-client # 4NK Configuration NEXT_PUBLIC_4NK_URL=http://localhost:3000 diff --git a/Dockerfile b/Dockerfile index f94a1ab3..92f20967 100644 --- a/Dockerfile +++ b/Dockerfile @@ -39,7 +39,7 @@ ENV NEXT_PUBLIC_BACK_API_PROTOCOL=https \ NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=/IdPOAuth2/authorize/idnot_idp_v1 \ NEXT_PUBLIC_IDNOT_CLIENT_ID=default_client_id \ NEXT_PUBLIC_IDNOT_REDIRECT_URI=http://localhost:3000/authorized-client \ - NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED=http://local.4nkweb.com:3000/authorized-client \ + NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED=https://lecoffreio.4nkweb.com/authorized-client \ NEXT_PUBLIC_4NK_URL=http://localhost:3000 \ NEXT_PUBLIC_4NK_IFRAME_URL=http://localhost:3000 \ NEXT_PUBLIC_BACK_BASE=http://localhost:8080 \ diff --git a/Dockerfile.backup_20250923_233404 b/Dockerfile.backup_20250923_233404 new file mode 100644 index 00000000..0ef337e9 --- /dev/null +++ b/Dockerfile.backup_20250923_233404 @@ -0,0 +1,198 @@ +# syntax=docker/dockerfile:1.4 +FROM debian:bookworm-slim AS deps +WORKDIR /leCoffre-front + +# Installation des dépendances de base +RUN apt-get update && apt-get upgrade -y && \ + apt-get install -y --fix-missing \ + ca-certificates curl jq git \ + net-tools iputils-ping dnsutils \ + netcat-openbsd telnet procps && \ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +# Installation de Node.js +RUN curl -fsSL https://deb.nodesource.com/setup_19.x | bash - && \ + apt-get install -y nodejs && \ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +COPY package.json ./ +COPY package-lock.json ./ + +# Installation des dépendances +RUN --mount=type=cache,target=/root/.npm \ + npm install --no-audit --no-fund + +# Configuration pour le développement +FROM debian:bookworm-slim AS development +WORKDIR /leCoffre-front + +# Installation des dépendances de base +RUN apt-get update && apt-get upgrade -y && \ + apt-get install -y --fix-missing \ + ca-certificates curl jq git \ + net-tools iputils-ping dnsutils \ + netcat-openbsd telnet procps && \ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +# Installation de Node.js +RUN curl -fsSL https://deb.nodesource.com/setup_19.x | bash - && \ + apt-get install -y nodejs && \ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +COPY --from=deps /leCoffre-front/node_modules ./node_modules +COPY --from=deps /leCoffre-front/package.json ./package.json +COPY . . + +# Création de l'utilisateur non-root +RUN useradd -m -u 1000 lecoffreuser && \ + mkdir -p /leCoffre-front && chown -R lecoffreuser:lecoffreuser /leCoffre-front + +USER lecoffreuser + +CMD ["npm", "run", "dev"] +EXPOSE 3000 + +# --- Build de production +FROM debian:bookworm-slim AS builder +WORKDIR /leCoffre-front + +# Installation des dépendances de base +RUN apt-get update && apt-get upgrade -y && \ + apt-get install -y --fix-missing \ + ca-certificates curl jq git \ + net-tools iputils-ping dnsutils \ + netcat-openbsd telnet procps && \ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +# Installation de Node.js +RUN curl -fsSL https://deb.nodesource.com/setup_19.x | bash - && \ + apt-get install -y nodejs && \ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +COPY --from=deps /leCoffre-front/node_modules ./node_modules +COPY --from=deps /leCoffre-front/package.json ./package.json +COPY . . + +# Arguments/variables d'environnement publics pour le build Next +ARG NEXT_PUBLIC_BACK_API_PROTOCOL +ARG NEXT_PUBLIC_BACK_API_HOST +ARG NEXT_PUBLIC_BACK_API_PORT +ARG NEXT_PUBLIC_BACK_API_ROOT_URL +ARG NEXT_PUBLIC_BACK_API_VERSION +ARG NEXT_PUBLIC_FRONT_APP_HOST +ARG NEXT_PUBLIC_FRONT_APP_PORT +ARG NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT +ARG NEXT_PUBLIC_IDNOT_CLIENT_ID +ARG NEXT_PUBLIC_IDNOT_BASE_URL +ARG NEXT_PUBLIC_IDNOT_REDIRECT_URI +ARG NEXT_PUBLIC_DOCAPOSTE_API_URL +ARG NEXT_PUBLIC_HOTJAR_SITE_ID +ARG NEXT_PUBLIC_HOTJAR_VERSION +ARG NEXT_PUBLIC_4NK_URL +ARG NEXT_PUBLIC_4NK_IFRAME_URL +ARG NEXT_PUBLIC_API_URL +ARG NEXT_PUBLIC_DEFAULT_VALIDATOR_ID +ARG NEXT_PUBLIC_DEFAULT_STORAGE_URLS +ARG NEXT_PUBLIC_BACK_BASE +ARG NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED + +ENV NEXT_PUBLIC_BACK_API_PROTOCOL=${NEXT_PUBLIC_BACK_API_PROTOCOL} \ + NEXT_PUBLIC_BACK_API_HOST=${NEXT_PUBLIC_BACK_API_HOST} \ + NEXT_PUBLIC_BACK_API_PORT=${NEXT_PUBLIC_BACK_API_PORT} \ + NEXT_PUBLIC_BACK_API_ROOT_URL=${NEXT_PUBLIC_BACK_API_ROOT_URL} \ + NEXT_PUBLIC_BACK_API_VERSION=${NEXT_PUBLIC_BACK_API_VERSION} \ + NEXT_PUBLIC_FRONT_APP_HOST=${NEXT_PUBLIC_FRONT_APP_HOST} \ + NEXT_PUBLIC_FRONT_APP_PORT=${NEXT_PUBLIC_FRONT_APP_PORT} \ + NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=${NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT} \ + NEXT_PUBLIC_IDNOT_CLIENT_ID=${NEXT_PUBLIC_IDNOT_CLIENT_ID} \ + NEXT_PUBLIC_IDNOT_BASE_URL=${NEXT_PUBLIC_IDNOT_BASE_URL} \ + NEXT_PUBLIC_IDNOT_REDIRECT_URI=${NEXT_PUBLIC_IDNOT_REDIRECT_URI} \ + NEXT_PUBLIC_DOCAPOSTE_API_URL=${NEXT_PUBLIC_DOCAPOSTE_API_URL} \ + NEXT_PUBLIC_HOTJAR_SITE_ID=${NEXT_PUBLIC_HOTJAR_SITE_ID} \ + NEXT_PUBLIC_HOTJAR_VERSION=${NEXT_PUBLIC_HOTJAR_VERSION} \ + NEXT_PUBLIC_4NK_URL=${NEXT_PUBLIC_4NK_URL} \ + NEXT_PUBLIC_4NK_IFRAME_URL=${NEXT_PUBLIC_4NK_IFRAME_URL} \ + NEXT_PUBLIC_API_URL=${NEXT_PUBLIC_API_URL} \ + NEXT_PUBLIC_DEFAULT_VALIDATOR_ID=${NEXT_PUBLIC_DEFAULT_VALIDATOR_ID} \ + NEXT_PUBLIC_DEFAULT_STORAGE_URLS=${NEXT_PUBLIC_DEFAULT_STORAGE_URLS} \ + NEXT_PUBLIC_BACK_BASE=${NEXT_PUBLIC_BACK_BASE} \ + NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED=${NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED} + +RUN --mount=type=cache,target=/leCoffre-front/.next/cache npm run build + +# --- Image d'exécution "ext" +FROM debian:bookworm-slim AS ext +WORKDIR /leCoffre-front + +# Installation des dépendances de base +RUN apt-get update && apt-get upgrade -y && \ + apt-get install -y --fix-missing \ + ca-certificates curl jq git \ + net-tools iputils-ping dnsutils \ + netcat-openbsd telnet procps && \ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +# Installation de Node.js +RUN curl -fsSL https://deb.nodesource.com/setup_19.x | bash - && \ + apt-get install -y nodejs && \ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +# Re-déclarer les ARG pour l'étape runtime et les exposer en ENV +ARG NEXT_PUBLIC_BACK_API_PROTOCOL +ARG NEXT_PUBLIC_BACK_API_HOST +ARG NEXT_PUBLIC_BACK_API_PORT +ARG NEXT_PUBLIC_BACK_API_ROOT_URL +ARG NEXT_PUBLIC_BACK_API_VERSION +ARG NEXT_PUBLIC_FRONT_APP_HOST +ARG NEXT_PUBLIC_FRONT_APP_PORT +ARG NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT +ARG NEXT_PUBLIC_IDNOT_CLIENT_ID +ARG NEXT_PUBLIC_IDNOT_BASE_URL +ARG NEXT_PUBLIC_IDNOT_REDIRECT_URI +ARG NEXT_PUBLIC_DOCAPOSTE_API_URL +ARG NEXT_PUBLIC_HOTJAR_SITE_ID +ARG NEXT_PUBLIC_HOTJAR_VERSION +ARG NEXT_PUBLIC_4NK_URL +ARG NEXT_PUBLIC_4NK_IFRAME_URL +ARG NEXT_PUBLIC_API_URL +ARG NEXT_PUBLIC_DEFAULT_VALIDATOR_ID +ARG NEXT_PUBLIC_DEFAULT_STORAGE_URLS +ARG NEXT_PUBLIC_BACK_BASE +ARG NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED + +ENV NODE_ENV=production \ + PORT=3000 \ + NEXT_PUBLIC_BACK_API_PROTOCOL=${NEXT_PUBLIC_BACK_API_PROTOCOL} \ + NEXT_PUBLIC_BACK_API_HOST=${NEXT_PUBLIC_BACK_API_HOST} \ + NEXT_PUBLIC_BACK_API_PORT=${NEXT_PUBLIC_BACK_API_PORT} \ + NEXT_PUBLIC_BACK_API_ROOT_URL=${NEXT_PUBLIC_BACK_API_ROOT_URL} \ + NEXT_PUBLIC_BACK_API_VERSION=${NEXT_PUBLIC_BACK_API_VERSION} \ + NEXT_PUBLIC_FRONT_APP_HOST=${NEXT_PUBLIC_FRONT_APP_HOST} \ + NEXT_PUBLIC_FRONT_APP_PORT=${NEXT_PUBLIC_FRONT_APP_PORT} \ + NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=${NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT} \ + NEXT_PUBLIC_IDNOT_CLIENT_ID=${NEXT_PUBLIC_IDNOT_CLIENT_ID} \ + NEXT_PUBLIC_IDNOT_BASE_URL=${NEXT_PUBLIC_IDNOT_BASE_URL} \ + NEXT_PUBLIC_IDNOT_REDIRECT_URI=${NEXT_PUBLIC_IDNOT_REDIRECT_URI} \ + NEXT_PUBLIC_DOCAPOSTE_API_URL=${NEXT_PUBLIC_DOCAPOSTE_API_URL} \ + NEXT_PUBLIC_HOTJAR_SITE_ID=${NEXT_PUBLIC_HOTJAR_SITE_ID} \ + NEXT_PUBLIC_HOTJAR_VERSION=${NEXT_PUBLIC_HOTJAR_VERSION} \ + NEXT_PUBLIC_4NK_URL=${NEXT_PUBLIC_4NK_URL} \ + NEXT_PUBLIC_4NK_IFRAME_URL=${NEXT_PUBLIC_4NK_IFRAME_URL} \ + NEXT_PUBLIC_API_URL=${NEXT_PUBLIC_API_URL} \ + NEXT_PUBLIC_DEFAULT_VALIDATOR_ID=${NEXT_PUBLIC_DEFAULT_VALIDATOR_ID} \ + NEXT_PUBLIC_DEFAULT_STORAGE_URLS=${NEXT_PUBLIC_DEFAULT_STORAGE_URLS} \ + NEXT_PUBLIC_BACK_BASE=${NEXT_PUBLIC_BACK_BASE} \ + NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED=${NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED} + +# Next.js standalone runtime (output: 'standalone') +COPY --from=builder /leCoffre-front/.next/standalone ./ +COPY --from=builder /leCoffre-front/.next/static ./.next/static +COPY --from=builder /leCoffre-front/public ./public + +# Création de l'utilisateur non-root +RUN useradd -m -u 1000 lecoffreuser && \ + mkdir -p /leCoffre-front && chown -R lecoffreuser:lecoffreuser /leCoffre-front +USER lecoffreuser + +EXPOSE 3000 +CMD ["node", "server.js"] \ No newline at end of file diff --git a/Dockerfile.original b/Dockerfile.original new file mode 100644 index 00000000..0ef337e9 --- /dev/null +++ b/Dockerfile.original @@ -0,0 +1,198 @@ +# syntax=docker/dockerfile:1.4 +FROM debian:bookworm-slim AS deps +WORKDIR /leCoffre-front + +# Installation des dépendances de base +RUN apt-get update && apt-get upgrade -y && \ + apt-get install -y --fix-missing \ + ca-certificates curl jq git \ + net-tools iputils-ping dnsutils \ + netcat-openbsd telnet procps && \ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +# Installation de Node.js +RUN curl -fsSL https://deb.nodesource.com/setup_19.x | bash - && \ + apt-get install -y nodejs && \ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +COPY package.json ./ +COPY package-lock.json ./ + +# Installation des dépendances +RUN --mount=type=cache,target=/root/.npm \ + npm install --no-audit --no-fund + +# Configuration pour le développement +FROM debian:bookworm-slim AS development +WORKDIR /leCoffre-front + +# Installation des dépendances de base +RUN apt-get update && apt-get upgrade -y && \ + apt-get install -y --fix-missing \ + ca-certificates curl jq git \ + net-tools iputils-ping dnsutils \ + netcat-openbsd telnet procps && \ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +# Installation de Node.js +RUN curl -fsSL https://deb.nodesource.com/setup_19.x | bash - && \ + apt-get install -y nodejs && \ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +COPY --from=deps /leCoffre-front/node_modules ./node_modules +COPY --from=deps /leCoffre-front/package.json ./package.json +COPY . . + +# Création de l'utilisateur non-root +RUN useradd -m -u 1000 lecoffreuser && \ + mkdir -p /leCoffre-front && chown -R lecoffreuser:lecoffreuser /leCoffre-front + +USER lecoffreuser + +CMD ["npm", "run", "dev"] +EXPOSE 3000 + +# --- Build de production +FROM debian:bookworm-slim AS builder +WORKDIR /leCoffre-front + +# Installation des dépendances de base +RUN apt-get update && apt-get upgrade -y && \ + apt-get install -y --fix-missing \ + ca-certificates curl jq git \ + net-tools iputils-ping dnsutils \ + netcat-openbsd telnet procps && \ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +# Installation de Node.js +RUN curl -fsSL https://deb.nodesource.com/setup_19.x | bash - && \ + apt-get install -y nodejs && \ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +COPY --from=deps /leCoffre-front/node_modules ./node_modules +COPY --from=deps /leCoffre-front/package.json ./package.json +COPY . . + +# Arguments/variables d'environnement publics pour le build Next +ARG NEXT_PUBLIC_BACK_API_PROTOCOL +ARG NEXT_PUBLIC_BACK_API_HOST +ARG NEXT_PUBLIC_BACK_API_PORT +ARG NEXT_PUBLIC_BACK_API_ROOT_URL +ARG NEXT_PUBLIC_BACK_API_VERSION +ARG NEXT_PUBLIC_FRONT_APP_HOST +ARG NEXT_PUBLIC_FRONT_APP_PORT +ARG NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT +ARG NEXT_PUBLIC_IDNOT_CLIENT_ID +ARG NEXT_PUBLIC_IDNOT_BASE_URL +ARG NEXT_PUBLIC_IDNOT_REDIRECT_URI +ARG NEXT_PUBLIC_DOCAPOSTE_API_URL +ARG NEXT_PUBLIC_HOTJAR_SITE_ID +ARG NEXT_PUBLIC_HOTJAR_VERSION +ARG NEXT_PUBLIC_4NK_URL +ARG NEXT_PUBLIC_4NK_IFRAME_URL +ARG NEXT_PUBLIC_API_URL +ARG NEXT_PUBLIC_DEFAULT_VALIDATOR_ID +ARG NEXT_PUBLIC_DEFAULT_STORAGE_URLS +ARG NEXT_PUBLIC_BACK_BASE +ARG NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED + +ENV NEXT_PUBLIC_BACK_API_PROTOCOL=${NEXT_PUBLIC_BACK_API_PROTOCOL} \ + NEXT_PUBLIC_BACK_API_HOST=${NEXT_PUBLIC_BACK_API_HOST} \ + NEXT_PUBLIC_BACK_API_PORT=${NEXT_PUBLIC_BACK_API_PORT} \ + NEXT_PUBLIC_BACK_API_ROOT_URL=${NEXT_PUBLIC_BACK_API_ROOT_URL} \ + NEXT_PUBLIC_BACK_API_VERSION=${NEXT_PUBLIC_BACK_API_VERSION} \ + NEXT_PUBLIC_FRONT_APP_HOST=${NEXT_PUBLIC_FRONT_APP_HOST} \ + NEXT_PUBLIC_FRONT_APP_PORT=${NEXT_PUBLIC_FRONT_APP_PORT} \ + NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=${NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT} \ + NEXT_PUBLIC_IDNOT_CLIENT_ID=${NEXT_PUBLIC_IDNOT_CLIENT_ID} \ + NEXT_PUBLIC_IDNOT_BASE_URL=${NEXT_PUBLIC_IDNOT_BASE_URL} \ + NEXT_PUBLIC_IDNOT_REDIRECT_URI=${NEXT_PUBLIC_IDNOT_REDIRECT_URI} \ + NEXT_PUBLIC_DOCAPOSTE_API_URL=${NEXT_PUBLIC_DOCAPOSTE_API_URL} \ + NEXT_PUBLIC_HOTJAR_SITE_ID=${NEXT_PUBLIC_HOTJAR_SITE_ID} \ + NEXT_PUBLIC_HOTJAR_VERSION=${NEXT_PUBLIC_HOTJAR_VERSION} \ + NEXT_PUBLIC_4NK_URL=${NEXT_PUBLIC_4NK_URL} \ + NEXT_PUBLIC_4NK_IFRAME_URL=${NEXT_PUBLIC_4NK_IFRAME_URL} \ + NEXT_PUBLIC_API_URL=${NEXT_PUBLIC_API_URL} \ + NEXT_PUBLIC_DEFAULT_VALIDATOR_ID=${NEXT_PUBLIC_DEFAULT_VALIDATOR_ID} \ + NEXT_PUBLIC_DEFAULT_STORAGE_URLS=${NEXT_PUBLIC_DEFAULT_STORAGE_URLS} \ + NEXT_PUBLIC_BACK_BASE=${NEXT_PUBLIC_BACK_BASE} \ + NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED=${NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED} + +RUN --mount=type=cache,target=/leCoffre-front/.next/cache npm run build + +# --- Image d'exécution "ext" +FROM debian:bookworm-slim AS ext +WORKDIR /leCoffre-front + +# Installation des dépendances de base +RUN apt-get update && apt-get upgrade -y && \ + apt-get install -y --fix-missing \ + ca-certificates curl jq git \ + net-tools iputils-ping dnsutils \ + netcat-openbsd telnet procps && \ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +# Installation de Node.js +RUN curl -fsSL https://deb.nodesource.com/setup_19.x | bash - && \ + apt-get install -y nodejs && \ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +# Re-déclarer les ARG pour l'étape runtime et les exposer en ENV +ARG NEXT_PUBLIC_BACK_API_PROTOCOL +ARG NEXT_PUBLIC_BACK_API_HOST +ARG NEXT_PUBLIC_BACK_API_PORT +ARG NEXT_PUBLIC_BACK_API_ROOT_URL +ARG NEXT_PUBLIC_BACK_API_VERSION +ARG NEXT_PUBLIC_FRONT_APP_HOST +ARG NEXT_PUBLIC_FRONT_APP_PORT +ARG NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT +ARG NEXT_PUBLIC_IDNOT_CLIENT_ID +ARG NEXT_PUBLIC_IDNOT_BASE_URL +ARG NEXT_PUBLIC_IDNOT_REDIRECT_URI +ARG NEXT_PUBLIC_DOCAPOSTE_API_URL +ARG NEXT_PUBLIC_HOTJAR_SITE_ID +ARG NEXT_PUBLIC_HOTJAR_VERSION +ARG NEXT_PUBLIC_4NK_URL +ARG NEXT_PUBLIC_4NK_IFRAME_URL +ARG NEXT_PUBLIC_API_URL +ARG NEXT_PUBLIC_DEFAULT_VALIDATOR_ID +ARG NEXT_PUBLIC_DEFAULT_STORAGE_URLS +ARG NEXT_PUBLIC_BACK_BASE +ARG NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED + +ENV NODE_ENV=production \ + PORT=3000 \ + NEXT_PUBLIC_BACK_API_PROTOCOL=${NEXT_PUBLIC_BACK_API_PROTOCOL} \ + NEXT_PUBLIC_BACK_API_HOST=${NEXT_PUBLIC_BACK_API_HOST} \ + NEXT_PUBLIC_BACK_API_PORT=${NEXT_PUBLIC_BACK_API_PORT} \ + NEXT_PUBLIC_BACK_API_ROOT_URL=${NEXT_PUBLIC_BACK_API_ROOT_URL} \ + NEXT_PUBLIC_BACK_API_VERSION=${NEXT_PUBLIC_BACK_API_VERSION} \ + NEXT_PUBLIC_FRONT_APP_HOST=${NEXT_PUBLIC_FRONT_APP_HOST} \ + NEXT_PUBLIC_FRONT_APP_PORT=${NEXT_PUBLIC_FRONT_APP_PORT} \ + NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=${NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT} \ + NEXT_PUBLIC_IDNOT_CLIENT_ID=${NEXT_PUBLIC_IDNOT_CLIENT_ID} \ + NEXT_PUBLIC_IDNOT_BASE_URL=${NEXT_PUBLIC_IDNOT_BASE_URL} \ + NEXT_PUBLIC_IDNOT_REDIRECT_URI=${NEXT_PUBLIC_IDNOT_REDIRECT_URI} \ + NEXT_PUBLIC_DOCAPOSTE_API_URL=${NEXT_PUBLIC_DOCAPOSTE_API_URL} \ + NEXT_PUBLIC_HOTJAR_SITE_ID=${NEXT_PUBLIC_HOTJAR_SITE_ID} \ + NEXT_PUBLIC_HOTJAR_VERSION=${NEXT_PUBLIC_HOTJAR_VERSION} \ + NEXT_PUBLIC_4NK_URL=${NEXT_PUBLIC_4NK_URL} \ + NEXT_PUBLIC_4NK_IFRAME_URL=${NEXT_PUBLIC_4NK_IFRAME_URL} \ + NEXT_PUBLIC_API_URL=${NEXT_PUBLIC_API_URL} \ + NEXT_PUBLIC_DEFAULT_VALIDATOR_ID=${NEXT_PUBLIC_DEFAULT_VALIDATOR_ID} \ + NEXT_PUBLIC_DEFAULT_STORAGE_URLS=${NEXT_PUBLIC_DEFAULT_STORAGE_URLS} \ + NEXT_PUBLIC_BACK_BASE=${NEXT_PUBLIC_BACK_BASE} \ + NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED=${NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED} + +# Next.js standalone runtime (output: 'standalone') +COPY --from=builder /leCoffre-front/.next/standalone ./ +COPY --from=builder /leCoffre-front/.next/static ./.next/static +COPY --from=builder /leCoffre-front/public ./public + +# Création de l'utilisateur non-root +RUN useradd -m -u 1000 lecoffreuser && \ + mkdir -p /leCoffre-front && chown -R lecoffreuser:lecoffreuser /leCoffre-front +USER lecoffreuser + +EXPOSE 3000 +CMD ["node", "server.js"] \ No newline at end of file diff --git a/Dockerfile.runtime b/Dockerfile.runtime new file mode 100644 index 00000000..1af4cefa --- /dev/null +++ b/Dockerfile.runtime @@ -0,0 +1,60 @@ +# Dockerfile optimisé pour la CI - variables injectées au runtime +FROM docker.io/library/debian:bookworm-slim + +# Installation des dépendances système +RUN apt-get update && apt-get upgrade -y && \ + apt-get install -y --fix-missing \ + ca-certificates curl jq git \ + net-tools iputils-ping dnsutils \ + netcat-openbsd telnet procps && \ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +# Installation de Node.js +RUN curl -fsSL https://deb.nodesource.com/setup_19.x | bash - && \ + apt-get install -y nodejs && \ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +WORKDIR /leCoffre-front + +# Copie des fichiers de dépendances +COPY package.json package-lock.json ./ +RUN npm install --no-audit --no-fund + +# Copie du code source +COPY . . + +# Build avec des variables d'environnement par défaut (surchargées au runtime) +RUN NEXT_PUBLIC_BACK_API_PROTOCOL=${NEXT_PUBLIC_BACK_API_PROTOCOL:-https} \ + NEXT_PUBLIC_BACK_API_HOST=${NEXT_PUBLIC_BACK_API_HOST:-localhost} \ + NEXT_PUBLIC_BACK_API_PORT=${NEXT_PUBLIC_BACK_API_PORT:-443} \ + NEXT_PUBLIC_BACK_API_ROOT_URL=${NEXT_PUBLIC_BACK_API_ROOT_URL:-/api} \ + NEXT_PUBLIC_BACK_API_VERSION=${NEXT_PUBLIC_BACK_API_VERSION:-v1} \ + NEXT_PUBLIC_FRONT_APP_HOST=${NEXT_PUBLIC_FRONT_APP_HOST:-http://localhost:3000} \ + NEXT_PUBLIC_IDNOT_BASE_URL=${NEXT_PUBLIC_IDNOT_BASE_URL:-https://qual-connexion.idnot.fr} \ + NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=${NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT:-/IdPOAuth2/authorize/idnot_idp_v1} \ + NEXT_PUBLIC_IDNOT_CLIENT_ID=${NEXT_PUBLIC_IDNOT_CLIENT_ID:-default_client_id} \ + NEXT_PUBLIC_IDNOT_REDIRECT_URI=${NEXT_PUBLIC_IDNOT_REDIRECT_URI:-http://localhost:3000/authorized-client} \ + NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED=${NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED:-https://lecoffreio.4nkweb.com/authorized-client} \ + NEXT_PUBLIC_4NK_URL=${NEXT_PUBLIC_4NK_URL:-http://localhost:3000} \ + NEXT_PUBLIC_4NK_IFRAME_URL=${NEXT_PUBLIC_4NK_IFRAME_URL:-http://localhost:3000} \ + NEXT_PUBLIC_BACK_BASE=${NEXT_PUBLIC_BACK_BASE:-http://localhost:8080} \ + NEXT_PUBLIC_API_URL=${NEXT_PUBLIC_API_URL:-http://localhost:8080/api} \ + NEXT_PUBLIC_DEFAULT_VALIDATOR_ID=${NEXT_PUBLIC_DEFAULT_VALIDATOR_ID:-default_validator_id} \ + NEXT_PUBLIC_DEFAULT_STORAGE_URLS=${NEXT_PUBLIC_DEFAULT_STORAGE_URLS:-http://localhost:8080/storage} \ + NEXT_PUBLIC_DOCAPOSTE_API_URL=${NEXT_PUBLIC_DOCAPOSTE_API_URL:-} \ + NEXT_PUBLIC_HOTJAR_SITE_ID=${NEXT_PUBLIC_HOTJAR_SITE_ID:-} \ + NEXT_PUBLIC_HOTJAR_VERSION=${NEXT_PUBLIC_HOTJAR_VERSION:-} \ + npm run build + +# Configuration runtime +EXPOSE 8080 +ENV NODE_ENV=production +ENV PORT=8080 + +# Utilisateur non-root +RUN useradd -m -u 1000 lecoffreuser && \ + mkdir -p /leCoffre-front && chown -R lecoffreuser:lecoffreuser /leCoffre-front + +USER lecoffreuser + +CMD ["node", "server.js"] diff --git a/Dockerfile.simple b/Dockerfile.simple new file mode 100644 index 00000000..16db9865 --- /dev/null +++ b/Dockerfile.simple @@ -0,0 +1,66 @@ +# Dockerfile optimisé pour la CI - build générique, variables au runtime +FROM docker.io/library/debian:bookworm-slim + +# Installation des dépendances système +RUN apt-get update && apt-get upgrade -y && \ + apt-get install -y --fix-missing \ + ca-certificates curl jq git \ + net-tools iputils-ping dnsutils \ + netcat-openbsd telnet procps && \ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +# Installation de Node.js +RUN curl -fsSL https://deb.nodesource.com/setup_19.x | bash - && \ + apt-get install -y nodejs && \ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +WORKDIR /leCoffre-front + +# Copie des fichiers de dépendances +COPY package.json package-lock.json ./ +RUN npm install --no-audit --no-fund + +# Copie du code source +COPY . . + +# Build avec des variables génériques (surchargées au runtime) +ENV NEXT_PUBLIC_BACK_API_PROTOCOL=https \ + NEXT_PUBLIC_BACK_API_HOST=localhost \ + NEXT_PUBLIC_BACK_API_PORT=443 \ + NEXT_PUBLIC_BACK_API_ROOT_URL=/api \ + NEXT_PUBLIC_BACK_API_VERSION=v1 \ + NEXT_PUBLIC_FRONT_APP_HOST=http://localhost:3000 \ + NEXT_PUBLIC_IDNOT_BASE_URL=https://qual-connexion.idnot.fr \ + NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=/IdPOAuth2/authorize/idnot_idp_v1 \ + NEXT_PUBLIC_IDNOT_CLIENT_ID=default_client_id \ + NEXT_PUBLIC_IDNOT_REDIRECT_URI=http://localhost:3000/authorized-client \ + NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED=https://lecoffreio.4nkweb.com/authorized-client \ + NEXT_PUBLIC_4NK_URL=http://localhost:3000 \ + NEXT_PUBLIC_4NK_IFRAME_URL=http://localhost:3000 \ + NEXT_PUBLIC_BACK_BASE=http://localhost:8080 \ + NEXT_PUBLIC_API_URL=http://localhost:8080/api \ + NEXT_PUBLIC_DEFAULT_VALIDATOR_ID=default_validator_id \ + NEXT_PUBLIC_DEFAULT_STORAGE_URLS=http://localhost:8080/storage \ + NEXT_PUBLIC_DOCAPOSTE_API_URL= \ + NEXT_PUBLIC_HOTJAR_SITE_ID= \ + NEXT_PUBLIC_HOTJAR_VERSION= + +RUN npm run build + +# Configuration runtime +EXPOSE 8080 +ENV NODE_ENV=production +ENV PORT=8080 + +# Copie du script de démarrage et permissions +COPY start-runtime.js ./ +RUN chmod +x start-runtime.js + +# Utilisateur non-root +RUN useradd -m -u 1000 lecoffreuser && \ + mkdir -p /leCoffre-front && chown -R lecoffreuser:lecoffreuser /leCoffre-front + +USER lecoffreuser + +# Utiliser le script de démarrage qui injecte les variables au runtime +CMD ["node", "start-runtime.js"] diff --git a/src/front/Api/Auth/IdNot/index.ts b/src/front/Api/Auth/IdNot/index.ts index 77063188..e942e18f 100644 --- a/src/front/Api/Auth/IdNot/index.ts +++ b/src/front/Api/Auth/IdNot/index.ts @@ -54,7 +54,7 @@ export default class Auth extends BaseApiService { } // 2) Build the IdNot authorization URL with fixed redirect_uri and the signed state - const fixedRedirect = variables.IDNOT_REDIRECT_URI_FIXED || 'http://local.4nkweb.com:3000/authorized-client'; + const fixedRedirect = variables.IDNOT_REDIRECT_URI_FIXED || 'https://lecoffreio.4nkweb.com/authorized-client'; const authorizeBase = `${variables.IDNOT_BASE_URL}${variables.IDNOT_AUTHORIZE_ENDPOINT}`; const scopeParam = encodeURIComponent('openid profile'); const authorizeUrl = `${authorizeBase}?client_id=${encodeURIComponent(variables.IDNOT_CLIENT_ID)}&redirect_uri=${encodeURIComponent(fixedRedirect)}&scope=${scopeParam}&response_type=code&state=${encodeURIComponent(state)}`; diff --git a/src/front/Components/Layouts/Login/StepEmail/index.tsx b/src/front/Components/Layouts/Login/StepEmail/index.tsx index 1e191f12..a83609dd 100644 --- a/src/front/Components/Layouts/Login/StepEmail/index.tsx +++ b/src/front/Components/Layouts/Login/StepEmail/index.tsx @@ -70,7 +70,7 @@ export default function StepEmail(props: IProps) { console.warn('[IDNOT] Backend returned empty state'); return; } - const fixedRedirect = variables.IDNOT_REDIRECT_URI_FIXED || 'http://local.4nkweb.com:3000/authorized-client'; + const fixedRedirect = variables.IDNOT_REDIRECT_URI_FIXED || 'https://lecoffreio.4nkweb.com/authorized-client'; const authorizeBase = `${variables.IDNOT_BASE_URL}${variables.IDNOT_AUTHORIZE_ENDPOINT}`; const scopeParam = encodeURIComponent('openid profile'); const authorizeUrl = `${authorizeBase}?client_id=${encodeURIComponent(variables.IDNOT_CLIENT_ID)}&redirect_uri=${encodeURIComponent(fixedRedirect)}&scope=${scopeParam}&response_type=code&state=${encodeURIComponent(state)}`; diff --git a/start-runtime.js b/start-runtime.js index 7dcc7e1c..bd951c50 100644 --- a/start-runtime.js +++ b/start-runtime.js @@ -16,7 +16,7 @@ const defaultEnv = { NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT: '/IdPOAuth2/authorize/idnot_idp_v1', NEXT_PUBLIC_IDNOT_CLIENT_ID: 'default_client_id', NEXT_PUBLIC_IDNOT_REDIRECT_URI: 'http://localhost:3000/authorized-client', - NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED: 'http://local.4nkweb.com:3000/authorized-client', + NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED: 'https://lecoffreio.4nkweb.com/authorized-client', NEXT_PUBLIC_4NK_URL: 'http://localhost:3000', NEXT_PUBLIC_4NK_IFRAME_URL: 'http://localhost:3000', NEXT_PUBLIC_BACK_BASE: 'http://localhost:8080',