micord/ervu-eks
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: micord:986018890c8cffd4bfe80b2b3dd15c6528f2b000
Branches Tags
micord:develop
...
compare: micord:24c03f367e53f6b8ad4dcc35cc0e49f5926a4203
Branches Tags
micord:develop

12 commits
986018890c ... 24c03f367e

Author SHA1 Message Date
kochetkov
24c03f367e Merge remote-tracking branch 'origin/master' into develop 2025-12-03 08:47:18 +03:00
Pavel Zilke
809df2b6bc delete old cde Dockerfile 2025-11-25 23:44:49 +03:00
Pavel Zilke
b5d1982b63 fix 2025-11-25 23:15:20 +03:00
Pavel Zilke
47a3233265 fix 2025-11-25 22:38:55 +03:00
Pavel Zilke
40568eb467 update config/.env 2025-11-25 21:00:15 +03:00
adel.ka
49c3b042f3 Update for next development version 2025-11-21 18:31:02 +03:00
adel.ka
9a7f1e1168 Merge branch 'master' into develop 
# Conflicts:
#	backend/pom.xml
#	config-data-executor/pom.xml
#	frontend/pom.xml
#	pom.xml
#	resources/pom.xml
 2025-11-21 18:29:10 +03:00
adel.ka
84b08ce448 Merge branch 'hotfix/1.1.5' 2025-11-21 18:18:04 +03:00
adel.ka
6302e630ab Update for next development version 2025-11-21 18:15:39 +03:00
adel.ka
682d3b1bcc DocumentBuilderFactory DTD fix 2025-11-21 18:14:04 +03:00
Eduard Tihomiorv
ffcd582f46 Update for next development version 2025-11-21 14:37:35 +03:00
Eduard Tihomiorv
297ab97d09 Merge branch 'master' into develop 2025-11-21 14:36:54 +03:00
11 changed files with 46 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

21
Dockerfile
View file

@ -1,5 +1,5 @@
ARG BUILDER_IMAGE=nexus.ervu.rt-sk.ru/ervu-base/alpine:3.22.1
ARG RUNTIME_IMAGE=nexus.ervu.rt-sk.ru/ervu-base/alpine:3.22.1
ARG BUILDER_IMAGE=nexus.ervu.rt-sk.ru/ervu-base/alpine:3.22.2
ARG RUNTIME_IMAGE=nexus.ervu.rt-sk.ru/ervu-base/alpine:3.22.2
FROM $BUILDER_IMAGE AS builder
@ -35,11 +35,20 @@ RUN rm -f /etc/apk/repositories \
ENV BACKEND_URL=http://localhost:8080
ENV CONFIG_DATA_EXECUTOR_URL=http://localhost:8080/api
COPY config/nginx.conf /etc/nginx/nginx.conf
COPY --from=builder /app/frontend/dist /usr/share/nginx/html
COPY --from=builder /app/backend/target/*.jar /home/app/backend.jar
COPY --from=builder /app/config-data-executor/target/*.jar /home/app/cde.jar
EXPOSE 80
RUN addgroup --system --gid 1002 app \
&& adduser -S app -u 1002 -G app \
&& adduser -S cde -u 1003 -G app
COPY config/nginx.conf /etc/nginx/nginx.conf
COPY --from=builder /app/frontend/dist /usr/share/nginx/html
COPY --from=builder /app/backend/target/*.jar /home/app/backend.jar
COPY --from=builder /app/config-data-executor/target/*.jar /home/cde/cde.jar
USER app
WORKDIR /home/app
ENTRYPOINT ["java", "-jar", "/home/app/backend.jar"]

2
backend/pom.xml
View file

@ -5,7 +5,7 @@
<parent>
<groupId>ru.micord.ervu</groupId>
<artifactId>eks</artifactId>
<version>1.1.5-SNAPSHOT</version>
<version>1.2.0-SNAPSHOT</version>
</parent>
<groupId>ru.micord.ervu.eks</groupId>
<artifactId>backend</artifactId>

4
config-data-executor/Dockerfile
View file

@ -1,4 +0,0 @@
FROM bellsoft/liberica-openjdk-alpine:17-cds
COPY target/*.jar app.jar
CMD ["java", "-jar", "app.jar"]

2
config-data-executor/pom.xml
View file

@ -6,7 +6,7 @@
<parent>
<groupId>ru.micord.ervu</groupId>
<artifactId>eks</artifactId>
<version>1.1.5-SNAPSHOT</version>
<version>1.2.0-SNAPSHOT</version>
</parent>
<groupId>ru.micord.ervu.eks</groupId>
<artifactId>config-data-executor</artifactId>

20
config-data-executor/src/main/java/org/micord/service/RequestService.java
View file

@ -23,6 +23,7 @@ import java.util.stream.IntStream;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import jakarta.annotation.PostConstruct;
import org.micord.config.ArangoDBConnection;
import org.micord.config.DatabaseConnection;
import org.micord.config.S3HttpConnection;
@ -56,12 +57,18 @@ public class RequestService {
private static final Logger logger = LoggerFactory.getLogger(RequestService.class);
private DocumentBuilderFactory secureDocumentFactory;
@Autowired
private HttpClient httpClient;
@Autowired
private ValidationService validationService;
@PostConstruct
public void init() {
secureDocumentFactory = createSecureDocumentBuilderFactory();
}
private void processS3Request(S3Request request, RequestParameters parameters, Map<String, Boolean> validationResults) {
logger.info("B. Starting processing of single S3 request");
try {
@ -219,8 +226,7 @@ public class RequestService {
private void handleErrorResponse(HttpResponse<String> response, String file) {
try {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
DocumentBuilder builder = factory.newDocumentBuilder();
DocumentBuilder builder = secureDocumentFactory.newDocumentBuilder();
InputSource is = new InputSource(new StringReader(response.body()));
Document doc = builder.parse(is);
Element root = doc.getDocumentElement();
@ -703,4 +709,14 @@ public class RequestService {
}
}
private DocumentBuilderFactory createSecureDocumentBuilderFactory() {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
try {
factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
}
catch (Exception e) {
throw new RuntimeException("Failed to secure XML parser", e);
}
return factory;
}
}

2
config/.env
View file

@ -1 +1 @@
IMAGE=eks-app:latest
IMAGE=eks-app:1.1.5

7
config/docker-compose.yaml
View file

@ -14,6 +14,8 @@ services:
eks-backend:
image: ${IMAGE:-eks-app:latest}
user: app
working_dir: /home/app
depends_on:
- db
entrypoint: ["java", "-jar", "/home/app/backend.jar"]
@ -25,6 +27,7 @@ services:
eks-frontend:
image: ${IMAGE:-eks-app:latest}
user: "101:102"
depends_on:
- eks-backend
ports:
@ -35,7 +38,9 @@ services:
eks-cde:
image: ${IMAGE:-eks-app:latest}
entrypoint: ["java", "-jar", "/home/app/cde.jar"]
user: cde
working_dir: /home/cde
entrypoint: ["java", "-jar", "/home/cde/cde.jar"]
volumes:
- ./cde-xml:/cde-xml
environment:

9
config/nginx.conf
View file

@ -19,16 +19,10 @@ http {
gzip on;
gzip_types text/plain text/css text/xml application/x-javascript application/atom+xml;
log_format nginx_main
'$remote_addr - $remote_user [$time_local] $request '
'"$status" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'"$request_filename" "$gzip_ratio" $upstream_response_time server: $host : $document_root $fastcgi_script_name ';
server {
listen 80 default;
access_log /var/log/nginx/access.log nginx_main;
access_log /var/log/nginx/access.log combined;
error_log /var/log/nginx/error.log error;
root /usr/share/nginx/html;
@ -74,7 +68,6 @@ http {
proxy_pass http://eks-backend:8080/ervu-eks/;
proxy_set_header Accept application/json;
add_header Content-Type application/json;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

2
frontend/pom.xml
View file

@ -4,7 +4,7 @@
<parent>
<groupId>ru.micord.ervu</groupId>
<artifactId>eks</artifactId>
<version>1.1.5-SNAPSHOT</version>
<version>1.2.0-SNAPSHOT</version>
</parent>
<groupId>ru.micord.ervu.eks</groupId>

2
pom.xml
View file

@ -4,7 +4,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>ru.micord.ervu</groupId>
<artifactId>eks</artifactId>
<version>1.1.5-SNAPSHOT</version>
<version>1.2.0-SNAPSHOT</version>
<packaging>pom</packaging>
<modules>
<module>backend</module>

2
resources/pom.xml
View file

@ -4,7 +4,7 @@
<parent>
<groupId>ru.micord.ervu</groupId>
<artifactId>eks</artifactId>
<version>1.1.5-SNAPSHOT</version>
<version>1.2.0-SNAPSHOT</version>
</parent>
<groupId>ru.micord.ervu.eks</groupId>