Adding github actions for oidc-ui

.github/workflows/push-trigger.yml

@@ -10,14 +10,14 @@ on:
   workflow_dispatch:
     inputs:
       message:
-        description: 'Message for manually triggering'
+        description: "Message for manually triggering"
         required: false
-        default: 'Triggered for Updates'
+        default: "Triggered for Updates"
         type: string
 
   push:
     branches:
-      - '!release-branch'
+      - "!release-branch"
       - master
       - develop
       - develop-go
@@ -29,7 +29,7 @@ jobs:
     with:
       SERVICE_LOCATION: ./esignet-service
       BUILD_BINARY: esignet
-      GO_VERSION: '1.26'
+      GO_VERSION: "1.26"
 
     secrets:
       SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
@@ -55,8 +55,8 @@ jobs:
     strategy:
       matrix:
         include:
-          - SERVICE_LOCATION: 'esignet-service'
-            SERVICE_NAME: 'esignet'
+          - SERVICE_LOCATION: "esignet-service"
+            SERVICE_NAME: "esignet"
             ONLY_DOCKER: true
             PLATFORMS: "linux/amd64,linux/arm64"
 
@@ -76,4 +76,47 @@ jobs:
       DEV_NAMESPACE_DOCKER_HUB: ${{ secrets.DEV_NAMESPACE_DOCKER_HUB }}
       ACTOR_DOCKER_HUB: ${{ secrets.ACTOR_DOCKER_HUB }}
       RELEASE_DOCKER_HUB: ${{ secrets.RELEASE_DOCKER_HUB }}
-      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
+      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
+
+  build-oidc-ui:
+    uses: mosip/kattu/.github/workflows/npm-build.yml@develop
+    with:
+      SERVICE_LOCATION: oidc-ui
+      BUILD_ARTIFACT: oidc
+      NPM_BUILD_TYPE: BOB
+      NODE_VERSION: "18"
+      ZIP_DIR: build
+    secrets:
+      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
+
+  sonar-analysis-oidc-ui:
+    needs: build-oidc-ui
+    if: "${{ github.event_name != 'pull_request' }}"
+    uses: mosip/kattu/.github/workflows/npm-sonar-analysis.yml@develop
+    with:
+      SERVICE_LOCATION: oidc-ui
+      NPM_BUILD_TYPE: BOB
+    secrets:
+      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      ORG_KEY: ${{ secrets.ORG_KEY }}
+      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
+
+  build_dockers_oidc_ui:
+    strategy:
+      matrix:
+        include:
+          - SERVICE_LOCATION: "oidc-ui"
+            SERVICE_NAME: "oidc-ui"
+            SQUASH_LAYERS: "13"
+      fail-fast: false
+    name: ${{ matrix.SERVICE_NAME }}
+    uses: mosip/kattu/.github/workflows/docker-build.yml@master-java21
+    with:
+      SERVICE_LOCATION: ${{ matrix.SERVICE_LOCATION }}
+      SERVICE_NAME: ${{ matrix.SERVICE_NAME }}
+      SQUASH_LAYERS: ${{ matrix.SQUASH_LAYERS }}
+    secrets:
+      DEV_NAMESPACE_DOCKER_HUB: ${{ secrets.DEV_NAMESPACE_DOCKER_HUB }}
+      ACTOR_DOCKER_HUB: ${{ secrets.ACTOR_DOCKER_HUB }}
+      RELEASE_DOCKER_HUB: ${{ secrets.RELEASE_DOCKER_HUB }}
+      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}

helm/oidc-ui/templates/configmap.yaml

@@ -21,6 +21,7 @@ data:
     http {
       access_log /var/log/nginx/access1.log;
       error_log /var/log/nginx/error1.log;
+
       server {
         listen {{ .Values.oidc_ui.oidc_ui_port }};
         server_name  localhost;
@@ -35,7 +36,18 @@ data:
         gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
 
         location /v1/esignet {
-          proxy_pass         http://{{ .Values.oidc_ui.oidc_service_host }}/v1/esignet;
+          proxy_pass         http://{{ .Values.oidc_ui.oidc_service_host }}/;
+          proxy_redirect     off;
+          proxy_set_header   Host $host;
+          proxy_set_header   X-Real-IP $remote_addr;
+          proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header   X-Forwarded-Host $server_name;
+          add_header Content-Security-Policy "default-src 'none'" always;
+          add_header Referrer-Policy "no-referrer" always;
+        }
+
+        location /v1/esignet/actuator/ {
+          proxy_pass         http://{{ .Values.oidc_ui.oidc_service_host }}/;
           proxy_redirect     off;
           proxy_set_header   Host $host;
           proxy_set_header   X-Real-IP $remote_addr;
@@ -54,6 +66,9 @@ data:
           proxy_set_header   X-Forwarded-Host $server_name;
           add_header Content-Security-Policy "default-src 'none'" always;
           add_header Referrer-Policy "no-referrer" always;
+          add_header 'Access-Control-Allow-Origin' '*' always;
+          add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS' always;
+          add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
           types {
             text/plain log cer json txt;
           }
@@ -68,6 +83,9 @@ data:
           proxy_set_header   X-Forwarded-Host $server_name;
           add_header Content-Security-Policy "default-src 'none'" always;
           add_header Referrer-Policy "no-referrer" always;
+          add_header 'Access-Control-Allow-Origin' '*' always;
+          add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS' always;
+          add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
           types {
             text/plain log cer json txt;
           }
@@ -82,6 +100,9 @@ data:
           proxy_set_header   X-Forwarded-Host $server_name;
           add_header Content-Security-Policy "default-src 'none'" always;
           add_header Referrer-Policy "no-referrer" always;
+          add_header 'Access-Control-Allow-Origin' '*' always;
+          add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS' always;
+          add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
           types {
             text/plain log cer json txt;
           }
@@ -96,6 +117,9 @@ data:
           proxy_set_header   X-Forwarded-Host $server_name;
           add_header Content-Security-Policy "default-src 'none'" always;
           add_header Referrer-Policy "no-referrer" always;
+          add_header 'Access-Control-Allow-Origin' '*' always;
+          add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS' always;
+          add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
           types {
             text/plain log cer json txt;
           }

oidc-ui/nginx/nginx.conf

@@ -1,16 +1,17 @@
+nginx.conf
 worker_processes  1;
 
 events {
   worker_connections  1024;
 }
 
 http {
-  access_log /var/log/nginx/access.log;
-  error_log /var/log/nginx/error.log;
+  access_log /var/log/nginx/access1.log;
+  error_log /var/log/nginx/error1.log;
+
   server {
     listen 3000;
     server_name  localhost;
-    server_tokens off;
 
     root   /usr/share/nginx/html;
     index  index.html index.htm;
@@ -22,64 +23,90 @@ http {
     gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
 
     location /v1/esignet/ {
-      proxy_pass         http://esignet.esignet/v1/esignet/;
+      proxy_pass         http://esignet.esignet/;
       proxy_redirect     off;
       proxy_set_header   Host $host;
       proxy_set_header   X-Real-IP $remote_addr;
       proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header   X-Forwarded-Host $server_name;
       add_header Content-Security-Policy "default-src 'none'" always;
       add_header Referrer-Policy "no-referrer" always;
-      proxy_connect_timeout 10s;
-      proxy_send_timeout 30s;
-      proxy_read_timeout 30s;
     }
-    
-    location /.well-known/openid-configuration {
-      proxy_pass         http://esignet.esignet/v1/esignet/oidc/.well-known/openid-configuration;
+
+    location /v1/esignet/actuator/ {
+      proxy_pass         http://esignet.esignet/;
       proxy_redirect     off;
       proxy_set_header   Host $host;
       proxy_set_header   X-Real-IP $remote_addr;
       proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header   X-Forwarded-Host $server_name;
       add_header Content-Security-Policy "default-src 'none'" always;
       add_header Referrer-Policy "no-referrer" always;
-      proxy_connect_timeout 10s;
-      proxy_send_timeout 30s;
-      proxy_read_timeout 30s;
     }
 
     location /.well-known/jwks.json {
-      proxy_pass         http://esignet.esignet/v1/esignet/oauth/.well-known/jwks.json;
+      proxy_pass         http://esignet.esignet/.well-known/jwks.json;
       proxy_redirect     off;
       proxy_set_header   Host $host;
       proxy_set_header   X-Real-IP $remote_addr;
       proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header   X-Forwarded-Host $server_name;
       add_header Content-Security-Policy "default-src 'none'" always;
       add_header Referrer-Policy "no-referrer" always;
-      proxy_connect_timeout 10s;
-      proxy_send_timeout 30s;
-      proxy_read_timeout 30s;
+      add_header 'Access-Control-Allow-Origin' '*' always;
+      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS' always;
+      add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
+      types {
+        text/plain log cer json txt;
+      }
+    }
+
+    location /.well-known/openid-configuration {
+      proxy_pass         http://esignet.esignet/.well-known/openid-configuration;
+      proxy_redirect     off;
+      proxy_set_header   Host $host;
+      proxy_set_header   X-Real-IP $remote_addr;
+      proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header   X-Forwarded-Host $server_name;
+      add_header Content-Security-Policy "default-src 'none'" always;
+      add_header Referrer-Policy "no-referrer" always;
+      add_header 'Access-Control-Allow-Origin' '*' always;
+      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS' always;
+      add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
+      types {
+        text/plain log cer json txt;
+      }
     }
 
     location /.well-known/oauth-authorization-server {
-      proxy_pass         http://esignet.esignet/v1/esignet/oauth/.well-known/oauth-authorization-server;
+      proxy_pass         http://esignet.esignet/.well-known/oauth-authorization-server;
       proxy_redirect     off;
       proxy_set_header   Host $host;
       proxy_set_header   X-Real-IP $remote_addr;
       proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header   X-Forwarded-Host $server_name;
       add_header Content-Security-Policy "default-src 'none'" always;
       add_header Referrer-Policy "no-referrer" always;
-      proxy_connect_timeout 10s;
-      proxy_send_timeout 30s;
-      proxy_read_timeout 30s;
+      add_header 'Access-Control-Allow-Origin' '*' always;
+      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS' always;
+      add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
+      types {
+        text/plain log cer json txt;
+      }
     }
 
     location / {
-      # alias /usr/share/nginx/html;
       try_files $uri $uri/ /index.html;
+      add_header Content-Security-Policy "
+        default-src 'self';
+          style-src 'self' https://fonts.googleapis.com 'unsafe-inline';
+          font-src 'self' https://fonts.gstatic.com;
+          img-src 'self' data: https://cdn.jsdelivr.net https://*.mosip.net;
+          script-src 'self' https://www.google.com  https://www.gstatic.com;
+          frame-src https://www.google.com;
+          connect-src 'self' http://127.0.0.1:*;
+        " always;
+      add_header Referrer-Policy "no-referrer" always;
     }
   }
-}
+}