Merge pull request #165 from PretendoNetwork/dev

Merge Dev to Master

Author: binaryoverload

.dockerignore

@@ -1,6 +1,5 @@
-.git
-config.json
-logs
-certs
-cdn
-node_modules
+.git
+.env
+node_modules
+dist
+logs

.eslintignore

@@ -0,0 +1,2 @@
+dist
+*.js

.eslintrc.json

@@ -4,13 +4,17 @@
 		"commonjs": true,
 		"es6": true
 	},
-	"parserOptions": {
-		"ecmaVersion": 2020
-	},
+	"parser": "@typescript-eslint/parser",
 	"globals": {
 		"BigInt": true
 	},
-	"extends": "eslint:recommended",
+	"extends": [
+		"eslint:recommended",
+		"plugin:@typescript-eslint/recommended"
+	],
+	"plugins": [
+		"@typescript-eslint"
+	],
 	"rules": {
 		"require-atomic-updates": "warn",
 		"no-case-declarations": "off",
@@ -20,6 +24,13 @@
 		"no-global-assign": "off",
 		"prefer-const": "error",
 		"no-var": "error",
+		"no-unused-vars": "off",
+		"@typescript-eslint/no-unused-vars": ["error", { "argsIgnorePattern": "^_" }],
+		"no-extra-semi": "off",
+		"@typescript-eslint/no-extra-semi": "error",
+		"@typescript-eslint/no-empty-interface": "warn",
+		"@typescript-eslint/no-inferrable-types": "error",
+		"@typescript-eslint/explicit-function-return-type": "error",
 		"one-var": [
 			"error",
 			"never"

.github/workflows/docker.yml

@@ -0,0 +1,56 @@
+name: Build and Publish Docker Image
+
+on:
+  push:
+  pull_request:
+  workflow_dispatch:
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build-publish:
+    env:
+      SHOULD_PUSH_IMAGE: ${{ (github.event_name == 'push' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/dev')) || github.event_name == 'workflow_dispatch' }}
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Set up QEMU for Docker
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log into the container registry
+        if: ${{ env.SHOULD_PUSH_IMAGE == 'true' }}
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/master' }}
+            type=raw,value=edge,enable=${{ github.ref == 'refs/heads/dev' }}
+            type=sha
+
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@v6
+        with:
+          platforms: linux/amd64,linux/arm64
+          push: ${{ env.SHOULD_PUSH_IMAGE }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

.gitignore

@@ -58,10 +58,7 @@ typings/
 .env
 
 # custom
-sign.js
-t.js
-p.js
 config.json
 certs
-/cdn
-dump.rdb
+cdn
+dist

Dockerfile

@@ -1,16 +1,47 @@
-FROM node:18-alpine
-
-RUN apk add --no-cache python3 make gcc g++ 
-WORKDIR /app
-
-COPY "docker/entrypoint.sh" ./
-
-COPY package*.json ./
-RUN npm install bcrypt && npm rebuild bcrypt --build-from-source
-RUN npm install
-
-COPY . ./
-
-VOLUME [ "/app/config.json", "/app/certs" ]
-
-CMD ["sh", "entrypoint.sh"]
+# syntax=docker/dockerfile:1
+
+ARG app_dir="/home/node/app"
+
+
+# * Base Node.js image
+FROM node:20-alpine AS base
+ARG app_dir
+WORKDIR ${app_dir}
+
+
+# * Installing production dependencies
+FROM base AS dependencies
+
+RUN --mount=type=bind,source=package.json,target=package.json \
+	--mount=type=bind,source=package-lock.json,target=package-lock.json \
+	--mount=type=cache,target=/root/.npm \
+	npm ci --omit=dev
+
+
+# * Installing development dependencies and building the application
+FROM base AS build
+
+RUN --mount=type=bind,source=package.json,target=package.json \
+	--mount=type=bind,source=package-lock.json,target=package-lock.json \
+	--mount=type=cache,target=/root/.npm \
+	npm ci
+
+COPY . .
+RUN npm run build
+
+
+# * Running the final application
+FROM base AS final
+ARG app_dir
+
+RUN mkdir -p ${app_dir}/logs && chown node:node ${app_dir}/logs
+
+ENV NODE_ENV=production
+USER node
+
+COPY package.json .
+
+COPY --from=dependencies ${app_dir}/node_modules ${app_dir}/node_modules
+COPY --from=build ${app_dir}/dist ${app_dir}/dist
+
+CMD ["node", "."]

README.md

@@ -1,7 +1,6 @@
 # Account server
 
-## What is this?
-The account server is a replacement for several account-based services used by the WiiU and 3DS. It replaces the NNID api as well as NASC for the 3DS. It also contains a dedicated PNID api service for getting details of PNIDs outside of the consoles
+Replacement for several account-based services used by the WiiU and 3DS. It replaces the NNID api as well as NASC for the 3DS. It also contains a dedicated PNID api service for getting details of PNIDs outside of the consoles (used by the website)
 
 ## Setup
-TODO
+See [SETUP.md](SETUP.md) for how to self host

SETUP.md

@@ -0,0 +1,91 @@
+# Setup
+
+- [Required software](#required-software)
+	- [NodeJS](#nodejs)
+	- [MongoDB](#mongodb)
+- [Optional features](#optional-features)
+	- [Redis (optional)](#redis-optional)
+	- [Email (optional)](#email-optional)
+	- [Amazon s3 server (optional)](#amazon-s3-server-optional)
+	- [hCaptcha (optional)](#hcaptcha-optional)
+- [Configuration](#configuration)
+
+
+## Required software
+
+- [NodeJS](https://nodejs.org/)
+- [MongoDB](https://www.mongodb.com)
+
+### NodeJS
+
+Download and install the latest LTS version of [NodeJS](https://nodejs.org/). If using a Linux based operating system, using [nvm](https://github.com/nvm-sh/nvm) is the recommended method. _Tested on NodeJS version v18.20.5_
+
+### MongoDB
+
+Download and install the latest version of [MongoDB](https://www.mongodb.com)
+
+The server assumes that MongoDB is running as a replica set, here's how to configure a basic replica set:
+1. Open /etc/mongod.conf with your preferred editor.
+
+2. Add/modify the `replication` section with the following:
+```conf
+replication:
+   replSetName: "rs0"
+```
+
+3. Restart MongoDB and open a shell with `mongosh`.
+
+4. Initiate the replica set with `rs.initiate()` and check its status with `rs.status()`.
+
+## Optional features
+
+- [Redis](https://redis.io/) file caching
+- Email address for sending automatic emails (tested with gmail)
+- Amazon s3, or compatible, server for CDN methods
+- [hCaptcha](https://hcaptcha.com/) for website API captcha verification
+
+### Redis (optional)
+
+Redis can be used to cache files read from disk. If Redis is not configured, then an in-memory object store is used instead.
+
+### Email (optional)
+
+Events such as account creation, email verification, etc, support sending emails to users. To enable email sending, you will need to use Amazon SES. Consult the Amazon SES documentation for more details.
+
+### Amazon s3 server (optional)
+
+Certain endpoints expect URLs for static CDN assets, such as pre-rendered Mii images. An [Amazon s3](https://aws.amazon.com/s3/) or compatible server, such as [Spaces by DigitalOcean](https://www.digitalocean.com/products/spaces), [Cloudflare R2](https://www.cloudflare.com/products/r2/), or [Backblaze B2](https://www.backblaze.com/b2/docs/), can optionally be used to store and upload these assets. If an s3 server is not configured, CDN contents will be stored on disk and served from this server. See [Configuration](#configuration) for more details.
+
+### hCaptcha (optional)
+
+The Pretendo Network website uses this server as an API for querying user information. Certain endpoints are considered more secure than others, such as registration, and can optionally be protected using [hCaptcha](https://hcaptcha.com/). If hCaptcha is not configured, no endpoints on the public facing API will be protected.
+
+## Configuration
+
+Configurations are loaded through environment variables. `.env` files are supported. All configuration options will be gone over, both required and optional. There also exists an example `.env` file
+
+| Name                                          | Description                                                                                      | Optional |
+|-----------------------------------------------|--------------------------------------------------------------------------------------------------|----------|
+| `PN_ACT_CONFIG_HTTP_PORT`                     | The HTTP port the server listens on                                                              | No       |
+| `PN_ACT_CONFIG_MONGO_CONNECTION_STRING`       | MongoDB connection string                                                                        | No       |
+| `PN_ACT_CONFIG_MONGOOSE_CONNECT_OPTIONS_PATH` | Path to a `.json` file containing Mongoose connection options                                    | Yes      |
+| `PN_ACT_CONFIG_REDIS_URL`                     | Redis URL                                                                                        | Yes      |
+| `PN_ACT_CONFIG_EMAIL_SES_REGION`              | Amazon SES Region                                                                                | Yes      |
+| `PN_ACT_CONFIG_EMAIL_SES_ACCESS_KEY`          | Amazon SES Access Key                                                                            | Yes      |
+| `PN_ACT_CONFIG_EMAIL_SES_SECRET_KEY`          | Amazon SES Access Secret                                                                         | Yes      |
+| `PN_ACT_CONFIG_EMAIL_FROM`                    | Email "from" address                                                                             | Yes      |
+| `PN_ACT_CONFIG_S3_ENDPOINT`                   | s3 server endpoint                                                                               | Yes      |
+| `PN_ACT_CONFIG_S3_ACCESS_KEY`                 | s3 secret key                                                                                    | Yes      |
+| `PN_ACT_CONFIG_S3_ACCESS_SECRET`              | s3 secret                                                                                        | Yes      |
+| `PN_ACT_CONFIG_HCAPTCHA_SECRET`               | hCaptcha secret (in the form `0x...`)                                                            | Yes      |
+| `PN_ACT_CONFIG_CDN_SUBDOMAIN`                 | Subdomain used to serve CDN contents if s3 is disabled                                           | Yes      |
+| `PN_ACT_CONFIG_CDN_DISK_PATH`                 | File system path used to store CDN contents if s3 is disabled                                    | Yes      |
+| `PN_ACT_CONFIG_CDN_BASE_URL`                  | URL for serving CDN contents (usually the same as s3 endpoint)                                   | No       |
+| `PN_ACT_CONFIG_WEBSITE_BASE`                  | Website URL                                                                                      | Yes      |
+| `PN_ACT_CONFIG_AES_KEY`                       | AES-256 key used for encrypting tokens                                                           | No       |
+| `PN_ACT_CONFIG_DATASTORE_SIGNATURE_SECRET`    | HMAC secret key (16 bytes in hex format) used to sign uploaded DataStore files                   | No       |
+| `PN_ACT_CONFIG_GRPC_MASTER_API_KEY_ACCOUNT`   | Master API key to interact with the account gRPC service                                         | No       |
+| `PN_ACT_CONFIG_GRPC_MASTER_API_KEY_API`       | Master API key to interact with the API gRPC service                                             | No       |
+| `PN_ACT_CONFIG_GRPC_PORT`                     | gRPC server port                                                                                 | No       |
+| `PN_ACT_CONFIG_STRIPE_SECRET_KEY`             | Stripe API key. Used to cancel subscriptions when scrubbing PNIDs                                | Yes      |
+| `PN_ACT_CONFIG_SERVER_ENVIRONMENT`            | Server environment. Currently only used by the Wii U Account Settings app. `prod`/`test`/`dev`   | Yes      |