diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml
deleted file mode 100644
index 4ed0614..0000000
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ /dev/null
@@ -1,75 +0,0 @@
-name: Bug Report
-description: File a bug report
-title: "[Bug]: "
-labels: ["bug", "triage"]
-assignees:
- - billchurch
-body:
- - type: markdown
- attributes:
- value: |
- Depending on the type of issue, please include the follwing information:
- - type: textarea
- id: what-happened
- attributes:
- label: What happened?
- description: Also tell us, what did you expect to happen?
- placeholder: Tell us what you see!
- value: "A bug happened!"
- validations:
- required: true
- - type: input
- id: node_ver
- attributes:
- label: Node Version
- description: version of Node this problem occurs on
- placeholder: npm -v
- validations:
- required: true
- - type: input
- id: npm_ver
- attributes:
- label: NPM Version
- description: version of NPM this problem occurs on
- placeholder: npm -v
- validations:
- required: true
- - type: input
- id: server_ver
- attributes:
- label: Server OS Version
- description: Server OS Version / Distribution / Processor Architecture
- placeholder: uname -a;cat /etc/os-release
- validations:
- required: true
- - type: input
- id: webssh2_ver
- attributes:
- label: WebSSH2 release version
- description: Version of WebSSH you are using
- placeholder: grep version app/package.json
- validations:
- required: true
- - type: input
- id: sshhost_ver
- attributes:
- label: OS and Version of SSH server
- description: OS and Version of SSH server connecting to
- placeholder: 'on target server run: uname -a;sshd -v'
- validations:
- required: false
- - type: input
- id: browser_ver
- attributes:
- label: Browser Version
- description: Information from brwoser's About... or a screenshot of the about screen.
- placeholder:
- validations:
- required: false
- - type: textarea
- id: logs
- attributes:
- label: Relevant log output
- description: Please copy and paste any relevant log output. This will be automatically formatted into code, so no need for backticks.
- render: shell
-
diff --git a/.github/ISSUE_TEMPLATE/custom.md b/.github/ISSUE_TEMPLATE/custom.md
deleted file mode 100644
index 785b574..0000000
--- a/.github/ISSUE_TEMPLATE/custom.md
+++ /dev/null
@@ -1,10 +0,0 @@
----
-name: Question
-about: General how-to questions
-title: ''
-labels: ''
-assignees: ''
-
----
-
-
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
deleted file mode 100644
index bbcbbe7..0000000
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ /dev/null
@@ -1,20 +0,0 @@
----
-name: Feature request
-about: Suggest an idea for this project
-title: ''
-labels: ''
-assignees: ''
-
----
-
-**Is your feature request related to a problem? Please describe.**
-A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
-
-**Describe the solution you'd like**
-A clear and concise description of what you want to happen.
-
-**Describe alternatives you've considered**
-A clear and concise description of any alternative solutions or features you've considered.
-
-**Additional context**
-Add any other context or screenshots about the feature request here.
diff --git a/.github/workflows/action-test.yml b/.github/workflows/action-test.yml
deleted file mode 100644
index 439aa02..0000000
--- a/.github/workflows/action-test.yml
+++ /dev/null
@@ -1,65 +0,0 @@
-name: Manually Release Previous Tag
-
-on:
- workflow_dispatch:
- inputs:
- tag:
- description: 'Repo Branch/Tag'
- default: 'main'
- type: 'string'
- required: true
-
-jobs:
- docker:
- runs-on: ubuntu-latest
- steps:
- - name: 'Checkout'
- uses: actions/checkout@v3
- with:
- ref: ${{ inputs.tag }}
- - name: Prepare
- id: prep
- run: |
- DOCKER_IMAGE=${{ secrets.DOCKER_USERNAME }}/${GITHUB_REPOSITORY#*/}
-
- VERSION=${{ inputs.tag }}
- VERSION="${VERSION//v}"
- TAGS="${DOCKER_IMAGE}:${VERSION},${DOCKER_IMAGE}"
-
- # If the VERSION looks like a version number, assume that
- # this is the most recent version of the image and also
- # tag it 'latest'.
- if [[ $VERSION =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
- TAGS="$TAGS,${DOCKER_IMAGE}"
- fi
-
-
- # Set output parameters.
- echo ::set-output name=tags::${TAGS}
- echo ::set-output name=docker_image::${DOCKER_IMAGE}
-
- - name: Set up QEMU
- uses: docker/setup-qemu-action@master
- with:
- platforms: all
-
- - name: Set up Docker Buildx
- id: buildx
- uses: docker/setup-buildx-action@master
-
- - name: Login to DockerHub
- if: github.event_name != 'pull_request'
- uses: docker/login-action@v1
- with:
- username: ${{ secrets.DOCKER_USERNAME }}
- password: ${{ secrets.DOCKER_PASSWORD }}
-
- - name: Build
- uses: docker/build-push-action@v2
- with:
- builder: ${{ steps.buildx.outputs.name }}
- context: .
- file: ./Dockerfile
- platforms: linux/amd64,linux/arm64,linux/ppc64le
- push: true
- tags: ${{ steps.prep.outputs.tags }}
\ No newline at end of file
diff --git a/.github/workflows/docker-multiplatform.yml b/.github/workflows/docker-multiplatform.yml
deleted file mode 100644
index 9e9853c..0000000
--- a/.github/workflows/docker-multiplatform.yml
+++ /dev/null
@@ -1,67 +0,0 @@
----
-name: 'Build Docker Images'
-
-on:
- release:
- types: [published]
-
-jobs:
- docker:
- runs-on: ubuntu-latest
- steps:
- - name: 'Checkout'
- uses: actions/checkout@v3
- - name: Prepare
- id: prep
- run: |
- DOCKER_IMAGE=${{ secrets.DOCKER_USERNAME }}/${GITHUB_REPOSITORY#*/}
-
- # If this is git tag, use the tag name as a docker tag
- if [[ $GITHUB_REF == refs/tags/* ]]; then
- VERSION=${GITHUB_REF#refs/tags/webssh2-v}
- TAGS="${DOCKER_IMAGE}:${VERSION}"
- fi
-
- # If this is git branch, use the branch name as a docker tag
- if [[ $GITHUB_REF == refs/heads/* ]]; then
- VERSION=${GITHUB_REF#refs/heads/}
- TAGS="${DOCKER_IMAGE}:${VERSION}"
- fi
-
- # If the VERSION looks like a version number, assume that
- # this is the most recent version of the image and also
- # tag it 'latest'. This is done by just specifying the ${DOCKER_IMAGE}
- # without a tag.
- if [[ $VERSION =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
- TAGS="$TAGS,${DOCKER_IMAGE}"
- fi
-
- # Set output parameters.
- echo ::set-output name=tags::${TAGS}
- echo ::set-output name=docker_image::${DOCKER_IMAGE}
-
- - name: Set up QEMU
- uses: docker/setup-qemu-action@master
- with:
- platforms: all
-
- - name: Set up Docker Buildx
- id: buildx
- uses: docker/setup-buildx-action@master
-
- - name: Login to DockerHub
- if: github.event_name != 'pull_request'
- uses: docker/login-action@v1
- with:
- username: ${{ secrets.DOCKER_USERNAME }}
- password: ${{ secrets.DOCKER_PASSWORD }}
-
- - name: Build
- uses: docker/build-push-action@v2
- with:
- builder: ${{ steps.buildx.outputs.name }}
- context: .
- file: ./Dockerfile
- platforms: linux/amd64,linux/arm64,linux/ppc64le
- push: true
- tags: ${{ steps.prep.outputs.tags }}
\ No newline at end of file
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
deleted file mode 100644
index b46a3d5..0000000
--- a/.github/workflows/release.yml
+++ /dev/null
@@ -1,46 +0,0 @@
----
-name: 'Create Release'
-on:
- push:
- branches:
- - main
- paths-ignore:
- - '.github/**'
- - '.devcontainer/**'
- - '.**'
- - '**.md'
-jobs:
- release:
- runs-on: ubuntu-latest
- outputs:
- paths_released: ${{ steps.manifest_release.outputs.paths_released }}
- steps:
- - uses: google-github-actions/release-please-action@v3
- id: manifest_release
- with:
- token: ${{ secrets.RELEASE_PLEASE_UAT }}
- command: manifest
- package-name: webssh2
- path: app
- default-branch: main
- publish:
- runs-on: ubuntu-20.04
- needs: release
- strategy:
- fail-fast: false
- matrix:
- path: ${{fromJson(needs.release.outputs.paths_released)}}
- steps:
- - uses: actions/checkout@v2
- - uses: actions/setup-node@v1
- with:
- node-version: 16
- registry-url: 'https://registry.npmjs.org'
- - name: publish-to-npm
- env:
- NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
- run: |
- cd ${{ matrix.path }}
- npm install
- npx lerna bootstrap
- npx lerna publish from-package --no-push --no-private --yes
\ No newline at end of file
diff --git a/.github/workflows/upload-image.yml b/.github/workflows/upload-image.yml
new file mode 100644
index 0000000..2b57054
--- /dev/null
+++ b/.github/workflows/upload-image.yml
@@ -0,0 +1,34 @@
+# Sample workflow to access AWS resources when workflow is tied to branch
+# The workflow Creates static website using aws s3
+name: RUSI Gatsby Devops image uploader
+on: workflow_dispatch
+
+# permission can be added at job level or workflow level
+permissions:
+ id-token: write # This is required for requesting the JWT
+ contents: read # This is required for actions/checkout
+
+jobs:
+ ImagePackageUpload:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Git clone the repository
+ uses: actions/checkout@v4
+ - name: configure aws credentials
+ uses: aws-actions/configure-aws-credentials@v3
+ with:
+ role-to-assume: arn:aws:iam::615693933970:role/rusi-web-github-actions-oidc-role-ops
+ role-session-name: rusiwebgithubactions
+ aws-region: "eu-west-1"
+ # Upload an image to ECR
+ - name: create config
+ env:
+ KEY: ${{ secrets.GATSBY_DEVOPS_PRIVATE_KEY }}
+ AER_USER_PWD: ${{ secrets.AER_USER_PWD }}
+ run: |
+ mv app/config.json.sample app/config.json
+ jq --arg pk "$KEY" '.user.privatekey = $pk' app/config.json > app/config.json.tmp && mv app/config.json.tmp app/config.json
+ jq --arg pwd "$AER_USER_PWD" '.user.password = $pwd' app/config.json > app/config.json.tmp && mv app/config.json.tmp app/config.json
+ - name: Upload image to ECR
+ run: |
+ ./image-build-upload.sh
diff --git a/README.md b/README.md
index ef319cb..c9a1fdc 100644
--- a/README.md
+++ b/README.md
@@ -1,15 +1,15 @@
+# THIS REPO IS NOT IN USE - leaving here in case we need it in near future
+
+# RUSI gatsby devops
+
+This repo is used to initiate an ssh session for devops purposes and is restricted to Aer VPN IP address access.
+
# WebSSH2
-[](https://travis-ci.com/billchurch/webssh2) [](https://github.com/billchurch/webssh2/releases/latest) [](https://github.com/billchurch/webssh2/actions/workflows/docker-multiplatform.yml)
-
-[](https://www.buymeacoffee.com/billchurch)
-
Web SSH Client using ssh2, socket.io, xterm.js, and express
A bare bones example of an HTML5 web-based terminal emulator and SSH client. We use SSH2 as a client on a host to proxy a Websocket / Socket.io connection to a SSH2 server.
-
-
# Requirements
Node v14.x or above. If using = 0.10.0"
}
},
+ "node_modules/express-ipfilter": {
+ "version": "1.3.1",
+ "resolved": "https://registry.npmjs.org/express-ipfilter/-/express-ipfilter-1.3.1.tgz",
+ "integrity": "sha512-9WZC8wGkI6I6ygZNzuZ2MbFJiGoDXs1dM+E8LKtSP13pdgqrnkonWlgvvbxG3YZpa7Haz7Ndum9/J6qkj52OqA==",
+ "dependencies": {
+ "ip": "^1.1.8",
+ "lodash": "^4.17.11",
+ "proxy-addr": "^2.0.7",
+ "range_check": "^2.0.4"
+ },
+ "engines": {
+ "node": ">=8.9.0"
+ }
+ },
+ "node_modules/express-ipfilter/node_modules/ip": {
+ "version": "1.1.8",
+ "resolved": "https://registry.npmjs.org/ip/-/ip-1.1.8.tgz",
+ "integrity": "sha512-PuExPYUiu6qMBQb4l06ecm6T6ujzhmh+MeJcW9wa89PoAz5pvd4zPgN5WJV104mb6S2T1AwNIAaB70JNrLQWhg=="
+ },
"node_modules/express-session": {
"version": "1.17.3",
"resolved": "https://registry.npmjs.org/express-session/-/express-session-1.17.3.tgz",
@@ -5181,6 +5201,14 @@
"integrity": "sha512-WKa+XuLG1A1R0UWhl2+1XQSi+fZWMsYKffMZTTYsiZaUD8k2yDAj5atimTUD2TZkyCkNEeYE5NhFZmupOGtjYQ==",
"dev": true
},
+ "node_modules/ip6": {
+ "version": "0.2.10",
+ "resolved": "https://registry.npmjs.org/ip6/-/ip6-0.2.10.tgz",
+ "integrity": "sha512-1LdpyKjhvepd6EbAU6rW4g14vuYtx5TnJX9TfZZBhsM6DsyPQLNzW12rtbUqXBMwqFrLVV/Gcxv0GNFvJp2cYA==",
+ "bin": {
+ "ip6": "ip6-cli.js"
+ }
+ },
"node_modules/ip6addr": {
"version": "0.2.5",
"resolved": "https://registry.npmjs.org/ip6addr/-/ip6addr-0.2.5.tgz",
@@ -6549,10 +6577,16 @@
"optional": true
},
"node_modules/nanoid": {
- "version": "3.3.4",
- "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
- "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==",
+ "version": "3.3.6",
+ "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.6.tgz",
+ "integrity": "sha512-BGcqMMJuToF7i1rt+2PWSNVnWIkGCU78jBG3RxO/bZlnZPK2Cmi2QaffxGO/2RvWi9sL+FAiRiXMgsyxQ1DIDA==",
"dev": true,
+ "funding": [
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/ai"
+ }
+ ],
"bin": {
"nanoid": "bin/nanoid.cjs"
},
@@ -7465,9 +7499,9 @@
}
},
"node_modules/postcss": {
- "version": "8.4.14",
- "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.14.tgz",
- "integrity": "sha512-E398TUmfAYFPBSdzgeieK2Y1+1cpdxJx8yXbK/m57nRhKSmk1GB2tO4lbLBtlkfPQTDKfe4Xqv1ASWPpayPEig==",
+ "version": "8.4.31",
+ "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.31.tgz",
+ "integrity": "sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==",
"dev": true,
"funding": [
{
@@ -7477,10 +7511,14 @@
{
"type": "tidelift",
"url": "https://tidelift.com/funding/github/npm/postcss"
+ },
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/ai"
}
],
"dependencies": {
- "nanoid": "^3.3.4",
+ "nanoid": "^3.3.6",
"picocolors": "^1.0.0",
"source-map-js": "^1.0.2"
},
@@ -7778,6 +7816,18 @@
"safe-buffer": "^5.1.0"
}
},
+ "node_modules/range_check": {
+ "version": "2.0.4",
+ "resolved": "https://registry.npmjs.org/range_check/-/range_check-2.0.4.tgz",
+ "integrity": "sha512-aed0ocXXj+SIiNNN9b+mZWA3Ow2GXHtftOGk2xQwshK5GbEZAvUcPWNQBLTx/lPcdFRIUFlFCRtHTQNIFMqynQ==",
+ "dependencies": {
+ "ip6": "^0.2.0",
+ "ipaddr.js": "^1.9.1"
+ },
+ "engines": {
+ "node": ">=10.0.0"
+ }
+ },
"node_modules/range-parser": {
"version": "1.2.1",
"resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
@@ -13318,6 +13368,24 @@
}
}
},
+ "express-ipfilter": {
+ "version": "1.3.1",
+ "resolved": "https://registry.npmjs.org/express-ipfilter/-/express-ipfilter-1.3.1.tgz",
+ "integrity": "sha512-9WZC8wGkI6I6ygZNzuZ2MbFJiGoDXs1dM+E8LKtSP13pdgqrnkonWlgvvbxG3YZpa7Haz7Ndum9/J6qkj52OqA==",
+ "requires": {
+ "ip": "^1.1.8",
+ "lodash": "^4.17.11",
+ "proxy-addr": "^2.0.7",
+ "range_check": "^2.0.4"
+ },
+ "dependencies": {
+ "ip": {
+ "version": "1.1.8",
+ "resolved": "https://registry.npmjs.org/ip/-/ip-1.1.8.tgz",
+ "integrity": "sha512-PuExPYUiu6qMBQb4l06ecm6T6ujzhmh+MeJcW9wa89PoAz5pvd4zPgN5WJV104mb6S2T1AwNIAaB70JNrLQWhg=="
+ }
+ }
+ },
"express-session": {
"version": "1.17.3",
"resolved": "https://registry.npmjs.org/express-session/-/express-session-1.17.3.tgz",
@@ -14189,6 +14257,11 @@
"integrity": "sha512-WKa+XuLG1A1R0UWhl2+1XQSi+fZWMsYKffMZTTYsiZaUD8k2yDAj5atimTUD2TZkyCkNEeYE5NhFZmupOGtjYQ==",
"dev": true
},
+ "ip6": {
+ "version": "0.2.10",
+ "resolved": "https://registry.npmjs.org/ip6/-/ip6-0.2.10.tgz",
+ "integrity": "sha512-1LdpyKjhvepd6EbAU6rW4g14vuYtx5TnJX9TfZZBhsM6DsyPQLNzW12rtbUqXBMwqFrLVV/Gcxv0GNFvJp2cYA=="
+ },
"ip6addr": {
"version": "0.2.5",
"resolved": "https://registry.npmjs.org/ip6addr/-/ip6addr-0.2.5.tgz",
@@ -15216,9 +15289,9 @@
"optional": true
},
"nanoid": {
- "version": "3.3.4",
- "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
- "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==",
+ "version": "3.3.6",
+ "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.6.tgz",
+ "integrity": "sha512-BGcqMMJuToF7i1rt+2PWSNVnWIkGCU78jBG3RxO/bZlnZPK2Cmi2QaffxGO/2RvWi9sL+FAiRiXMgsyxQ1DIDA==",
"dev": true
},
"natural-compare": {
@@ -15874,12 +15947,12 @@
}
},
"postcss": {
- "version": "8.4.14",
- "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.14.tgz",
- "integrity": "sha512-E398TUmfAYFPBSdzgeieK2Y1+1cpdxJx8yXbK/m57nRhKSmk1GB2tO4lbLBtlkfPQTDKfe4Xqv1ASWPpayPEig==",
+ "version": "8.4.31",
+ "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.31.tgz",
+ "integrity": "sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==",
"dev": true,
"requires": {
- "nanoid": "^3.3.4",
+ "nanoid": "^3.3.6",
"picocolors": "^1.0.0",
"source-map-js": "^1.0.2"
}
@@ -16076,6 +16149,15 @@
"safe-buffer": "^5.1.0"
}
},
+ "range_check": {
+ "version": "2.0.4",
+ "resolved": "https://registry.npmjs.org/range_check/-/range_check-2.0.4.tgz",
+ "integrity": "sha512-aed0ocXXj+SIiNNN9b+mZWA3Ow2GXHtftOGk2xQwshK5GbEZAvUcPWNQBLTx/lPcdFRIUFlFCRtHTQNIFMqynQ==",
+ "requires": {
+ "ip6": "^0.2.0",
+ "ipaddr.js": "^1.9.1"
+ }
+ },
"range-parser": {
"version": "1.2.1",
"resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
diff --git a/app/package.json b/app/package.json
index c843c4d..ef6e46e 100644
--- a/app/package.json
+++ b/app/package.json
@@ -36,6 +36,7 @@
"cidr-matcher": "^2.1.1",
"debug": "^4.3.4",
"express": "^4.18.1",
+ "express-ipfilter": "^1.3.1",
"express-session": "^1.17.3",
"morgan": "~1.10.0",
"read-config-ng": "^3.0.5",
diff --git a/app/server/app.js b/app/server/app.js
index 195b614..867dc41 100644
--- a/app/server/app.js
+++ b/app/server/app.js
@@ -17,6 +17,7 @@ const server = require('http').Server(app);
const favicon = require('serve-favicon');
const io = require('socket.io')(server, config.socketio);
const session = require('express-session')(config.express);
+const ipFilter = require('express-ipfilter').IpFilter
const appSocket = require('./socket');
const { setDefaultCredentials, basicAuth } = require('./util');
@@ -38,6 +39,34 @@ function safeShutdownGuard(req, res, next) {
// express
app.use(safeShutdownGuard);
app.use(session);
+
+//just respond with success for healthchecker no matter what the ip addess is
+app.get('/status', function (req, res) {
+ res.status(200).send('success');
+});
+app.get('/headers', function (req, res) {
+ console.log("request");
+ console.log(req);
+ console.log("headers");
+ console.log(req.headers);
+ res.status(200).send('success');
+});
+//restrict access to anything else via ip addresses based on x-forwarded for
+//@todo create environment var to determin to used this or the general req header
+if(config.ipfilter.allowed_ips.length > 0){
+ console.log("using ip filter");
+ let clientIp = function(req, res) {
+ return req.headers['x-forwarded-for'] ? (req.headers['x-forwarded-for']).split(',')[0] : "";
+ };
+
+ app.use(
+ ipFilter({
+ detectIp: clientIp,
+ forbidden: 'You are not authorized to access this page.',
+ filter: config.ipfilter.allowed_ips,
+ })
+ );
+}
if (config.accesslog) app.use(logger('common'));
app.disable('x-powered-by');
app.use(favicon(path.join(publicPath, 'favicon.ico')));
diff --git a/app/server/config.js b/app/server/config.js
index bb3639b..aaac959 100644
--- a/app/server/config.js
+++ b/app/server/config.js
@@ -38,7 +38,10 @@ const configDefault = {
setHeaders(res) {
res.set('x-timestamp', Date.now());
},
- },
+ }
+ },
+ ipfilter: {
+ allowed_ips: [],
},
user: {
name: null,
@@ -133,4 +136,7 @@ if (process.env.SOCKETIO_PATH) config.socketio.path = process.env.SOCKETIO_PATH;
if (process.env.SOCKETIO_SERVECLIENT)
config.socketio.serveClient = process.env.SOCKETIO_SERVECLIENT;
+if (process.env.ALLOWED_IP_ADDRESSES)
+ config.ipfilter.allowed_ips.push(process.env.ALLOWED_IP_ADDRESSES.split(" "))
+
module.exports = config;
diff --git a/image-build-upload.sh b/image-build-upload.sh
new file mode 100755
index 0000000..909220d
--- /dev/null
+++ b/image-build-upload.sh
@@ -0,0 +1,64 @@
+#!/bin/bash
+####################################
+#
+# This script will build and upload a container to ECR
+# flags --package-path | -p path to the package, default to pwd
+# --checks-only | -c if = 1 will just check the registry if the package exists or not
+####################################
+
+
+RUSI_AWS_ECR_ACCOUNT_ID="615693933970"
+REPO_NAME="rusi-web-gatsby-devops-ops"
+IMAGE_VERSION="latest"
+REQ_BUILD=0 #we check local repo to see if image already exists
+REQ_UPLOAD=0 #we check the ecr repo to see if already exists
+
+
+echo "Authenticating with AWS ECR."
+AWS_ACCOUNT_ID=$(aws sts get-caller-identity | jq -r .Account)
+if [[ -z "$AWS_ACCOUNT_ID" ]]; then
+ echo "Unable to get AWS account ID."
+ exit 1
+fi
+if [[ "${AWS_ACCOUNT_ID}" != "${RUSI_AWS_ECR_ACCOUNT_ID}" ]]; then
+ echo "You're not logged in to the RUSI aws account."
+ exit 1
+fi
+
+echo "Checking if repository exists"
+#note, we are calling the repository for a given image the same name as the image
+#create the repository if it doesn't exist
+aws ecr describe-repositories --repository-names "${REPO_NAME}" || aws ecr create-repository --repository-name "${REPO_NAME}"
+
+#check to see if the image version already exists in the repo
+echo "Checking if image version already exists in ECR"
+if [ -z $(aws ecr list-images --repository-name "${REPO_NAME}" --query imageIds[?imageTag==\'"${IMAGE_VERSION}"\'].imageTag --output text) ];then
+ echo "The container will need uploading"
+ REQ_UPLOAD="1"
+fi
+#Forcing until we have unique image versions in place
+REQ_UPLOAD="1"
+
+#no need to go any further if image version already in registry
+if [ "${REQ_UPLOAD}" == "0" ]; then
+ echo "Image version ${IMAGE_VERSION} already in Registry, exiting"
+ exit 0
+fi
+
+echo "Local ${REPO_NAME}:${IMAGE_VERSION} does not exist, building..."
+docker build -t ${REPO_NAME}:${IMAGE_VERSION} . --no-cache
+
+#upload the image into ECR
+
+aws ecr get-login-password --region eu-west-1 | docker login --username AWS --password-stdin "${AWS_ACCOUNT_ID}.dkr.ecr.eu-west-1.amazonaws.com" &> /dev/null
+
+ECR_IMAGE="${AWS_ACCOUNT_ID}.dkr.ecr.eu-west-1.amazonaws.com/${REPO_NAME}:${IMAGE_VERSION}"
+
+echo "Pushing container to ECR"
+
+docker tag "${REPO_NAME}:${IMAGE_VERSION}" $ECR_IMAGE
+
+if ! docker push $ECR_IMAGE; then
+ echo "Unable to push container to ECR"
+ exit 1
+fi