feat: update Docker configuration and enhance application structure

- Added new entries to .gitignore for 'brain/' and 'samples/' directories.
- Updated Makefile to include Docker socket mount for read-only access and added environment variables for MongoDB and Redis container names.
- Refactored various files for improved code consistency and readability, including updates to import statements and formatting adjustments.
- Enhanced README by removing outdated GitHub action badge.
- Updated yarn.lock to include new dependencies and versions for better package management.

Author: tacxou

.gitignore

@@ -6,6 +6,8 @@ dist/
 .nitro/
 .cache/
 .data/
+brain/
+samples/
 certificates/
 documentation/
 node_modules/

Makefile

@@ -16,6 +16,8 @@ APP_NAME = "sesame-orchestrator"
 # ce qui casse les binaires optionnels (ex. oxc-parser / Nuxt). Nom sans guillemets (APP_NAME en contient).
 NODE_MODULES_VOLUME = sesame-orchestrator-node-modules
 PLATFORM = "linux/amd64"
+# Socket Docker en lecture seule : inspection des volumes/labels du conteneur courant
+DOCKER_SOCKET_MOUNT = -v /var/run/docker.sock:/var/run/docker.sock:ro
 
 include .env
 
@@ -28,6 +30,8 @@ COMMON_NAME = localhost
 DAYS_VALID = 365
 
 SESAME_SENTRY_DSN ?= ""
+SESAME_MONGO_CONTAINER_NAME ?= $(BASE_NAME)-mongodb
+SESAME_REDIS_CONTAINER_NAME ?= $(BASE_NAME)-redis
 
 $(shell mkdir -p $(CERT_DIR))
 
@@ -48,11 +52,15 @@ build: ## Build the container
 
 simulation: ## Start production environment in simulation mode
 	@docker run --rm -it \
+		$(DOCKER_SOCKET_MOUNT) \
 		-e NODE_ENV=production \
 		-e NODE_TLS_REJECT_UNAUTHORIZED=0 \
 		-e GIT_BRANCH=$(GIT_BRANCH) \
 		-e GIT_COMMIT=$(GIT_COMMIT) \
 		-e DOCKER_TAG=$(DOCKER_TAG) \
+		-e SESAME_CONTAINER_NAME=$(APP_NAME) \
+		-e SESAME_MONGO_CONTAINER_NAME=$(SESAME_MONGO_CONTAINER_NAME) \
+		-e SESAME_REDIS_CONTAINER_NAME=$(SESAME_REDIS_CONTAINER_NAME) \
 		--add-host host.docker.internal:host-gateway \
 		--platform $(PLATFORM) \
 		--network dev \
@@ -76,11 +84,15 @@ simulation: ## Start production environment in simulation mode
 
 prod: ## Start production environment
 	@docker run --rm -it \
+		$(DOCKER_SOCKET_MOUNT) \
 		-e NODE_ENV=production \
 		-e NODE_TLS_REJECT_UNAUTHORIZED=0 \
 		-e GIT_BRANCH=$(GIT_BRANCH) \
 		-e GIT_COMMIT=$(GIT_COMMIT) \
 		-e DOCKER_TAG=$(DOCKER_TAG) \
+		-e SESAME_CONTAINER_NAME=$(APP_NAME) \
+		-e SESAME_MONGO_CONTAINER_NAME=$(SESAME_MONGO_CONTAINER_NAME) \
+		-e SESAME_REDIS_CONTAINER_NAME=$(SESAME_REDIS_CONTAINER_NAME) \
 		--add-host host.docker.internal:host-gateway \
 		--platform $(PLATFORM) \
 		--network dev \
@@ -96,11 +108,15 @@ prod: ## Start production environment
 dev: ## Start development environment
 	@mkdir -p $(CURDIR)/apps/api/logs/handlers
 	@docker run --rm -it \
+		$(DOCKER_SOCKET_MOUNT) \
 		-e NODE_ENV=development \
 		-e NODE_TLS_REJECT_UNAUTHORIZED=0 \
 		-e GIT_BRANCH=$(GIT_BRANCH) \
 		-e GIT_COMMIT=$(GIT_COMMIT) \
 		-e DOCKER_TAG=$(DOCKER_TAG) \
+		-e SESAME_CONTAINER_NAME=$(APP_NAME) \
+		-e SESAME_MONGO_CONTAINER_NAME=$(SESAME_MONGO_CONTAINER_NAME) \
+		-e SESAME_REDIS_CONTAINER_NAME=$(SESAME_REDIS_CONTAINER_NAME) \
 		--add-host host.docker.internal:host-gateway \
 		--platform $(PLATFORM) \
 		--network dev \
@@ -118,6 +134,7 @@ dev: ## Start development environment
 
 debug: ## Start debug environment
 	@docker run --rm -it \
+		$(DOCKER_SOCKET_MOUNT) \
 		-e NODE_ENV=development \
 		-e NODE_TLS_REJECT_UNAUTHORIZED=0 \
 		-e GIT_BRANCH=$(GIT_BRANCH) \
@@ -151,6 +168,7 @@ install: ## Install dependencies
 
 exec: ## Run a shell in the container
 	@docker run -it --rm \
+		$(DOCKER_SOCKET_MOUNT) \
 		-e NODE_ENV=development \
 		-e NODE_TLS_REJECT_UNAUTHORIZED=0 \
 		--add-host host.docker.internal:host-gateway \

README.md

@@ -6,7 +6,6 @@
   <img alt="GitHub all releases" src="https://img.shields.io/github/downloads/libertech-fr/sesame-orchestrator/total">
   <img alt="GitHub" src="https://img.shields.io/github/license/libertech-fr/sesame-orchestrator">
   <img alt="GitHub contributors" src="https://img.shields.io/github/contributors/libertech-fr/sesame-orchestrator">
-  <a href="https://github.com/Libertech-Fr/sesame-orchestrator/actions/workflows/release.yml?event=workflow_dispatch"><img alt="GitHub contributors" src="https://github.com/Libertech-Fr/sesame-orchestrator/actions/workflows/release.yml/badge.svg"></a>
 </p>
 <br>
 

apps/api/package.json

@@ -41,6 +41,7 @@
     "@simplewebauthn/server": "^13.3.0",
     "@tacxou/nestjs_module_factorydrive": "^1.1.6",
     "@tacxou/nestjs_module_factorydrive-s3": "^1.0.5",
+    "@tacxou/nestjs_module_restools": "^1.0.2",
     "ajv": "^8.16.0",
     "ajv-errors": "^3.0.0",
     "ajv-formats": "^3.0.1",

apps/api/src/_common/abstracts/abstract.service.schema.ts

@@ -20,7 +20,10 @@ import mongodb from 'mongodb';
 import { omit } from 'radash';
 
 @Injectable()
-export abstract class AbstractServiceSchema<T extends AbstractSchema | Document = AbstractSchema | Document> extends AbstractService implements ServiceSchemaInterface {
+export abstract class AbstractServiceSchema<T extends AbstractSchema | Document = AbstractSchema | Document>
+  extends AbstractService
+  implements ServiceSchemaInterface
+{
   protected abstract _model: Model<T>;
 
   protected constructor(context?: AbstractServiceContext) {

apps/api/src/_common/abstracts/abstract.service.ts

@@ -30,14 +30,14 @@ export abstract class AbstractService {
     this.logger = new Logger(this.serviceName);
     this.eventEmitter = context?.eventEmitter;
 
-    this._customModuleName = context?.moduleName
-    this._customServiceName = context?.serviceName
+    this._customModuleName = context?.moduleName;
+    this._customServiceName = context?.serviceName;
   }
 
   protected get request():
     | (Request & {
       user?: Express.User & any // eslint-disable-line
-    })
+      })
     | null {
     return this._req || RequestContext.currentContext?.req;
   }

apps/api/src/_common/constants/sesame-expected-volumes.constant.ts

@@ -0,0 +1,93 @@
+export type SesameVolumeCategory = 'api' | 'web' | 'shared';
+
+export interface SesameExpectedVolume {
+  id: string;
+  category: SesameVolumeCategory;
+  mountPoint: string;
+  label: string;
+  composeHint: string;
+  required: boolean;
+}
+
+export const SESAME_EXPECTED_VOLUMES: SesameExpectedVolume[] = [
+  {
+    id: 'api-jsonforms',
+    category: 'api',
+    mountPoint: '/data/apps/api/configs/identities/jsonforms',
+    label: 'JSONForms identités',
+    composeHint: './configs/sesame-orchestrator/jsonforms:/data/apps/api/configs/identities/jsonforms',
+    required: true,
+  },
+  {
+    id: 'api-lifecycle',
+    category: 'api',
+    mountPoint: '/data/apps/api/configs/lifecycle',
+    label: 'Cycle de vie',
+    composeHint: './configs/sesame-orchestrator/lifecycle:/data/apps/api/configs/lifecycle',
+    required: true,
+  },
+  {
+    id: 'api-cron',
+    category: 'api',
+    mountPoint: '/data/apps/api/configs/cron',
+    label: 'Tâches cron',
+    composeHint: './configs/sesame-orchestrator/cron:/data/apps/api/configs/cron',
+    required: true,
+  },
+  {
+    id: 'api-storage',
+    category: 'api',
+    mountPoint: '/data/apps/api/storage',
+    label: 'Stockage API',
+    composeHint: './configs/sesame-orchestrator/storage:/data/apps/api/storage',
+    required: true,
+  },
+  {
+    id: 'api-logs',
+    category: 'api',
+    mountPoint: '/data/apps/api/logs',
+    label: 'Journaux API',
+    composeHint: './configs/sesame-orchestrator/logs:/data/apps/api/logs',
+    required: true,
+  },
+  {
+    id: 'api-mail-templates',
+    category: 'api',
+    mountPoint: '/data/apps/api/templates',
+    label: 'Modèles e-mail',
+    composeHint: './configs/sesame-orchestrator/mail-templates:/data/apps/api/templates',
+    required: true,
+  },
+  {
+    id: 'api-validations',
+    category: 'api',
+    mountPoint: '/data/apps/api/configs/identities/validations',
+    label: 'Validations identités',
+    composeHint: './configs/sesame-orchestrator/validations:/data/apps/api/configs/identities/validations',
+    required: true,
+  },
+  {
+    id: 'web-config',
+    category: 'web',
+    mountPoint: '/data/apps/web/config',
+    label: 'Configuration Web',
+    composeHint: './configs/sesame-app-manager/config:/data/apps/web/config',
+    required: true,
+  },
+  {
+    id: 'web-statics',
+    category: 'web',
+    mountPoint: '/data/apps/web/src/public/config',
+    label: 'Statiques Web',
+    composeHint: './configs/sesame-app-manager/statics:/data/apps/web/src/public/config',
+    required: true,
+  },
+  {
+    id: 'shared-certificates',
+    category: 'shared',
+    mountPoint: '/data/certificates',
+    label: 'Certificats TLS',
+    composeHint: './certificates:/data/certificates',
+    required: true,
+  },
+];

apps/api/src/_common/decorators/cron-console-handler.decorator.ts

@@ -1,48 +1,48 @@
-import { SetMetadata } from '@nestjs/common'
+import { SetMetadata } from '@nestjs/common';
 
-export const CRON_CONSOLE_HANDLER_METADATA = 'sesame:cron-console-handler'
+export const CRON_CONSOLE_HANDLER_METADATA = 'sesame:cron-console-handler';
 
-export type CronConsoleHandlerArgumentType = 'string' | 'number' | 'boolean'
+export type CronConsoleHandlerArgumentType = 'string' | 'number' | 'boolean';
 
 export interface CronConsoleHandlerArgument {
   /** Nom de l'argument dans options cron / options CLI. */
-  name: string
-  label?: string
-  description?: string
-  type?: CronConsoleHandlerArgumentType
-  default?: string | number | boolean
-  required?: boolean
+  name: string;
+  label?: string;
+  description?: string;
+  type?: CronConsoleHandlerArgumentType;
+  default?: string | number | boolean;
+  required?: boolean;
   /** Flag CLI (ex. `--source`). Par défaut : `--${name}`. */
-  flag?: string
+  flag?: string;
   /** Passe la valeur comme argument positionnel après la commande console. */
-  positional?: boolean
+  positional?: boolean;
 }
 
 export interface CronConsoleHandlerDescriptor {
-  handler: string
-  command: string
-  label: string
-  arguments: CronConsoleHandlerArgument[]
+  handler: string;
+  command: string;
+  label: string;
+  arguments: CronConsoleHandlerArgument[];
 }
 
 export interface CronConsoleHandlerOptions {
   /** Identifiant handler (ex. `lifecycle-execute`). */
-  handler: string
+  handler: string;
 
   /** Commande console complète (ex. `lifecycle execute`). */
-  command: string
+  command: string;
 
   /** Libellé affiché dans l'interface d'administration. */
-  label?: string
+  label?: string;
 
   /** Arguments CLI suggérés pour la configuration cron. */
-  arguments?: CronConsoleHandlerArgument[]
+  arguments?: CronConsoleHandlerArgument[];
 }
 
-const cronConsoleHandlerRegistry: CronConsoleHandlerDescriptor[] = []
+const cronConsoleHandlerRegistry: CronConsoleHandlerDescriptor[] = [];
 
 export function getCronConsoleHandlers(): CronConsoleHandlerDescriptor[] {
-  return [...cronConsoleHandlerRegistry].sort((left, right) => left.handler.localeCompare(right.handler))
+  return [...cronConsoleHandlerRegistry].sort((left, right) => left.handler.localeCompare(right.handler));
 }
 
 export const CronConsoleHandler = (options: CronConsoleHandlerOptions) => {
@@ -51,7 +51,7 @@ export const CronConsoleHandler = (options: CronConsoleHandlerOptions) => {
     command: options.command,
     label: options.label || options.handler,
     arguments: options.arguments || [],
-  })
+  });
 
-  return SetMetadata(CRON_CONSOLE_HANDLER_METADATA, options)
-}
+  return SetMetadata(CRON_CONSOLE_HANDLER_METADATA, options);
+};

apps/api/src/_common/decorators/use-roles.decorator.ts

@@ -1,16 +1,13 @@
-import { applyDecorators, SetMetadata } from '@nestjs/common'
-import { UseRoles as AccessControlUseRoles } from 'nest-access-control'
+import { applyDecorators, SetMetadata } from '@nestjs/common';
+import { UseRoles as AccessControlUseRoles } from 'nest-access-control';
 
-export const META_AC_RULE = 'ac:rule'
+export const META_AC_RULE = 'ac:rule';
 
 export type AcRule = {
-  resource: string
-  action: string
-  possession?: string
-}
+  resource: string;
+  action: string;
+  possession?: string;
+};
 
 export const UseRoles = (rule: AcRule) =>
-  applyDecorators(
-    AccessControlUseRoles(rule as any),
-    SetMetadata(META_AC_RULE, rule),
-  )
+  applyDecorators(AccessControlUseRoles(rule as any), SetMetadata(META_AC_RULE, rule));

apps/api/src/_common/factorydrive/exceptions/authorization-required.exception.ts

@@ -1,10 +1,10 @@
-import { RuntimeException } from 'node-exceptions'
+import { RuntimeException } from 'node-exceptions';
 
 export class AuthorizationRequiredException extends RuntimeException {
-  public raw: Error
+  public raw: Error;
 
   public constructor(err: Error, path: string) {
-    super(`Unauthorized to access file ${path}\n${err.message}`, 500, 'E_AUTHORIZATION_REQUIRED')
-    this.raw = err
+    super(`Unauthorized to access file ${path}\n${err.message}`, 500, 'E_AUTHORIZATION_REQUIRED');
+    this.raw = err;
   }
 }