build(docker): 修改启动命令；优化 dockerfile；增加 docker-compose 启动安全性配置；

maslow · maslow · commit 680476fad077 · 2021-07-23T14:31:14.000+08:00
diff --git a/.dockerignore b/.dockerignore
@@ -1,4 +1,5 @@
 node_modules
 .env
 ecosystem.config.js
-dist
+dist
+data
diff --git a/.gitignore b/.gitignore
@@ -7,4 +7,5 @@ tmp
 
 .env
 
-ecosystem.config.js
+ecosystem.config.js
+.DS_Store
diff --git a/Dockerfile b/Dockerfile
@@ -2,7 +2,10 @@ FROM node:14-alpine
 EXPOSE 8080
 WORKDIR /app
 ENV LOG_LEVEL=debug
-ADD . /app
-RUN npm i --prod
+COPY . /app
+RUN mkdir /app/data || true
+RUN chown node:node /app/data
+RUN npm i
 RUN npm run build
+USER node
 CMD [ "npm", "run", "init-start" ]
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,7 +1,8 @@
-version: '3'
+version: '3.8'
 services: 
   server:
     image: lessx/less-framework:latest
+    user: node
     environment: 
       SERVER_SALT: Rewrite_Your_Own_Secret_Salt_abcdefg1234567
       DB: less_app
@@ -15,11 +16,18 @@ services:
       - app-data:/app/data
     ports:
       - "8080:8080"
+    read_only: true
+    cap_drop: 
+      - ALL
+    tmpfs: 
+      - /tmp
+    restart: always
     networks: 
       - less
 
   mongodb:
     image: mongo:latest
+    user: mongodb
     environment: 
       MONGO_INITDB_ROOT_USERNAME: less
       MONGO_INITDB_ROOT_PASSWORD: less123
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -4,14 +4,15 @@
   "description": "less framework base on less-api",
   "main": "./dist/index.js",
   "scripts": {
-    "start": "node --experimental-vm-modules ./dist/index.js",
+    "start": "node ./dist/index.js",
     "build": "npx tsc -p tsconfig.json",
     "watch": "npx tsc -p tsconfig.json -w",
     "init": "node init/index.js",
     "prepublishOnly": "npm run build",
     "prepare": "husky install",
     "commit": "commit",
-    "init-start": "npm run build && npm run init && npm run start",
+    "trace-gc": "node --trace_gc --trace_gc_verbose ./dist/index.js",
+    "init-start": "npm run init && npm run start",
     "docker-build": "docker build -t lessx/less-framework:latest .",
     "docker-push": "docker push lessx/less-framework:latest",
     "docker-bp": "npm run docker-build && npm run docker-push"
@@ -54,6 +55,7 @@
     "@types/node": "^14.14.37",
     "@types/uuid": "^8.3.0",
     "@types/validator": "^13.1.3",
+    "heapdump": "^0.3.15",
     "husky": "^5.2.0",
     "typescript": "^4.2.3"
   }
diff --git a/src/config.ts b/src/config.ts
@@ -60,7 +60,8 @@ export default class Config {
 
   // 临时文件目录
   static get TMP_PATH(): string {
-    return process.env['TMP_PATH'] ?? path.join(process.cwd(), "tmp/uploads")
+    const tmp_path =  process.env['TMP_PATH'] ?? path.join(process.cwd(), "tmp")
+    return tmp_path
   }
 
   /**
diff --git a/tests/ab/db_read.json b/tests/ab/db_read.json
@@ -1,6 +1,6 @@
 {
   "action": "database.queryDocument",
   "collectionName": "permissions",
-  "limit": 10,
+  "limit": 20,
   "queryType": "WHERE"
 }
diff --git a/tests/ab/empty.json b/tests/ab/empty.json
@@ -1,5 +1,4 @@
 {
-  "params": {
-    "test": 1
-  }
+    "username": "less",
+    "password": "less123"
 }
diff --git a/tests/ab/less.sh b/tests/ab/less.sh
@@ -1,6 +1,9 @@
 # 读数据
-ab -n 10000 -c 100 -p ./db_read.json -T application/json -H "Authorization: Bearer eyJ1aWQiOiI2MDU1YTJhYWYyODhhNzQyNjEyNjA1MmYiLCJ0eXBlIjoiYWRtaW4iLCJleHBpcmUiOjE2MTcxNTY1MjY0MDJ9.a2ef2628165b3071a1694151111ca921" http://localhost:8080/admin/entry
+ab -n 10000 -c 100 -p ./db_read.json -T application/json -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiI2MDg1MzhkMjhlMWI0MTM2YjEyMzIyZjIiLCJ0eXBlIjoiYWRtaW4iLCJleHAiOjE2Mjc1NTEyNzksImlhdCI6MTYyNjk0NjQ3OX0.BFJPeJYb9-tifpKWKW2C0ipWSwy9pEFvrORqrIbNh9s" http://localhost:8080/admin/entry
 
 
 # 云函数调用
 ab -n 1000 -c 100 -p ./empty.json -T application/json -H "Authorization: Bearer eyJ1aWQiOiI2MDU1YTJhYWYyODhhNzQyNjEyNjA1MmYiLCJ0eXBlIjoiYWRtaW4iLCJleHBpcmUiOjE2MTcxNTY1MjY0MDJ9.a2ef2628165b3071a1694151111ca921" http://localhost:8080/admin//func/invoke/hello
+
+
+ab -n 1000 -c 100 -p ./empty.json -T application/json  http://localhost:8000/prod-api/func/invoke/user-passwd-login
diff --git a/tests/faas/engine.test.js b/tests/faas/engine.test.js
@@ -1,23 +1,65 @@
 
 const path = require('path')
 const assert = require('assert')
-const { FunctionEngine } = require('../../dist/lib/faas/index')
-const { handler } = require('./func')
+const { FunctionEngine } = require('../../dist/lib/faas/engine')
+const ts = require('typescript')
 
 
+const source = `
+import * as crypto from 'crypto'
+
+exports.main = async function (ctx: any) {
+  console.log(ctx)
+  console.log(crypto)
+  return 'ok'
+}
+`
+
+const source2 = `
+import * as crypto from 'crypto'
+
+export async function main (ctx: any) {
+  console.log(ctx)
+  console.log(crypto)
+  return 'ok'
+}
+`
+
 describe("FaaS Engine", () => {
 
   it("constructor", async () => {
     const engine = new FunctionEngine()
     assert(engine instanceof FunctionEngine)
   })
 
-  it("run code", async () => {
+  it("run code 1", async () => {
+    const engine = new FunctionEngine()
+
+    const result = ts.transpile(source2, {
+        module: ts.ModuleKind.CommonJS,
+        target: ts.ScriptTarget.ES2017
+    })
+
+    const code = result
+    const ret = await engine.run(code, {
+      context: {}
+    })
+    assert.strictEqual(ret.data, 'ok')
+  })
+
+  it("run code 2", async () => {
     const engine = new FunctionEngine()
 
-    const code = handler.toString()
-    const ret = await engine.run(code, {})
-    assert.strictEqual(ret, 'ok')
+    const result = ts.transpile(source2, {
+        module: ts.ModuleKind.CommonJS,
+        target: ts.ScriptTarget.ES2017
+    })
+
+    const code = result
+    const ret = await engine.run(code, {
+      context: {}
+    })
+    assert.strictEqual(ret.data, 'ok')
   })
 
 })
diff --git a/tests/faas/func.js b/tests/faas/func.js
diff --git a/tests/faas/index.js b/tests/faas/index.js
@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const crypto = require("crypto");
+exports.main = async function (ctx) {
+    console.log(ctx);
+    console.log(crypto);
+    return 'ok';
+};
diff --git a/tests/faas/index.ts b/tests/faas/index.ts
@@ -0,0 +1,10 @@
+import * as crypto from 'crypto'
+
+exports.main = async function (ctx: any) {
+  console.log(ctx)
+  console.log(crypto)
+  return 'ok'
+}
+
+
+// tsc --lib es6 -t ES2017 -m commonjs --pretty index.ts
diff --git a/tests/faas/transpiler.js b/tests/faas/transpiler.js
@@ -0,0 +1,19 @@
+
+const ts = require('typescript')
+
+const source = `
+import * as crypto from 'crypto'
+
+exports.main = async function (ctx: any) {
+  console.log(ctx)
+  console.log(crypto)
+  return 'ok'
+}
+`
+
+const result = ts.transpile(source, {
+    module: ts.ModuleKind.CommonJS,
+    target: ts.ScriptTarget.ES2017
+})
+
+console.log(result)

Original file line number	Diff line number	Diff line change
`@@ -60,7 +60,8 @@ export default class Config {`
`60`	`60`
`61`	`61`	`// 临时文件目录`
`62`	`62`	`static get TMP_PATH(): string {`
`63`		`- return process.env['TMP_PATH'] ?? path.join(process.cwd(), "tmp/uploads")`
	`63`	`+ const tmp_path = process.env['TMP_PATH'] ?? path.join(process.cwd(), "tmp")`
	`64`	`+ return tmp_path`
`64`	`65`	`}`
`65`	`66`
`66`	`67`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"action": "database.queryDocument",`
`3`	`3`	`"collectionName": "permissions",`
`4`		`- "limit": 10,`
	`4`	`+ "limit": 20,`
`5`	`5`	`"queryType": "WHERE"`
`6`	`6`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,4 @@`
`1`	`1`	`{`
`2`		`- "params": {`
`3`		`- "test": 1`
`4`		`- }`
	`2`	`+ "username": "less",`
	`3`	`+ "password": "less123"`
`5`	`4`	`}`