/hub-api

Primary LanguageTypeScriptGNU General Public License v3.0GPL-3.0

Hub API

Overview

  • Description: This repository implements a service that orchestrates and aggregates distributed analysis jobs on the CODA platform. It receives requests from the dashboard API and communicates with the site APIs conformant to the CODA API specification.
  • Primary author(s): Kevin Arsenault [@arsenaultk9], Xuefei Shi [@xuefeishi], Jeffrey Li [@JeffreyLi16], Maxime Lavigne [@malavv].
  • Contributors: Louis Mullie [@louism], Pascal St-Onge [@stongepa].
  • License: The code in this repository is released under the GNU General Public License, V3.

Contents

Installation


Step 1: Configuration

Supply the following environment variables via a .env file:

CODA_HUB_API_PORT=
CODA_AUTH_SERVICE_URL=
CODA_HUB_API_AUTH_REALM=
CODA_HUB_API_AUTH_CLIENT_SECRET=
CODA_HUB_API_AUTH_SESSION_MEMORY_SECRET=
CODA_HUB_CACHE_DB_PORT=
CODA_HUB_CACHE_DB_HOST=

#CODA_HUB_API_EMAIL_HOST=
#CODA_HUB_API_EMAIL_PORT=
#CODA_HUB_API_ERROR_EMAIL_RECIPIENTS=

Usage


Step 1

Start Redis instance (looks for it on 7777 by default).

$ docker run --name some-redis -p 7777:7777 -d redis

Step 2

Run the hub server (runs on 5427 by default).

$ npm start

Deployment


Step 1

$ docker login -u ${USER} -p ${USER}
$ ./publish.sh

Step 2

Ask a VALERIA team member to update the image in OpenShift.

Security


Use the following commands to check for security threats.

Comprehensive scan

Uses Trivy to scan for security issues.

docker run --rm -v C:\dev\trivy:/root/.cache/ -v //var/run/docker.sock:/var/run/docker.sock  aquasec/trivy image coda-hub-api:latest --security-checks vuln > report.txt

Check NPM dependencies

Submits a description of the NPM dependencies of the project to your default registry and asks for a report of known vulnerabilities.

npm audit

Want to Contribute?


Check out CONTRIBUTING.md.