ci

.dockerignore

+node_modules/*
+.DS_Store
+
+# build files
+dist
+
+# ts
+tsconfig.tsbuildinfo
+
+# custom certificates
+/ssl-*/
+
+.git*
+Dockerfile
+.dockerignore

.gitlab-ci.yml

+stages:
+  - build
+  - deploy
+variables:
+  GIT_DEPTH: "1"
+  CONTAINER_TEST_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
+  CONTAINER_TEST_ARM_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-arm
+  CONTAINER_TEST_X86_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-x86
+  CONTAINER_RELEASE_IMAGE: $CI_REGISTRY_IMAGE:latest
+before_script:
+  - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+build-x86:
+  stage: build
+  tags:
+    - docker
+  script:
+    - TARGET_IMAGE=$CONTAINER_TEST_IMAGE
+    - docker build --pull -t $TARGET_IMAGE .
+    - docker push $TARGET_IMAGE
+deploy_latest:
+  stage: deploy
+  tags:
+    - docker
+  script:
+    - TARGET_IMAGE=$CONTAINER_RELEASE_IMAGE
+    - SOURCE_IMAGE=$CONTAINER_TEST_IMAGE
+    - docker pull $SOURCE_IMAGE
+    - docker tag $SOURCE_IMAGE $TARGET_IMAGE
+    - docker push $TARGET_IMAGE
+  only:
+    - master
+deploy_tag:
+  stage: deploy
+  tags:
+    - docker
+  script:
+    - TARGET_IMAGE=$CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
+    - SOURCE_IMAGE=$CONTAINER_TEST_IMAGE
+    - docker pull $SOURCE_IMAGE
+    - docker tag $SOURCE_IMAGE $TARGET_IMAGE
+    - docker push $TARGET_IMAGE
+  only:
+    - tags

Dockerfile

+FROM node:bullseye-slim
+LABEL Author="Nanahira <nanahira@momobako.com>"
+
+RUN apt update && apt -y install python3 build-essential && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+WORKDIR /usr/src/app
+COPY ./package*.json ./
+RUN npm ci
+COPY . ./
+RUN npm run build
+
+CMD ["npm", "run", "start"]

config.js

@@ -5,10 +5,11 @@ const path = require('path');
 const SSL_CERT_DIRECTORY = path.join(__dirname, './ssl/cert');
 
 module.exports = {
-	port: 1812,
+	port: process.env.PORT || 1812,
 	// radius secret
-	secret: 'testing123',
+	secret: process.env.SECRET || 'testing123',
 
+	/*
 	certificate: {
 		cert: fs.readFileSync(path.join(SSL_CERT_DIRECTORY, '/server.crt')),
 		key: [
@@ -21,7 +22,9 @@ module.exports = {
 		// sesionIdContext: 'meiasdfkljasdft!',
 		// ticketKeys: Buffer.from('123456789012345678901234567890123456789012345678'),
 	},
+	*/
 
+	/*
 	// GoogleLDAPAuth (optimized for google auth)
 	authentication: 'GoogleLDAPAuth',
 	authenticationOptions: {
@@ -32,6 +35,7 @@ module.exports = {
 			certFile: 'ldap.gsuite.crt',
 		},
 	},
+	*/
 
 	/** LDAP AUTH 
 	authentication: 'LDAPAuth',
@@ -68,10 +72,8 @@ module.exports = {
 	}
 	 */
 	 
-	/** HTTP AUTH 
 	authentication: 'HTTPAuth',
 	authenticationOptions: {
-		url: 'https://my-website.com/api/backend-login'
+		url: process.env.AUTH_URL || 'https://my-website.com/api/backend-login'
 	}
-	*/
 };

src/app.ts

@@ -57,20 +57,24 @@ console.log(`Auth Config: ${JSON.stringify(argv.authenticationOptions, undefined
 	const radiusService = new RadiusService(config.secret, authentication);
 
 	server.on('message', async (msg, rinfo) => {
-		const response = await radiusService.handleMessage(msg);
+		try {
+			const response = await radiusService.handleMessage(msg);
 
-		if (response) {
-			server.sendToClient(
-				response.data,
-				rinfo.port,
-				rinfo.address,
-				(err, _bytes) => {
-					if (err) {
-						console.log('Error sending response to ', rinfo);
-					}
-				},
-				response.expectAcknowledgment
-			);
+			if (response) {
+				server.sendToClient(
+					response.data,
+					rinfo.port,
+					rinfo.address,
+					(err, _bytes) => {
+						if (err) {
+							console.log('Error sending response to ', rinfo);
+						}
+					},
+					response.expectAcknowledgment
+				);
+			}
+		} catch (e) {
+			console.error(`Error handling request: ${e.toString()}`);
 		}
 	});
 

src/auth/HTTPAuth.ts

@@ -13,25 +13,30 @@ export class HTTPAuth implements IAuthentication {
 	}
 
 	async authenticate(username: string, password: string) {
-		const result = await axios.post(
-			this.url,
-			{
-				username,
-				password,
-			},
-			{
-				validateStatus(status) {
-					return status >= 200 && status < 500;
+		try {
+			const result = await axios.post(
+				this.url,
+				{
+					username,
+					password,
 				},
+				{
+					validateStatus(status) {
+						return status >= 200 && status < 500;
+					},
+				}
+			);
+	
+			if (result.status < 300) {
+				return true;
 			}
-		);
-
-		if (result.status === 200) {
-			return true;
+	
+			console.log(`HTTP authentication failed, response code: ${result.status}`);
+	
+			return false;
+		} catch (e) {
+			console.log(`HTTP authentication errored: ${e.toString()}`);
+			return false;
 		}
-
-		console.log(`HTTP authentication failed, response code: ${result.status}`);
-
-		return false;
 	}
 }