Merge pull request #5 from fingerprintjs/feature/management-poc

TheUnderScorer · web-flow · commit 29569bcf9fec · 2023-03-23T12:56:31.000+01:00
Feature/management poc
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -12,6 +12,9 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 18
       - name: Get yarn cache directory path
         id: yarn-cache-dir-path
         run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT
@@ -30,5 +33,7 @@ jobs:
         run: yarn test
       - name: Build
         run: yarn build
+        env:
+          NODE_OPTIONS: "--max_old_space_size=4096"
       - name: Typecheck
         run: yarn test:dts
diff --git a/host.json b/host.json
@@ -1,6 +1,13 @@
 {
   "version": "2.0",
   "logging": {
+    "fileLoggingMode": "always",
+    "logLevel": {
+      "default": "Information",
+      "Host.Results": "Error",
+      "Function": "Trace",
+      "Host.Aggregator": "Trace"
+    },
     "applicationInsights": {
       "samplingSettings": {
         "isEnabled": true,
@@ -21,4 +28,4 @@
     "dynamicConcurrencyEnabled": true,
     "snapshotPersistenceEnabled": true
   }
-}
+}
diff --git a/jest.config.js b/jest.config.js
@@ -2,7 +2,7 @@
 module.exports = {
   preset: 'ts-jest',
   testEnvironment: 'node',
-  testRegex: '/proxy/.+test.tsx?$',
+  testRegex: '/proxy/.+test.tsx?$|/management/.+test.tsx?$',
   passWithNoTests: true,
   collectCoverageFrom: ['./proxy/**/**.ts', '!**/index.ts', '!**/config.ts', './management/**/**.ts'],
   coverageReporters: ['lcov', 'json-summary', ['text', { file: 'coverage.txt', path: './' }]],
diff --git a/management/config.ts b/management/config.ts
@@ -0,0 +1,5 @@
+export const config = {
+  repository: 'fingerprint-pro-azure-integration',
+  repositoryOwner: 'fingerprintjs',
+  version: '__lambda_func_version__',
+}
diff --git a/management/env.ts b/management/env.ts
@@ -0,0 +1,25 @@
+import { Logger } from '@azure/functions'
+
+export function getEnv(name: string) {
+  const value = process.env[name]
+
+  if (!value) {
+    throw new Error(`Missing environment variable: ${name}`)
+  }
+
+  return value
+}
+
+export function gatherEnvs(logger: Logger) {
+  try {
+    return {
+      resourceGroupName: getEnv('RESOURCE_GROUP_NAME'),
+      appName: getEnv('APP_NAME'),
+      subscriptionId: getEnv('AZURE_SUBSCRIPTION_ID'),
+    }
+  } catch (error) {
+    logger.error(`Error gathering environment variables: ${error}`)
+
+    return null
+  }
+}
diff --git a/management/function.json b/management/function.json
@@ -2,11 +2,10 @@
   "disabled": false,
   "bindings": [
     {
-      "name": "blob",
-      "type": "blobTrigger",
-      "direction": "in",
-      "path": "func-dist/{name}",
-      "connection": "StorageConnectionString"
+      "schedule": "*/30 * * * *",
+      "name": "timer",
+      "type": "timerTrigger",
+      "direction": "in"
     }
   ],
   "scriptFile": "../dist/fingerprintjs-pro-azure-function-management/fingerprintjs-pro-azure-function-management.js"
diff --git a/management/github.ts b/management/github.ts
@@ -0,0 +1,119 @@
+import { config } from './config'
+import { isSemverGreater } from './semver'
+import { Logger } from '@azure/functions'
+import * as https from 'https'
+
+function bearer(token?: string) {
+  return `Bearer ${token}`
+}
+
+export async function getLatestGithubRelease(token?: string) {
+  const response = await fetch(
+    `https://api.github.com/repos/${config.repositoryOwner}/${config.repository}/releases/latest`,
+    {
+      headers: {
+        Authorization: bearer(token),
+      },
+    },
+  )
+
+  return (await response.json()) as GithubRelease
+}
+
+export async function downloadReleaseAsset(url: string, token?: string, logger?: Logger) {
+  logger?.verbose(`Downloading release asset from ${url}`)
+
+  return new Promise<Buffer>((resolve, reject) => {
+    const handleError = (error: Error) => {
+      logger?.error('Unable to download release asset', { error })
+
+      reject(error)
+    }
+
+    const request = https.request(
+      url,
+      {
+        headers: {
+          Authorization: bearer(token),
+          Accept: 'application/octet-stream',
+          'User-Agent': 'fingerprint-pro-azure-integration',
+        },
+        method: 'GET',
+      },
+      (response) => {
+        // TODO For now, the request causes redirect, We need to check it again once repository is public
+        if (response.statusCode === 302) {
+          const downloadUrl = response.headers.location
+
+          if (!downloadUrl) {
+            reject(new Error('Unable to find download url'))
+
+            return
+          }
+
+          const downloadRequest = https.get(downloadUrl, (downloadResponse) => {
+            const chunks: any[] = []
+
+            downloadResponse.on('data', (chunk) => {
+              chunks.push(chunk)
+            })
+
+            downloadResponse.on('end', () => {
+              resolve(Buffer.concat(chunks))
+            })
+          })
+
+          downloadRequest.on('error', handleError)
+          downloadRequest.end()
+        } else {
+          reject(new Error(`Unable to download release asset: ${response.statusCode} ${response.statusMessage}`))
+        }
+      },
+    )
+
+    request.on('error', handleError)
+    request.end()
+  })
+}
+
+export async function findFunctionZip(assets: GithubReleaseAsset[]) {
+  return assets.find(
+    (asset) => asset.name.endsWith('.zip') && asset.state === 'uploaded' && asset.content_type === 'application/zip',
+  )
+}
+
+export async function getLatestFunctionZip(logger?: Logger, token?: string) {
+  const release = await getLatestGithubRelease(token)
+
+  if (!isSemverGreater(release.tag_name, config.version)) {
+    logger?.verbose(`Latest release ${release.tag_name} is not greater than current version ${config.version}`)
+
+    return null
+  }
+
+  const asset = await findFunctionZip(release.assets)
+
+  logger?.verbose(`Found asset ${asset?.name} for release ${release.tag_name}`, asset)
+
+  return asset
+    ? {
+        file: await downloadReleaseAsset(asset.url, token, logger),
+        name: asset.name,
+      }
+    : null
+}
+
+export interface GithubRelease {
+  assets_url: string
+  url: string
+  tag_name: string
+  name: string
+  assets: GithubReleaseAsset[]
+}
+
+export interface GithubReleaseAsset {
+  url: string
+  name: string
+  content_type: string
+  state: 'uploaded' | 'errored'
+}
diff --git a/management/index.ts b/management/index.ts
@@ -1,9 +1,105 @@
-import { AzureFunction, Context } from '@azure/functions'
+import { AzureFunction, Context, Timer } from '@azure/functions'
+import { WebSiteManagementClient } from '@azure/arm-appservice'
+import { DefaultAzureCredential } from '@azure/identity'
+import * as storageBlob from '@azure/storage-blob'
+import { BlobSASPermissions, StorageSharedKeyCredential } from '@azure/storage-blob'
+import { StorageManagementClient } from '@azure/arm-storage'
+import { getLatestFunctionZip } from './github'
+import { gatherEnvs } from './env'
 
-const storageBlobTrigger: AzureFunction = async (context: Context, blob: any): Promise<void> => {
-  context.log(typeof blob)
-  context.log(blob)
-  context.log(context)
+const WEBSITE_RUN_FROM_PACKAGE = 'WEBSITE_RUN_FROM_PACKAGE'
+
+const managementFn: AzureFunction = async (context: Context, timer: Timer) => {
+  if (timer.isPastDue) {
+    context.log('Timer function is running late!')
+  }
+
+  const env = gatherEnvs(context.log)
+
+  if (!env) {
+    return
+  }
+
+  const { resourceGroupName, appName, subscriptionId } = env
+
+  const latestFunction = await getLatestFunctionZip(context.log, process.env.GITHUB_TOKEN)
+
+  if (!latestFunction) {
+    context.log.info('No new release found')
+
+    return
+  }
+
+  context.log.verbose('latestFunction', latestFunction)
+
+  try {
+    const credentials = new DefaultAzureCredential()
+
+    const storageArmClient = new StorageManagementClient(credentials, subscriptionId)
+    const client = new WebSiteManagementClient(credentials, subscriptionId)
+
+    const settings = await client.webApps.listApplicationSettings(resourceGroupName, appName)
+    const setting = settings.properties?.[WEBSITE_RUN_FROM_PACKAGE]
+
+    if (setting) {
+      context.log.verbose('storageUrl', setting)
+
+      const storageUrl = new URL(setting)
+      const storageName = storageUrl.pathname.split('/')[1]
+      const accountName = storageUrl.hostname.split('.')[0]
+
+      context.log.verbose('storageName', storageName)
+      context.log.verbose('accountName', accountName)
+
+      const { keys } = await storageArmClient.storageAccounts.listKeys(resourceGroupName, accountName)
+
+      const key = keys?.[0].value
+
+      if (!key) {
+        context.log.warn('No storage keys found')
+
+        return
+      }
+
+      const containerUrl = `${storageUrl.origin}/${storageName}`
+      const storageClient = new storageBlob.ContainerClient(
+        containerUrl,
+        // We must use StorageSharedKeyCredential in order to generate SAS tokens
+        new StorageSharedKeyCredential(accountName, key),
+      )
+
+      const blobClient = storageClient.getBlockBlobClient(latestFunction.name)
+
+      await blobClient.uploadData(latestFunction.file)
+
+      const sas = await blobClient.generateSasUrl({
+        startsOn: new Date(),
+        expiresOn: getSasExpiration(),
+        permissions: BlobSASPermissions.from({
+          read: true,
+        }),
+      })
+
+      context.log.verbose('sas', sas)
+
+      settings.properties![WEBSITE_RUN_FROM_PACKAGE] = sas
+
+      // TODO Add healthcheck, if it fails, revert to previous version, otherwise, delete previous version
+      await client.webApps.updateApplicationSettings(resourceGroupName, appName, settings)
+    }
+  } catch (error) {
+    context.log.error(error)
+  }
+}
+
+function getSasExpiration() {
+  // By default, when deploying using Azure CLI they generate a SAS token that expires in 10 years
+  const expirationYears = 10
+  const expiresOn = new Date()
+
+  expiresOn.setFullYear(expiresOn.getFullYear() + expirationYears)
+
+  return expiresOn
 }
 
-export default storageBlobTrigger
+export default managementFn
diff --git a/management/semver.test.ts b/management/semver.test.ts
@@ -0,0 +1,48 @@
+import { isSemverGreater } from './semver'
+
+describe('isSemverGreater', () => {
+  it.each([
+    {
+      left: '1.0.0',
+      right: '1.0.0',
+      expected: false,
+    },
+    {
+      left: '1.0.0',
+      right: '1.0.1',
+      expected: false,
+    },
+    {
+      left: '1.0.1',
+      right: '1.0.0',
+      expected: true,
+    },
+    {
+      left: '1.0.0',
+      right: '1.1.0',
+      expected: false,
+    },
+    {
+      left: '1.1.0',
+      right: '1.0.0',
+      expected: true,
+    },
+    {
+      left: '1.0.0',
+      right: '2.0.0',
+      expected: false,
+    },
+    {
+      left: '2.0.0',
+      right: '1.0.0',
+      expected: true,
+    },
+    {
+      left: 'v2.0.0',
+      right: '1.0.0',
+      expected: true,
+    },
+  ])('should return true if left version is greater than right one', (testCase) => {
+    expect(isSemverGreater(testCase.left, testCase.right)).toBe(testCase.expected)
+  })
+})
diff --git a/management/semver.ts b/management/semver.ts
@@ -0,0 +1,9 @@
+import { compare } from 'semver'
+
+export function isSemverGreater(left: string, right: string): boolean {
+  try {
+    return compare(left, right) === 1
+  } catch {
+    return false
+  }
+}
diff --git a/package.json b/package.json
diff --git a/proxy/index.ts b/proxy/index.ts
diff --git a/rollup.config.mjs b/rollup.config.mjs
