👷 build: enhance Self-host CA usage & remove TLS detection (lobehub#4223

) * 👷 build: enhance TLS cert checking & Self-host CA usage * 👷 build: add Wenxin ENV * 🔨 chore: handle timeout * Update startServer.js * 👷 build: remove TLS detection
miku-l5225 · Sep 30, 2024 · 7df27e8 · 7df27e8
1 parent ca9deaa
commit 7df27e8
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 85 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -114,8 +114,9 @@ COPY --from=app / /
 
 ENV NODE_ENV="production" \
     NODE_OPTIONS="--use-openssl-ca" \
-    NODE_EXTRA_CA_CERTS="/etc/ssl/certs/ca-certificates.crt" \
-    NODE_TLS_REJECT_UNAUTHORIZED=""
+    NODE_EXTRA_CA_CERTS="" \
+    NODE_TLS_REJECT_UNAUTHORIZED="" \
+    SSL_CERT_DIR="/etc/ssl/certs/ca-certificates.crt"
 
 # set hostname to localhost
 ENV HOSTNAME="0.0.0.0" \
@@ -185,6 +186,8 @@ ENV \
     TOGETHERAI_API_KEY="" TOGETHERAI_MODEL_LIST="" \
     # Upstage
     UPSTAGE_API_KEY="" \
+    # Wenxin
+    WENXIN_ACCESS_KEY="" WENXIN_SECRET_KEY="" \
     # 01.AI
     ZEROONE_API_KEY="" ZEROONE_MODEL_LIST="" \
     # Zhipu

diff --git a/Dockerfile.database b/Dockerfile.database
@@ -127,8 +127,9 @@ COPY --from=app / /
 
 ENV NODE_ENV="production" \
     NODE_OPTIONS="--use-openssl-ca" \
-    NODE_EXTRA_CA_CERTS="/etc/ssl/certs/ca-certificates.crt" \
-    NODE_TLS_REJECT_UNAUTHORIZED=""
+    NODE_EXTRA_CA_CERTS="" \
+    NODE_TLS_REJECT_UNAUTHORIZED="" \
+    SSL_CERT_DIR="/etc/ssl/certs/ca-certificates.crt"
 
 # set hostname to localhost
 ENV HOSTNAME="0.0.0.0" \
@@ -217,6 +218,8 @@ ENV \
     TOGETHERAI_API_KEY="" TOGETHERAI_MODEL_LIST="" \
     # Upstage
     UPSTAGE_API_KEY="" \
+    # Wenxin
+    WENXIN_ACCESS_KEY="" WENXIN_SECRET_KEY="" \
     # 01.AI
     ZEROONE_API_KEY="" ZEROONE_MODEL_LIST="" \
     # Zhipu

diff --git a/scripts/serverLauncher/startServer.js b/scripts/serverLauncher/startServer.js
@@ -1,6 +1,5 @@
 const dns = require('dns').promises;
 const fs = require('fs').promises;
-const tls = require('tls');
 const { spawn } = require('child_process');
 
 // Set file paths
@@ -23,68 +22,6 @@ const isValidIP = (ip, version = 4) => {
   }
 };
 
-// Function to check TLS validity of a URL
-const isValidTLS = (url = '') => {
-  if (!url) {
-    console.log('⚠️ TLS Check: No URL provided. Skipping TLS check. Ensure correct setting ENV.');
-    console.log('-------------------------------------');
-    return Promise.resolve();
-  }
-
-  const { protocol, host, port } = parseUrl(url);
-  if (protocol !== 'https') {
-    console.log(`⚠️ TLS Check: Non-HTTPS protocol (${protocol}). Skipping TLS check for ${url}.`);
-    console.log('-------------------------------------');
-    return Promise.resolve();
-  }
-
-  const options = { host, port, servername: host };
-  return new Promise((resolve, reject) => {
-    const socket = tls.connect(options, () => {
-      console.log(`✅ TLS Check: Valid certificate for ${host}:${port}.`);
-      console.log('-------------------------------------');
-
-      socket.end();
-
-      resolve();
-    });
-
-    socket.on('error', (err) => {
-      const errMsg = `❌ TLS Check: Error for ${host}:${port}. Details:`;
-      switch (err.code) {
-        case 'CERT_HAS_EXPIRED':
-        case 'DEPTH_ZERO_SELF_SIGNED_CERT':
-        case 'ERR_TLS_CERT_ALTNAME_INVALID':
-          console.error(`${errMsg} Certificate is not valid. Consider setting NODE_TLS_REJECT_UNAUTHORIZED="0" or mapping /etc/ssl/certs/ca-certificates.crt.`);
-          break;
-        case 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY':
-          console.error(`${errMsg} Unable to verify issuer. Ensure correct mapping of /etc/ssl/certs/ca-certificates.crt.`);
-          break;
-        default:
-          console.error(`${errMsg} Network issue. Check firewall or DNS.`);
-          break;
-      }
-      reject(err);
-    });
-  });
-};
-
-// Function to check TLS connections for OSS and Auth Issuer
-const checkTLSConnections = async () => {
-  await Promise.all([
-    isValidTLS(process.env.S3_ENDPOINT),
-    isValidTLS(process.env.S3_PUBLIC_DOMAIN),
-    isValidTLS(getEnvVarsByKeyword('_ISSUER')),
-  ]);
-};
-
-// Function to get environment variable by keyword
-const getEnvVarsByKeyword = (keyword) => {
-  return Object.entries(process.env)
-    .filter(([key, value]) => key.includes(keyword) && value)
-    .map(([, value]) => value)[0] || null;
-};
-
 // Function to parse protocol, host and port from a URL
 const parseUrl = (url) => {
   const { protocol, hostname: host, port } = new URL(url);
@@ -170,26 +107,18 @@ const runServer = async () => {
 
   if (process.env.DATABASE_DRIVER) {
     try {
-      try {
-        await fs.access(DB_MIGRATION_SCRIPT_PATH);
-
-        await runScript(DB_MIGRATION_SCRIPT_PATH);
-      } catch (err) {
-        if (err.code === 'ENOENT') {
-          console.log(`⚠️ DB Migration: Not found ${DB_MIGRATION_SCRIPT_PATH}. Skipping DB migration. Ensure to migrate database manually.`);
-          console.log('-------------------------------------');
-        } else {
-          console.error('❌ Error during DB migration:');
-          console.error(err);
-          process.exit(1);
-        }
-      }
+      await fs.access(DB_MIGRATION_SCRIPT_PATH);
 
-      await checkTLSConnections();
+      await runScript(DB_MIGRATION_SCRIPT_PATH);
     } catch (err) {
-      console.error('❌ Error during TLS connection check:');
-      console.error(err);
-      process.exit(1);
+      if (err.code === 'ENOENT') {
+        console.log(`⚠️ DB Migration: Not found ${DB_MIGRATION_SCRIPT_PATH}. Skipping DB migration. Ensure to migrate database manually.`);
+        console.log('-------------------------------------');
+      } else {
+        console.error('❌ Error during DB migration:');
+        console.error(err);
+        process.exit(1);
+      }
     }
   }