big overhaul (#474)

* miniflare init * feat(api): add tests * chore: more tests, almost 100% * add sessions/state spec * add majority of routes and datapaths, start on interactions * nevermind, no interactions * nevermind x2, tweetnacl is bad but SubtleCrypto has what we need apparently * simplify interactions verify * add brute force interactions tests * every primary path API route is refactored! * automatically import from legacy, or die trying. * check that we only fetch legacy once, ever * remove old-src, same some historic pieces * remove interactions & worker-utils package, update misc/types * update some packages we don't need specific pinning for anymore * update web references to API routes since they all changed * fix all linting issues, upgrade most packages * fix tests, divorce enzyme where-ever possible * update web, fix integration issues * pre-build api * fix tests * move api pretest to api package.json instead of CI * remove interactions from terraform, fix deploy side configs * update to tf 1.1.4 * prevent double writes to worker in GCS, port to newer GCP auth workflow * fix api.tf var refs, upgrade node action * change to curl-based script upload for worker script due to terraform provider limitations * oh no, cloudflare freaked out :(
2025-06-14 16:49:10 +00:00 · 2022-01-31 20:35:22 -05:00 · 2022-01-31 20:35:22 -05:00 · 3291f9aacc
commit 3291f9aacc
parent b644a38aa7
183 changed files with 9853 additions and 9924 deletions
--- a/terraform/.gitignore
+++ b/terraform/.gitignore
@ -32,4 +32,8 @@ override.tf.json
 .terraformrc
 terraform.rc

-worker-dist
+# CI outputs to this directory
+worker-dist
+
+# generated by terraform, has secrets.
+bindings.json
--- a/terraform/.terraform.lock.hcl
+++ b/terraform/.terraform.lock.hcl
@ -2,42 +2,62 @@
 # Manual edits may be lost in future updates.

 provider "registry.terraform.io/cloudflare/cloudflare" {
-  version     = "2.25.0"
+  version     = "3.8.0"
  constraints = ">= 2.23.0"
  hashes = [
-    "h1:raEhY+rMHKBNMwXBWYZp4DUua3JNDq5frLu6VOl71Zg=",
-    "zh:0c2e4665615fa732cd7a025599afa788cf980d1e3e89b20127f8dd5198a3e124",
-    "zh:1d09a74f6ee533ae9db4064a9a6ec466ca7e7f53ed2033f95ce66ff066becc9e",
-    "zh:21f9c1b5d30dc691909b4d1f4635171dc53009109cd7b15ac3ee9c23d84dcc10",
-    "zh:332cbf7da45231fda97d4ca9d840d70558055b45fb63247f57717572c09edde4",
-    "zh:4056c8fd7b6ca9f2b96a583ee11e3ee5e11ec0706a4f5fa1816f2bacda359a31",
-    "zh:5a6e134331acc5c9833993f98cbe48e05c995b8d09ac5d4a11fe4c1488fa34ed",
-    "zh:71c30ce22b906f9130b7d1afe6ca5be281f7dda1b46c6565b9acd22ca3e30fcb",
-    "zh:83e53ed8489a8c65d8e39e43ba5c8298b19eba0dfa30c0d2f99d69e81e6516af",
-    "zh:89900baa4735eb9c678815689979765653ff639a528ac0bbe3fceee50028bea8",
-    "zh:8ba0ea263f0e04589ec95de2381913e6a3b71d7b67c2e2ddbdd78a023ce5949f",
-    "zh:a98c952cda50a7286e8286697b195d1dc8c016090023b4b8cd6f772734b7fd71",
-    "zh:c670798e60fd4807524bf7d407ad284c5674b32f42e56005f63cd356233a2310",
-    "zh:dadd6787f390379f7f231e1176d24ff7841ac9c6b1e742c6bf506309492f89e1",
+    "h1:zAhG5lsZGX9sJUbqoaFVZbVsJnvkb+GUKyEZ+EEnW/w=",
+    "zh:10b57533c2223e60bff24a74f172e36345b6bbbd32c0d0f088c0e5e87a4bd658",
+    "zh:422c17906d39ccb00ea12972473c18e42d8f352f4c697feeb898209f5dc462da",
+    "zh:4c3502ff8c96d7faf31a0dd7f2df2422e36e7278db004360ecd71f5af699a335",
+    "zh:5900f7fbf739629afeb10017ae9880a6587310d36d0e970adb82c880d5ee9911",
+    "zh:5a8dc8e6bcd7426a98b82cdc5e84c3fd9be2873cd648537e0a007b912a994df6",
+    "zh:78c7d3a50901ce101ef5241ac22103f5102dd489fb91f2ceaf56b3639ad572d8",
+    "zh:a1ac1388c93cde331a648cc773f94f5a3c6f1342ac5f824e5ecbd25ffdeba414",
+    "zh:c650137d3dbd96ca53da4fbd71b487d4457803715aa06333540df5b0e8ad0430",
+    "zh:d15d4766a2adddd108d1b1dd929d3a40ad063bee39d143ce82bca702f2951f26",
+    "zh:d66e301dfa2c021cce9ead73b2565d296bcc36766b4273d01d29729848564271",
+    "zh:da3a3daa0fbbb0be18c60aff6c5b694ea30cbb7cb55f7f782ec7b46658b167ab",
+    "zh:e6a09b1914aa34b449fba31e626738b186c3c6d43a120aede431c791ceb42ab0",
+    "zh:e9a84e74af0c9ada163cad436a6752904865e20536af9a048aa9382c12ed8f00",
+    "zh:eb586af4ddcef26cef609fca80cdffc0885ec5d5465726e6d1ce98624816aaac",
  ]
 }

 provider "registry.terraform.io/hashicorp/google" {
-  version     = "3.78.0"
+  version     = "4.8.0"
  constraints = ">= 3.74.0"
  hashes = [
-    "h1:iCyTW8BWdr6Bvd5B89wkxlrB8xLxqHvT1CPmGuKembU=",
-    "zh:027971c4689b6130619827fe57ce260aaca060db3446817d3a92869dba7cc07f",
-    "zh:0876dbecc0d441bf2479edd17fe9141d77274b5071ea5f68ac26a2994bff66f3",
-    "zh:2a5363ed6b1b880f5284e604567cfdabecca809584c30bbe7f19ff568d1ea4cd",
-    "zh:2f5af69b70654bda91199f6393253e3e479107deebfeddc3fe5850b3a1e83dfb",
-    "zh:52e6816ef11f5f799a6626dfff384e2153b37450d8320f1ef1eee8f71a2a87b2",
-    "zh:59ae534607db13db35c0015c06d1ae6d4886f01f7e8fd4e07bc120236a01c494",
-    "zh:65ab2ed1746ea02d0b1bbd8a22ff3a95d09dc8bdb3841fbc17e45e9feccfb327",
-    "zh:877a71d24ff65ede3f0c5973168acfeaea0f2fea3757cab5600efcddfd3171d5",
-    "zh:8b10c9643a4a53148f6758bfd60804b33c2b838482f2c39ed210b729e6b1e2e8",
-    "zh:ba682648d9f6c11a6d04a250ac79eec39271f615f3ff60c5ae73ebfcc2cdb450",
-    "zh:e946561921e0279450e9b9f705de9354ce35562ed4cc0d4cd3512aa9eb1f6486",
+    "h1:2EwEiinufTyL/mQ4eQHu+UOwKaHUQfhhU//aA+CopwQ=",
+    "zh:08d1fbdaee6f9d615e09ab6244d5f8f1b76fd079fc4193822a9f5ac4344b3738",
+    "zh:27afa2e26921ca5b96e804b781792296e9a9d4ac533d6f87c3855ae68e28ef80",
+    "zh:2d1fe33d3c6daa85a9ba6608b99d9710c7fcd61199d249e353e82d5bf1a18280",
+    "zh:31b2c41dbe458d8b75068069bb05864027bd1b4a3f4c8e8b7cd7b9d1fe47be7b",
+    "zh:4001c5237a4fb383014b685077c12a0b9cdbac28dce0c707a9a4622d62ef06c9",
+    "zh:82c9ef3f72fa6a8fba163cff94b0f7fd0572724e991af5c7f389feaaf83298d8",
+    "zh:9524a6dc9d8b2cbcef53ca2c04e121899bb1947ff8d4f9569c3b01b1cb9f736a",
+    "zh:a33dcd5d8efef4dafaa331918c79b793be036420fc56c40bb3fb313fdb56db0d",
+    "zh:aa36241871cb5376c7ba8cb8b2ddbfc488c4231e5c0d10b2f421ffaa14c0b462",
+    "zh:cd2c1ffbab0c6e154ed2472edc2788bc2cb9db93848325e389a7157ebbb540de",
+    "zh:f350242dabb33035e2b49cd3e925c88c6bf4b73becfaff298d503e4c64e46271",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/local" {
+  version     = "2.1.0"
+  constraints = ">= 2.1.0"
+  hashes = [
+    "h1:EYZdckuGU3n6APs97nS2LxZm3dDtGqyM4qaIvsmac8o=",
+    "zh:0f1ec65101fa35050978d483d6e8916664b7556800348456ff3d09454ac1eae2",
+    "zh:36e42ac19f5d68467aacf07e6adcf83c7486f2e5b5f4339e9671f68525fc87ab",
+    "zh:6db9db2a1819e77b1642ec3b5e95042b202aee8151a0256d289f2e141bf3ceb3",
+    "zh:719dfd97bb9ddce99f7d741260b8ece2682b363735c764cac83303f02386075a",
+    "zh:7598bb86e0378fd97eaa04638c1a4c75f960f62f69d3662e6d80ffa5a89847fe",
+    "zh:ad0a188b52517fec9eca393f1e2c9daea362b33ae2eb38a857b6b09949a727c1",
+    "zh:c46846c8df66a13fee6eff7dc5d528a7f868ae0dcf92d79deaac73cc297ed20c",
+    "zh:dc1a20a2eec12095d04bf6da5321f535351a594a636912361db20eb2a707ccc4",
+    "zh:e57ab4771a9d999401f6badd8b018558357d3cbdf3d33cc0c4f83e818ca8e94b",
+    "zh:ebdcde208072b4b0f8d305ebf2bfdc62c926e0717599dcf8ec2fd8c5845031c3",
+    "zh:ef34c52b68933bedd0868a13ccfd59ff1c820f299760b3c02e008dc95e2ece91",
  ]
 }

--- a/terraform/api.tf
+++ b/terraform/api.tf
@ -1,3 +1,7 @@
+locals {
+  name = "roleypoly-backend-${var.environment_tag}"
+}
+
 resource "cloudflare_workers_kv_namespace" "sessions" {
  title = "roleypoly-sessions-${var.environment_tag}"
 }
@ -10,69 +14,97 @@ resource "cloudflare_workers_kv_namespace" "guild_data" {
  title = "roleypoly-guild_data-${var.environment_tag}"
 }

-resource "cloudflare_worker_script" "backend" {
-  name    = "roleypoly-backend-${var.environment_tag}"
-  content = file("${path.module}/${var.api_path_to_worker}")
+// Alternate method of uploading workers based on modules.
+resource "null_resource" "cloudflare_workers_script_backend" {
+  depends_on = [
+    cloudflare_workers_kv_namespace.sessions,
+    cloudflare_workers_kv_namespace.guilds,
+    cloudflare_workers_kv_namespace.guild_data,
+  ]

-  kv_namespace_binding {
-    name         = "KV_SESSIONS"
-    namespace_id = cloudflare_workers_kv_namespace.sessions.id
+  triggers = {
+    script     = data.local_file.script.content,
+    bindings   = local_file.bindings.sensitive_content,
+    name       = local.name,
+    account_id = var.cloudflare_account_id,
  }

-  kv_namespace_binding {
-    name         = "KV_GUILDS"
-    namespace_id = cloudflare_workers_kv_namespace.guilds.id
+  provisioner "local-exec" {
+    command = <<EOF
+      curl -f -sSL -X PUT "https://api.cloudflare.com/client/v4/accounts/${var.cloudflare_account_id}/workers/scripts/${local.name}" \
+        -H "Authorization: Bearer ${var.cloudflare_api_token}" \
+        -F "script=@${data.local_file.script.filename};filename=${basename(data.local_file.script.filename)};type=application/javascript+module" \
+        -F "metadata=@${local_file.bindings.filename}"
+EOF
  }
+}

-  kv_namespace_binding {
-    name         = "KV_GUILD_DATA"
-    namespace_id = cloudflare_workers_kv_namespace.guild_data.id
-  }
+resource "local_file" "bindings" {
+  filename = "${path.module}/bindings.json"
+  sensitive_content = jsonencode({
+    main_module = basename(var.path_to_worker)
+    bindings = [
+      {
+        name = "BOT_CLIENT_ID"
+        text = var.bot_client_id
+        type = "plain_text"
+      },
+      {
+        name = "BOT_CLIENT_SECRET"
+        text = var.bot_client_secret
+        type = "secret_text"
+      },
+      {
+        name = "BOT_TOKEN"
+        text = var.bot_token
+        type = "secret_text"
+      },
+      {
+        name = "BOT_IMPORT_TOKEN"
+        text = var.bot_import_token
+        type = "secret_text"
+      },
+      {
+        name = "UI_PUBLIC_URI"
+        text = var.ui_public_uri
+        type = "plain_text"
+      },
+      {
+        name = "API_PUBLIC_URI"
+        text = var.api_public_uri
+        type = "plain_text"
+      },
+      {
+        name = "ALLOWED_CALLBACK_HOSTS"
+        text = var.allowed_callback_hosts
+        type = "plain_text"
+      },
+      {
+        name = "ROOT_USERS"
+        text = join(",", var.root_users)
+        type = "plain_text"
+      },
+      {
+        name         = "KV_SESSIONS"
+        namespace_id = cloudflare_workers_kv_namespace.sessions.id
+        type         = "kv_namespace"
+      },
+      {
+        name         = "KV_GUILDS"
+        namespace_id = cloudflare_workers_kv_namespace.guilds.id
+        type         = "kv_namespace"
+      },
+      {
+        name         = "KV_GUILD_DATA"
+        namespace_id = cloudflare_workers_kv_namespace.guild_data.id
+        type         = "kv_namespace"
+      }
+    ]
+  })
+}

-  plain_text_binding {
-    name = "BOT_CLIENT_ID"
-    text = var.bot_client_id
-  }
-
-  secret_text_binding {
-    name = "BOT_CLIENT_SECRET"
-    text = var.bot_client_secret
-  }
-
-  secret_text_binding {
-    name = "BOT_TOKEN"
-    text = var.bot_token
-  }
-
-  secret_text_binding {
-    name = "BOT_IMPORT_TOKEN"
-    text = var.bot_import_token
-  }
-
-  plain_text_binding {
-    name = "UI_PUBLIC_URI"
-    text = var.ui_public_uri
-  }
-
-  plain_text_binding {
-    name = "API_PUBLIC_URI"
-    text = var.api_public_uri
-  }
-
-  plain_text_binding {
-    name = "ALLOWED_CALLBACK_HOSTS"
-    text = var.allowed_callback_hosts
-  }
-
-  plain_text_binding {
-    name = "ROOT_USERS"
-    text = join(",", var.root_users)
-  }
-
-  secret_text_binding {
-    name = "INTERACTIONS_SHARED_KEY"
-    text = random_password.interactions_token.result
-  }
+data "local_file" "script" {
+  filename = "${path.module}/${var.path_to_worker}"
 }

 resource "cloudflare_record" "api" {
@ -86,5 +118,8 @@ resource "cloudflare_record" "api" {
 resource "cloudflare_worker_route" "backend" {
  zone_id     = var.cloudflare_zone_id
  pattern     = "api-${var.environment_tag}.roleypoly.com/*"
-  script_name = cloudflare_worker_script.backend.name
+  script_name = local.name
+  depends_on = [
+    null_resource.cloudflare_workers_script_backend,
+  ]
 }
--- a/terraform/interactions.tf
+++ b/terraform/interactions.tf
@ -1,120 +0,0 @@
-locals {
-  internalTestingGuilds = toset([
-    "386659935687147521"
-  ])
-}
-
-resource "random_password" "interactions_token" {
-  length = 64
-  keepers = {
-    "worker_tag" = var.worker_tag
-  }
-}
-
-resource "discord-interactions_guild_command" "hello-world" {
-  for_each = local.internalTestingGuilds
-  guild_id = each.value
-
-  name        = "hello-world"
-  description = "Say hello!"
-}
-
-resource "discord-interactions_global_command" "roleypoly" {
-  name        = "roleypoly"
-  description = "Sends you a link to pick your roles in your browser"
-}
-
-resource "discord-interactions_global_command" "pick-role" {
-  name        = "pick-role"
-  description = "Pick a role! (See which ones can be picked with /pickable-roles)"
-
-  option {
-    name        = "role"
-    description = "The role you want"
-    type        = 8
-    required    = true
-  }
-}
-
-resource "discord-interactions_guild_command" "pick-role" {
-  for_each = local.internalTestingGuilds
-  guild_id = each.value
-
-  name        = "pick-role"
-  description = "**[TEST]** Pick a role! (See which ones can be picked with /pickable-roles)"
-
-
-  option {
-    name        = "role"
-    description = "The role you want"
-    type        = 8
-    required    = true
-  }
-}
-
-resource "discord-interactions_guild_command" "remove-role" {
-  for_each = local.internalTestingGuilds
-  guild_id = each.value
-
-  name        = "remove-role"
-  description = "**[TEST]** Pick a role to remove (See which ones can be removed with /pickable-roles)"
-
-  option {
-    name        = "role"
-    description = "The role you want to remove"
-    type        = 8
-    required    = true
-  }
-}
-
-resource "discord-interactions_global_command" "pickable-roles" {
-  name        = "pickable-roles"
-  description = "See all the roles you can pick with /pick-roles"
-}
-
-resource "discord-interactions_guild_command" "pickable-roles" {
-  for_each = local.internalTestingGuilds
-  guild_id = each.value
-
-  name        = "pickable-roles"
-  description = "See all the roles you can pick with /pick-roles"
-}
-
-resource "cloudflare_worker_script" "interactions" {
-  name    = "roleypoly-interactions-${var.environment_tag}"
-  content = file("${path.module}/${var.interactions_path_to_worker}")
-
-  secret_text_binding {
-    name = "DISCORD_PUBLIC_KEY"
-    text = var.discord_public_key
-  }
-
-  secret_text_binding {
-    name = "INTERACTIONS_SHARED_KEY"
-    text = random_password.interactions_token.result
-  }
-
-  plain_text_binding {
-    name = "UI_PUBLIC_URI"
-    text = var.ui_public_uri
-  }
-
-  plain_text_binding {
-    name = "API_PUBLIC_URI"
-    text = var.api_public_uri
-  }
-}
-
-resource "cloudflare_record" "interactions" {
-  zone_id = var.cloudflare_zone_id
-  name    = "interactions-${var.environment_tag}"
-  type    = "AAAA"
-  value   = "100::"
-  proxied = true
-}
-
-resource "cloudflare_worker_route" "interactions" {
-  zone_id     = var.cloudflare_zone_id
-  pattern     = "interactions-${var.environment_tag}.roleypoly.com/*"
-  script_name = cloudflare_worker_script.interactions.name
-}
--- a/terraform/providers.tf
+++ b/terraform/providers.tf
@ -26,6 +26,11 @@ terraform {
      source  = "hashicorp/null"
    }

+    local = {
+      version = ">=2.1.0"
+      source  = "hashicorp/local"
+    }
+
    tls = {
      version = ">=3.1.0"
      source  = "hashicorp/tls"
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@ -57,16 +57,10 @@ variable "api_public_uri" {
  description = "API Public Base Path"
 }

-variable "api_path_to_worker" {
+variable "path_to_worker" {
  type        = string
  description = "Path to API worker JS, relative to this file/terraform folder."
-  default     = "worker-dist/api.js"
-}
-
-variable "interactions_path_to_worker" {
-  type        = string
-  description = "Path to interactions worker JS, relative to this file/terraform folder."
-  default     = "worker-dist/interactions.js"
+  default     = "worker-dist/index.mjs"
 }

 variable "root_users" {