DEV-1074: Fix docker security issue nad other small changes

.github/workflows/build.yml

@@ -14,7 +14,7 @@ jobs:
         with:
           go-version: '1.17'
 
-      - name: Run Golang unit tests
+      - name: Run Golang build
         run: go build main.go
 
   try-docker-build:

docker/.env

@@ -9,5 +9,8 @@ REDIRECTED_PORT="80"
 # Local address which is used by user application
 LOCAL_REDIRECT_FROM=localhost:80
 
-# Address with port of external DID-Resolver.
-EXTERNAL_REDIRECT_TO=http://localhost:1313
+# Address with port of external Cheqd-DID-Resolver.
+EXTERNAL_REDIRECT_TO=http://localhost:1313
+
+
+CHEQD_RESOLVER_HOME_DIR="/home/cheqd-resolver"

docker/Dockerfile

@@ -1,33 +1,44 @@
 ###############################################################
-###    STAGE 1: Build did-resolver binary pre-requisites    ###
+###    STAGE 1: Build cheqd-did-resolver binary pre-requisites    ###
 ###############################################################
 
 FROM golang:1.17.8-buster as builder
 
-WORKDIR /root
+# Set user directory and details
+ENV CHEQD_RESOLVER_HOME_DIR="/home/cheqd-resolver"
+ARG UID=1000
+ARG GID=1000
+
+# Add cheqd user to use in the container
+RUN groupadd --system --gid $GID cheqd-resolver \
+    && useradd --system --create-home --home-dir ${CHEQD_RESOLVER_HOME_DIR} --shell /bin/bash --gid cheqd-resolver --uid $UID cheqd-resolver
+
+WORKDIR ${CHEQD_RESOLVER_HOME_DIR}
+USER cheqd-resolver
 
 COPY types ./types
 COPY services ./services
 COPY go.mod .
 COPY go.sum .
 COPY main.go .
 
-# Make did-resolver binary
-RUN go build -o did-resolver main.go
+# Make cheqd-did-resolver binary
+RUN go build -o cheqd-did-resolver main.go
 
 ###############################################################
-###           STAGE 2: Build did-resolver runner            ###
+###           STAGE 2: Build cheqd-did-resolver runner            ###
 ###############################################################
 
 FROM ubuntu:focal AS runner
 LABEL org.opencontainers.image.description "Cheqd DID-Resolver runner"
 LABEL org.opencontainers.image.source "https://github.com/cheqd/cheqd-did-resolver"
+ENV CHEQD_RESOLVER_HOME_DIR="/home/cheqd-resolver"
 
-# Copy compiled did-resolver binary from Stage 1
-COPY --from=builder /root/did-resolver /bin
+# Copy compiled cheqd-did-resolver binary from Stage 1
+COPY --from=builder ${CHEQD_RESOLVER_HOME_DIR} /bin
 
 # Copy base config.yml
-WORKDIR /root
+WORKDIR ${CHEQD_RESOLVER_HOME_DIR}
 
 EXPOSE 1313
-ENTRYPOINT ["did-resolver"]
+ENTRYPOINT ["cheqd-did-resolver"]

docker/docker-compose.yml

@@ -8,13 +8,13 @@ services:
       context: ../
     configs:
       - source: config
-        target: /root/config.yml
+        target: ${CHEQD_RESOLVER_HOME_DIR}/config.yml
     expose:
       - ${RESOLVER_PORT}
     ports:
       - "${RESOLVER_PORT}:${RESOLVER_PORT}"
     profiles:
-      - resolver
+      - full
 
   redirect:
     image: morbz/docker-web-redirect
@@ -25,7 +25,7 @@ services:
       - VIRTUAL_HOST={LOCAL_REDIRECT_FROM}
       - REDIRECT_TARGET=${EXTERNAL_REDIRECT_TO}
     profiles:
-      - driver
+      - light
 
 configs:
   config:

main.go

@@ -15,6 +15,9 @@ import (
 
 func main() {
 	viper.SetConfigFile("config.yaml")
+	viper.SetConfigType("env")
+	viper.AutomaticEnv()
+
 	err := viper.ReadInConfig()
 	if err != nil { // Handle errors reading the config file
 		panic(fmt.Errorf("Fatal error config file: %w \n", err))

services/ledger_service.go

@@ -31,9 +31,11 @@ func (ls LedgerService) QueryDIDDoc(did string) (cheqd.Did, cheqd.Metadata, bool
 	conn, err := openGRPCConnection(serverAddr)
 
 	if err != nil {
+		println("QueryDIDDoc: failed connection")
 		isFound = false
 		return cheqd.Did{}, cheqd.Metadata{}, isFound, err
 	}
+	println("QueryDIDDoc: successful connection")
 
 	qc := cheqd.NewQueryClient(conn)
 	defer conn.Close()

services/ledger_service_test.go

@@ -0,0 +1,41 @@
+package services
+
+import (
+	"context"
+	"testing"
+
+	cheqd "github.com/cheqd/cheqd-node/x/cheqd/types"
+	"github.com/stretchr/testify/require"
+)
+
+func TestQueryDIDDoc(t *testing.T) {
+	subtests := []struct {
+		name             string
+		did              string
+		expectedDID      cheqd.Did
+		expectedMetadata cheqd.Metadata
+		expectedIsFound  bool
+		expectedError    error
+	}{
+		{
+			name:             "DeadlineExceeded",
+			did:              "fake did",
+			expectedDID:      cheqd.Did{},
+			expectedMetadata: cheqd.Metadata{},
+			expectedIsFound:  false,
+			expectedError:    context.DeadlineExceeded,
+		},
+	}
+
+	for _, subtest := range subtests {
+		t.Run(subtest.name, func(t *testing.T) {
+			ledgerService := NewLedgerService()
+			didDoc, metadata, isFound, err := ledgerService.QueryDIDDoc("fake did")
+			require.EqualValues(t, subtest.expectedDID, didDoc)
+			require.EqualValues(t, subtest.expectedMetadata, metadata)
+			require.EqualValues(t, subtest.expectedIsFound, isFound)
+			require.EqualValues(t, subtest.expectedError, err)
+		})
+	}
+
+}

services/request_service.go

@@ -59,7 +59,7 @@ func (rs RequestService) Resolve(did string, resolutionOptions types.ResolutionO
 	didResolutionMetadata := types.NewResolutionMetadata(did, resolutionOptions.Accept, "")
 
 	method := viper.GetString("method")
-	if !cheqdUtils.IsValidDID(did, method, rs.ledgerService.GetNamespaces()) {
+	if !cheqdUtils.IsValidDID(did, "", rs.ledgerService.GetNamespaces()) {
 		if didMethod, _, _, _ := cheqdUtils.TrySplitDID(did); didMethod != method {
 			didResolutionMetadata.ResolutionError = types.ResolutionMethodNotSupported
 		} else {