diff --git a/backend/mpc-system/.env.example b/backend/mpc-system/.env.example index 4d3a6dca..d7bfb874 100644 --- a/backend/mpc-system/.env.example +++ b/backend/mpc-system/.env.example @@ -1,93 +1,93 @@ -# ============================================================================= -# MPC System - Environment Configuration -# ============================================================================= -# This file contains all environment variables needed for MPC System deployment. -# -# Setup Instructions: -# 1. Copy this file: cp .env.example .env -# 2. Update ALL values according to your production environment -# 3. Generate secure random keys for secrets (see instructions below) -# 4. Start services: ./deploy.sh up -# -# IMPORTANT: This file contains examples only! -# In production, you MUST: -# - Change ALL passwords and keys to secure random values -# - Update ALLOWED_IPS to match your actual backend server IP -# - Keep the .env file secure and NEVER commit it to version control -# ============================================================================= - -# ============================================================================= -# Environment Identifier -# ============================================================================= -# Options: development, staging, production -ENVIRONMENT=production - -# ============================================================================= -# PostgreSQL Database Configuration -# ============================================================================= -# Database user (can keep default or customize) -POSTGRES_USER=mpc_user - -# Database password -# SECURITY: Generate a strong password in production! -# Example command: openssl rand -base64 32 -POSTGRES_PASSWORD=change_this_to_secure_postgres_password - -# ============================================================================= -# Redis Cache Configuration -# ============================================================================= -# Redis password (leave empty if Redis is only accessible within Docker network) -# For production, consider setting a password for defense in depth -# Example command: openssl rand -base64 24 -REDIS_PASSWORD= - -# ============================================================================= -# RabbitMQ Message Broker Configuration -# ============================================================================= -# RabbitMQ user (can keep default or customize) -RABBITMQ_USER=mpc_user - -# RabbitMQ password -# SECURITY: Generate a strong password in production! -# Example command: openssl rand -base64 32 -RABBITMQ_PASSWORD=change_this_to_secure_rabbitmq_password - -# ============================================================================= -# JWT Configuration -# ============================================================================= -# JWT signing secret key (minimum 32 characters) -# SECURITY: Generate a strong random key in production! -# Example command: openssl rand -base64 48 -JWT_SECRET_KEY=change_this_jwt_secret_key_to_random_value_min_32_chars - -# ============================================================================= -# Cryptography Configuration -# ============================================================================= -# Master encryption key for encrypting stored key shares -# MUST be exactly 64 hexadecimal characters (256-bit key) -# SECURITY: Generate a secure random key in production! -# Example command: openssl rand -hex 32 -# WARNING: If you lose this key, encrypted shares cannot be recovered! -CRYPTO_MASTER_KEY=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef - -# ============================================================================= -# API Security Configuration -# ============================================================================= -# API authentication key for server-to-server communication -# This key must match the MPC_API_KEY in your backend mpc-service configuration -# SECURITY: Generate a strong random key and keep it synchronized! -# Example command: openssl rand -base64 48 -MPC_API_KEY=change_this_api_key_to_match_your_mpc_service_config - -# Allowed IP addresses (comma-separated list) -# Only these IPs can access the MPC system APIs -# IMPORTANT: In production, restrict this to your actual backend server IP(s)! -# Examples: -# Single IP: ALLOWED_IPS=192.168.1.111 -# Multiple IPs: ALLOWED_IPS=192.168.1.111,192.168.1.112 -# Local only: ALLOWED_IPS=127.0.0.1 -# Allow all: ALLOWED_IPS= (empty, relies on API_KEY auth only - NOT RECOMMENDED for production) -# -# Default allows all IPs (protected by API_KEY authentication) -# SECURITY WARNING: Change this in production to specific backend server IP(s)! -ALLOWED_IPS= +# ============================================================================= +# MPC System - Environment Configuration +# ============================================================================= +# This file contains all environment variables needed for MPC System deployment. +# +# Setup Instructions: +# 1. Copy this file: cp .env.example .env +# 2. Update ALL values according to your production environment +# 3. Generate secure random keys for secrets (see instructions below) +# 4. Start services: ./deploy.sh up +# +# IMPORTANT: This file contains examples only! +# In production, you MUST: +# - Change ALL passwords and keys to secure random values +# - Update ALLOWED_IPS to match your actual backend server IP +# - Keep the .env file secure and NEVER commit it to version control +# ============================================================================= + +# ============================================================================= +# Environment Identifier +# ============================================================================= +# Options: development, staging, production +ENVIRONMENT=production + +# ============================================================================= +# PostgreSQL Database Configuration +# ============================================================================= +# Database user (can keep default or customize) +POSTGRES_USER=mpc_user + +# Database password +# SECURITY: Generate a strong password in production! +# Example command: openssl rand -base64 32 +POSTGRES_PASSWORD=change_this_to_secure_postgres_password + +# ============================================================================= +# Redis Cache Configuration +# ============================================================================= +# Redis password (leave empty if Redis is only accessible within Docker network) +# For production, consider setting a password for defense in depth +# Example command: openssl rand -base64 24 +REDIS_PASSWORD= + +# ============================================================================= +# RabbitMQ Message Broker Configuration +# ============================================================================= +# RabbitMQ user (can keep default or customize) +RABBITMQ_USER=mpc_user + +# RabbitMQ password +# SECURITY: Generate a strong password in production! +# Example command: openssl rand -base64 32 +RABBITMQ_PASSWORD=change_this_to_secure_rabbitmq_password + +# ============================================================================= +# JWT Configuration +# ============================================================================= +# JWT signing secret key (minimum 32 characters) +# SECURITY: Generate a strong random key in production! +# Example command: openssl rand -base64 48 +JWT_SECRET_KEY=change_this_jwt_secret_key_to_random_value_min_32_chars + +# ============================================================================= +# Cryptography Configuration +# ============================================================================= +# Master encryption key for encrypting stored key shares +# MUST be exactly 64 hexadecimal characters (256-bit key) +# SECURITY: Generate a secure random key in production! +# Example command: openssl rand -hex 32 +# WARNING: If you lose this key, encrypted shares cannot be recovered! +CRYPTO_MASTER_KEY=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef + +# ============================================================================= +# API Security Configuration +# ============================================================================= +# API authentication key for server-to-server communication +# This key must match the MPC_API_KEY in your backend mpc-service configuration +# SECURITY: Generate a strong random key and keep it synchronized! +# Example command: openssl rand -base64 48 +MPC_API_KEY=change_this_api_key_to_match_your_mpc_service_config + +# Allowed IP addresses (comma-separated list) +# Only these IPs can access the MPC system APIs +# IMPORTANT: In production, restrict this to your actual backend server IP(s)! +# Examples: +# Single IP: ALLOWED_IPS=192.168.1.111 +# Multiple IPs: ALLOWED_IPS=192.168.1.111,192.168.1.112 +# Local only: ALLOWED_IPS=127.0.0.1 +# Allow all: ALLOWED_IPS= (empty, relies on API_KEY auth only - NOT RECOMMENDED for production) +# +# Default allows all IPs (protected by API_KEY authentication) +# SECURITY WARNING: Change this in production to specific backend server IP(s)! +ALLOWED_IPS= diff --git a/backend/mpc-system/deploy.sh b/backend/mpc-system/deploy.sh index 5193aa61..e3da2c0c 100755 --- a/backend/mpc-system/deploy.sh +++ b/backend/mpc-system/deploy.sh @@ -1,243 +1,243 @@ -#!/bin/bash -# ============================================================================= -# MPC System - Deployment Script -# ============================================================================= -# This script manages the MPC System Docker services -# -# External Ports: -# 4000 - Account Service HTTP API -# 8081 - Session Coordinator API -# 8082 - Message Router WebSocket -# 8083 - Server Party API (user share generation) -# ============================================================================= - -set -e - -# Colors -RED='\033[0;31m' -GREEN='\033[0;32m' -YELLOW='\033[1;33m' -BLUE='\033[0;34m' -NC='\033[0m' - -log_info() { echo -e "${BLUE}[INFO]${NC} $1"; } -log_success() { echo -e "${GREEN}[OK]${NC} $1"; } -log_warn() { echo -e "${YELLOW}[WARN]${NC} $1"; } -log_error() { echo -e "${RED}[ERROR]${NC} $1"; } - -SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" -cd "$SCRIPT_DIR" - -# Load environment -if [ -f ".env" ]; then - log_info "Loading environment from .env file" - set -a - source .env - set +a -elif [ ! -f ".env" ] && [ -f ".env.example" ]; then - log_warn ".env file not found. Creating from .env.example" - log_warn "Please edit .env and configure for your environment!" - cp .env.example .env - log_error "Please configure .env file and run again" - exit 1 -fi - -# Core services list -CORE_SERVICES="postgres redis rabbitmq" -MPC_SERVICES="session-coordinator message-router server-party-1 server-party-2 server-party-3 server-party-api account-service" -ALL_SERVICES="$CORE_SERVICES $MPC_SERVICES" - -case "$1" in - build) - log_info "Building MPC System services..." - docker compose build - log_success "MPC System built successfully" - ;; - - build-no-cache) - log_info "Building MPC System (no cache)..." - docker compose build --no-cache - log_success "MPC System built successfully" - ;; - - up|start) - log_info "Starting MPC System..." - docker compose up -d - log_success "MPC System started" - echo "" - log_info "Services status:" - docker compose ps - ;; - - down|stop) - log_info "Stopping MPC System..." - docker compose down - log_success "MPC System stopped" - ;; - - restart) - log_info "Restarting MPC System..." - docker compose down - docker compose up -d - log_success "MPC System restarted" - ;; - - logs) - if [ -n "$2" ]; then - docker compose logs -f "$2" - else - docker compose logs -f - fi - ;; - - logs-tail) - if [ -n "$2" ]; then - docker compose logs --tail 100 "$2" - else - docker compose logs --tail 100 - fi - ;; - - status|ps) - log_info "MPC System status:" - docker compose ps - ;; - - health) - log_info "Checking MPC System health..." - - # Check infrastructure - echo "" - echo "=== Infrastructure ===" - for svc in $CORE_SERVICES; do - if docker compose ps "$svc" --format json 2>/dev/null | grep -q '"Health":"healthy"'; then - log_success "$svc is healthy" - else - log_warn "$svc is not healthy" - fi - done - - # Check MPC services - echo "" - echo "=== MPC Services ===" - for svc in $MPC_SERVICES; do - if docker compose ps "$svc" --format json 2>/dev/null | grep -q '"Health":"healthy"'; then - log_success "$svc is healthy" - else - log_warn "$svc is not healthy" - fi - done - - # Check external API - echo "" - echo "=== External API ===" - if curl -sf "http://localhost:4000/health" > /dev/null 2>&1; then - log_success "Account Service API (port 4000) is accessible" - else - log_error "Account Service API (port 4000) is not accessible" - fi - ;; - - infra) - case "$2" in - up) - log_info "Starting infrastructure services..." - docker compose up -d $CORE_SERVICES - log_success "Infrastructure started" - ;; - down) - log_info "Stopping infrastructure services..." - docker compose stop $CORE_SERVICES - log_success "Infrastructure stopped" - ;; - *) - echo "Usage: $0 infra {up|down}" - exit 1 - ;; - esac - ;; - - mpc) - case "$2" in - up) - log_info "Starting MPC services..." - docker compose up -d $MPC_SERVICES - log_success "MPC services started" - ;; - down) - log_info "Stopping MPC services..." - docker compose stop $MPC_SERVICES - log_success "MPC services stopped" - ;; - restart) - log_info "Restarting MPC services..." - docker compose stop $MPC_SERVICES - docker compose up -d $MPC_SERVICES - log_success "MPC services restarted" - ;; - *) - echo "Usage: $0 mpc {up|down|restart}" - exit 1 - ;; - esac - ;; - - clean) - log_warn "This will remove all containers and volumes!" - read -p "Are you sure? (y/N) " -n 1 -r - echo - if [[ $REPLY =~ ^[Yy]$ ]]; then - docker compose down -v - log_success "MPC System cleaned" - else - log_info "Cancelled" - fi - ;; - - shell) - if [ -n "$2" ]; then - log_info "Opening shell in $2..." - docker compose exec "$2" sh - else - log_info "Opening shell in account-service..." - docker compose exec account-service sh - fi - ;; - - test-api) - log_info "Testing Account Service API..." - echo "" - echo "Health check:" - curl -s "http://localhost:4000/health" | jq . 2>/dev/null || curl -s "http://localhost:4000/health" - echo "" - ;; - - *) - echo "MPC System Deployment Script" - echo "" - echo "Usage: $0 [options]" - echo "" - echo "Commands:" - echo " build - Build all Docker images" - echo " build-no-cache - Build images without cache" - echo " up|start - Start all services" - echo " down|stop - Stop all services" - echo " restart - Restart all services" - echo " logs [service] - Follow logs (all or specific service)" - echo " logs-tail [svc] - Show last 100 log lines" - echo " status|ps - Show services status" - echo " health - Check all services health" - echo "" - echo " infra up|down - Start/stop infrastructure only" - echo " mpc up|down|restart - Start/stop/restart MPC services only" - echo "" - echo " shell [service] - Open shell in container" - echo " test-api - Test Account Service API" - echo " clean - Remove all containers and volumes" - echo "" - echo "Services:" - echo " Infrastructure: $CORE_SERVICES" - echo " MPC Services: $MPC_SERVICES" - exit 1 - ;; -esac +#!/bin/bash +# ============================================================================= +# MPC System - Deployment Script +# ============================================================================= +# This script manages the MPC System Docker services +# +# External Ports: +# 4000 - Account Service HTTP API +# 8081 - Session Coordinator API +# 8082 - Message Router WebSocket +# 8083 - Server Party API (user share generation) +# ============================================================================= + +set -e + +# Colors +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' + +log_info() { echo -e "${BLUE}[INFO]${NC} $1"; } +log_success() { echo -e "${GREEN}[OK]${NC} $1"; } +log_warn() { echo -e "${YELLOW}[WARN]${NC} $1"; } +log_error() { echo -e "${RED}[ERROR]${NC} $1"; } + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +cd "$SCRIPT_DIR" + +# Load environment +if [ -f ".env" ]; then + log_info "Loading environment from .env file" + set -a + source .env + set +a +elif [ ! -f ".env" ] && [ -f ".env.example" ]; then + log_warn ".env file not found. Creating from .env.example" + log_warn "Please edit .env and configure for your environment!" + cp .env.example .env + log_error "Please configure .env file and run again" + exit 1 +fi + +# Core services list +CORE_SERVICES="postgres redis rabbitmq" +MPC_SERVICES="session-coordinator message-router server-party-1 server-party-2 server-party-3 server-party-api account-service" +ALL_SERVICES="$CORE_SERVICES $MPC_SERVICES" + +case "$1" in + build) + log_info "Building MPC System services..." + docker compose build + log_success "MPC System built successfully" + ;; + + build-no-cache) + log_info "Building MPC System (no cache)..." + docker compose build --no-cache + log_success "MPC System built successfully" + ;; + + up|start) + log_info "Starting MPC System..." + docker compose up -d + log_success "MPC System started" + echo "" + log_info "Services status:" + docker compose ps + ;; + + down|stop) + log_info "Stopping MPC System..." + docker compose down + log_success "MPC System stopped" + ;; + + restart) + log_info "Restarting MPC System..." + docker compose down + docker compose up -d + log_success "MPC System restarted" + ;; + + logs) + if [ -n "$2" ]; then + docker compose logs -f "$2" + else + docker compose logs -f + fi + ;; + + logs-tail) + if [ -n "$2" ]; then + docker compose logs --tail 100 "$2" + else + docker compose logs --tail 100 + fi + ;; + + status|ps) + log_info "MPC System status:" + docker compose ps + ;; + + health) + log_info "Checking MPC System health..." + + # Check infrastructure + echo "" + echo "=== Infrastructure ===" + for svc in $CORE_SERVICES; do + if docker compose ps "$svc" --format json 2>/dev/null | grep -q '"Health":"healthy"'; then + log_success "$svc is healthy" + else + log_warn "$svc is not healthy" + fi + done + + # Check MPC services + echo "" + echo "=== MPC Services ===" + for svc in $MPC_SERVICES; do + if docker compose ps "$svc" --format json 2>/dev/null | grep -q '"Health":"healthy"'; then + log_success "$svc is healthy" + else + log_warn "$svc is not healthy" + fi + done + + # Check external API + echo "" + echo "=== External API ===" + if curl -sf "http://localhost:4000/health" > /dev/null 2>&1; then + log_success "Account Service API (port 4000) is accessible" + else + log_error "Account Service API (port 4000) is not accessible" + fi + ;; + + infra) + case "$2" in + up) + log_info "Starting infrastructure services..." + docker compose up -d $CORE_SERVICES + log_success "Infrastructure started" + ;; + down) + log_info "Stopping infrastructure services..." + docker compose stop $CORE_SERVICES + log_success "Infrastructure stopped" + ;; + *) + echo "Usage: $0 infra {up|down}" + exit 1 + ;; + esac + ;; + + mpc) + case "$2" in + up) + log_info "Starting MPC services..." + docker compose up -d $MPC_SERVICES + log_success "MPC services started" + ;; + down) + log_info "Stopping MPC services..." + docker compose stop $MPC_SERVICES + log_success "MPC services stopped" + ;; + restart) + log_info "Restarting MPC services..." + docker compose stop $MPC_SERVICES + docker compose up -d $MPC_SERVICES + log_success "MPC services restarted" + ;; + *) + echo "Usage: $0 mpc {up|down|restart}" + exit 1 + ;; + esac + ;; + + clean) + log_warn "This will remove all containers and volumes!" + read -p "Are you sure? (y/N) " -n 1 -r + echo + if [[ $REPLY =~ ^[Yy]$ ]]; then + docker compose down -v + log_success "MPC System cleaned" + else + log_info "Cancelled" + fi + ;; + + shell) + if [ -n "$2" ]; then + log_info "Opening shell in $2..." + docker compose exec "$2" sh + else + log_info "Opening shell in account-service..." + docker compose exec account-service sh + fi + ;; + + test-api) + log_info "Testing Account Service API..." + echo "" + echo "Health check:" + curl -s "http://localhost:4000/health" | jq . 2>/dev/null || curl -s "http://localhost:4000/health" + echo "" + ;; + + *) + echo "MPC System Deployment Script" + echo "" + echo "Usage: $0 [options]" + echo "" + echo "Commands:" + echo " build - Build all Docker images" + echo " build-no-cache - Build images without cache" + echo " up|start - Start all services" + echo " down|stop - Stop all services" + echo " restart - Restart all services" + echo " logs [service] - Follow logs (all or specific service)" + echo " logs-tail [svc] - Show last 100 log lines" + echo " status|ps - Show services status" + echo " health - Check all services health" + echo "" + echo " infra up|down - Start/stop infrastructure only" + echo " mpc up|down|restart - Start/stop/restart MPC services only" + echo "" + echo " shell [service] - Open shell in container" + echo " test-api - Test Account Service API" + echo " clean - Remove all containers and volumes" + echo "" + echo "Services:" + echo " Infrastructure: $CORE_SERVICES" + echo " MPC Services: $MPC_SERVICES" + exit 1 + ;; +esac diff --git a/backend/mpc-system/services/account/Dockerfile b/backend/mpc-system/services/account/Dockerfile index a4694dbf..61a3bdb8 100644 --- a/backend/mpc-system/services/account/Dockerfile +++ b/backend/mpc-system/services/account/Dockerfile @@ -1,5 +1,5 @@ # Build stage -FROM golang:1.21-alpine AS builder +FROM golang:1.24-alpine AS builder RUN apk add --no-cache git ca-certificates diff --git a/backend/mpc-system/services/message-router/Dockerfile b/backend/mpc-system/services/message-router/Dockerfile index 018c2ea1..a1f8253f 100644 --- a/backend/mpc-system/services/message-router/Dockerfile +++ b/backend/mpc-system/services/message-router/Dockerfile @@ -1,5 +1,5 @@ # Build stage -FROM golang:1.21-alpine AS builder +FROM golang:1.24-alpine AS builder RUN apk add --no-cache git ca-certificates diff --git a/backend/mpc-system/services/server-party-api/Dockerfile b/backend/mpc-system/services/server-party-api/Dockerfile index f4cd2008..4c324aaa 100644 --- a/backend/mpc-system/services/server-party-api/Dockerfile +++ b/backend/mpc-system/services/server-party-api/Dockerfile @@ -1,5 +1,5 @@ # Build stage -FROM golang:1.21-alpine AS builder +FROM golang:1.24-alpine AS builder RUN apk add --no-cache git ca-certificates diff --git a/backend/mpc-system/services/server-party/Dockerfile b/backend/mpc-system/services/server-party/Dockerfile index 43321d9a..a6d0ba97 100644 --- a/backend/mpc-system/services/server-party/Dockerfile +++ b/backend/mpc-system/services/server-party/Dockerfile @@ -1,5 +1,5 @@ # Build stage -FROM golang:1.21-alpine AS builder +FROM golang:1.24-alpine AS builder RUN apk add --no-cache git ca-certificates diff --git a/backend/mpc-system/services/session-coordinator/Dockerfile b/backend/mpc-system/services/session-coordinator/Dockerfile index 94da1798..72039a56 100644 --- a/backend/mpc-system/services/session-coordinator/Dockerfile +++ b/backend/mpc-system/services/session-coordinator/Dockerfile @@ -1,5 +1,5 @@ # Build stage -FROM golang:1.21-alpine AS builder +FROM golang:1.24-alpine AS builder # Install dependencies RUN apk add --no-cache git ca-certificates