Merge branch 'main' into contribute-back-negative-captcha

.env

@@ -7,9 +7,10 @@ DB_TEST_NAME=hyku_test
 DB_USER=postgres
 DB_HOST=db
 DB_PORT=5432
+FCREPO_BASE_PATH=/hykudemo
 FCREPO_HOST=fcrepo
 FCREPO_PORT=8080
-FCREPO_URL=http://fcrepo:8080/rest
+FCREPO_REST_PATH=rest
 INITIAL_ADMIN_EMAIL=[email protected]
 INITIAL_ADMIN_PASSWORD=testing123
 IN_DOCKER=true
@@ -40,4 +41,18 @@ HYKU_MULTITENANT=true
 # HYKU_MULTITENANT=false
 
 # Uncomment this line to disable Bulkrax
-# HYKU_BULKRAX_ENABLED=false
+# HYKU_BULKRAX_ENABLED=false
+
+##START## Enable Google Analytics
+# Uncomment to enable and configure Google Analytics, see README for instructions.
+HYRAX_ANALYTICS=true
+GOOGLE_ANALYTICS_ID=
+GOOGLE_OAUTH_APP_NAME=hyku-demo
+GOOGLE_OAUTH_APP_VERSION=1.0
+GOOGLE_OAUTH_PRIVATE_KEY_SECRET=notasecret
+GOOGLE_OAUTH_PRIVATE_KEY_PATH=prod-cred.p12
+GOOGLE_OAUTH_CLIENT_EMAIL=[email protected]
+
+# AND comment this out
+# HYRAX_ANALYTICS=false
+##END## Enable Google Analytics

.gitlab-ci.yml

@@ -55,9 +55,10 @@ test:
     DB_URL: postgres://postgres:postgres@db/hyku
     DB_USER: postgres
     DB_PORT: 5432
+    FCREPO_BASE_PATH: /hykudemo
     FCREPO_HOST: fcrepo
     FCREPO_PORT: 8081
-    FCREPO_URL: http://fcrepo:8081/rest
+    FCREPO_REST_PATH: rest
     FF_NETWORK_PER_BUILD: 1
     GIT_STRATEGY: none
     JAVA_OPTIONS: -Djetty.port=8081

Dockerfile

@@ -30,6 +30,8 @@ COPY --chown=1001:101 $APP_PATH /app/samvera/hyrax-webapp
 
 RUN RAILS_ENV=production SECRET_KEY_BASE=`bin/rake secret` DB_ADAPTER=nulldb DB_URL='postgresql://fake' bundle exec rake assets:precompile
 
+CMD ./bin/web
+
 FROM hyku-base as hyku-worker
 ENV MALLOC_ARENA_MAX=2
-CMD bundle exec sidekiq
+CMD ./bin/worker

README.md

@@ -142,6 +142,86 @@ switch!('my.site.com')
 switch!('myaccount')
 ```
 
+## Analytics Feature
+Hyku currently only supports the configuration of one Google Analytics account for the basic functionality of this feature. Hyku currently only support Google Analytics with the Universal Analytics property for this feature. 
+
+Note: Google has announced they will stop processing data using the Universal Analytics property on July 1, 2023  or July 1, 2024 for Analytics 360 properties.
+
+To enable analytics tracking and reporting features within Hyku, please follow the directions below.
+
+### Setup a Google Analytics Account
+- Create a Service Account: https://cloud.google.com/iam/docs/creating-managing-service-accounts
+  - Note the service account email
+  - When making a service account key, make sure the key type is set to p12
+  - Note the service account private key secret
+- Create an OAuth 2.0 Client ID: https://developers.google.com/identity/protocols/oauth2/web-server#creatingcred
+- Create an Analytics account: https://support.google.com/analytics/answer/10269537?hl=en
+  - Note Google Universal Analytics ID number
+- Add service account email  as User, and grant "View" access: https://support.google.com/analytics/answer/1009702?hl=en#Add&zippy=%2Cin-this-article
+- Enable the "Google Analytics API": https://developers.google.com/identity/protocols/oauth2/web-server#enable-apis
+- Enable the "IAM Service Account Credentials API": https://developers.google.com/identity/protocols/oauth2/web-server#enable-apis
+
+### Set the Environment Variables
+In Hyku there are a few areas to set the environment variables needed for each of your environments development/staging/prodeuction/etc.
+
+- Uncomment the config/analytics.yml file where the below mentioned environment variables will connect to our application.
+
+```yaml
+analytics:
+  google:
+    analytics_id: <%= ENV['GOOGLE_ANALYTICS_ID'] %>
+    app_name: <%= ENV['GOOGLE_OAUTH_APP_NAME'] %>
+    app_version: <%= ENV['GOOGLE_OAUTH_APP_VERSION'] %>
+    privkey_path: <%= ENV['GOOGLE_OAUTH_PRIVATE_KEY_PATH'] %>
+    privkey_secret: <%= ENV['GOOGLE_OAUTH_PRIVATE_KEY_SECRET'] %>
+    client_email: <%= ENV['GOOGLE_OAUTH_CLIENT_EMAIL'] %>
+```
+
+- For local development please see the .env file and see the "Enable Google Analytics" section.
+
+```yaml
+##START## Enable Google Analytics
+# Uncomment to enable and configure Google Analytics, see README for instructions.
+HYRAX_ANALYTICS=true
+GOOGLE_ANALYTICS_ID=UA-123456-12
+GOOGLE_OAUTH_APP_NAME=hyku-demo
+GOOGLE_OAUTH_APP_VERSION=1.0
+GOOGLE_OAUTH_PRIVATE_KEY_SECRET=not-a-secret
+GOOGLE_OAUTH_PRIVATE_KEY_PATH=prod-cred.p12
+[email protected]
+
+# AND comment this out
+# HYRAX_ANALYTICS=false
+##END## Enable Google Analytics
+```
+
+- For deployment to staging/production please update/add the variables and values to the helm values files located in the ops directory (example: staging-deploy.tmpl.yaml).
+
+```yaml
+  - name: GOOGLE_ANALYTICS_ID
+    value: $GOOGLE_ANALYTICS_ID # Set in GitHub's Environment Secrets
+  - name: GOOGLE_OAUTH_APP_NAME
+    value: hyku-demo
+  - name: GOOGLE_OAUTH_APP_VERSION
+    value: '1.0'
+  - name: GOOGLE_OAUTH_PRIVATE_KEY_SECRET
+    value: $GOOGLE_OAUTH_PRIVATE_KEY_SECRET # Set in GitHub's Environment Secrets
+  - name: GOOGLE_OAUTH_PRIVATE_KEY_PATH
+    value: prod-cred.p12 # The p12 file is in root and named `prod-cred.p12`
+  - name: GOOGLE_OAUTH_PRIVATE_KEY_VALUE
+    value: $GOOGLE_OAUTH_PRIVATE_KEY_VALUE # Set in GitHub's Environment Secrets
+  - name: GOOGLE_OAUTH_CLIENT_EMAIL
+    value: [email protected]
+  - name: HYRAX_ANALYTICS
+    value: 'true'
+```
+
+To get the `GOOGLE_OAUTH_PRIVATE_KEY_VALUE` value to set the variable in GitHub's Environment Secrets, you need the path to the p12 file you got from setting up your Google Service Account and run the following in your console locally.
+
+`base64 -i path/to/file.p12 | pbcopy`
+
+Once you run this script the value is on your local computers clipboard. You will need to paste this into GitHubs Environment Secrets or however you/your organization are handling secrets.
+
 ## Environment Variables
 
 | Name | Description | Default | Development or Test Only |
@@ -154,11 +234,22 @@ switch!('myaccount')
 | DB_PORT | Port for database connections | 5432 | no |
 | DB_TEST_NAME | name of database on database host for tests to run against. Should be different than the development database name or your tests will clobber your dev set up | hyku_test | yes |
 | DB_USER | username for the database connection | postgres | no |
-| FCREPO_DEVELOPMENT_PORT | Port used for fedora dev instance, only if FCREPO_URL is blank | 8984 | yes
-| FCREPO_HOST | host name for the fedora repo | ? | no |
+| FCREPO_BASE_PATH | Fedora root path | /hykudemo | no
+| FCREPO_DEV_BASE_PATH | Fedora root path used for dev instance | /dev | yes
+| FCREPO_DEVELOPMENT_PORT | Port used for fedora dev instance | 8984 | yes
+| FCREPO_HOST | host name for the fedora repo | fcrepo | no |
 | FCREPO_PORT | port for the fedora repo | 8080 | no |
-| FCREPO_TEST_PORT | Test port for the fedora repo, only if FCREPO_URL is blank | 8986 | yes |
-| FCREPO_URL | URL of the fedora repo, including port and prefix, but not repo name. | http://fcrepo:8080/rest | no |
+| FCREPO_REST_PATH | Fedora REST endpoint | rest | no
+| FCREPO_STAGING_BASE_PATH | Fedora root path used for dev instance | /staging | no
+| FCREPO_TEST_BASE_PATH | Fedora root path used for test instance | /test | yes
+| FCREPO_TEST_PORT | Test port for the fedora repo  8986 | yes |
+| GOOGLE_ANALYTICS_ID | The Google Analytics account id. Disabled if not set | - | no |
+| GOOGLE_OAUTH_APP_NAME | The name of the application. | - | no |
+| GOOGLE_OAUTH_APP_VERSION | The version of application. | - | no |
+| GOOGLE_OAUTH_PRIVATE_KEY_SECRET | The secret provided by Google when you created the key. | - | no |
+| GOOGLE_OAUTH_PRIVATE_KEY_PATH | The full path to your p12, key file. | - | no |
+| GOOGLE_OAUTH_PRIVATE_KEY_VALUE | The value of the p12 file with base64 encryption, only set on deployment as that is how we get the p12 file on the server (see bin/web & bin/worker files) | - | no
+| GOOGLE_OAUTH_CLIENT_EMAIL | OAuth Client email address.  | [email protected] | no |
 | HYKU_ADMIN_HOST | URL of the admin / proprietor host in a multitenant environment | hyku.test | no |
 | HYKU_ADMIN_ONLY_TENANT_CREATION | Restrict signing up a new tenant to the admin | false | no | |
 | HYKU_ALLOW_SIGNUP | Can users register themselves on a given Tenant | true  | no |
@@ -179,7 +270,6 @@ switch!('myaccount')
 | HYKU_FILE_ACL | Set Unix ACLs on file creation. Set to false if using Azure cloud or another network file system that does not allow setting permissions on files. | true | no |
 | HYKU_FILE_SIZE_LIMIT | How big a file do you want to accept in the work upload?  | 5242880 (5 MB) | no |
 | HYKU_GEONAMES_USERNAME | Username used for Geonames connections by the application | '' | no |
-| HYKU_GOOGLE_ANALYTICS_ID | Id for the applications Google Analytics account. Disabled if not set | - | no |
 | HYKU_GOOGLE_SCHOLARLY_WORK_TYPES | List of work types which should be presented to Google Scholar for indexing. Comma separated WorkType list | - | no |
 | HYKU_GTM_ID | If set, enable Google Tag manager with this id.  | - | no |
 | HYKU_LOCALE_NAME | Not used. Placeholder for upcoming Ubiquity feature | en | no |

app/views/devise/shared/_links.html.erb

@@ -2,7 +2,7 @@
   <%= link_to t(".sign_in"), new_session_path(resource_name) %><br />
 <% end -%>
 
-<%- if devise_mapping.registerable? && controller_name != 'registrations' && !Account.global_tenant? && current_account.try(:allow_signup) == "true"  %>
+<%- if devise_mapping.registerable? && controller_name != 'registrations' && !Account.global_tenant? && current_account.try(:allow_signup) %>
   <%= link_to t(".sign_up"), new_registration_path(resource_name) %><br />
 <% end -%>
 

bin/web

@@ -0,0 +1,6 @@
+#!/usr/local/bin/ruby
+if ENV['GOOGLE_OAUTH_PRIVATE_KEY_VALUE'] && !ENV['GOOGLE_OAUTH_PRIVATE_KEY_VALUE'].empty?
+  %x{echo #{ENV['GOOGLE_OAUTH_PRIVATE_KEY_VALUE']} | base64 --decode > prod-cred.p12}
+end
+
+exec "bundle exec puma -v -b tcp://0.0.0.0:3000"

bin/worker

@@ -0,0 +1,13 @@
+#!/usr/local/bin/ruby
+
+if ENV['DATABASE_URL'].present?
+  ENV['DATABASE_URL'] = ENV['DATABASE_URL'].gsub('pool=5', 'pool=30')
+else
+  puts 'DATABASE_URL not set, no pool change needed'
+end
+
+exec "echo $DATABASE_URL && bundle exec sidekiq"
+
+if ENV['GOOGLE_OAUTH_PRIVATE_KEY_VALUE'] && !ENV['GOOGLE_OAUTH_PRIVATE_KEY_VALUE'].empty?
+  %x{echo #{ENV['GOOGLE_OAUTH_PRIVATE_KEY_VALUE']} | base64 --decode > prod-cred.p12}
+end

config/analytics.yml

@@ -1,9 +1,11 @@
 #
 # To integrate your app with Google Analytics, uncomment the lines below and add your API key information.
 #
-# analytics:
-#   app_name: GOOGLE_OAUTH_APP_NAME
-#   app_version: GOOGLE_OAUTH_APP_VERSION
-#   privkey_path: GOOGLE_OAUTH_PRIVATE_KEY_PATH
-#   privkey_secret: GOOGLE_OAUTH_PRIVATE_KEY_SECRET
-#   client_email: GOOGLE_OAUTH_CLIENT_EMAIL
+analytics:
+  google:
+    analytics_id: <%= ENV['GOOGLE_ANALYTICS_ID'] %>
+    app_name: <%= ENV['GOOGLE_OAUTH_APP_NAME'] %>
+    app_version: <%= ENV['GOOGLE_OAUTH_APP_VERSION'] %>
+    privkey_path: <%= ENV['GOOGLE_OAUTH_PRIVATE_KEY_PATH'] %>
+    privkey_secret: <%= ENV['GOOGLE_OAUTH_PRIVATE_KEY_SECRET'] %>
+    client_email: <%= ENV['GOOGLE_OAUTH_CLIENT_EMAIL'] %>

config/fedora.yml

@@ -1,15 +1,20 @@
 development:
   user: fedoraAdmin
   password: fedoraAdmin
-  url: <%= ENV['FCREPO_URL'] || "http://127.0.0.1:#{ENV.fetch('FCREPO_DEVELOPMENT_PORT', 8984)}/rest" %>
-  base_path: /dev
+  url: http://<%= ENV['FCREPO_HOST'] || 'localhost' %>:<%= ENV['FCREPO_DEVELOPMENT_PORT'] || ENV['FCREPO_PORT'] || 8984 %>/<%= ENV['FCREPO_REST_PATH'] || 'rest' %>
+  base_path: <%= ENV['FCREPO_DEV_BASE_PATH'] || ENV['FCREPO_BASE_PATH'] || '/dev' %>
 test:
   user: fedoraAdmin
   password: fedoraAdmin
-  url: <%= ENV['FCREPO_URL'] || "http://127.0.0.1:#{ENV.fetch('FCREPO_TEST_PORT', 8986)}/rest" %>
-  base_path: /test
+  url: http://<%= ENV['FCREPO_HOST'] || 'localhost' %>:<%= ENV['FCREPO_TEST_PORT'] || ENV['FCREPO_PORT'] || 8986 %>/<%= ENV['FCREPO_REST_PATH'] || 'rest' %>
+  base_path: <%= ENV['FCREPO_TEST_BASE_PATH'] || ENV['FCREPO_BASE_PATH'] || '/test' %>
+staging:
+  user: fedoraAdmin
+  password: fedoraAdmin
+  url: http://<%= ENV['FCREPO_HOST'] || 'localhost' %>:<%= ENV['FCREPO_PORT'] || 8080 %>/<%= ENV['FCREPO_REST_PATH'] || 'rest' %>
+  base_path: <%= ENV['FCREPO_STAGING_BASE_PATH'] || ENV['FCREPO_BASE_PATH'] || '/staging' %>
 production:
   user: fedoraAdmin
   password: fedoraAdmin
-  url: <%= ENV['FCREPO_URL'] || "http://127.0.0.1:8983/fedora/rest" %>
-  base_path: /prod
+  url: http://<%= ENV['FCREPO_HOST'] || 'localhost' %>:<%= ENV['FCREPO_PORT'] || 8080 %>/<%= ENV['FCREPO_REST_PATH'] || 'rest' %>
+  base_path: <%= ENV['FCREPO_BASE_PATH'] || '/prod' %>

ops/review-deploy.tmpl.yaml

@@ -40,12 +40,46 @@ ingress:
         - path: /
 
 extraEnvVars: &envVars
+  - name: CONFDIR
+    value: "/app/samvera/hyrax-webapp/solr/conf"
+  - name: FCREPO_BASE_PATH
+    value: /hykudemo
+  - name: FCREPO_HOST
+    value: fcrepo.staging-fcrepo.svc.cluster.local
+  - name: FCREPO_PORT
+    value: "8080"
+  - name: FCREPO_REST_PATH
+    value: rest
+  - name: GOOGLE_ANALYTICS_ID
+    value: $GOOGLE_ANALYTICS_ID
+  - name: GOOGLE_OAUTH_APP_NAME
+    value: hyku-demo
+  - name: GOOGLE_OAUTH_APP_VERSION
+    value: '1.0'
+  - name: GOOGLE_OAUTH_PRIVATE_KEY_SECRET
+    value: $GOOGLE_OAUTH_PRIVATE_KEY_SECRET
+  - name: GOOGLE_OAUTH_PRIVATE_KEY_PATH
+    value: prod-cred.p12
+  - name: GOOGLE_OAUTH_PRIVATE_KEY_VALUE
+    value: $GOOGLE_OAUTH_PRIVATE_KEY_VALUE
+  - name: GOOGLE_OAUTH_CLIENT_EMAIL
+    value: [email protected]
   - name: HYKU_ADMIN_HOST
     value: hyku-$CI_MERGE_REQUEST_ID.example.com
+  - name: HYKU_ADMIN_ONLY_TENANT_CREATION
+    value: "true"
+  - name: HYKU_CONTACT_EMAIL
+    value: [email protected]
+  - name: HYKU_DEFAULT_HOST
+    value: "%{tenant}.hyku-staging.example.com"
+  - name: HYKU_ENABLED
+    value: "true"
   - name: HYKU_ROOT_HOST
     value: hyku-$CI_MERGE_REQUEST_ID.example.com
-  - name: CONFDIR
-    value: "/app/samvera/hyrax-webapp/solr/conf"
+  - name: HYRAX_ACTIVE_JOB_QUEUE
+    value: sidekiq
+  - name: HYRAX_FITS_PATH
+    value: /app/fits/fits.sh
   - name: INITIAL_ADMIN_EMAIL
     value: [email protected]
   - name: INITIAL_ADMIN_PASSWORD
@@ -54,6 +88,8 @@ extraEnvVars: &envVars
     value: "true"
   - name: LD_LIBRARY_PATH
     value: /app/fits/tools/mediainfo/linux
+  - name: NEGATIVE_CAPTCHA_SECRET
+    value: $NEGATIVE_CAPTCHA_SECRET
   - name: PASSENGER_APP_ENV
     value: production
   - name: RAILS_ENV
@@ -64,26 +100,6 @@ extraEnvVars: &envVars
     value: "5"
   - name: RAILS_SERVE_STATIC_FILES
     value: "true"
-  - name: HYRAX_ACTIVE_JOB_QUEUE
-    value: sidekiq
-  - name: HYKU_CONTACT_EMAIL
-    value: [email protected]
-  - name: HYRAX_FITS_PATH
-    value: /app/fits/fits.sh
-  - name: HYKU_ADMIN_ONLY_TENANT_CREATION
-    value: "true"
-  - name: HYKU_DEFAULT_HOST
-    value: "%{tenant}.hyku-staging.example.com"
-  - name: HYKU_ENABLED
-    value: "true"
-  - name: NEGATIVE_CAPTCHA_SECRET
-    value: $NEGATIVE_CAPTCHA_SECRET
-  - name: SOLR_ADMIN_USER
-    value: admin
-  - name: SOLR_COLLECTION_NAME
-    value: hyrax
-  - name: SOLR_CONFIGSET_NAME
-    value: $CI_COMMIT_SHORT_SHA
   - name: SMTP_ENABLED
     value: "true"
   - name: SMTP_USER_NAME
@@ -98,6 +114,12 @@ extraEnvVars: &envVars
     value: "2525"
   - name: SMTP_TYPE
     value: cram_md5
+  - name: SOLR_ADMIN_USER
+    value: admin
+  - name: SOLR_COLLECTION_NAME
+    value: hyrax
+  - name: SOLR_CONFIGSET_NAME
+    value: $CI_COMMIT_SHORT_SHA
 
 worker:
   replicaCount: 1
@@ -121,7 +143,7 @@ leaseRelease:
   enabled: false
 
 # imagePullSecrets:
-#  - name: gitlab-registry
+#  - name: github
 
 fcrepo:
   enabled: true
@@ -133,3 +155,5 @@ redis:
   password: staging
 solr:
   enabled: true
+
+externalFcrepoHost: fcrepo.staging-fcrepo.svc.cluster.local