feat: e2esdk [DO NOT MERGE]

.gitignore

@@ -44,4 +44,7 @@ cypress/videos
 cypress/screenshots
 
 # Robots.txt
-robots.txt
+robots.txt
+
+# local volume
+.storage

.kontinuous/values.yaml

@@ -18,6 +18,15 @@ app:
   imagePackage: app
   containerPort: 3000
   probesPath: "/healthz"
+  volumes:
+    - name: uploads
+      emptyDir: {}
+  volumeMounts:
+    - name: uploads
+      mountPath: /uploads
+  env:
+    - name: STORAGE_DIR
+      value: /uploads
   envFrom:
     - configMapRef:
         name: app
@@ -148,6 +157,10 @@ keycloakx:
     - name: compile-realm
       image: hairyhenderson/gomplate:v3.10.0-alpine
       imagePullPolicy: IfNotPresent
+      securityContext:
+        allowPrivilegeEscalation: false
+        runAsNonRoot: true
+        runAsUser: 100
       volumeMounts:
       - name: keycloak-realm-tpl
         mountPath: "/realm-tpl/"
@@ -170,6 +183,10 @@ keycloakx:
         - "cat /realm-tpl/realm.json.envtpl | gomplate > /realm/realm.json"
     - name: fetch-keycloak-providers
       image: curlimages/curl
+      securityContext:
+        allowPrivilegeEscalation: false
+        runAsNonRoot: true
+        runAsUser: 405
       imagePullPolicy: IfNotPresent
       command:
         - sh

csp.config.js

@@ -1,10 +1,10 @@
 const ContentSecurityPolicy = `
   default-src 'self' *.fabrique.social.gouv.fr;
-  img-src 'self' data: *.fabrique.social.gouv.fr https://dummyimage.com/;
-  script-src 'self' *.fabrique.social.gouv.fr ${
+  img-src 'self' blob: data: *.fabrique.social.gouv.fr https://dummyimage.com/;
+  script-src 'self' *.fabrique.social.gouv.fr 'wasm-unsafe-eval' ${
     process.env.NODE_ENV !== "production" && "'unsafe-eval' 'unsafe-inline'"
   };
-  connect-src 'self' *.fabrique.social.gouv.fr ${
+  connect-src 'self' data: wss: *.fabrique.social.gouv.fr ${
     process.env.NODE_ENV !== "production" && "http://localhost:8082"
   };
   frame-src 'self' *.fabrique.social.gouv.fr;

hasura/metadata/databases/default/tables/public_answers.yaml

@@ -0,0 +1,40 @@
+table:
+  name: answers
+  schema: public
+array_relationships:
+  - name: answers_files
+    using:
+      foreign_key_constraint_on:
+        column: answer_uuid
+        table:
+          name: answers_files
+          schema: public
+insert_permissions:
+  - role: anonymous
+    permission:
+      check: {}
+      columns:
+        - created_at
+        - data
+        - id
+        - public_key
+        - sealed_secret
+        - signature
+        - submission_bucket_id
+select_permissions:
+  - role: anonymous
+    permission:
+      columns:
+        - id
+      filter: {}
+  - role: user
+    permission:
+      columns:
+        - id
+        - data
+        - public_key
+        - sealed_secret
+        - signature
+        - submission_bucket_id
+        - created_at
+      filter: {}

hasura/metadata/databases/default/tables/public_answers_files.yaml

@@ -0,0 +1,23 @@
+table:
+  name: answers_files
+  schema: public
+object_relationships:
+  - name: answer
+    using:
+      foreign_key_constraint_on: answer_uuid
+insert_permissions:
+  - role: anonymous
+    permission:
+      check: {}
+      columns:
+        - answer_uuid
+        - file_hash
+select_permissions:
+  - role: user
+    permission:
+      columns:
+        - answer_uuid
+        - file_hash
+        - id
+      filter: {}
+      allow_aggregations: true

hasura/metadata/databases/default/tables/public_files.yaml

@@ -0,0 +1,22 @@
+table:
+  name: files
+  schema: public
+insert_permissions:
+  - role: anonymous
+    permission:
+      check: {}
+      columns:
+        - hash
+        - key
+select_permissions:
+  - role: user
+    permission:
+      columns:
+        - hash
+        - key
+      filter: {}
+delete_permissions:
+  - role: user
+    permission:
+      backend_only: false
+      filter: {}

hasura/metadata/databases/default/tables/tables.yaml

@@ -1 +1,3 @@
+- "!include public_answers.yaml"
+- "!include public_answers_files.yaml"
 - "!include public_books.yaml"

hasura/migrations/default/1681303296141_create_table_public_answers/down.sql

@@ -0,0 +1 @@
+DROP TABLE "public"."answers";

hasura/migrations/default/1681303296141_create_table_public_answers/up.sql

@@ -0,0 +1 @@
+CREATE TABLE "public"."answers" ("id" serial NOT NULL, "created_at" timestamptz NOT NULL DEFAULT now(), "submission_bucket_id" text NOT NULL, "sealed_secret" text NOT NULL, "public_key" text NOT NULL, "data" text NOT NULL, PRIMARY KEY ("id") , UNIQUE ("id"), UNIQUE ("sealed_secret"), UNIQUE ("public_key"));

hasura/migrations/default/1681305238139_alter_table_public_answers_add_column_signature/down.sql

@@ -0,0 +1,4 @@
+-- Could not auto-generate a down migration.
+-- Please write an appropriate down migration for the SQL below:
+-- alter table "public"."answers" add column "signature" text
+--  not null unique;

hasura/migrations/default/1681305238139_alter_table_public_answers_add_column_signature/up.sql

@@ -0,0 +1,2 @@
+alter table "public"."answers" add column "signature" text
+ not null unique;

hasura/migrations/default/1684314835951_create_table_public_files/down.sql

@@ -0,0 +1 @@
+DROP TABLE "public"."files";

hasura/migrations/default/1684314835951_create_table_public_files/up.sql

@@ -0,0 +1 @@
+CREATE TABLE "public"."files" ("hash" text NOT NULL, "key" text NOT NULL, PRIMARY KEY ("hash") );

hasura/migrations/default/1684314945514_create_table_public_answers_files/down.sql

@@ -0,0 +1 @@
+DROP TABLE "public"."answers_files";

hasura/migrations/default/1684314945514_create_table_public_answers_files/up.sql

@@ -0,0 +1 @@
+CREATE TABLE "public"."answers_files" ("id" serial NOT NULL, "answer_id" integer NOT NULL, "file_hash" text NOT NULL, PRIMARY KEY ("id") , FOREIGN KEY ("answer_id") REFERENCES "public"."answers"("id") ON UPDATE cascade ON DELETE cascade, FOREIGN KEY ("file_hash") REFERENCES "public"."files"("hash") ON UPDATE cascade ON DELETE cascade, UNIQUE ("answer_id", "file_hash"));

hasura/migrations/default/1684314983990_alter_table_public_files_add_unique_hash/down.sql

@@ -0,0 +1 @@
+alter table "public"."files" drop constraint "files_hash_key";

hasura/migrations/default/1684314983990_alter_table_public_files_add_unique_hash/up.sql

@@ -0,0 +1 @@
+alter table "public"."files" add constraint "files_hash_key" unique ("hash");

hasura/migrations/default/1684315453170_alter_table_public_answers_add_column_uuid/down.sql

@@ -0,0 +1,4 @@
+-- Could not auto-generate a down migration.
+-- Please write an appropriate down migration for the SQL below:
+-- alter table "public"."answers" add column "uuid" uuid
+--  not null;

hasura/migrations/default/1684315453170_alter_table_public_answers_add_column_uuid/up.sql

@@ -0,0 +1,2 @@
+alter table "public"."answers" add column "uuid" uuid
+ not null;

hasura/migrations/default/1684315461992_alter_table_public_answers_alter_column_uuid/down.sql

@@ -0,0 +1 @@
+ALTER TABLE "public"."answers" ALTER COLUMN "uuid" drop default;

hasura/migrations/default/1684315461992_alter_table_public_answers_alter_column_uuid/up.sql

@@ -0,0 +1 @@
+alter table "public"."answers" alter column "uuid" set default gen_random_uuid();

hasura/migrations/default/1684315533357_alter_table_public_answers_files_drop_column_answer_id/down.sql

@@ -0,0 +1,8 @@
+alter table "public"."answers_files" add constraint "answers_files_answer_id_file_hash_key" unique (answer_id, file_hash);
+alter table "public"."answers_files"
+  add constraint "answers_files_answer_id_fkey"
+  foreign key (answer_id)
+  references "public"."answers"
+  (id) on update cascade on delete cascade;
+alter table "public"."answers_files" alter column "answer_id" drop not null;
+alter table "public"."answers_files" add column "answer_id" int4;

hasura/migrations/default/1684315533357_alter_table_public_answers_files_drop_column_answer_id/up.sql

@@ -0,0 +1 @@
+alter table "public"."answers_files" drop column "answer_id" cascade;

hasura/migrations/default/1684315553901_alter_table_public_answers_files_add_column_answer_uuid/down.sql

@@ -0,0 +1,4 @@
+-- Could not auto-generate a down migration.
+-- Please write an appropriate down migration for the SQL below:
+-- alter table "public"."answers_files" add column "answer_uuid" uuid
+--  not null;

hasura/migrations/default/1684315553901_alter_table_public_answers_files_add_column_answer_uuid/up.sql

@@ -0,0 +1,2 @@
+alter table "public"."answers_files" add column "answer_uuid" uuid
+ not null;

hasura/migrations/default/1684315633710_modify_primarykey_public_answers/down.sql

@@ -0,0 +1,4 @@
+alter table "public"."answers" drop constraint "answers_pkey";
+alter table "public"."answers"
+    add constraint "answers_pkey"
+    primary key ("id");

hasura/migrations/default/1684315633710_modify_primarykey_public_answers/up.sql

@@ -0,0 +1,6 @@
+BEGIN TRANSACTION;
+ALTER TABLE "public"."answers" DROP CONSTRAINT "answers_pkey";
+
+ALTER TABLE "public"."answers"
+    ADD CONSTRAINT "answers_pkey" PRIMARY KEY ("uuid");
+COMMIT TRANSACTION;

hasura/migrations/default/1684315652503_set_fk_public_answers_files_answer_uuid/down.sql

@@ -0,0 +1 @@
+alter table "public"."answers_files" drop constraint "answers_files_answer_uuid_fkey";

hasura/migrations/default/1684315652503_set_fk_public_answers_files_answer_uuid/up.sql

@@ -0,0 +1,5 @@
+alter table "public"."answers_files"
+  add constraint "answers_files_answer_uuid_fkey"
+  foreign key ("answer_uuid")
+  references "public"."answers"
+  ("uuid") on update cascade on delete cascade;

hasura/migrations/default/1684315662174_alter_table_public_answers_files_add_unique_file_hash_answer_uuid/down.sql

@@ -0,0 +1 @@
+alter table "public"."answers_files" drop constraint "answers_files_file_hash_answer_uuid_key";

hasura/migrations/default/1684315662174_alter_table_public_answers_files_add_unique_file_hash_answer_uuid/up.sql

@@ -0,0 +1 @@
+alter table "public"."answers_files" add constraint "answers_files_file_hash_answer_uuid_key" unique ("file_hash", "answer_uuid");

hasura/migrations/default/1684315959954_alter_table_public_files_add_column_answers_files_id/down.sql

@@ -0,0 +1,4 @@
+-- Could not auto-generate a down migration.
+-- Please write an appropriate down migration for the SQL below:
+-- alter table "public"."files" add column "answers_files_id" integer
+--  null;

hasura/migrations/default/1684315959954_alter_table_public_files_add_column_answers_files_id/up.sql

@@ -0,0 +1,2 @@
+alter table "public"."files" add column "answers_files_id" integer
+ null;

hasura/migrations/default/1684315970431_set_fk_public_files_answers_files_id/down.sql

@@ -0,0 +1 @@
+alter table "public"."files" drop constraint "files_answers_files_id_fkey";

hasura/migrations/default/1684315970431_set_fk_public_files_answers_files_id/up.sql

@@ -0,0 +1,5 @@
+alter table "public"."files"
+  add constraint "files_answers_files_id_fkey"
+  foreign key ("answers_files_id")
+  references "public"."answers_files"
+  ("id") on update cascade on delete cascade;

hasura/migrations/default/1684316715774_alter_table_public_answers_files_add_column_key/down.sql

@@ -0,0 +1,4 @@
+-- Could not auto-generate a down migration.
+-- Please write an appropriate down migration for the SQL below:
+-- alter table "public"."answers_files" add column "key" text
+--  not null;

hasura/migrations/default/1684316715774_alter_table_public_answers_files_add_column_key/up.sql

@@ -0,0 +1,2 @@
+alter table "public"."answers_files" add column "key" text
+ not null;

hasura/migrations/default/1684316822970_delete_fk_public_files_files_answers_files_id_fkey/down.sql

@@ -0,0 +1,5 @@
+alter table "public"."files"
+  add constraint "files_answers_files_id_fkey"
+  foreign key ("answers_files_id")
+  references "public"."answers_files"
+  ("id") on update cascade on delete cascade;

hasura/migrations/default/1684316822970_delete_fk_public_files_files_answers_files_id_fkey/up.sql

@@ -0,0 +1 @@
+alter table "public"."files" drop constraint "files_answers_files_id_fkey";

hasura/migrations/default/1684316834258_alter_table_public_files_drop_constraint_files_hash_key/down.sql

@@ -0,0 +1 @@
+alter table "public"."files" add constraint "files_hash_key" unique ("hash");

hasura/migrations/default/1684316834258_alter_table_public_files_drop_constraint_files_hash_key/up.sql

@@ -0,0 +1 @@
+alter table "public"."files" drop constraint "files_hash_key";

hasura/migrations/default/1684316904382_run_sql_migration/down.sql

@@ -0,0 +1,3 @@
+-- Could not auto-generate a down migration.
+-- Please write an appropriate down migration for the SQL below:
+-- DROP TABLE files CASCADE;

hasura/migrations/default/1684316904382_run_sql_migration/up.sql

@@ -0,0 +1 @@
+DROP TABLE files CASCADE;

hasura/migrations/default/1684317239523_alter_table_public_answers_files_alter_column_key/down.sql

@@ -0,0 +1 @@
+alter table "public"."answers_files" rename column "file_key" to "key";

hasura/migrations/default/1684317239523_alter_table_public_answers_files_alter_column_key/up.sql

@@ -0,0 +1 @@
+alter table "public"."answers_files" rename column "key" to "file_key";

hasura/migrations/default/1684329733228_alter_table_public_answers_files_drop_column_file_key/down.sql

@@ -0,0 +1,2 @@
+alter table "public"."answers_files" alter column "file_key" drop not null;
+alter table "public"."answers_files" add column "file_key" text;

hasura/migrations/default/1684329733228_alter_table_public_answers_files_drop_column_file_key/up.sql

@@ -0,0 +1 @@
+alter table "public"."answers_files" drop column "file_key" cascade;

next-auth.d.ts

@@ -0,0 +1,10 @@
+import NextAuth, { DefaultSession } from "next-auth";
+
+// augment default Session type
+declare module "next-auth" {
+  interface Session {
+    user: {
+      id: string;
+    } & DefaultSession["user"];
+  }
+}

package.json

@@ -36,13 +36,24 @@
     "@mui/x-data-grid": "^5.17.16",
     "@mui/x-date-pickers": "^5.0.11",
     "@sentry/nextjs": "^7.60.1",
+    "@socialgouv/e2esdk-client": "1.0.0-beta.28",
+    "@socialgouv/e2esdk-crypto": "1.0.0-beta.20",
+    "@socialgouv/e2esdk-devtools": "1.0.0-beta.38",
+    "@socialgouv/e2esdk-react": "1.0.0-beta.28",
     "@socialgouv/matomo-next": "^1.6.1",
+    "boring-avatars": "^1.7.0",
     "dayjs": "^1.11.9",
+    "formidable": "3.2.5",
+    "js-image-generator": "^1.0.4",
     "next": "13.4.12",
     "next-auth": "^4.22.3",
+    "random-words": "^1.3.0",
     "react": "18.2.0",
     "react-dom": "18.2.0",
-    "tss-react": "^4.8.8"
+    "react-dropzone": "^14.2.3",
+    "react-hook-form": "^7.44.2",
+    "tss-react": "^4.8.8",
+    "zod": "^3.21.4"
   },
   "devDependencies": {
     "@babel/core": "^7.22.9",
@@ -55,6 +66,7 @@
     "@storybook/testing-library": "^0.0.11",
     "@testing-library/jest-dom": "^5.17.0",
     "@testing-library/react": "^14.0.0",
+    "@types/formidable": "^2.0.6",
     "@types/node": "18.11.17",
     "@types/react": "^18.2.0",
     "@types/react-dom": "^18.2.0",

src/components/devtools.tsx

@@ -0,0 +1,17 @@
+import '@socialgouv/e2esdk-devtools'
+import { E2ESDKDevtoolsElement } from '@socialgouv/e2esdk-devtools'
+import { useE2ESDKClient } from '@socialgouv/e2esdk-react'
+import React from 'react'
+
+export const Devtools = () => {
+  const client = useE2ESDKClient()
+  const ref = React.useRef<E2ESDKDevtoolsElement>(null)
+  React.useEffect(() => {
+    if (!ref.current) {
+      return
+    }
+    ref.current.client = client
+  }, [client])
+  return <e2esdk-devtools ref={ref} theme="dark" />
+}
+

src/config/index.ts

@@ -0,0 +1,5 @@
+import path from "node:path";
+
+export const storageDir =
+  process.env.STORAGE_DIR ||
+  path.resolve(process.cwd(), "./.storage/answers_files");