Merge branch 'main' of https://github.com/CapstoneProjectCMC/backend into post-service

Author: boypro5235

.env

@@ -17,6 +17,7 @@ QUIZ_DATABASE=quiz_db
 CODING_USERNAME=postgres_coding
 CODING_DB_PASSWORD=dinhanst2832004
 CODING_DATABASE=coding_db
+DOCKER_GID=999
 AI_USERNAME=postgres_ai
 AI_DB_PASSWORD=dinhanst2832004
 AI_DATABASE=ai_db
@@ -48,4 +49,4 @@ CHAT_ROOT_PASSWORD=dinhanst2832004
 CHAT_DATABASE=chat_db
 CHAT_PASSWORD=dinhanst2832004
 #GeminiKey
-OPENAI_API_KEY=AIzaSyDeZ3rEpzrleMCvvwLK3xHnqXYyTdxVhFs
+OPENAI_API_KEY=AIzaSyDeZ3rEpzrleMCvvwLK3xHnqXYyTdxVhFs

FileService/FileService.Api/Controllers/FileDocumentController.cs

@@ -2,10 +2,14 @@
 using FileService.Service.ApiModels.FileDocumentModels;
 using FileService.Service.Dtos.FileDocumentDtos;
 using FileService.Service.Interfaces;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
 namespace FileService.Api.Controllers
 {
+   // [Authorize]
+   // [Authorize(Policy = "Permission")]
+   // [Authorize(Roles = "ADMIN")]
     [Route("file/api/[controller]")]
     [ApiController]
     public class FileDocumentController : BaseApiController

FileService/FileService.Api/Middlewares/AuthenMiddleware.cs

@@ -1,16 +1,20 @@
 using FileService.Core.ApiModels;
+using System.Security.Claims;
 
 namespace FileService.Api.Middlewares
 {
     public class AuthenMiddleware
     {
         private readonly RequestDelegate _next;
+
+
         public AuthenMiddleware(RequestDelegate next)
         {
             _next = next;
         }
         public async Task InvokeAsync(HttpContext httpContext)
         {
+            //lấy userId và sessionId từ claims
             var userId = httpContext.User.Claims.FirstOrDefault(c => c.Type == "userId")?.Value;
             var sessionId = httpContext.User.Claims.FirstOrDefault(c => c.Type == "sessionId")?.Value;
 

FileService/FileService.Api/Program.cs

@@ -18,6 +18,7 @@
 using FileService.Service.Implementation;
 using FileService.Service.Interfaces;
 using Microsoft.Extensions.FileProviders;
+using System.Security.Claims;
 
 BsonSerializer.RegisterSerializer(new GuidSerializer(GuidRepresentation.Standard));
 
@@ -39,7 +40,7 @@
 
 var env = Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT");
 Console.WriteLine($"ASPNETCORE_ENVIRONMENT: {env}");
-builder.Services.Configure<MinioConfig>(builder.Configuration.GetSection("MinioConfig"));
+//builder.Services.Configure<MinioConfig>(builder.Configuration.GetSection("MinioConfig"));
 
 builder.Services.Configure<MongoDbSettings>(builder.Configuration.GetSection("MongoDbSettings"));
 builder.Services.Configure<FfmpegSettings>(builder.Configuration.GetSection("FfmpegSettings"));
@@ -98,7 +99,11 @@
         ValidateIssuerSigningKey = true,
         ValidIssuer = appSettings.Jwt.Issuer,
         ValidAudience = appSettings.Jwt.Audience,
-        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(appSettings.Jwt.Key))
+        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(appSettings.Jwt.Key)),
+
+        // Cấu hình claim để nhận Role
+        RoleClaimType = ClaimTypes.Role
+
     };
 });
 
@@ -173,12 +178,6 @@
     app.UseSwaggerUI();
 }
 
-using (var scope = app.Services.CreateScope())
-{
-    var minioService = scope.ServiceProvider.GetRequiredService<IMinioService>();
-    await minioService.EnsureBucketExistsAsync();
-}
-
 //kích hoạt CORS policy
 app.UseCors(MyAllowSpecificOrigins);
 
@@ -192,6 +191,5 @@
 
 app.MapControllers();
 
-
-await app.RunAsync();
+app.Run();
 

FileService/FileService.Api/appsettings.Development.json

@@ -21,11 +21,11 @@
       "OtpHoursAvailable": 24
     },
     "Jwt": {
-      "Key": "uifhjcnsqbhwbAMKXjdt123gdritocet",
-      "Issuer": "http://localhost:38946",
-      "Audience": "http://localhost:38946",
+      "Key": "1TjXchw5FloESb63Kc+DFhTARvpWL4jUGCwfGWxuG5SIf/1y/LgJxHnMqaF6A/ij",
+      "Issuer": "Code Campus",
+      "Audience": "Code Campus",
       "AccessTokenExpiresTime": 60,
-      "RefreshTokenExpiresTime": 3
+      "RefreshTokenExpiresTime": 300
     },
     "Admin": {
       "OtpMaxAttempted": 3,

FileService/FileService.Api/appsettings.Staging.json

@@ -21,9 +21,9 @@
       "OtpHoursAvailable": 24
     },
     "Jwt": {
-      "Key": "uifhjcnsqbhwbAMKXjdt123gdritocet",
-      "Issuer": "http://localhost:38946",
-      "Audience": "http://localhost:38946",
+      "Key": "1TjXchw5FloESb63Kc+DFhTARvpWL4jUGCwfGWxuGSSIf/1y/LgJxHnMqaF6A/ij",
+      "Issuer": "Code Campus",
+      "Audience": "Code Campus",
       "AccessTokenExpiresTime": 60,
       "RefreshTokenExpiresTime": 3
     },

FileService/FileService.Service/Implementation/MinioService.cs

@@ -22,25 +22,60 @@ public class MinioService : BaseService, IMinioService
         private readonly IMinioClient _minioClient;
         private readonly MinioConfig _config;
 
-        public MinioService(AppSettings appSettings, UserContext userContext) : base(appSettings, userContext)
+        public MinioService(IOptions<MinioConfig> options, AppSettings appSettings, UserContext userContext) : base(appSettings, userContext)
         {
-            _config = appSettings.MinioConfig ?? throw new ArgumentNullException(nameof(appSettings.MinioConfig)); 
+            _config = options.Value ?? throw new ArgumentNullException(nameof(options.Value));
 
-            _minioClient = new MinioClient()
-                .WithEndpoint(_config.Endpoint, _config.Port)
-                .WithCredentials(_config.AccessKey, _config.SecretKey)
-                .WithSSL(_config.Secure)
-                .Build();
+            Console.WriteLine($"MinioConfig: Endpoint={_config.Endpoint}, Port={_config.Port}, AccessKey length={_config.AccessKey?.Length ?? 0}, Secure={_config.Secure}");
+
+            if (string.IsNullOrWhiteSpace(_config.Endpoint) || _config.Port <= 0 || string.IsNullOrWhiteSpace(_config.AccessKey) || string.IsNullOrWhiteSpace(_config.SecretKey))
+            {
+                throw new InvalidOperationException("Minio configuration is invalid or incomplete.");
+            }
+            try
+            {
+                Console.WriteLine("Attempting to build MinioClient...");
+                _minioClient = new MinioClient()
+                    .WithEndpoint(_config.Endpoint, _config.Port)
+                    .WithCredentials(_config.AccessKey, _config.SecretKey)
+                    .WithSSL(_config.Secure)
+                    .Build();
+                if (_minioClient == null)
+                {
+                    throw new InvalidOperationException("Failed to initialize MinioClient.");
+                }
+                // Kiểm tra kết nối thực tế
+                Console.WriteLine("Testing MinioClient connection...");
+                var buckets = _minioClient.ListBucketsAsync().GetAwaiter().GetResult(); // Kiểm tra nhanh
+                Console.WriteLine("MinioClient initialized and connection tested successfully.");
+            }
+            catch (MinioException ex)
+            {
+                Console.WriteLine($"MinioException: {ex.Message}");
+                throw new InvalidOperationException($"Minio initialization failed: {ex.Message}", ex);
+            }
+            catch (Exception ex)
+            {
+                Console.WriteLine($"Unexpected error: {ex.Message}");
+                throw new InvalidOperationException($"Failed to initialize MinioClient: {ex.Message}", ex);
+            }
         }
 
         public async Task EnsureBucketExistsAsync()
         {
-            var bucketExistsArgs = new BucketExistsArgs().WithBucket(_config.BucketName);
+            if (_minioClient == null)
+            {
+                throw new InvalidOperationException("MinioClient is not initialized.");
+            }
+
             if (string.IsNullOrWhiteSpace(_config.BucketName))
             {
                 throw new InvalidOperationException("Bucket name is not configured.");
             }
+            var bucketExistsArgs = new BucketExistsArgs().WithBucket(_config.BucketName);
+
             bool found = await _minioClient.BucketExistsAsync(bucketExistsArgs);
+           
             if (!found)
             {
                 var makeBucketArgs = new MakeBucketArgs().WithBucket(_config.BucketName);

build-image.sh

@@ -5,35 +5,44 @@ export DOCKER_BUILDKIT=1
 DOCKERHUB_USER="${DOCKERHUB_USER:-yunomix2834}"
 IMAGE_TAG="${IMAGE_TAG:-$(date +%Y%m%d.%H%M%S)}"
 
+# Xác định DOCKER_GID an toàn
+if [[ "$OSTYPE" == "darwin"* ]]; then
+  DOCKER_GID=999
+elif [ -S /var/run/docker.sock ]; then
+  DOCKER_GID=$(stat -c '%g' /var/run/docker.sock 2>/dev/null || echo 999)
+else
+  DOCKER_GID=999
+fi
+
 login() {
-  echo "$DOCKERHUB_TOKEN" | docker login -u "$DOCKERHUB_USER" --password-stdin
+  [ -n "$DOCKERHUB_TOKEN" ] && echo "$DOCKERHUB_TOKEN" | docker login -u "$DOCKERHUB_USER" --password-stdin
 }
 
 build_push_java() {
   local module=$1
+  local build_args=("--build-arg" "MODULE=$module")
+
+  if [[ "$module" == "coding-service" ]]; then
+    build_args+=(
+      "--build-arg" "DOCKER_HOST_GID=${DOCKER_GID}"
+    )
+  fi
+
   docker buildx build \
     -f docker/java-service.Dockerfile \
-    --build-arg MODULE="$module" \
+    "${build_args[@]}" \
     -t "$DOCKERHUB_USER/codecampus-$module:$IMAGE_TAG" \
     --push .
 }
 
-build_push_file_service() {
-  docker buildx build \
-    -f docker/file-service.Dockerfile \
-    -t "$DOCKERHUB_USER/codecampus-file-service:$IMAGE_TAG" \
-    --push .
-}
-
 main() {
   login
-  for svc in identity-service profile-service submission-service \
-             coding-service quiz-service ai-service search-service \
-             notification-service chat-service gateway-service
-  do
+  echo "Building with DOCKER_GID=${DOCKER_GID}"
+
+  for svc in search-service profile-service identity-service; do
+    echo "Building $svc..."
     build_push_java "$svc"
   done
-  build_push_file_service
 }
 
-main "$@"
+main "$@"

build-service.sh

@@ -27,11 +27,11 @@ build_push_file_service() {
 
 main() {
   login
-  for svc in submission-service quiz-service coding-service profile-service
-  do
-    build_push_java "$svc"
-  done
-#  build_push_java "profile-service"
+#  for svc in submission-service quiz-service coding-service profile-service
+#  do
+#    build_push_java "$svc"
+#  done
+  build_push_java "coding-service"
 #  build_push_file_service
 }
 

coding-service/src/main/java/com/codecampus/coding/helper/DockerHelper.java

@@ -0,0 +1,71 @@
+package com.codecampus.coding.helper;
+
+import java.nio.file.Path;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+/**
+ * Helper tạo lệnh docker, tự fallback sang “sudo docker …” khi cần.
+ */
+public final class DockerHelper {
+    private static final String SANDBOX_IMAGE =
+            System.getenv().getOrDefault("SANDBOX_IMAGE",
+                    "capstoneprojectpythondocker:latest");
+    private static final String RUNNER_VOLUME =
+            System.getenv().getOrDefault("RUNNER_VOLUME", "runner_data");
+    private static final Path RUNNER_ROOT =
+            Path.of(System.getenv().getOrDefault("RUNNER_ROOT", "/work"));
+    private static volatile Boolean NEEDS_SUDO = null;
+
+    private DockerHelper() {
+    }
+
+    public static List<String> cmd(String... args) {
+        var full = new ArrayList<String>();
+        if (useSudo()) {
+            full.add("sudo");
+        }
+        full.add("docker");
+        full.addAll(Arrays.asList(args));
+        return full;
+    }
+
+    private static boolean useSudo() {
+        if (NEEDS_SUDO != null) {
+            return NEEDS_SUDO;
+        }
+
+        // Cho phép ép dùng sudo qua biến môi trường (phòng hờ)
+        String force = System.getenv("DOCKER_USE_SUDO");
+        if (force != null &&
+                (force.equals("1") || force.equalsIgnoreCase("true"))) {
+            NEEDS_SUDO = true;
+            return true;
+        }
+
+        try {
+            var p = new ProcessBuilder("docker", "system", "info")
+                    .redirectErrorStream(true)
+                    .start();
+
+            int code = p.waitFor();
+            NEEDS_SUDO = (code != 0);
+        } catch (Exception e) {
+            NEEDS_SUDO = true;
+        }
+        return NEEDS_SUDO;
+    }
+
+    // PlaygroundServiceImpl & DockerSandboxService
+    public static String inVolumePath(Path p) {
+        // p = /work/pg_xxx/... (trong coding-service)
+        // Cần đường dẫn tương ứng bên trong sandbox: /work/pg_xxx/...
+        Path rel = RUNNER_ROOT.relativize(p.toAbsolutePath().normalize());
+        return "/work/" + rel.toString().replace("\\", "/");
+    }
+
+    public static String selfContainer() {
+        return System.getenv().getOrDefault("SELF_CONTAINER", "");
+    }
+}