feat service license (#4195)

* feat: license service

Signed-off-by: jingyang <3161362058@qq.com>

* done

* tempalte

Signed-off-by: jingyang <3161362058@qq.com>

* done

Signed-off-by: jingyang <3161362058@qq.com>

* done

Signed-off-by: jingyang <3161362058@qq.com>

* docker build

Signed-off-by: jingyang <3161362058@qq.com>

* done

Signed-off-by: jingyang <3161362058@qq.com>

* license yaml

Signed-off-by: jingyang <3161362058@qq.com>

* image

* fix type bg

* env

* add oss

Signed-off-by: jingyang <3161362058@qq.com>

* done

Signed-off-by: jingyang <3161362058@qq.com>

cluster done

Signed-off-by: jingyang <3161362058@qq.com>

done

Signed-off-by: jingyang <3161362058@qq.com>

cluster done

Signed-off-by: jingyang <3161362058@qq.com>

done cluster

Signed-off-by: jingyang <3161362058@qq.com>

done

Signed-off-by: jingyang <3161362058@qq.com>

* fix build

Signed-off-by: jingyang <3161362058@qq.com>

* fix oss && only zh

Signed-off-by: jingyang <3161362058@qq.com>

* feat checkout wechat

Signed-off-by: jingyang <3161362058@qq.com>

* fix ci

Signed-off-by: jingyang <3161362058@qq.com>

---------

Signed-off-by: jingyang <3161362058@qq.com>

service/license/.dockerignore

@@ -0,0 +1,12 @@
+Dockerfile
+.dockerignore
+node_modules
+npm-debug.log
+README.md
+.next
+.git
+.env.local
+config.yaml
+
+.yalc/
+yalc.lock

service/license/.env.template

@@ -0,0 +1,27 @@
+PUBLIC_URL=.
+NEXT_PUBLIC_SERVICE=/service/
+SEALOS_CLOUD_DOMAIN="cloud.sealos.io"
+
+# GITHUB_CLIENT_ID=
+# GITHUB_CLIENT_SECRET=
+# WECHAT_CLIENT_ID=
+# WECHAT_CLIENT_SECRET=
+# KUBECONFIG=
+# MONGODB_URI=
+# JWT_SECRET=
+# ALI_ACCESS_KEY_ID=
+# ALI_ACCESS_KEY_SECRET=
+# ALI_TEMPLATE_CODE=
+# ALI_SIGN_NAME=
+# PRIVATE_PROTOCOL=
+# SERVICE_PROTOCOL=
+# CALLBACK_URL=
+# PASSWORD_SALT=
+# WECHAT_ENABLED=
+# GITHUB_ENABLED=
+# PASSWORD_ENABLED=
+# SMS_ENABLED=
+
+# costcenter
+# STRIPE_ENABLED=
+# STRIPE_PUB=

service/license/.eslintrc.json

@@ -0,0 +1,3 @@
+{
+  "extends": "next/core-web-vitals"
+}

service/license/.gitignore

@@ -0,0 +1,35 @@
+# See https://help.github.com/articles/ignoring-files/ for more about ignoring files.
+
+# dependencies
+/node_modules
+/.pnp
+.pnp.js
+
+# testing
+/coverage
+
+# next.js
+/.next/
+/out/
+
+# production
+/build
+
+# misc
+.DS_Store
+*.pem
+
+# debug
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# local env files
+.env*.local
+
+# vercel
+.vercel
+
+# typescript
+*.tsbuildinfo
+next-env.d.ts

service/license/.prettierignore

@@ -0,0 +1,18 @@
+*swp
+*rpmnew
+*swo
+.idea
+oss-config
+ossutil64
+main.exe
+dist
+.vscode
+scripts/release/Note.md
+.ossutil_checkpoint
+bin
+.run
+tools
+coverage.out
+tmp
+**/.DS_Store
+node_modules

service/license/.prettierrc.js

@@ -0,0 +1,20 @@
+module.exports = {
+  printWidth: 100,
+  tabWidth: 2,
+  useTabs: false,
+  semi: true,
+  singleQuote: true,
+  quoteProps: 'as-needed',
+  jsxSingleQuote: false,
+  trailingComma: 'none',
+  bracketSpacing: true,
+  jsxBracketSameLine: false,
+  arrowParens: 'always',
+  rangeStart: 0,
+  rangeEnd: Infinity,
+  requirePragma: false,
+  insertPragma: false,
+  proseWrap: 'preserve',
+  htmlWhitespaceSensitivity: 'css',
+  endOfLine: 'lf'
+}

service/license/Dockerfile

@@ -0,0 +1,90 @@
+# 指定基础镜像版本，确保每次构建都是幂等的
+FROM node:18-alpine AS base
+
+FROM base AS builder
+
+# Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed.
+RUN apk add --no-cache libc6-compat
+
+# Node v16.13 开始支持 corepack 用于管理第三方包管理器
+# 锁定包管理器版本，确保 CI 每次构建都是幂等的
+# RUN corepack enable && corepack prepare pnpm@latest --activate
+RUN corepack enable && corepack prepare pnpm@8.5.0 --activate
+
+WORKDIR /app
+
+# pnpm fetch does require only lockfile
+# 注意还需要复制 `.npmrc`，因为里面可能包含 npm registry 等配置，下载依赖需要用到
+COPY pnpm-lock.yaml ./
+
+# 推荐使用 pnpm fetch 命令下载依赖到 virtual store，专为 docker 构建优化
+# 参考：https://pnpm.io/cli/fetch
+RUN pnpm fetch
+
+# 将本地文件复制到构建上下文
+COPY . .
+
+# Uncomment the following line in case you want to disable telemetry during the build.
+ENV NEXT_TELEMETRY_DISABLED 1
+
+# 基于 virtual store 生成 node_modules && 打包构建
+# 此处不需要与 package registry 进行通信，因此依赖安装速度极快
+# 注意 PNPM v8.4.0 版本有一个 breaking change
+# 当 `node_modules` 存在，运行 `pnpm install` 会出现命令行交互操作，导致 CI 挂掉
+# 这里加上 `--force` 参数，关闭命令行交互操作
+RUN pnpm install --offline --force && pnpm build
+
+FROM base AS runner
+
+# RUN apk update && apk add --no-cache git
+RUN apk add --no-cache curl
+
+# 如果需要是用 TZ 环境变量 实现时区控制，需要安装 tzdata 这个包
+# debian 的基础镜像默认情况下已经安装了 tzdata，而 ubuntu 并没有
+# RUN apk add --no-cache tzdata
+
+ARG RUNTIME_ENV
+ENV RUNTIME_ENV=$RUNTIME_ENV
+ENV NODE_ENV production
+
+# Docker 容器不推荐用 root 身份运行
+# 这边先建立一个特定的用户和用户组，为它分配必要的权限，使用 USER 切换到这个用户
+# 注意，如果不是 root 权限，对于可执行文件，需要修改权限，确保文件可以执行
+RUN addgroup --system --gid 1001 nodejs
+RUN adduser --system --uid 1001 nextjs
+
+# 设置时区
+# 在使用 Docker 容器时，系统默认的时区就是 UTC 时间（0 时区），和我们实际需要的北京时间相差八个小时
+# ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 TZ=Asia/Shanghai
+# RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
+
+WORKDIR /app
+
+# PNPM 有一个全局 store，项目中的 node_modules 实际上是全局 store 的 symlink
+# 正常需要从上一阶段同时复制 `node_modules` 和全局 store，这样才能正常运行
+# 但是由于 `standalone` 目录里面包含所有运行时依赖，且都是独立目录
+# 因此可以直接复制该目录，无需复制全局 store（如果复制还会增加镜像体积）
+# 另外运行需要的配置文件、dotfile 也都在 `standalone` 目录里面，无需单独复制
+
+# `standalone` 模式打包，默认包含服务端代码，没有客户端代码
+# 因为官方建议通过 CDN 托管，但也可以手动复制 `public`、`.next/static` 目录
+COPY --from=builder /app/public ./public
+COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
+COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
+
+# 注意，`standalone` 目录下已经包含了服务端代码，无需再复制 `.next/server`
+# COPY --from=builder /app/.next/server ./.next/server
+
+USER nextjs
+
+# Uncomment the following line in case you want to disable telemetry during runtime.
+ENV NEXT_TELEMETRY_DISABLED 1
+ENV PORT 3000
+
+# 默认暴露 80 端口
+EXPOSE 3000
+
+# 用 standalone 模式打包后，生成的 `standalone/node_modules` 目录下缺少 `.bin` 目录
+# 导致无法用 `next` 命令启动项目，但可以用 `node server.js` 启动
+# 参考：https://nextjs.org/docs/advanced-features/output-file-tracing
+CMD ["node", "server.js"]

service/license/README.md

@@ -0,0 +1,40 @@
+This is a [Next.js](https://nextjs.org/) project bootstrapped with [`create-next-app`](https://github.com/vercel/next.js/tree/canary/packages/create-next-app).
+
+## Getting Started
+
+First, run the development server:
+
+```bash
+npm run dev
+# or
+yarn dev
+# or
+pnpm dev
+# or
+bun dev
+```
+
+Open [http://localhost:3000](http://localhost:3000) with your browser to see the result.
+
+You can start editing the page by modifying `pages/index.tsx`. The page auto-updates as you edit the file.
+
+[API routes](https://nextjs.org/docs/api-routes/introduction) can be accessed on [http://localhost:3000/api/hello](http://localhost:3000/api/hello). This endpoint can be edited in `pages/api/hello.ts`.
+
+The `pages/api` directory is mapped to `/api/*`. Files in this directory are treated as [API routes](https://nextjs.org/docs/api-routes/introduction) instead of React pages.
+
+This project uses [`next/font`](https://nextjs.org/docs/basic-features/font-optimization) to automatically optimize and load Inter, a custom Google Font.
+
+## Learn More
+
+To learn more about Next.js, take a look at the following resources:
+
+- [Next.js Documentation](https://nextjs.org/docs) - learn about Next.js features and API.
+- [Learn Next.js](https://nextjs.org/learn) - an interactive Next.js tutorial.
+
+You can check out [the Next.js GitHub repository](https://github.com/vercel/next.js/) - your feedback and contributions are welcome!
+
+## Deploy on Vercel
+
+The easiest way to deploy your Next.js app is to use the [Vercel Platform](https://vercel.com/new?utm_medium=default-template&filter=next.js&utm_source=create-next-app&utm_campaign=create-next-app-readme) from the creators of Next.js.
+
+Check out our [Next.js deployment documentation](https://nextjs.org/docs/deployment) for more details.

service/license/deploy/Kubefile

@@ -0,0 +1,16 @@
+FROM scratch
+USER 65532:65532
+
+COPY registry registry
+COPY manifests manifests
+COPY scripts scripts
+
+ENV cloudDomain="127.0.0.1.nip.io"
+ENV cloudPort=""
+ENV certSecretName="wildcard-cert"
+ENV passWordEnabled="false"
+ENV githubEnabled="false"
+ENV wechatEnabled="false"
+ENV smsEnabled="false"
+
+CMD ["bash scripts/init.sh"]

service/license/deploy/README.md

@@ -0,0 +1,53 @@
+### How to build image
+
+```shell
+sealos build -t docker.io/labring/sealos-cloud-desktop:latest -f Kubefile .
+```
+
+### Env
+
+| Name                       | Description                 | Default                                |
+|----------------------------|-----------------------------|----------------------------------------|
+| `cloudDomain`              | sealos cloud domain         | `cloud.example.com`                    |
+| `wildcardCertSecretName`   | wildcard cert secret name   | `wildcard-cert`                        |
+
+### Config
+
+If you enable password login (which is enabled by default), you need to set the password salt by using a config file.
+
+And this is a command to generate a password salt:
+```shell
+echo -n "your-password-salt" | base64
+```
+
+
+Here is a config file example:
+```yaml
+# desktop-config.yaml
+apiVersion: apps.sealos.io/v1beta1
+kind: Config
+metadata:
+  name: secret
+spec:
+  path: manifests/secret.yaml
+  match: docker.io/labring/sealos-cloud-desktop:latest
+  strategy: merge
+  data: |
+    data:
+      mongodb_uri: <your-mongodb-uri-base64>
+      jwt_secret: <your-jwt-secret-base64>
+      password_salt: <your-password-salt-base64>
+```
+
+*Please make sure `spec.match` is the same as the image you want to run*
+
+### How to run
+
+```shell
+sealos run \
+    --env cloudDomain="127.0.0.1.nip.io" \
+    --env wildcardCertSecretName="wildcard-cert" \
+    --env passwordEnabled="true" \
+    docker.io/labring/sealos-cloud-desktop:latest \
+    --config-file desktop-config.yaml 
+```