Compare commits

...

5 Commits

Author SHA1 Message Date
Daniel Bedeleanu
c874d27d64 Build [v1.8.4] (Satisfy frontend relative VERSION.json path) 2026-04-13 19:44:52 +03:00
Daniel Bedeleanu
939ad8648d Build [v1.8.3] (Explicit directory creation in bundle) 2026-04-13 19:39:33 +03:00
Daniel Bedeleanu
6f6caf3c5a Build [v1.8.2] (Fix missing scripts in bundle) 2026-04-13 19:38:11 +03:00
Daniel Bedeleanu
5e648002f0 Build [v1.8.1] (Fix Docker Context) 2026-04-13 19:36:06 +03:00
Daniel Bedeleanu
81b775c9ae Build [v1.8.0] 2026-04-13 19:23:48 +03:00
19 changed files with 199 additions and 57 deletions

View File

@@ -24,8 +24,9 @@ A unified system to maintain an inventory of "items" and their quantities, inclu
### 2.3 Operations & Tooling ### 2.3 Operations & Tooling
- **PWA Deployment:** `next-pwa` (Service Workers + Manifest.json) - **PWA Deployment:** `next-pwa` (Service Workers + Manifest.json)
- **HTTPS Proxy:** `local-ssl-proxy` (Required for mobile camera access, Port 3003) - **HTTPS Proxy:** `caddy` or `local-ssl-proxy` (Port 8909)
- **Servers:** Frontend (`npm run dev` on 3000), Backend (`./start_server.sh` on 8000) - **Servers:** Frontend (Port 8907), Backend (Port 8906)
- **Configuration:** Centrally managed via root `config/` directory (includes `network_config.env`, `ldap_config.json`, `Caddyfile`).
## 3. Data Models & Entities ## 3. Data Models & Entities
- **Item:** Name, Category Group (Structured), Item Type (Specific), Quantity, Barcode, Part Number, Box Label (Association). - **Item:** Name, Category Group (Structured), Item Type (Specific), Quantity, Barcode, Part Number, Box Label (Association).
@@ -88,7 +89,7 @@ To ensure enterprise-grade protection, the following policies are enforced:
- **Cryptographic Credential Caching:** To support offline operations, the system caches a **PBKDF2-HMAC-SHA256 hash** of the user's Enterprise credentials upon successful online login. Plain text passwords are NEVER stored. - **Cryptographic Credential Caching:** To support offline operations, the system caches a **PBKDF2-HMAC-SHA256 hash** of the user's Enterprise credentials upon successful online login. Plain text passwords are NEVER stored.
### 7.4 PWA Trust & Security ### 7.4 PWA Trust & Security
- **HTTPS Enforcement:** The system requires TLS (Port 3003) for camera access and secure token transmission. - **HTTPS Enforcement:** The system requires TLS (Port 8909) for camera access and secure token transmission.
- **Manifest Integrity:** A comprehensive `manifest.json` ensures the app is recognized as a trusted PWA on mobile platforms (iOS/Android). - **Manifest Integrity:** A comprehensive `manifest.json` ensures the app is recognized as a trusted PWA on mobile platforms (iOS/Android).
7.5 Git Infrastructure Hardening (v1.7.0) 7.5 Git Infrastructure Hardening (v1.7.0)
To ensure deployment stability on macOS environments with potentially broken developer tool links (`xcode-select` errors): To ensure deployment stability on macOS environments with potentially broken developer tool links (`xcode-select` errors):

View File

@@ -12,21 +12,21 @@ This project supports three distinct operational modes:
Ideal for local development on macOS/Linux. Ideal for local development on macOS/Linux.
* **Command:** `./start_server.sh` * **Command:** `./start_server.sh`
* **Details:** Runs FastAPI (backend) and Next.js (frontend) in development mode. Uses `local-ssl-proxy` for HTTPS. * **Details:** Runs FastAPI (backend) and Next.js (frontend) in development mode. Uses `local-ssl-proxy` for HTTPS.
* **Backend:** http://localhost:8000 * **Backend:** http://localhost:8906
* **Frontend:** https://localhost:3003 * **Frontend:** https://localhost:8909
### 2. 🐳 Docker Mode (Recommended for Production) ### 2. 🐳 Docker Mode (Recommended for Production)
Isolated and portable container stack. Isolated and portable container stack.
* **Command:** `docker-compose up -d --build` * **Command:** `docker-compose up -d --build`
* **Details:** Uses Caddy as a reverse proxy for HTTPS. Persistent data and logs are mapped to `./data` and `./logs`. * **Details:** Uses Caddy as a reverse proxy for HTTPS. Persistent data and logs are mapped to `./data` and `./logs`.
* **Access:** https://localhost:3003 * **Access:** https://localhost:8909
### 3. 🐧 Standalone Linux Mode (Systemd) ### 3. 🐧 Standalone Linux Mode (Systemd)
Native Linux installation (Alma/Debian/Ubuntu) without Docker dependencies. Native Linux installation (Alma/Debian/Ubuntu) without Docker dependencies.
* **Installation:** `sudo ./install_service.sh` * **Installation:** `sudo ./install_service.sh`
* **Execution:** `sudo systemctl start inventory` * **Execution:** `sudo systemctl start inventory`
* **Details:** Compiles the frontend for production and manages the entire stack as a system service. * **Details:** Compiles the frontend for production and manages the entire stack as a system service.
* **Access:** https://<SERVER-IP>:3003 * **Access:** https://<SERVER-IP>:8909
--- ---
@@ -77,6 +77,12 @@ export ALLOWED_ORIGINS="https://your-domain.com"
docker-compose up -d --build docker-compose up -d --build
``` ```
### 🌐 Network & Port Customization
The application uses a central configuration file for all network settings:
- **Location:** `config/network_config.env`
- **Purpose:** Change the `SERVER_IP` (default: `192.168.84.113`) and reserved ports (`8906-8909`).
- **Mechanism:** Startup scripts automatically sync these settings to the frontend and Docker environment.
For detailed security audit report, see [dev_docs/SECURITY_REPORT.md](dev_docs/SECURITY_REPORT.md). For detailed security audit report, see [dev_docs/SECURITY_REPORT.md](dev_docs/SECURITY_REPORT.md).
--- ---

View File

@@ -100,6 +100,11 @@ If your organization uses LDAP/Active Directory, administrators can:
### Settings ### Settings
Access application settings from the **Admin** panel. Access application settings from the **Admin** panel.
### 🌐 Network & Configuration (NEW v1.8.0)
The application now uses a centralized configuration folder in the project root:
- **`config/`**: Contains all network settings (`network_config.env`), LDAP profiles (`ldap_config.json`), and security proxy rules (`Caddyfile`).
- **Dynamic Port Mapping**: Changes to the server IP or ports in the configuration are automatically detected by both the frontend and backend after a restart.
--- ---
## 🚨 Security Notices ## 🚨 Security Notices
@@ -141,5 +146,5 @@ For detailed technical documentation, see the [Project Architecture](../PROJECT_
--- ---
**Version:** v1.7.0 **Version:** v1.8.4
**Last Updated:** 2026-04-12 **Last Updated:** 2026-04-13

View File

@@ -1,5 +1,5 @@
{ {
"version": "1.7.0", "version": "1.8.4",
"last_build": "2026-04-12-2224", "last_build": "2026-04-13-1945",
"codename": "GitGuard" "codename": "ConfigSync"
} }

View File

@@ -24,7 +24,7 @@ log.info("TFM aInventory API process started.")
# Secure fallback: localhost only for development. # Secure fallback: localhost only for development.
_raw_origins = os.environ.get( _raw_origins = os.environ.get(
"ALLOWED_ORIGINS", "ALLOWED_ORIGINS",
"http://localhost:3000,http://localhost:3002" "http://localhost:8907,https://localhost:8909"
) )
ALLOWED_ORIGINS = [o.strip() for o in _raw_origins.split(",") if o.strip()] ALLOWED_ORIGINS = [o.strip() for o in _raw_origins.split(",") if o.strip()]
log.info(f"CORS allowed origins: {ALLOWED_ORIGINS}") log.info(f"CORS allowed origins: {ALLOWED_ORIGINS}")

View File

@@ -20,8 +20,9 @@ limiter = Limiter(key_func=get_remote_address)
pwd_context = CryptContext(schemes=["pbkdf2_sha256"], deprecated="auto") pwd_context = CryptContext(schemes=["pbkdf2_sha256"], deprecated="auto")
def get_ldap_config(): def get_ldap_config():
# Read from backend/config/ directory # Read from root /config directory
config_dir = os.path.join(os.path.dirname(os.path.dirname(os.path.abspath(__file__))), "config") root_dir = os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
config_dir = os.path.join(root_dir, "config")
config_path = os.path.join(config_dir, "ldap_config.json") config_path = os.path.join(config_dir, "ldap_config.json")
if os.path.exists(config_path): if os.path.exists(config_path):
with open(config_path, "r") as f: with open(config_path, "r") as f:
@@ -314,7 +315,8 @@ def update_ldap_settings(
current_user: auth.TokenData = Depends(auth.get_current_admin) current_user: auth.TokenData = Depends(auth.get_current_admin)
): ):
"""[C-01] Update LDAP config — admin only.""" """[C-01] Update LDAP config — admin only."""
config_dir = os.path.join(os.path.dirname(os.path.dirname(os.path.abspath(__file__))), "config") root_dir = os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
config_dir = os.path.join(root_dir, "config")
os.makedirs(config_dir, exist_ok=True) os.makedirs(config_dir, exist_ok=True)
config_path = os.path.join(config_dir, "ldap_config.json") config_path = os.path.join(config_dir, "ldap_config.json")
with open(config_path, "w") as f: with open(config_path, "w") as f:

View File

@@ -1,12 +1,12 @@
# TFM aInventory - Caddy Self-Signed Internal Proxy # TFM aInventory - Caddy Self-Signed Internal Proxy
# This replaces the need for `local-ssl-proxy` in Node. # This replaces the need for `local-ssl-proxy` in Node.
:3003 { :{$FRONTEND_SSL_PORT} {
tls internal tls internal
reverse_proxy frontend:3000 reverse_proxy frontend:3000
} }
:3002 { :{$BACKEND_SSL_PORT} {
tls internal tls internal
reverse_proxy backend:8000 reverse_proxy backend:8000
} }

View File

@@ -17,8 +17,8 @@ JWT_SECRET_KEY=change-me-generate-a-secure-random-value
# --- CORS --- # --- CORS ---
# Comma-separated list of allowed frontend origins # Comma-separated list of allowed frontend origins
# Example for LAN deployment: # Example for LAN deployment:
# ALLOWED_ORIGINS=http://192.168.1.100:3000,https://192.168.1.100:3003 # ALLOWED_ORIGINS=http://192.168.84.113:8907,https://192.168.84.113:8909
ALLOWED_ORIGINS=http://localhost:3000,https://localhost:3003 ALLOWED_ORIGINS=http://localhost:8907,https://localhost:8909
# --- Data Paths (overridden by start_server.sh / docker-compose) --- # --- Data Paths (overridden by start_server.sh / docker-compose) ---
# DATA_DIR=/absolute/path/to/data # DATA_DIR=/absolute/path/to/data

19
config/ldap_config.json Normal file
View File

@@ -0,0 +1,19 @@
{
"ldap_enabled": true,
"server_uri": "ldaps://192.168.84.107:6360",
"base_dn": "dc=ldap,dc=lan",
"user_template": "uid={username},ou=people,dc=ldap,dc=lan",
"groups_dn": "ou=groups",
"use_tls": true,
"role_mappings": [
{
"group": "inventory_admins",
"role": "admin"
},
{
"group": "inventory_users",
"role": "user"
}
],
"ignore_cert": true
}

28
config/network_config.env Normal file
View File

@@ -0,0 +1,28 @@
# =============================================================================
# TFM aInventory - Central Network Configuration
# =============================================================================
# Use this file to customize the ports and IP address used by the application
# without needing to modify the source code.
#
# IMPORTANT: After modifying this file, restart the application for changes
# to take effect.
# =============================================================================
# The primary IP address where the application will be accessed.
# Used for CORS settings and documentation links.
SERVER_IP=192.168.84.113
# --- BACKEND PORTS ---
# Internal port for the FastAPI server (Backend)
BACKEND_PORT=8906
# External port for the Backend HTTPS Proxy (Caddy/local-ssl-proxy)
BACKEND_SSL_PORT=8908
# --- FRONTEND PORTS ---
# Internal port for the Next.js dev/prod server
FRONTEND_PORT=8907
# External port for the Frontend HTTPS Proxy (Caddy/local-ssl-proxy)
# This is the port you will use in your browser (e.g. https://192.168.84.113:8909)
FRONTEND_SSL_PORT=8909

View File

@@ -56,8 +56,10 @@
## SYSTEM STATE ## SYSTEM STATE
**Active database:** `<project_root>/data/inventory.db` **Active database:** `<project_root>/data/inventory.db`
**LDAP config:** `backend/config/ldap_config.json` **LDAP config:** `config/ldap_config.json`
**Production Bundle:** `aInventory-PROD-v1.6.0.zip` (BoxMaster Final) **Network config:** `config/network_config.env`
**Proxy config:** `config/Caddyfile`
**Production Bundle:** `aInventory-PROD-v1.8.0.zip` (ConfigSync Final)
> [!IMPORTANT] > [!IMPORTANT]
> **Git Access Fix**: The `xcode-select` breakage is bypassed by using the direct binary path: `/Library/Developer/CommandLineTools/usr/bin/git` (stored in `.git_path`). **DO NOT change this path.** Operations now work correctly via this direct link. > **Git Access Fix**: The `xcode-select` breakage is bypassed by using the direct binary path: `/Library/Developer/CommandLineTools/usr/bin/git` (stored in `.git_path`). **DO NOT change this path.** Operations now work correctly via this direct link.
@@ -66,8 +68,8 @@
```bash ```bash
./start_server.sh ./start_server.sh
``` ```
- Frontend: `https://<LOCAL_IP>:3003` - Frontend: `https://192.168.84.113:8909`
- Backend: `https://<LOCAL_IP>:3002` - Backend: `https://192.168.84.113:8908`
**Environment variables set by start_server.sh:** **Environment variables set by start_server.sh:**
- `ALLOWED_ORIGINS` — auto-detected - `ALLOWED_ORIGINS` — auto-detected

View File

@@ -1,5 +1,3 @@
version: '3.8'
services: services:
backend: backend:
build: build:
@@ -8,7 +6,9 @@ services:
networks: networks:
- inventory_net - inventory_net
ports: ports:
- "8000:8000" - ${BACKEND_PORT:-8000}:8000
env_file:
- ./config/network_config.env
volumes: volumes:
- ./data:/app/data - ./data:/app/data
- ./logs:/app/logs - ./logs:/app/logs
@@ -16,10 +16,9 @@ services:
environment: environment:
- DATA_DIR=/app/data - DATA_DIR=/app/data
- LOGS_DIR=/app/logs - LOGS_DIR=/app/logs
# [M-01] CORS allowed origins — customize for production - ALLOWED_ORIGINS=http://localhost:${FRONTEND_PORT:-3001},https://localhost:${FRONTEND_SSL_PORT:-3003},http://${SERVER_IP:-localhost}:${FRONTEND_PORT:-3001},https://${SERVER_IP:-localhost}:${FRONTEND_SSL_PORT:-3003},https://localhost:${BACKEND_SSL_PORT:-3002},https://${SERVER_IP:-localhost}:${BACKEND_SSL_PORT:-3002}
- ALLOWED_ORIGINS=http://localhost:3000,http://localhost:3002
# [C-01] JWT secret key — GENERATE A SECURE VALUE FOR PRODUCTION! # [C-01] JWT secret key — GENERATE A SECURE VALUE FOR PRODUCTION!
- JWT_SECRET_KEY=${JWT_SECRET_KEY:-change-me-in-production} - JWT_SECRET_KEY=${JWT_SECRET_KEY:-change_me_in_production}
restart: unless-stopped restart: unless-stopped
frontend: frontend:
@@ -29,7 +28,9 @@ services:
networks: networks:
- inventory_net - inventory_net
ports: ports:
- "3000:3000" - ${FRONTEND_PORT:-3000}:3000
env_file:
- ./config/network_config.env
volumes: volumes:
- ./logs:/app/logs - ./logs:/app/logs
# Write Next.js logs to both stdout (docker logs) and file (mapped volume) # Write Next.js logs to both stdout (docker logs) and file (mapped volume)
@@ -41,10 +42,12 @@ services:
networks: networks:
- inventory_net - inventory_net
ports: ports:
- "3002:3002" - ${BACKEND_SSL_PORT:-3002}:${BACKEND_SSL_PORT:-3002}
- "3003:3003" - ${FRONTEND_SSL_PORT:-3003}:${FRONTEND_SSL_PORT:-3003}
env_file:
- ./config/network_config.env
volumes: volumes:
- ./Caddyfile:/etc/caddy/Caddyfile - ./config/Caddyfile:/etc/caddy/Caddyfile
# Persist the internal Caddy certificates so users don't get new certificate warnings constantly # Persist the internal Caddy certificates so users don't get new certificate warnings constantly
- ./data/caddy_data:/data - ./data/caddy_data:/data
- ./data/caddy_config:/config - ./data/caddy_config:/config

View File

@@ -18,9 +18,11 @@ echo "📂 Copying application components (excluding dev artifacts)..."
rsync -a --exclude 'node_modules' --exclude '.next' frontend/ "$PROD_DIR/frontend/" rsync -a --exclude 'node_modules' --exclude '.next' frontend/ "$PROD_DIR/frontend/"
rsync -a --exclude '__pycache__' --exclude '.pytest_cache' --exclude '.venv' --exclude 'tests' backend/ "$PROD_DIR/backend/" rsync -a --exclude '__pycache__' --exclude '.pytest_cache' --exclude '.venv' --exclude 'tests' backend/ "$PROD_DIR/backend/"
# Orchestration & Scripts # Orchestration, Config & Scripts
mkdir -p "$PROD_DIR/config" "$PROD_DIR/scripts"
cp docker-compose.yml "$PROD_DIR/" cp docker-compose.yml "$PROD_DIR/"
cp Caddyfile "$PROD_DIR/" rsync -a config/ "$PROD_DIR/config/"
rsync -a scripts/ "$PROD_DIR/scripts/"
cp start_server.sh "$PROD_DIR/" cp start_server.sh "$PROD_DIR/"
cp run_standalone.sh "$PROD_DIR/" cp run_standalone.sh "$PROD_DIR/"
cp install_service.sh "$PROD_DIR/" cp install_service.sh "$PROD_DIR/"
@@ -29,6 +31,7 @@ cp USER_GUIDE.md "$PROD_DIR/"
cp README.md "$PROD_DIR/INSTALLATION_GUIDE.md" cp README.md "$PROD_DIR/INSTALLATION_GUIDE.md"
cp .git_path "$PROD_DIR/" 2>/dev/null || true cp .git_path "$PROD_DIR/" 2>/dev/null || true
cp VERSION.json "$PROD_DIR/" cp VERSION.json "$PROD_DIR/"
cp VERSION.json "$PROD_DIR/frontend/"
# Setup persistent volume skeleton # Setup persistent volume skeleton
mkdir -p "$PROD_DIR/data" mkdir -p "$PROD_DIR/data"
@@ -44,7 +47,7 @@ TO RUN VIA DOCKER (Recommended):
1. Install Docker Desktop or Docker Engine. 1. Install Docker Desktop or Docker Engine.
2. Run: docker-compose build 2. Run: docker-compose build
3. Run: docker-compose up -d 3. Run: docker-compose up -d
4. Access via https://<YOUR-IP>:3003 (Accept the internal security warning). 4. Access via https://<YOUR-IP>:8909 (Accept the internal security warning).
TO INSTALL AS A LINUX SYSTEM SERVICE (Optional): TO INSTALL AS A LINUX SYSTEM SERVICE (Optional):
1. sudo ./install_service.sh 1. sudo ./install_service.sh
@@ -54,7 +57,7 @@ TO RUN BARE-METAL (No Docker):
1. Install Python 3.12+ and Node.js 20+. 1. Install Python 3.12+ and Node.js 20+.
2. Ensure you have network access for npm installs. 2. Ensure you have network access for npm installs.
3. Run: ./start_server.sh 3. Run: ./start_server.sh
4. Access via https://<YOUR-IP>:3003 4. Access via https://<YOUR-IP>:8909
Note: Database and Logs will persist in the /data and /logs directories. Note: Database and Logs will persist in the /data and /logs directories.
EOF EOF

View File

@@ -4,15 +4,16 @@ FROM node:20-alpine AS base
FROM base AS deps FROM base AS deps
RUN apk add --no-cache libc6-compat RUN apk add --no-cache libc6-compat
WORKDIR /app WORKDIR /app
# We run this from the frontend folder context # Context is root to allow access to VERSION.json
COPY package.json package-lock.json* ./ COPY frontend/package.json frontend/package-lock.json* ./
RUN npm ci RUN npm ci
# Step 2: Build the source code # Step 2: Build the source code
FROM base AS builder FROM base AS builder
WORKDIR /app WORKDIR /app
COPY --from=deps /app/node_modules ./node_modules COPY --from=deps /app/node_modules ./node_modules
COPY . . COPY frontend .
COPY VERSION.json .
# Disable telemetry during build # Disable telemetry during build
ENV NEXT_TELEMETRY_DISABLED 1 ENV NEXT_TELEMETRY_DISABLED 1
RUN npm run build RUN npm run build

View File

@@ -1,20 +1,48 @@
import axios from 'axios'; import axios from 'axios';
import { getToken, clearAuth } from './auth'; import { getToken, clearAuth } from './auth';
export const getBackendUrl = () => { // Cached config to avoid repeated fetches
if (typeof window === 'undefined') return 'http://localhost:8000'; let cachedConfig: any = null;
/**
* Fetches the network configuration from the public/network.json file.
* This file is generated at startup by start_server.sh or docker-compose.
*/
export const getNetworkConfig = async () => {
if (cachedConfig) return cachedConfig;
if (typeof window === 'undefined') {
return { SERVER_IP: 'localhost', BACKEND_PORT: 8000, BACKEND_SSL_PORT: 8908 };
}
try {
const response = await fetch('/network.json');
if (!response.ok) throw new Error("Config not found");
cachedConfig = await response.json();
return cachedConfig;
} catch (e) {
console.warn("Network config not found, using compiled defaults.");
// Defaults matching the initial reserve ports in case network.json is missing
return { SERVER_IP: 'localhost', BACKEND_PORT: 8906, BACKEND_SSL_PORT: 8908 };
}
};
export const getBackendUrl = async () => {
const config = await getNetworkConfig();
if (typeof window === 'undefined') return `http://localhost:${config.BACKEND_PORT}`;
const host = window.location.hostname; const host = window.location.hostname;
// If we are on HTTPS (Proxy/Mobile mode), we use port 3002 for the backend // If we are on HTTPS (Proxy/Mobile mode), we use the SSL port for the backend
if (window.location.protocol === 'https:') { if (window.location.protocol === 'https:') {
if (host.includes('.loca.lt')) { if (host.includes('.loca.lt')) {
return 'https://inventory-ai-api.loca.lt'; return 'https://inventory-ai-api.loca.lt';
} }
return `https://${host}:3002`; return `https://${host}:${config.BACKEND_SSL_PORT}`;
} }
return `http://${host}:8000`; return `http://${host}:${config.BACKEND_PORT}`;
}; };
/** /**
@@ -23,9 +51,9 @@ export const getBackendUrl = () => {
*/ */
const axiosInstance = axios.create({}); const axiosInstance = axios.create({});
axiosInstance.interceptors.request.use((config) => { axiosInstance.interceptors.request.use(async (config) => {
if (!config.baseURL) { if (!config.baseURL) {
config.baseURL = getBackendUrl(); // called at request time — always correct config.baseURL = await getBackendUrl(); // called at request time — always correct
} }
const token = getToken(); const token = getToken();
if (token) { if (token) {
@@ -110,7 +138,8 @@ export const inventoryApi = {
// Users // Users
getUsers: async () => { getUsers: async () => {
// [C-01] Public endpoint — use plain axios to avoid JWT interceptor // [C-01] Public endpoint — use plain axios to avoid JWT interceptor
const res = await axios.get(`${getBackendUrl()}/users/`); const baseUrl = await getBackendUrl();
const res = await axios.get(`${baseUrl}/users/`);
return res.data; return res.data;
}, },
@@ -121,7 +150,8 @@ export const inventoryApi = {
login: async (credentials: any) => { login: async (credentials: any) => {
// [C-01] Login endpoint — NU adaug token header (login e public) // [C-01] Login endpoint — NU adaug token header (login e public)
const res = await axios.post(`${getBackendUrl()}/users/login`, credentials); const baseUrl = await getBackendUrl();
const res = await axios.post(`${baseUrl}/users/login`, credentials);
return res.data; return res.data;
}, },

View File

@@ -7,17 +7,38 @@ echo "🚀 Starting TFM aInventory in Standalone Mode..."
# Trapping termination signals to clean up child processes # Trapping termination signals to clean up child processes
trap "echo 'Stopping all processes...'; kill 0" SIGINT SIGTERM EXIT trap "echo 'Stopping all processes...'; kill 0" SIGINT SIGTERM EXIT
# --- CONFIGURATION (Match start_server.sh) --- # --- CONFIGURATION (Default values, overridden by network_config.env) ---
BACKEND_PORT=8000 BACKEND_PORT=8000
FRONTEND_PORT=3001 FRONTEND_PORT=3001
BACKEND_SSL_PORT=3002 BACKEND_SSL_PORT=3002
FRONTEND_SSL_PORT=3003 FRONTEND_SSL_PORT=3003
SERVER_IP="localhost"
# Load Configuration from file if it exists
CONFIG_PATH="$(cd "$(dirname "$0")" && pwd)/config/network_config.env"
if [ -f "$CONFIG_PATH" ]; then
echo "⚙️ Loading network configuration from $CONFIG_PATH..."
export $(grep -v '^#' "$CONFIG_PATH" | xargs)
fi
# 1. Activate Environment # 1. Activate Environment
if [ -d ".venv" ]; then if [ -d ".venv" ]; then
source .venv/bin/activate source .venv/bin/activate
fi fi
# 1.5 Sync Network Config to Frontend
echo "🔌 Syncing network configuration to frontend..."
mkdir -p frontend/public
cat <<EOF > frontend/public/network.json
{
"SERVER_IP": "$SERVER_IP",
"BACKEND_PORT": $BACKEND_PORT,
"BACKEND_SSL_PORT": $BACKEND_SSL_PORT,
"FRONTEND_PORT": $FRONTEND_PORT,
"FRONTEND_SSL_PORT": $FRONTEND_SSL_PORT
}
EOF
# 2. Start Backend (No Reload for Prod) # 2. Start Backend (No Reload for Prod)
echo "🔥 Starting Backend (Uvicorn)..." echo "🔥 Starting Backend (Uvicorn)..."
python3 -m uvicorn backend.main:app --host 0.0.0.0 --port $BACKEND_PORT & python3 -m uvicorn backend.main:app --host 0.0.0.0 --port $BACKEND_PORT &

View File

@@ -32,10 +32,10 @@ mkdir -p "$DATA_DIR"
mkdir -p "$LOGS_DIR" mkdir -p "$LOGS_DIR"
# 2. Copy LDAP config from example template if no active config exists yet # 2. Copy LDAP config from example template if no active config exists yet
# NOTE: The application reads LDAP config from backend/config/ldap_config.json # NOTE: The application reads LDAP config from config/ldap_config.json
# (see backend/routers/users.py → get_ldap_config()) # (see backend/routers/users.py → get_ldap_config())
LDAP_CONFIG="$PROJECT_ROOT/backend/config/ldap_config.json" LDAP_CONFIG="$PROJECT_ROOT/config/ldap_config.json"
LDAP_EXAMPLE="$PROJECT_ROOT/backend/config/ldap_config.json.example" LDAP_EXAMPLE="$PROJECT_ROOT/config/ldap_config.json.example"
if [ ! -f "$LDAP_CONFIG" ]; then if [ ! -f "$LDAP_CONFIG" ]; then
if [ -f "$LDAP_EXAMPLE" ]; then if [ -f "$LDAP_EXAMPLE" ]; then

View File

@@ -1,10 +1,19 @@
#!/bin/bash #!/bin/bash
# --- CONFIGURATION --- # --- CONFIGURATION (Default values, will be overridden by network_config.env) ---
BACKEND_PORT=8000 BACKEND_PORT=8000
FRONTEND_PORT=3001 FRONTEND_PORT=3001
BACKEND_SSL_PORT=3002 BACKEND_SSL_PORT=3002
FRONTEND_SSL_PORT=3003 FRONTEND_SSL_PORT=3003
SERVER_IP="localhost"
# Load Configuration from file if it exists
CONFIG_PATH="$(cd "$(dirname "$0")" && pwd)/config/network_config.env"
if [ -f "$CONFIG_PATH" ]; then
echo "⚙️ Loading network configuration from $CONFIG_PATH..."
# Export variables from .env file (ignoring comments and empty lines)
export $(grep -v '^#' "$CONFIG_PATH" | xargs)
fi
# Add common Mac paths for npm/node # Add common Mac paths for npm/node
export PATH="/opt/homebrew/bin:/usr/local/bin:$PATH" export PATH="/opt/homebrew/bin:/usr/local/bin:$PATH"
@@ -39,6 +48,18 @@ export LOGS_DIR="$(cd "$(dirname "$0")" && pwd)/logs"
echo "🔧 Initializing runtime data directories..." echo "🔧 Initializing runtime data directories..."
bash "$(cd "$(dirname "$0")" && pwd)/scripts/init_data.sh" bash "$(cd "$(dirname "$0")" && pwd)/scripts/init_data.sh"
# 4.1 Sync Network Config to Frontend for runtime discovery
echo "🔌 Syncing network configuration to frontend..."
cat <<EOF > frontend/public/network.json
{
"SERVER_IP": "$SERVER_IP",
"BACKEND_PORT": $BACKEND_PORT,
"BACKEND_SSL_PORT": $BACKEND_SSL_PORT,
"FRONTEND_PORT": $FRONTEND_PORT,
"FRONTEND_SSL_PORT": $FRONTEND_SSL_PORT
}
EOF
echo "🔥 Starting Backend on port $BACKEND_PORT..." echo "🔥 Starting Backend on port $BACKEND_PORT..."
echo " CORS origins: $ALLOWED_ORIGINS" echo " CORS origins: $ALLOWED_ORIGINS"
python3 -m uvicorn backend.main:app --host 0.0.0.0 --port $BACKEND_PORT --reload & python3 -m uvicorn backend.main:app --host 0.0.0.0 --port $BACKEND_PORT --reload &
@@ -67,8 +88,8 @@ echo -e "${GREEN}${BOLD} 🚀 TFM aInventory UNIFIED ACCESS${NC}"
echo -e "${GREEN}=======================================================${NC}" echo -e "${GREEN}=======================================================${NC}"
echo "" echo ""
echo -e " USE THIS URL ON BOTH DESKTOP & MOBILE:" echo -e " USE THIS URL ON BOTH DESKTOP & MOBILE:"
echo -e " 👉 ${GREEN}${BOLD}https://$LOCAL_IP:3003${NC}" echo -e " 👉 ${GREEN}${BOLD}https://$LOCAL_IP:$FRONTEND_SSL_PORT${NC}"
echo -e " (Or ${GREEN}https://localhost:3003${NC} on this Mac)" echo -e " (Or ${GREEN}https://localhost:$FRONTEND_SSL_PORT${NC} on this Mac)"
echo "" echo ""
echo -e " ${YELLOW}${BOLD}NOTE:${NC} If you see a 'Not Private' warning," echo -e " ${YELLOW}${BOLD}NOTE:${NC} If you see a 'Not Private' warning,"
echo -e " Click 'Advanced' -> 'Proceed' to continue." echo -e " Click 'Advanced' -> 'Proceed' to continue."