Compare commits

...

11 Commits

Author SHA1 Message Date
Daniel Bedeleanu
a0eaddf994 Build [v1.9.4] (Single Source of Truth: Consolidated Configuration) 2026-04-13 21:15:19 +03:00
Daniel Bedeleanu
30be967887 Build [v1.9.3] (Fix Host-Side Port Interpolation with Root .env) 2026-04-13 21:12:55 +03:00
Daniel Bedeleanu
2b8d0b3f43 Build [v1.9.2] (Fix Environment Variable Overriding in Docker Compose) 2026-04-13 20:58:10 +03:00
Daniel Bedeleanu
07b15c8e01 Build [v1.9.1] (CORS Dynamic IP Resolution Fix) 2026-04-13 20:52:29 +03:00
Daniel Bedeleanu
65cc0c7b6d Official Release [v1.9.0] (Stability Milestone • Automatic Git Commit ID) 2026-04-13 20:41:10 +03:00
Daniel Bedeleanu
f137ded5aa Build [v1.8.9] (Runtime Permission Healing for Docker Volumes) 2026-04-13 20:32:40 +03:00
Daniel Bedeleanu
946f1787c7 Build [v1.8.8] (Complete Frontend Build Cleaned & Verified) 2026-04-13 20:24:21 +03:00
Daniel Bedeleanu
09be0b401d Build [v1.8.7] (Fix strict Type error in logs page) 2026-04-13 20:07:55 +03:00
Daniel Bedeleanu
3069a921e7 Build [v1.8.6] (TypeScript unknown catch type fix) 2026-04-13 19:56:27 +03:00
Daniel Bedeleanu
55e3cf5042 Build [v1.8.5] (Self-contained Frontend Build) 2026-04-13 19:50:28 +03:00
Daniel Bedeleanu
c874d27d64 Build [v1.8.4] (Satisfy frontend relative VERSION.json path) 2026-04-13 19:44:52 +03:00
21 changed files with 119 additions and 93 deletions

View File

@@ -146,5 +146,5 @@ For detailed technical documentation, see the [Project Architecture](../PROJECT_
---
**Version:** v1.8.3
**Version:** v1.8.4
**Last Updated:** 2026-04-13

View File

@@ -1,5 +0,0 @@
{
"version": "1.8.3",
"last_build": "2026-04-13-1941",
"codename": "ConfigSync"
}

View File

@@ -1,10 +1,11 @@
FROM python:3.12-slim
# Install system dependencies required for python-ldap (needed by backend)
# Install system dependencies
RUN apt-get update && apt-get install -y \
build-essential \
libldap2-dev \
libsasl2-dev \
gosu \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /app
@@ -26,14 +27,13 @@ COPY scripts ./scripts
ENV DATA_DIR="/app/data"
ENV LOGS_DIR="/app/logs"
# Ensure the appuser can write to data and logs if we pre-create them,
# although Docker volumes will handle ownership context.
# Pre-create directories and ensure they are writable
RUN mkdir -p /app/data /app/logs && chown -R appuser:appuser /app
# Make initialization scripts executable
RUN chmod +x /app/scripts/init_data.sh /app/backend/entrypoint.sh
USER appuser
EXPOSE 8000
EXPOSE 8000

View File

@@ -23,6 +23,10 @@ export LOGS_DIR="${LOGS_DIR:-/app/logs}"
echo "🐳 [Docker] Running data initialization..."
bash /app/scripts/init_data.sh
# Hand off to the application server
echo "🐳 [Docker] Starting uvicorn..."
exec python -m uvicorn backend.main:app --host 0.0.0.0 --port 8000
# Fix permissions for mounted volumes (which might be root-owned by the host)
echo "🐳 [Docker] Fixing volume permissions..."
chown -R appuser:appuser "${DATA_DIR}" "${LOGS_DIR}"
# Hand off to the application server as non-root user
echo "🐳 [Docker] Starting uvicorn as appuser..."
exec gosu appuser python -m uvicorn backend.main:app --host 0.0.0.0 --port 8000

View File

@@ -19,14 +19,38 @@ log.info("Database tables verified.")
app = FastAPI(title="TFM aInventory API", version="1.1.0")
log.info("TFM aInventory API process started.")
# [SECURITY FIX M-01] CORS: allow_origins=["*"] + allow_credentials=True is invalid per spec.
# Allowed origins are configured via ALLOWED_ORIGINS environment variable (comma-separated).
# Secure fallback: localhost only for development.
_raw_origins = os.environ.get(
"ALLOWED_ORIGINS",
"http://localhost:8907,https://localhost:8909"
)
# [SECURITY FIX M-01] CORS Configuration
# We dynamically build allowed origins from environment variables to simplify deployment.
_raw_origins = os.environ.get("ALLOWED_ORIGINS", "")
ALLOWED_ORIGINS = [o.strip() for o in _raw_origins.split(",") if o.strip()]
# Automatically add origins based on network_config.env variables if present
server_ip = os.environ.get("SERVER_IP")
front_port = os.environ.get("FRONTEND_PORT", "8907")
front_ssl_port = os.environ.get("FRONTEND_SSL_PORT", "8909")
back_ssl_port = os.environ.get("BACKEND_SSL_PORT", "8908")
# Always allow localhost
defaults = [
f"http://localhost:{front_port}",
f"https://localhost:{front_ssl_port}",
f"https://localhost:{back_ssl_port}",
]
for d in defaults:
if d not in ALLOWED_ORIGINS:
ALLOWED_ORIGINS.append(d)
# Add IP-based origins if SERVER_IP is set
if server_ip and server_ip != "localhost":
ip_origins = [
f"http://{server_ip}:{front_port}",
f"https://{server_ip}:{front_ssl_port}",
f"https://{server_ip}:{back_ssl_port}",
]
for ip_o in ip_origins:
if ip_o not in ALLOWED_ORIGINS:
ALLOWED_ORIGINS.append(ip_o)
log.info(f"CORS allowed origins: {ALLOWED_ORIGINS}")
# Add CORS middleware FIRST (before rate limiter)

View File

@@ -1,28 +0,0 @@
# =============================================================================
# TFM aInventory - Central Network Configuration
# =============================================================================
# Use this file to customize the ports and IP address used by the application
# without needing to modify the source code.
#
# IMPORTANT: After modifying this file, restart the application for changes
# to take effect.
# =============================================================================
# The primary IP address where the application will be accessed.
# Used for CORS settings and documentation links.
SERVER_IP=192.168.84.113
# --- BACKEND PORTS ---
# Internal port for the FastAPI server (Backend)
BACKEND_PORT=8906
# External port for the Backend HTTPS Proxy (Caddy/local-ssl-proxy)
BACKEND_SSL_PORT=8908
# --- FRONTEND PORTS ---
# Internal port for the Next.js dev/prod server
FRONTEND_PORT=8907
# External port for the Frontend HTTPS Proxy (Caddy/local-ssl-proxy)
# This is the port you will use in your browser (e.g. https://192.168.84.113:8909)
FRONTEND_SSL_PORT=8909

View File

@@ -8,7 +8,7 @@ services:
ports:
- ${BACKEND_PORT:-8000}:8000
env_file:
- ./config/network_config.env
- .env
volumes:
- ./data:/app/data
- ./logs:/app/logs
@@ -16,21 +16,19 @@ services:
environment:
- DATA_DIR=/app/data
- LOGS_DIR=/app/logs
- ALLOWED_ORIGINS=http://localhost:${FRONTEND_PORT:-3001},https://localhost:${FRONTEND_SSL_PORT:-3003},http://${SERVER_IP:-localhost}:${FRONTEND_PORT:-3001},https://${SERVER_IP:-localhost}:${FRONTEND_SSL_PORT:-3003},https://localhost:${BACKEND_SSL_PORT:-3002},https://${SERVER_IP:-localhost}:${BACKEND_SSL_PORT:-3002}
# [C-01] JWT secret key — GENERATE A SECURE VALUE FOR PRODUCTION!
- JWT_SECRET_KEY=${JWT_SECRET_KEY:-change_me_in_production}
restart: unless-stopped
frontend:
build:
context: .
dockerfile: frontend/Dockerfile
context: ./frontend
networks:
- inventory_net
ports:
- ${FRONTEND_PORT:-3000}:3000
env_file:
- ./config/network_config.env
- .env
volumes:
- ./logs:/app/logs
# Write Next.js logs to both stdout (docker logs) and file (mapped volume)
@@ -45,7 +43,7 @@ services:
- ${BACKEND_SSL_PORT:-3002}:${BACKEND_SSL_PORT:-3002}
- ${FRONTEND_SSL_PORT:-3003}:${FRONTEND_SSL_PORT:-3003}
env_file:
- ./config/network_config.env
- .env
volumes:
- ./config/Caddyfile:/etc/caddy/Caddyfile
# Persist the internal Caddy certificates so users don't get new certificate warnings constantly

View File

@@ -3,8 +3,8 @@
echo "📦 Preparing TFM aInventory Production Bundle..."
# Extract version from VERSION.json using grep to avoid macOS python/xcode stubs
VERSION=$(grep '"version"' VERSION.json | head -n 1 | awk -F '"' '{print $4}')
# Extract version from frontend/VERSION.json
VERSION=$(grep '"version"' frontend/VERSION.json | head -n 1 | awk -F '"' '{print $4}')
PROD_DIR="aInventory-PROD-v${VERSION}"
# Clean previous run if it exists
@@ -29,8 +29,10 @@ cp install_service.sh "$PROD_DIR/"
cp inventory.service.template "$PROD_DIR/"
cp USER_GUIDE.md "$PROD_DIR/"
cp README.md "$PROD_DIR/INSTALLATION_GUIDE.md"
cp .env "$PROD_DIR/"
cp .git_path "$PROD_DIR/" 2>/dev/null || true
cp VERSION.json "$PROD_DIR/"
cp frontend/VERSION.json "$PROD_DIR/"
cp frontend/VERSION.json "$PROD_DIR/frontend/"
# Setup persistent volume skeleton
mkdir -p "$PROD_DIR/data"

View File

@@ -4,22 +4,22 @@ FROM node:20-alpine AS base
FROM base AS deps
RUN apk add --no-cache libc6-compat
WORKDIR /app
# Context is root to allow access to VERSION.json
COPY frontend/package.json frontend/package-lock.json* ./
# We run this from the frontend folder context
COPY package.json package-lock.json* ./
RUN npm ci
# Step 2: Build the source code
FROM base AS builder
WORKDIR /app
COPY --from=deps /app/node_modules ./node_modules
COPY frontend .
COPY VERSION.json .
COPY . .
# Disable telemetry during build
ENV NEXT_TELEMETRY_DISABLED 1
RUN npm run build
# Step 3: Production image
FROM base AS runner
RUN apk add --no-cache su-exec
WORKDIR /app
ENV NODE_ENV production
@@ -39,11 +39,13 @@ RUN chown nextjs:nodejs .next
COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
USER nextjs
# Copy entrypoint script
COPY entrypoint.sh /app/entrypoint.sh
RUN chmod +x /app/entrypoint.sh
EXPOSE 3000
ENV PORT 3000
ENV HOSTNAME "0.0.0.0"
# Note: The server.js is created by next build from the standalone output
CMD ["node", "server.js"]
ENTRYPOINT ["/app/entrypoint.sh"]

1
frontend/VERSION.json Normal file
View File

@@ -0,0 +1 @@
{"version": "1.9.4", "last_build": "2026-04-13-2115", "codename": "SingleSource", "commit": "30be9678"}

View File

@@ -83,7 +83,7 @@ export default function AdminPage() {
setBackups(b);
setDbStats(s);
setDbSettings(st);
} catch (err) {
} catch (err: any) {
console.error(err);
toast.error("Failed to load admin data");
} finally {
@@ -101,7 +101,7 @@ export default function AdminPage() {
await inventoryApi.createUser({ username: name, password: pwd, role: 'user' });
toast.success("User created successfully");
loadData();
} catch (err) {
} catch (err: any) {
toast.error("Failed to create user");
}
};
@@ -114,7 +114,7 @@ export default function AdminPage() {
await inventoryApi.deleteUser(id);
toast.success("User removed");
loadData();
} catch (err) {
} catch (err: any) {
toast.error("Delete failed");
}
};
@@ -128,7 +128,7 @@ export default function AdminPage() {
await inventoryApi.createCategory({ name, description: desc });
toast.success("Category added");
loadData();
} catch (err) {
} catch (err: any) {
toast.error("Failed to add category");
}
};
@@ -140,7 +140,7 @@ export default function AdminPage() {
toast.success("Category updated");
setEditingCategory(null);
loadData();
} catch (err) {
} catch (err: any) {
toast.error("Update failed");
}
};
@@ -152,7 +152,7 @@ export default function AdminPage() {
await inventoryApi.deleteCategory(id);
toast.success("Category removed");
loadData();
} catch (err) {
} catch (err: any) {
toast.error(err.response?.data?.detail || "Delete failed");
}
};
@@ -167,7 +167,7 @@ export default function AdminPage() {
toast.success("User updated successfully");
setEditingUser(null);
loadData();
} catch (err) {
} catch (err: any) {
toast.error("Update failed");
}
};
@@ -183,7 +183,7 @@ export default function AdminPage() {
await inventoryApi.triggerBackup();
toast.success("Snapshot created successfully");
loadData();
} catch (err) {
} catch (err: any) {
toast.error("Backup failed");
} finally {
setIsBackingUp(false);
@@ -198,7 +198,7 @@ export default function AdminPage() {
await inventoryApi.restoreDatabase(filename);
toast.success("Database restored! Reloading system...", { id: loadingToast });
setTimeout(() => window.location.reload(), 2000);
} catch (err) {
} catch (err: any) {
toast.error("Restore failed", { id: loadingToast });
}
};
@@ -208,7 +208,7 @@ export default function AdminPage() {
await inventoryApi.updateDbSettings(newSettings);
toast.success("System policy updated");
setDbSettings(newSettings);
} catch (err) {
} catch (err: any) {
toast.error("Failed to update settings");
}
};
@@ -218,7 +218,7 @@ export default function AdminPage() {
try {
await inventoryApi.updateLdapConfig(ldapConfig);
toast.success("Enterprise configuration updated");
} catch (err) {
} catch (err: any) {
toast.error("Failed to update LDAP config");
} finally {
setLoading(false);

View File

@@ -85,7 +85,7 @@ export default function InventoryPage() {
// Sync local DB
await db.items.clear();
await db.items.bulkPut(res);
} catch (err) {
} catch (err: any) {
console.error("Failed to load backend data", err);
}
};
@@ -149,7 +149,7 @@ export default function InventoryPage() {
setIsEditing(false);
setSelectedItem(updated as Item);
await loadData();
} catch (err) {
} catch (err: any) {
console.error(err);
toast.error("Failed to update item");
}
@@ -167,7 +167,7 @@ export default function InventoryPage() {
toast.success("Item deleted");
setSelectedItem(null);
await loadData();
} catch (err) {
} catch (err: any) {
console.error(err);
toast.error("Failed to delete item");
}
@@ -183,7 +183,7 @@ export default function InventoryPage() {
toast.success("Category updated");
setEditingCategory(null);
await loadData();
} catch (err) {
} catch (err: any) {
toast.error("Update failed");
}
};

View File

@@ -54,7 +54,7 @@ export default function LogsPage() {
});
setAuditLogs(enrichedLogs);
} catch (err) {
} catch (err: any) {
console.error("Critical log load failure:", err);
} finally {
setLoading(false);
@@ -289,7 +289,7 @@ export default function LogsPage() {
{selectedLog.target_snapshot && (() => {
try {
const snap = JSON.parse(selectedLog.target_snapshot);
const snap = JSON.parse(selectedLog.target_snapshot) as Record<string, any>;
return (
<div className="space-y-4">
<div className="flex items-center gap-2">
@@ -299,12 +299,12 @@ export default function LogsPage() {
</div>
<div className="grid grid-cols-2 gap-3">
{Object.entries(snap).map(([key, val]) => (
val && key !== 'image_url' && (
(val && key !== 'image_url') ? (
<div key={key} className="bg-slate-950/30 p-3 rounded-xl border border-slate-800/40">
<p className="text-[8px] font-black text-slate-600 uppercase mb-1">{key.replace('_', ' ')}</p>
<p className="text-xs font-bold text-slate-300 truncate" title={String(val)}>{String(val)}</p>
</div>
)
) : null
))}
</div>
</div>

View File

@@ -48,7 +48,7 @@ import { generateBarcode128, getQRCodeURL } from '@/lib/labels';
import { clsx, type ClassValue } from 'clsx';
import { twMerge } from 'tailwind-merge';
import axios from 'axios';
import versionData from '../../VERSION.json';
import versionData from '../VERSION.json';
interface User {
id: number;
@@ -342,7 +342,7 @@ export default function Home() {
setIsEditing(false);
setSelectedItem(updated as Item);
await loadInventory();
} catch (err) {
} catch (err: any) {
console.error(err);
toast.error("Failed to update item");
}
@@ -360,7 +360,7 @@ export default function Home() {
toast.success("Item deleted from catalog");
setSelectedItem(null);
await loadInventory();
} catch (err) {
} catch (err: any) {
console.error(err);
toast.error("Failed to delete item");
}
@@ -890,7 +890,7 @@ export default function Home() {
<Printer size={14} /> Print Label
</button>
<button
onClick={() => { setQuery(box.toLowerCase()); setShowBoxManager(false); }}
onClick={() => { setSearchQuery(box.toLowerCase()); setShowBoxManager(false); }}
className="px-4 py-3 bg-slate-900 border border-slate-800 text-slate-400 text-xs font-bold rounded-xl hover:bg-slate-800"
>
View
@@ -1004,7 +1004,7 @@ export default function Home() {
<footer className="mt-20 mb-8 flex flex-col items-center gap-2 opacity-30">
<p className="text-xs font-bold">Powered by TFM Group Software</p>
<div className="h-px w-12 bg-slate-800" />
<p className="text-[9px] font-mono">v{versionData.version} {versionData.last_build} BUILD: dev-{versionData.commit}</p>
<p className="text-[9px] font-mono">v{versionData.version} {versionData.last_build} BUILD: dev-{(versionData as any).commit || 'N/A'}</p>
</footer>
</div>
</PageShell>

View File

@@ -60,7 +60,7 @@ export default function Scanner({ onScanSuccess, onOCRMatch, paused }: ScannerPr
Html5QrcodeSupportedFormats.CODE_39,
Html5QrcodeSupportedFormats.EAN_13,
Html5QrcodeSupportedFormats.UPC_A,
Html5QrcodeSupportedFormats.DATAMATRIX
Html5QrcodeSupportedFormats.DATA_MATRIX
],
videoConstraints: {
facingMode: "environment"

19
frontend/entrypoint.sh Normal file
View File

@@ -0,0 +1,19 @@
#!/bin/sh
# =============================================================================
# frontend/entrypoint.sh
# =============================================================================
# Docker container entrypoint for TFM aInventory frontend.
# Fixes permissions for the logs volume and starts the Node.js server.
# =============================================================================
set -e
# Fix permissions for the logs directory (useful if mounted as a volume)
if [ -d "/app/logs" ]; then
echo "🐳 [Docker] Fixing /app/logs permissions..."
chown -R nextjs:nodejs /app/logs
fi
# Hand off to the application server as the nextjs user
echo "🐳 [Docker] Starting Next.js standalone server as nextjs user..."
exec su-exec nextjs node server.js

1
frontend/public/sw.js Normal file

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

View File

@@ -15,7 +15,7 @@ FRONTEND_SSL_PORT=3003
SERVER_IP="localhost"
# Load Configuration from file if it exists
CONFIG_PATH="$(cd "$(dirname "$0")" && pwd)/config/network_config.env"
CONFIG_PATH="$(cd "$(dirname "$0")" && pwd)/.env"
if [ -f "$CONFIG_PATH" ]; then
echo "⚙️ Loading network configuration from $CONFIG_PATH..."
export $(grep -v '^#' "$CONFIG_PATH" | xargs)

View File

@@ -4,7 +4,7 @@ import os
import sys
from datetime import datetime
VERSION_FILE = 'VERSION.json'
VERSION_FILE = 'frontend/VERSION.json'
GIT_PATH_FILE = '.git_path'
def get_git_path():
@@ -53,8 +53,15 @@ def main():
data['version'] = new_version
data['last_build'] = datetime.now().strftime("%Y-%m-%d-%H%M")
# Get current git commit (short)
try:
commit_hash = run_command([git, 'rev-parse', '--short', 'HEAD'])
data['commit'] = commit_hash
except Exception:
data['commit'] = 'unknown'
# Optional: Rotate changelog if needed, but for now just update version
print(f"Incrementing version: {old_version} -> {new_version}")
print(f"Incrementing version: {old_version} -> {new_version} (commit: {data['commit']})")
with open(VERSION_FILE, 'w') as f:
json.dump(data, f, indent=2)

View File

@@ -8,7 +8,7 @@ FRONTEND_SSL_PORT=3003
SERVER_IP="localhost"
# Load Configuration from file if it exists
CONFIG_PATH="$(cd "$(dirname "$0")" && pwd)/config/network_config.env"
CONFIG_PATH="$(cd "$(dirname "$0")" && pwd)/.env"
if [ -f "$CONFIG_PATH" ]; then
echo "⚙️ Loading network configuration from $CONFIG_PATH..."
# Export variables from .env file (ignoring comments and empty lines)