Compare commits
4 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
07b15c8e01 | ||
|
|
65cc0c7b6d | ||
|
|
f137ded5aa | ||
|
|
946f1787c7 |
@@ -1,10 +1,11 @@
|
||||
FROM python:3.12-slim
|
||||
|
||||
# Install system dependencies required for python-ldap (needed by backend)
|
||||
# Install system dependencies
|
||||
RUN apt-get update && apt-get install -y \
|
||||
build-essential \
|
||||
libldap2-dev \
|
||||
libsasl2-dev \
|
||||
gosu \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
WORKDIR /app
|
||||
@@ -26,14 +27,13 @@ COPY scripts ./scripts
|
||||
ENV DATA_DIR="/app/data"
|
||||
ENV LOGS_DIR="/app/logs"
|
||||
|
||||
# Ensure the appuser can write to data and logs if we pre-create them,
|
||||
# although Docker volumes will handle ownership context.
|
||||
# Pre-create directories and ensure they are writable
|
||||
RUN mkdir -p /app/data /app/logs && chown -R appuser:appuser /app
|
||||
|
||||
# Make initialization scripts executable
|
||||
RUN chmod +x /app/scripts/init_data.sh /app/backend/entrypoint.sh
|
||||
|
||||
USER appuser
|
||||
EXPOSE 8000
|
||||
|
||||
EXPOSE 8000
|
||||
|
||||
|
||||
@@ -23,6 +23,10 @@ export LOGS_DIR="${LOGS_DIR:-/app/logs}"
|
||||
echo "🐳 [Docker] Running data initialization..."
|
||||
bash /app/scripts/init_data.sh
|
||||
|
||||
# Hand off to the application server
|
||||
echo "🐳 [Docker] Starting uvicorn..."
|
||||
exec python -m uvicorn backend.main:app --host 0.0.0.0 --port 8000
|
||||
# Fix permissions for mounted volumes (which might be root-owned by the host)
|
||||
echo "🐳 [Docker] Fixing volume permissions..."
|
||||
chown -R appuser:appuser "${DATA_DIR}" "${LOGS_DIR}"
|
||||
|
||||
# Hand off to the application server as non-root user
|
||||
echo "🐳 [Docker] Starting uvicorn as appuser..."
|
||||
exec gosu appuser python -m uvicorn backend.main:app --host 0.0.0.0 --port 8000
|
||||
|
||||
@@ -19,14 +19,38 @@ log.info("Database tables verified.")
|
||||
app = FastAPI(title="TFM aInventory API", version="1.1.0")
|
||||
log.info("TFM aInventory API process started.")
|
||||
|
||||
# [SECURITY FIX M-01] CORS: allow_origins=["*"] + allow_credentials=True is invalid per spec.
|
||||
# Allowed origins are configured via ALLOWED_ORIGINS environment variable (comma-separated).
|
||||
# Secure fallback: localhost only for development.
|
||||
_raw_origins = os.environ.get(
|
||||
"ALLOWED_ORIGINS",
|
||||
"http://localhost:8907,https://localhost:8909"
|
||||
)
|
||||
# [SECURITY FIX M-01] CORS Configuration
|
||||
# We dynamically build allowed origins from environment variables to simplify deployment.
|
||||
_raw_origins = os.environ.get("ALLOWED_ORIGINS", "")
|
||||
ALLOWED_ORIGINS = [o.strip() for o in _raw_origins.split(",") if o.strip()]
|
||||
|
||||
# Automatically add origins based on network_config.env variables if present
|
||||
server_ip = os.environ.get("SERVER_IP")
|
||||
front_port = os.environ.get("FRONTEND_PORT", "8907")
|
||||
front_ssl_port = os.environ.get("FRONTEND_SSL_PORT", "8909")
|
||||
back_ssl_port = os.environ.get("BACKEND_SSL_PORT", "8908")
|
||||
|
||||
# Always allow localhost
|
||||
defaults = [
|
||||
f"http://localhost:{front_port}",
|
||||
f"https://localhost:{front_ssl_port}",
|
||||
f"https://localhost:{back_ssl_port}",
|
||||
]
|
||||
for d in defaults:
|
||||
if d not in ALLOWED_ORIGINS:
|
||||
ALLOWED_ORIGINS.append(d)
|
||||
|
||||
# Add IP-based origins if SERVER_IP is set
|
||||
if server_ip and server_ip != "localhost":
|
||||
ip_origins = [
|
||||
f"http://{server_ip}:{front_port}",
|
||||
f"https://{server_ip}:{front_ssl_port}",
|
||||
f"https://{server_ip}:{back_ssl_port}",
|
||||
]
|
||||
for ip_o in ip_origins:
|
||||
if ip_o not in ALLOWED_ORIGINS:
|
||||
ALLOWED_ORIGINS.append(ip_o)
|
||||
|
||||
log.info(f"CORS allowed origins: {ALLOWED_ORIGINS}")
|
||||
|
||||
# Add CORS middleware FIRST (before rate limiter)
|
||||
|
||||
@@ -16,7 +16,10 @@ services:
|
||||
environment:
|
||||
- DATA_DIR=/app/data
|
||||
- LOGS_DIR=/app/logs
|
||||
- ALLOWED_ORIGINS=http://localhost:${FRONTEND_PORT:-3001},https://localhost:${FRONTEND_SSL_PORT:-3003},http://${SERVER_IP:-localhost}:${FRONTEND_PORT:-3001},https://${SERVER_IP:-localhost}:${FRONTEND_SSL_PORT:-3003},https://localhost:${BACKEND_SSL_PORT:-3002},https://${SERVER_IP:-localhost}:${BACKEND_SSL_PORT:-3002}
|
||||
- SERVER_IP=${SERVER_IP}
|
||||
- FRONTEND_PORT=${FRONTEND_PORT}
|
||||
- FRONTEND_SSL_PORT=${FRONTEND_SSL_PORT}
|
||||
- BACKEND_SSL_PORT=${BACKEND_SSL_PORT}
|
||||
# [C-01] JWT secret key — GENERATE A SECURE VALUE FOR PRODUCTION!
|
||||
- JWT_SECRET_KEY=${JWT_SECRET_KEY:-change_me_in_production}
|
||||
restart: unless-stopped
|
||||
|
||||
@@ -19,6 +19,7 @@ RUN npm run build
|
||||
|
||||
# Step 3: Production image
|
||||
FROM base AS runner
|
||||
RUN apk add --no-cache su-exec
|
||||
WORKDIR /app
|
||||
|
||||
ENV NODE_ENV production
|
||||
@@ -38,11 +39,13 @@ RUN chown nextjs:nodejs .next
|
||||
COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
|
||||
COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
|
||||
|
||||
USER nextjs
|
||||
# Copy entrypoint script
|
||||
COPY entrypoint.sh /app/entrypoint.sh
|
||||
RUN chmod +x /app/entrypoint.sh
|
||||
|
||||
EXPOSE 3000
|
||||
ENV PORT 3000
|
||||
ENV HOSTNAME "0.0.0.0"
|
||||
|
||||
# Note: The server.js is created by next build from the standalone output
|
||||
CMD ["node", "server.js"]
|
||||
ENTRYPOINT ["/app/entrypoint.sh"]
|
||||
|
||||
|
||||
@@ -1,5 +1 @@
|
||||
{
|
||||
"version": "1.8.7",
|
||||
"last_build": "2026-04-13-1954",
|
||||
"codename": "TypeFix"
|
||||
}
|
||||
{"version": "1.9.1", "last_build": "2026-04-13-2052", "codename": "NetworkFix", "commit": "65cc0c7b"}
|
||||
|
||||
@@ -890,7 +890,7 @@ export default function Home() {
|
||||
<Printer size={14} /> Print Label
|
||||
</button>
|
||||
<button
|
||||
onClick={() => { setQuery(box.toLowerCase()); setShowBoxManager(false); }}
|
||||
onClick={() => { setSearchQuery(box.toLowerCase()); setShowBoxManager(false); }}
|
||||
className="px-4 py-3 bg-slate-900 border border-slate-800 text-slate-400 text-xs font-bold rounded-xl hover:bg-slate-800"
|
||||
>
|
||||
View
|
||||
@@ -1004,7 +1004,7 @@ export default function Home() {
|
||||
<footer className="mt-20 mb-8 flex flex-col items-center gap-2 opacity-30">
|
||||
<p className="text-xs font-bold">Powered by TFM Group Software</p>
|
||||
<div className="h-px w-12 bg-slate-800" />
|
||||
<p className="text-[9px] font-mono">v{versionData.version} • {versionData.last_build} • BUILD: dev-{versionData.commit}</p>
|
||||
<p className="text-[9px] font-mono">v{versionData.version} • {versionData.last_build} • BUILD: dev-{(versionData as any).commit || 'N/A'}</p>
|
||||
</footer>
|
||||
</div>
|
||||
</PageShell>
|
||||
|
||||
@@ -60,7 +60,7 @@ export default function Scanner({ onScanSuccess, onOCRMatch, paused }: ScannerPr
|
||||
Html5QrcodeSupportedFormats.CODE_39,
|
||||
Html5QrcodeSupportedFormats.EAN_13,
|
||||
Html5QrcodeSupportedFormats.UPC_A,
|
||||
Html5QrcodeSupportedFormats.DATAMATRIX
|
||||
Html5QrcodeSupportedFormats.DATA_MATRIX
|
||||
],
|
||||
videoConstraints: {
|
||||
facingMode: "environment"
|
||||
|
||||
19
frontend/entrypoint.sh
Normal file
19
frontend/entrypoint.sh
Normal file
@@ -0,0 +1,19 @@
|
||||
#!/bin/sh
|
||||
# =============================================================================
|
||||
# frontend/entrypoint.sh
|
||||
# =============================================================================
|
||||
# Docker container entrypoint for TFM aInventory frontend.
|
||||
# Fixes permissions for the logs volume and starts the Node.js server.
|
||||
# =============================================================================
|
||||
|
||||
set -e
|
||||
|
||||
# Fix permissions for the logs directory (useful if mounted as a volume)
|
||||
if [ -d "/app/logs" ]; then
|
||||
echo "🐳 [Docker] Fixing /app/logs permissions..."
|
||||
chown -R nextjs:nodejs /app/logs
|
||||
fi
|
||||
|
||||
# Hand off to the application server as the nextjs user
|
||||
echo "🐳 [Docker] Starting Next.js standalone server as nextjs user..."
|
||||
exec su-exec nextjs node server.js
|
||||
1
frontend/public/sw.js
Normal file
1
frontend/public/sw.js
Normal file
File diff suppressed because one or more lines are too long
1
frontend/public/workbox-4754cb34.js
Normal file
1
frontend/public/workbox-4754cb34.js
Normal file
File diff suppressed because one or more lines are too long
@@ -53,8 +53,15 @@ def main():
|
||||
data['version'] = new_version
|
||||
data['last_build'] = datetime.now().strftime("%Y-%m-%d-%H%M")
|
||||
|
||||
# Get current git commit (short)
|
||||
try:
|
||||
commit_hash = run_command([git, 'rev-parse', '--short', 'HEAD'])
|
||||
data['commit'] = commit_hash
|
||||
except Exception:
|
||||
data['commit'] = 'unknown'
|
||||
|
||||
# Optional: Rotate changelog if needed, but for now just update version
|
||||
print(f"Incrementing version: {old_version} -> {new_version}")
|
||||
print(f"Incrementing version: {old_version} -> {new_version} (commit: {data['commit']})")
|
||||
|
||||
with open(VERSION_FILE, 'w') as f:
|
||||
json.dump(data, f, indent=2)
|
||||
|
||||
Reference in New Issue
Block a user