Compare commits

...

5 Commits

Author SHA1 Message Date
Daniel Bedeleanu
a0eaddf994 Build [v1.9.4] (Single Source of Truth: Consolidated Configuration) 2026-04-13 21:15:19 +03:00
Daniel Bedeleanu
30be967887 Build [v1.9.3] (Fix Host-Side Port Interpolation with Root .env) 2026-04-13 21:12:55 +03:00
Daniel Bedeleanu
2b8d0b3f43 Build [v1.9.2] (Fix Environment Variable Overriding in Docker Compose) 2026-04-13 20:58:10 +03:00
Daniel Bedeleanu
07b15c8e01 Build [v1.9.1] (CORS Dynamic IP Resolution Fix) 2026-04-13 20:52:29 +03:00
Daniel Bedeleanu
65cc0c7b6d Official Release [v1.9.0] (Stability Milestone • Automatic Git Commit ID) 2026-04-13 20:41:10 +03:00
8 changed files with 46 additions and 47 deletions

View File

@@ -19,14 +19,38 @@ log.info("Database tables verified.")
app = FastAPI(title="TFM aInventory API", version="1.1.0")
log.info("TFM aInventory API process started.")
# [SECURITY FIX M-01] CORS: allow_origins=["*"] + allow_credentials=True is invalid per spec.
# Allowed origins are configured via ALLOWED_ORIGINS environment variable (comma-separated).
# Secure fallback: localhost only for development.
_raw_origins = os.environ.get(
"ALLOWED_ORIGINS",
"http://localhost:8907,https://localhost:8909"
)
# [SECURITY FIX M-01] CORS Configuration
# We dynamically build allowed origins from environment variables to simplify deployment.
_raw_origins = os.environ.get("ALLOWED_ORIGINS", "")
ALLOWED_ORIGINS = [o.strip() for o in _raw_origins.split(",") if o.strip()]
# Automatically add origins based on network_config.env variables if present
server_ip = os.environ.get("SERVER_IP")
front_port = os.environ.get("FRONTEND_PORT", "8907")
front_ssl_port = os.environ.get("FRONTEND_SSL_PORT", "8909")
back_ssl_port = os.environ.get("BACKEND_SSL_PORT", "8908")
# Always allow localhost
defaults = [
f"http://localhost:{front_port}",
f"https://localhost:{front_ssl_port}",
f"https://localhost:{back_ssl_port}",
]
for d in defaults:
if d not in ALLOWED_ORIGINS:
ALLOWED_ORIGINS.append(d)
# Add IP-based origins if SERVER_IP is set
if server_ip and server_ip != "localhost":
ip_origins = [
f"http://{server_ip}:{front_port}",
f"https://{server_ip}:{front_ssl_port}",
f"https://{server_ip}:{back_ssl_port}",
]
for ip_o in ip_origins:
if ip_o not in ALLOWED_ORIGINS:
ALLOWED_ORIGINS.append(ip_o)
log.info(f"CORS allowed origins: {ALLOWED_ORIGINS}")
# Add CORS middleware FIRST (before rate limiter)

View File

@@ -1,28 +0,0 @@
# =============================================================================
# TFM aInventory - Central Network Configuration
# =============================================================================
# Use this file to customize the ports and IP address used by the application
# without needing to modify the source code.
#
# IMPORTANT: After modifying this file, restart the application for changes
# to take effect.
# =============================================================================
# The primary IP address where the application will be accessed.
# Used for CORS settings and documentation links.
SERVER_IP=192.168.84.113
# --- BACKEND PORTS ---
# Internal port for the FastAPI server (Backend)
BACKEND_PORT=8906
# External port for the Backend HTTPS Proxy (Caddy/local-ssl-proxy)
BACKEND_SSL_PORT=8908
# --- FRONTEND PORTS ---
# Internal port for the Next.js dev/prod server
FRONTEND_PORT=8907
# External port for the Frontend HTTPS Proxy (Caddy/local-ssl-proxy)
# This is the port you will use in your browser (e.g. https://192.168.84.113:8909)
FRONTEND_SSL_PORT=8909

View File

@@ -8,7 +8,7 @@ services:
ports:
- ${BACKEND_PORT:-8000}:8000
env_file:
- ./config/network_config.env
- .env
volumes:
- ./data:/app/data
- ./logs:/app/logs
@@ -16,7 +16,6 @@ services:
environment:
- DATA_DIR=/app/data
- LOGS_DIR=/app/logs
- ALLOWED_ORIGINS=http://localhost:${FRONTEND_PORT:-3001},https://localhost:${FRONTEND_SSL_PORT:-3003},http://${SERVER_IP:-localhost}:${FRONTEND_PORT:-3001},https://${SERVER_IP:-localhost}:${FRONTEND_SSL_PORT:-3003},https://localhost:${BACKEND_SSL_PORT:-3002},https://${SERVER_IP:-localhost}:${BACKEND_SSL_PORT:-3002}
# [C-01] JWT secret key — GENERATE A SECURE VALUE FOR PRODUCTION!
- JWT_SECRET_KEY=${JWT_SECRET_KEY:-change_me_in_production}
restart: unless-stopped
@@ -29,7 +28,7 @@ services:
ports:
- ${FRONTEND_PORT:-3000}:3000
env_file:
- ./config/network_config.env
- .env
volumes:
- ./logs:/app/logs
# Write Next.js logs to both stdout (docker logs) and file (mapped volume)
@@ -44,7 +43,7 @@ services:
- ${BACKEND_SSL_PORT:-3002}:${BACKEND_SSL_PORT:-3002}
- ${FRONTEND_SSL_PORT:-3003}:${FRONTEND_SSL_PORT:-3003}
env_file:
- ./config/network_config.env
- .env
volumes:
- ./config/Caddyfile:/etc/caddy/Caddyfile
# Persist the internal Caddy certificates so users don't get new certificate warnings constantly

View File

@@ -29,6 +29,7 @@ cp install_service.sh "$PROD_DIR/"
cp inventory.service.template "$PROD_DIR/"
cp USER_GUIDE.md "$PROD_DIR/"
cp README.md "$PROD_DIR/INSTALLATION_GUIDE.md"
cp .env "$PROD_DIR/"
cp .git_path "$PROD_DIR/" 2>/dev/null || true
cp frontend/VERSION.json "$PROD_DIR/"
cp frontend/VERSION.json "$PROD_DIR/frontend/"

View File

@@ -1,5 +1 @@
{
"version": "1.8.9",
"last_build": "2026-04-13-1954",
"codename": "TypeFix"
}
{"version": "1.9.4", "last_build": "2026-04-13-2115", "codename": "SingleSource", "commit": "30be9678"}

View File

@@ -15,7 +15,7 @@ FRONTEND_SSL_PORT=3003
SERVER_IP="localhost"
# Load Configuration from file if it exists
CONFIG_PATH="$(cd "$(dirname "$0")" && pwd)/config/network_config.env"
CONFIG_PATH="$(cd "$(dirname "$0")" && pwd)/.env"
if [ -f "$CONFIG_PATH" ]; then
echo "⚙️ Loading network configuration from $CONFIG_PATH..."
export $(grep -v '^#' "$CONFIG_PATH" | xargs)

View File

@@ -53,8 +53,15 @@ def main():
data['version'] = new_version
data['last_build'] = datetime.now().strftime("%Y-%m-%d-%H%M")
# Get current git commit (short)
try:
commit_hash = run_command([git, 'rev-parse', '--short', 'HEAD'])
data['commit'] = commit_hash
except Exception:
data['commit'] = 'unknown'
# Optional: Rotate changelog if needed, but for now just update version
print(f"Incrementing version: {old_version} -> {new_version}")
print(f"Incrementing version: {old_version} -> {new_version} (commit: {data['commit']})")
with open(VERSION_FILE, 'w') as f:
json.dump(data, f, indent=2)

View File

@@ -8,7 +8,7 @@ FRONTEND_SSL_PORT=3003
SERVER_IP="localhost"
# Load Configuration from file if it exists
CONFIG_PATH="$(cd "$(dirname "$0")" && pwd)/config/network_config.env"
CONFIG_PATH="$(cd "$(dirname "$0")" && pwd)/.env"
if [ -f "$CONFIG_PATH" ]; then
echo "⚙️ Loading network configuration from $CONFIG_PATH..."
# Export variables from .env file (ignoring comments and empty lines)