Files
tfm_ainventory/start_server.sh
Daniel Bedeleanu 3c9e5a8149 refactor: remove all hardcoded IPs/subnets, use environment variables only
- Next.js allowedDevOrigins now loaded from ALLOWED_DEV_ORIGINS env var
- start_server.sh generates ALLOWED_DEV_ORIGINS from EXTRA_ALLOWED_ORIGINS
- Subnet notation (10.0.0.0/24) auto-converts to wildcard patterns (10.0.0.*)
- Individual IPs convert to subnet patterns (192.168.1.100 -> 192.168.1.*)
- Zero hardcoded IPs in source code - all from inventory.env
2026-04-21 15:21:05 +03:00

155 lines
6.0 KiB
Bash
Executable File

#!/usr/bin/env bash
# --- CONFIGURATION (Default values, will be overridden by network_configinventory.env) ---
BACKEND_PORT=8000
FRONTEND_PORT=3001
BACKEND_SSL_PORT=3002
FRONTEND_SSL_PORT=3003
SERVER_IP="localhost"
# Load Configuration from file if it exists
CONFIG_PATH="$(cd "$(dirname "$0")" && pwd)/inventory.env"
if [ -f "$CONFIG_PATH" ]; then
echo "⚙️ Loading network configuration from $CONFIG_PATH..."
# Export variables from inventory.env file (ignoring comments and empty lines)
export $(grep -v '^#' "$CONFIG_PATH" | xargs)
fi
echo "🚀 Starting TFM aInventory Stack with Dual Proxy..."
# 1. Kill potentially hanging processes
echo "Sweep: Cleaning up old processes..."
pkill -f "uvicorn" || true
pkill -f "next-server" || true
pkill -f "local-ssl-proxy" || true
# 2. Setup/Activate Virtual Environment
if [ ! -f ".venv/bin/activate" ]; then
echo "🌑 Creating virtual environment (.venv)..."
rm -rf .venv
apt install python3-venv
python3 -m venv .venv || { echo "❌ Failed to create venv"; exit 1; }
fi
source .venv/bin/activate || { echo "❌ Failed to activate venv"; exit 1; }
# 3. Check and Install Backend Dependencies
echo "📦 Updating Python dependencies..."
.venv/bin/pip install -r backend/requirements.txt
# 4. Get Local IP and set environment variables
LOCAL_IP=$(hostname -I | awk '{print $1}' || echo "localhost")
export ALLOWED_ORIGINS="http://localhost:$FRONTEND_PORT,http://localhost:$BACKEND_PORT,https://localhost:$FRONTEND_SSL_PORT,https://localhost:$BACKEND_SSL_PORT,https://$LOCAL_IP:$FRONTEND_SSL_PORT,https://$LOCAL_IP:$BACKEND_SSL_PORT"
# 4.0 Include EXTRA_ALLOWED_ORIGINS from inventory.env (VPN, Tailscale, etc.)
if [ ! -z "$EXTRA_ALLOWED_ORIGINS" ]; then
echo "🔌 Adding extra CORS origins from inventory.env..."
IFS=',' read -ra EXTRA_ADDRS <<< "$EXTRA_ALLOWED_ORIGINS"
for addr in "${EXTRA_ADDRS[@]}"; do
TRIMMED=$(echo "$addr" | xargs)
# Add both HTTP (for localhost dev) and HTTPS (for production)
export ALLOWED_ORIGINS="$ALLOWED_ORIGINS,http://$TRIMMED:$FRONTEND_PORT,http://$TRIMMED:$BACKEND_PORT,https://$TRIMMED:$FRONTEND_SSL_PORT,https://$TRIMMED:$BACKEND_SSL_PORT"
done
fi
export JWT_SECRET_KEY="${JWT_SECRET_KEY:-ephemeral-dev-key-$(date +%s)}"
export DATA_DIR="$(cd "$(dirname "$0")" && pwd)/data"
export LOGS_DIR="$(cd "$(dirname "$0")" && pwd)/logs"
# First-run: initialize data directories and config templates
echo "🔧 Initializing runtime data directories..."
bash "$(cd "$(dirname "$0")" && pwd)/scripts/init_data.sh"
# 4.1 Sync Network Config to Frontend for runtime discovery
echo "🔌 Syncing network configuration to frontend..."
cat <<EOF > frontend/public/network.json
{
"SERVER_IP": "$SERVER_IP",
"BACKEND_PORT": $BACKEND_PORT,
"BACKEND_SSL_PORT": $BACKEND_SSL_PORT,
"FRONTEND_PORT": $FRONTEND_PORT,
"FRONTEND_SSL_PORT": $FRONTEND_SSL_PORT
}
EOF
echo "🔥 Starting Backend on port $BACKEND_PORT..."
echo " CORS origins: $ALLOWED_ORIGINS"
.venv/bin/python -m uvicorn backend.main:app --host 0.0.0.0 --port $BACKEND_PORT --reload &
# 5. Prepare Frontend Dev Origins from EXTRA_ALLOWED_ORIGINS
# Convert subnet notation (10.0.0.0/24) to wildcard patterns (10.0.0.*)
ALLOWED_DEV_ORIGINS="localhost,127.0.0.1,*.local"
if [ ! -z "$EXTRA_ALLOWED_ORIGINS" ]; then
IFS=',' read -ra EXTRA_ADDRS <<< "$EXTRA_ALLOWED_ORIGINS"
for addr in "${EXTRA_ADDRS[@]}"; do
TRIMMED=$(echo "$addr" | xargs)
if [[ "$TRIMMED" == *"/"* ]]; then
# Subnet notation: convert 100.78.182.0/24 -> 100.78.182.*
SUBNET_PREFIX=$(echo "$TRIMMED" | cut -d'/' -f1)
SUBNET_PATTERN="${SUBNET_PREFIX%.*}.*"
ALLOWED_DEV_ORIGINS="$ALLOWED_DEV_ORIGINS,$SUBNET_PATTERN"
else
# Individual IP: add wildcard for nearby IPs (e.g., 192.168.1.100 -> 192.168.1.*)
IP_PATTERN="${TRIMMED%.*}.*"
ALLOWED_DEV_ORIGINS="$ALLOWED_DEV_ORIGINS,$IP_PATTERN"
fi
done
fi
export ALLOWED_DEV_ORIGINS
# 5. Start Frontend (Next.js)
echo "💻 Starting Frontend on port $FRONTEND_PORT..."
echo " Dev origins: $ALLOWED_DEV_ORIGINS"
# Check Node.js version
NODE_VERSION=$(node -v | cut -d'v' -f2 | cut -d'.' -f1)
if [ "$NODE_VERSION" -lt 20 ]; then
echo "⚠️ WARNING: Node.js v20+ required, but found $(node -v)"
echo " Please upgrade Node.js: https://nodejs.org/"
fi
cd frontend
echo "📦 Installing frontend dependencies..."
npm install
ALLOWED_DEV_ORIGINS="$ALLOWED_DEV_ORIGINS" npm run dev -- -p $FRONTEND_PORT &
cd ..
# 6. Start Proxies (Crucial for Mobile/Tablet Camera & Sync)
npx local-ssl-proxy --source $BACKEND_SSL_PORT --target $BACKEND_PORT --hostname 0.0.0.0 > /dev/null 2>&1 &
npx local-ssl-proxy --source $FRONTEND_SSL_PORT --target $FRONTEND_PORT --hostname 0.0.0.0 > /dev/null 2>&1 &
# 7. Print Unified Access Banner
# Colors
GREEN='\033[0;32m'
BOLD='\033[1m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
echo ""
echo -e "${GREEN}=======================================================${NC}"
echo -e "${GREEN}${BOLD} 🚀 TFM aInventory UNIFIED ACCESS${NC}"
echo -e "${GREEN}=======================================================${NC}"
echo ""
echo -e " USE THIS URL ON BOTH DESKTOP & MOBILE:"
echo -e " 👉 ${GREEN}${BOLD}https://$LOCAL_IP:$FRONTEND_SSL_PORT${NC}"
echo -e " (Or ${GREEN}https://localhost:$FRONTEND_SSL_PORT${NC} on this Mac)"
if [ ! -z "$EXTRA_ALLOWED_ORIGINS" ]; then
echo -e " EXTERNAL/VPN ACCESS points:"
IFS=',' read -ra ADDR <<< "$EXTRA_ALLOWED_ORIGINS"
for exp in "${ADDR[@]}"; do
# Trim spaces and print
TRIMMED=$(echo $exp | xargs)
echo -e " 👉 ${GREEN}${BOLD}https://$TRIMMED:$FRONTEND_SSL_PORT${NC}"
done
fi
echo ""
echo -e " ${YELLOW}${BOLD}NOTE:${NC} If you see a 'Not Private' warning,"
echo -e " Click 'Advanced' -> 'Proceed' to continue."
echo -e "${GREEN}=======================================================${NC}"
echo "Keep this window open while working."
echo -e "${GREEN}=======================================================${NC}"
# Wait for background processes
wait