telegram-shop

Author	SHA1	Message	Date
NW	6db770b96b	feat: editable settings page with .env write and container restart - Add settings form with all config fields (Bot, Commission, Wallets, WireGuard) - POST handler writes .env file and restarts container via process.exit(0) - Secrets (ENCRYPTION_KEY, ADMIN_SECRET, GITEA_TOKEN, WG_PRIVATE_KEY, WG_PRESHARED_KEY) are never sent to browser - masked placeholders used instead - PRESERVE_KEYS enforced: secret keys cannot be overwritten via form - Values sanitized: newlines stripped before writing to .env - start.sh loads .env file before node to override Docker env_file cache - Extract shared escapeHtml utility to escape.js (used by 6 view files) - Update paymentWallets view to link to Settings page instead of .env - Add .env volume mount for settings panel read/write - Fix registerRoutes() not being called in index.js (bot menu buttons)	2026-06-23 12:32:25 +01:00
NW	ba80784ae7	security(docker): remove privileged mode, SYS_MODULE; harden WireGuard (#49 #50 ) - Removed privileged: true from docker-compose.yml - Removed SYS_MODULE cap_add (kept NET_ADMIN for WireGuard) - Removed source code bind mounts (./src, package.json) - Removed wg0.conf and resolv.conf bind mounts (now generated from env) - Added resource limits: mem_limit 512m, cpus 1.0 - Added healthcheck with curl - Added non-root user appuser:appgroup in Dockerfile - wg0.conf now generated from env vars at container startup (WG_PRIVATE_KEY, etc.) - resolv.conf generated from WG_DNS env var - Rotated wg0.conf — private key removed from file - Added WG_ALLOWED_IPS to .env.example SECURITY: Rotate WireGuard keys on server if previously used in production	2026-06-22 01:26:35 +01:00
NW	2f3459b670	mart litle update	2025-03-06 16:13:11 +00:00
NW	0c10772261	Update Start Process	2025-03-02 11:21:35 +00:00
NW	c8b6e3ceb3	litle update	2025-02-05 16:40:00 +00:00
NW	23b7f8b4bd	big update WG-TOR bot connecting	2025-02-03 09:43:25 +00:00

6 Commits