NW
4aea49811c
feat: multi-architecture Docker setup (x86_64 + ARM64) with one-command install
...
- Multi-stage Dockerfile: builder compiles native modules (better-sqlite3,
tiny-secp256k1) under target architecture, runtime is minimal Alpine
- install.sh: POSIX sh installer (Alpine ash compatible) with architecture
detection, Docker install, .env validation, health-check retry loop
- docker-compose.yml: removed platform locks, .env read-only mount,
127.0.0.1 port binding, 384m mem limit (Orange Pi Zero 2 safe)
- .dockerignore: excludes node_modules, secrets, tests, .kilo
- README.md: complete rewrite with deployment docs for any device
- Verified: POSIX sh syntax (dash), Dockerfile (docker build --check),
docker-compose (docker compose config)
2026-06-24 02:06:07 +01:00
NW
6db770b96b
feat: editable settings page with .env write and container restart
...
- Add settings form with all config fields (Bot, Commission, Wallets, WireGuard)
- POST handler writes .env file and restarts container via process.exit(0)
- Secrets (ENCRYPTION_KEY, ADMIN_SECRET, GITEA_TOKEN, WG_PRIVATE_KEY, WG_PRESHARED_KEY)
are never sent to browser - masked placeholders used instead
- PRESERVE_KEYS enforced: secret keys cannot be overwritten via form
- Values sanitized: newlines stripped before writing to .env
- start.sh loads .env file before node to override Docker env_file cache
- Extract shared escapeHtml utility to escape.js (used by 6 view files)
- Update paymentWallets view to link to Settings page instead of .env
- Add .env volume mount for settings panel read/write
- Fix registerRoutes() not being called in index.js (bot menu buttons)
2026-06-23 12:32:25 +01:00
NW
935c6df1dc
feat: rebuild Catalog with collapsible tree + product table + photo upload
...
- Left panel: collapsible tree (Country → City → District → Category → Subcategory)
- Quick-add buttons: + City, + District, + Category, + Subcategory
- Delete buttons with confirmation on all nodes
- Product count badges on each node
- Click node to filter right panel
- Right panel: Product table with Photo, Name, Category, Subcategory, Price, Stock
- Edit (✎) and Delete (✕) buttons per row
- Add Product modal with all fields
- Product edit form: name, price, stock, description, category, subcategory (JS filtered),
photo_url/hidden_photo_url (URL or file upload), hidden_coordinates, hidden_description, private_data
- Multer file upload for photos stored in /uploads/
- Routes: add-city, add-district, product CRUD with photo upload
- Product JSON API for modal editing
- Responsive grid: tree (320px) + table (1fr)
2026-06-22 21:42:56 +01:00
NW
4657b1dfb5
feat: web admin panel + better-sqlite3 migration + Docker fixes
...
- Added Express.js admin panel on port 3001 (ADMIN_PORT env)
- Dashboard: stats (users, products, purchases, revenue)
- Users: list, details, ban/unban toggle
- Products: CRUD by category
- Wallets: list with balances
- Purchases: history with filters
- Audit log: view audit trail
- Auth: token-based login with ADMIN_SECRET env var
- Migrated sqlite3 → better-sqlite3
- database.js: async adapter (runAsync/allAsync/getAsync)
- purchaseService.js: lastID → lastInsertRowid
- userService.js: lastID → lastInsertRowid
- Removed sqlite3 from package.json
- Fixed: dotenv/config import added to index.js
- Fixed: ENCRYPTION_KEY validation (32+ char hex)
- Fixed: Dockerfile multi-stage build (no python needed)
- Fixed: Docker DNS (network: host in build)
- Fixed: docker-compose port 3001, healthcheck on 3001
- Added express, cookie-parser, pino-pretty, better-sqlite3 deps
2026-06-22 10:54:01 +01:00
NW
ba80784ae7
security(docker): remove privileged mode, SYS_MODULE; harden WireGuard ( #49 #50 )
...
- Removed privileged: true from docker-compose.yml
- Removed SYS_MODULE cap_add (kept NET_ADMIN for WireGuard)
- Removed source code bind mounts (./src, package.json)
- Removed wg0.conf and resolv.conf bind mounts (now generated from env)
- Added resource limits: mem_limit 512m, cpus 1.0
- Added healthcheck with curl
- Added non-root user appuser:appgroup in Dockerfile
- wg0.conf now generated from env vars at container startup (WG_PRIVATE_KEY, etc.)
- resolv.conf generated from WG_DNS env var
- Rotated wg0.conf — private key removed from file
- Added WG_ALLOWED_IPS to .env.example
SECURITY: Rotate WireGuard keys on server if previously used in production
2026-06-22 01:26:35 +01:00
NW
de415633be
feat(security): Phase 1 — critical security fixes and hardening
...
- #42 : Remove hardcoded ENCRYPTION_KEY fallback from config.js,
add startup validation for BOT_TOKEN and ENCRYPTION_KEY length
- #43 : Fix SQL injection vulnerabilities — add ALLOWED_TABLES
whitelist in database.js, ALLOWED_USER_FIELDS in userService.js,
validate table names before PRAGMA
- #44 : Fix race condition in purchaseService.js — wrap createPurchase
in BEGIN IMMEDIATE TRANSACTION, add atomic balance/stock checks
- #41 : Move all secrets from docker-compose.yml to .env file,
use env_file directive
- #45 : Replace MD5 tx_hash with crypto.randomUUID()
- #46 : Upgrade KDF from SHA-256 to HKDF for mnemonic encryption,
add backward compatibility for legacy format
- #47 : Add input validation across all handlers — walletType
whitelist, string length limits, numeric ID checks, price bounds
New files:
- src/utils/encryption.js (HKDF key derivation)
- src/__tests__/security.test.js (SQL injection prevention tests)
Closes : #41 , #42 , #43 , #44 , #45 , #46 , #47
2026-06-17 21:52:49 +01:00
2f3459b670
mart litle update
2025-03-06 16:13:11 +00:00
23b7f8b4bd
big update WG-TOR bot connecting
2025-02-03 09:43:25 +00:00
633a27164b
upgrade comission wallet function
2025-01-26 22:21:13 +00:00
ae1cd45aea
create functional commission
2025-01-25 13:35:22 +00:00
d918de0386
docker file update
2024-12-14 13:46:03 +00:00
68a220de2e
update docker file
2024-11-22 10:03:53 +00:00
Artyom Ashirov
3872ddbb68
docker
2024-11-14 16:44:00 +03:00
