diff --git a/Dockerfile b/Dockerfile index e1cec8c..0182a4b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,10 +5,6 @@ WORKDIR /app ENV TZ=UTC RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone -ENV PNPM_HOME="/pnpm" -ENV PATH="$PNPM_HOME:$PATH" -RUN corepack enable - COPY --from=chriswayg/tor-alpine:latest /usr/local/bin/obfs4proxy /usr/local/bin/obfs4proxy COPY --from=chriswayg/tor-alpine:latest /usr/local/bin/meek-server /usr/local/bin/meek-server @@ -40,6 +36,10 @@ RUN rm -rf /var/cache/apk/* FROM base AS deps +ENV PNPM_HOME="/pnpm" +ENV PATH="$PNPM_HOME:$PATH" +RUN corepack enable + RUN mkdir -p /temp/dev COPY web/package.json web/pnpm-lock.yaml /temp/dev/ RUN --mount=type=cache,id=pnpm,target=/pnpm/store pnpm install --frozen-lockfile -C /temp/dev/ @@ -55,11 +55,7 @@ COPY web . # build ENV NODE_ENV=production - -RUN export WG_HOST="127.0.0.1" &&\ - export AUTH_SECRET="$(openssl rand -base64 32)" &&\ - export HASHED_PASSWORD="$(openssl passwd -6 -salt $(openssl rand -base64 32) $(openssl rand -base64 32))" &&\ - npm run build +RUN npm run build FROM base AS release diff --git a/Dockerfile-Dev b/Dockerfile-Dev index 86f0dbe..587c212 100644 --- a/Dockerfile-Dev +++ b/Dockerfile-Dev @@ -5,10 +5,6 @@ WORKDIR /app ENV TZ=UTC RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone -ENV PNPM_HOME="/pnpm" -ENV PATH="$PNPM_HOME:$PATH" -RUN corepack enable - COPY --from=chriswayg/tor-alpine:latest /usr/local/bin/obfs4proxy /usr/local/bin/obfs4proxy COPY --from=chriswayg/tor-alpine:latest /usr/local/bin/meek-server /usr/local/bin/meek-server @@ -40,6 +36,10 @@ RUN rm -rf /var/cache/apk/* FROM base AS deps +ENV PNPM_HOME="/pnpm" +ENV PATH="$PNPM_HOME:$PATH" +RUN corepack enable + RUN mkdir -p /temp/dev/ COPY web/package.json web/pnpm-lock.yaml /temp/dev/ diff --git a/web/package.json b/web/package.json index 6643145..06857ca 100644 --- a/web/package.json +++ b/web/package.json @@ -4,7 +4,7 @@ "private": true, "scripts": { "dev": "vite dev", - "build": "WG_HOST=localhost vite build", + "build": "vite build", "preview": "vite preview", "check": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json", "check:watch": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json --watch", diff --git a/web/src/hooks.server.ts b/web/src/hooks.server.ts index 18af427..39d8b3e 100644 --- a/web/src/hooks.server.ts +++ b/web/src/hooks.server.ts @@ -1,8 +1,10 @@ import type { Handle } from '@sveltejs/kit'; import { verifyToken } from '$lib/auth'; -import { HASHED_PASSWORD } from '$env/static/private'; +import 'dotenv/config'; export const handle: Handle = async ({ event, resolve }) => { + const { HASHED_PASSWORD } = process.env; + if (!!HASHED_PASSWORD && !AUTH_EXCEPTION.includes(event.url.pathname)) { const token = event.cookies.get('authorization'); const token_valid = await verifyToken(token ?? ''); diff --git a/web/src/lib/auth.ts b/web/src/lib/auth.ts index 2ac8c3a..38638e5 100644 --- a/web/src/lib/auth.ts +++ b/web/src/lib/auth.ts @@ -1,5 +1,10 @@ import jwt from 'jsonwebtoken'; -import { AUTH_SECRET } from '$env/static/private'; +import 'dotenv/config'; +import Hex from 'crypto-js/enc-hex'; +import { randomUUID } from 'node:crypto'; +import SHA256 from 'crypto-js/sha256'; + +export const AUTH_SECRET = process.env.AUTH_SECRET || Hex.stringify(SHA256(randomUUID())); export async function generateToken(): Promise { const now = Math.floor(Date.now() / 1000); diff --git a/web/src/routes/api/host/+server.ts b/web/src/routes/api/host/+server.ts index 9cf3e8f..da610e8 100644 --- a/web/src/routes/api/host/+server.ts +++ b/web/src/routes/api/host/+server.ts @@ -1,22 +1,22 @@ import type { RequestHandler } from '@sveltejs/kit'; -import { WG_HOST } from '$env/static/private'; import Shell from '$lib/shell'; +import 'dotenv/config'; export const GET: RequestHandler = async () => { - let HOSTNAME = WG_HOST; + let { WG_HOST } = process.env // if the host is not set, then we are using the server's public IP - if (!HOSTNAME) { + if (!WG_HOST) { const resp = await Shell.exec('curl -s ifconfig.me', true); - HOSTNAME = resp.trim(); + WG_HOST = resp.trim(); } // check if WG_HOST is still not set - if (!HOSTNAME) { + if (!WG_HOST) { console.error('WG_HOST is not set'); return new Response('NOT_SET', { status: 500, headers: { 'Content-Type': 'text/plain' } }); } - return new Response(HOSTNAME, { status: 200, headers: { 'Content-Type': 'text/plain' } }); + return new Response(WG_HOST, { status: 200, headers: { 'Content-Type': 'text/plain' } }); };