fix

2025-06-26 18:28:06 +00:00 · 2024-05-29 19:48:49 +03:30 · 2024-05-29 19:48:49 +03:30 · f0d675dc39
commit f0d675dc39
parent bd2ddbb08b
6 changed files with 43 additions and 15 deletions
--- a/39
+++ b/39
@ -1,7 +1,7 @@
 ARG ALPINE_VERSION=3.19
+ARG LYREBIRD_VERSION=0.2.0
 ARG NODE_VERSION=20

-FROM --platform=$BUILDPLATFORM shahradel/torproxy:latest as tor
 FROM --platform=$BUILDPLATFORM node:${NODE_VERSION}-alpine${ALPINE_VERSION} as node
 ENV TZ=UTC
 RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
@ -15,6 +15,32 @@ RUN apk update \
    tor \
  && rm -rf /var/cache/apk/*

+FROM --platform=${BUILDPLATFORM} golang:alpine AS pluggables
+ARG LYREBIRD_VERSION
+RUN apk update \
+  && apk upgrade \
+  && apk add -U --no-cache \
+    bash \
+    make \
+  && rm -rf /var/cache/apk/*
+SHELL ["/bin/bash", "-c"]
+RUN <<EOT
+  set -ex
+  cd /tmp
+
+  # Lyrebird - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird
+  wget "https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird/-/archive/lyrebird-$LYREBIRD_VERSION/lyrebird-lyrebird-$LYREBIRD_VERSION.tar.gz"
+  tar -xvf lyrebird-lyrebird-$LYREBIRD_VERSION.tar.gz
+  pushd lyrebird-lyrebird-$LYREBIRD_VERSION || exit 1
+  make build -e VERSION=$LYREBIRD_VERSION
+  cp ./lyrebird /usr/local/bin
+  popd || exit 1
+
+  cp -rv /go/bin /usr/local/bin
+  rm -rf /go
+  rm -rf /tmp/*
+EOT
+
 FROM node AS build
 WORKDIR /app
 ENV PNPM_HOME="/pnpm"
@ -30,7 +56,7 @@ RUN --mount=type=cache,id=pnpm,target=/pnpm/store pnpm install --frozen-lockfile
 FROM node
 WORKDIR /app

-COPY --from=tor /usr/local/bin/lyrebird /usr/local/bin/lyrebird
+COPY --from=pluggables /usr/local/bin/lyrebird /usr/local/bin/lyrebird
 COPY rootfs /

 ENV PROTOCOL_HEADER=x-forwarded-proto
@ -44,9 +70,10 @@ COPY --from=build /tmp/node_modules node_modules
 COPY --from=build /tmp/build build

 # Fix permissions
-RUN mkdir -p /data/ && chmod 700 /data/
-RUN mkdir -p /etc/tor/torrc.d/ && chmod -R 400 /etc/tor/
-RUN mkdir -p /var/log/wireadmin/ && touch /var/log/wireadmin/web.log
+RUN mkdir -p /data/ /etc/tor/torrc.d/ /var/log/wireadmin/ \
+  && chmod 700 /data/ \
+  && chmod -R 400 /etc/tor/ \
+  && touch /var/log/wireadmin/web.log

 RUN echo '*  *  *  *  *    /usr/bin/env logrotate /etc/logrotate.d/rotator' > /etc/crontabs/root

@ -60,4 +87,4 @@ VOLUME ["/etc/tor", "/var/lib/tor", "/data"]

 # Run the app
 EXPOSE 3000/tcp
-CMD [ "node", "./build/index.js" ]
+CMD [ "node", "/app/build/index.js" ]
--- a/docker-compose.dev.yml
+++ b/docker-compose.dev.yml
@ -1,6 +1,6 @@
 services:
  wireadmin:
-    image: ghcr.io/wireadmin/wireadmin
+    image: ghcr.io/wireadmin/wireadmin:dev
    build:
      context: .
      dockerfile: Dockerfile-Dev
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -15,8 +15,12 @@ services:
      - wireadmin-data:/data
      - tor-data:/var/lib/tor
    ports:
-      - '51820:51820/udp'
      - '3000:3000/tcp'
+      # Dnsmasq
+      #- '53:53/udp'
+      #- '53:53/tcp'
+      # WireGuard
+      - '51820:51820/udp'
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
--- a/package.json
+++ b/package.json
@ -6,7 +6,7 @@
  "packageManager": "pnpm@8.15.0",
  "scripts": {
    "dev": "docker compose -f docker-compose.yml -f docker-compose.dev.yml up --force-recreate",
-    "dev:image": "docker buildx build --tag ghcr.io/wireadmin/wireadmin -f Dockerfile-Dev .",
+    "dev:image": "docker buildx build --tag ghcr.io/wireadmin/wireadmin:dev -f Dockerfile-Dev .",
    "build": "docker buildx build --tag ghcr.io/wireadmin/wireadmin .",
    "start": "docker compose -f docker-compose.yml up --force-recreate",
    "format": "prettier --write .",
--- a/web/src/lib/env.ts
+++ b/web/src/lib/env.ts
@ -12,7 +12,7 @@ export const env = createEnv({
  server: {
    STORAGE_PATH: z.string().default('/data/storage.pack'),
    AUTH_SECRET: z.string().default(sha256(randomUUID())),
-    HASHED_PASSWORD: z.string().default(sha256('insecure-password')),
+    ADMIN_PASSWORD: z.string().default('insecure-password'),
    // -----
    NODE_ENV: z.enum(['development', 'production', 'test']).default('development'),
    ORIGIN: z.string().optional(),
--- a/web/src/routes/login/+page.server.ts
+++ b/web/src/routes/login/+page.server.ts
@ -28,13 +28,10 @@ export const actions: Actions = {
        return fail(400, { ok: false, message: 'Bad Request', form });
      }

-      const { HASHED_PASSWORD } = env;
+      const { ADMIN_PASSWORD } = env;
      const { password } = form.data;

-      const hashed = HASHED_PASSWORD.toLowerCase();
-      const receivedHashed = sha256(password).toLowerCase();
-
-      if (hashed !== receivedHashed) {
+      if (sha256(ADMIN_PASSWORD).toLowerCase() !== sha256(password).toLowerCase()) {
        logger.debug('Action: Login: failed to validate password.');
        return setError(form, 'password', 'Incorrect password.');
      }