mirror of
https://github.com/wireadmin/wireadmin
synced 2025-06-26 18:28:06 +00:00
fix
This commit is contained in:
Shahrad Elahi
parent
bd2ddbb08b
commit
f0d675dc39
39
Dockerfile
39
Dockerfile
@ -1,7 +1,7 @@
|
|||||||
ARG ALPINE_VERSION=3.19
|
ARG ALPINE_VERSION=3.19
|
||||||
|
ARG LYREBIRD_VERSION=0.2.0
|
||||||
ARG NODE_VERSION=20
|
ARG NODE_VERSION=20
|
||||||
|
|
||||||
FROM --platform=$BUILDPLATFORM shahradel/torproxy:latest as tor
|
|
||||||
FROM --platform=$BUILDPLATFORM node:${NODE_VERSION}-alpine${ALPINE_VERSION} as node
|
FROM --platform=$BUILDPLATFORM node:${NODE_VERSION}-alpine${ALPINE_VERSION} as node
|
||||||
ENV TZ=UTC
|
ENV TZ=UTC
|
||||||
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
|
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
|
||||||
@ -15,6 +15,32 @@ RUN apk update \
|
|||||||
tor \
|
tor \
|
||||||
&& rm -rf /var/cache/apk/*
|
&& rm -rf /var/cache/apk/*
|
||||||
|
|
||||||
|
FROM --platform=${BUILDPLATFORM} golang:alpine AS pluggables
|
||||||
|
ARG LYREBIRD_VERSION
|
||||||
|
RUN apk update \
|
||||||
|
&& apk upgrade \
|
||||||
|
&& apk add -U --no-cache \
|
||||||
|
bash \
|
||||||
|
make \
|
||||||
|
&& rm -rf /var/cache/apk/*
|
||||||
|
SHELL ["/bin/bash", "-c"]
|
||||||
|
RUN <<EOT
|
||||||
|
set -ex
|
||||||
|
cd /tmp
|
||||||
|
|
||||||
|
# Lyrebird - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird
|
||||||
|
wget "https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird/-/archive/lyrebird-$LYREBIRD_VERSION/lyrebird-lyrebird-$LYREBIRD_VERSION.tar.gz"
|
||||||
|
tar -xvf lyrebird-lyrebird-$LYREBIRD_VERSION.tar.gz
|
||||||
|
pushd lyrebird-lyrebird-$LYREBIRD_VERSION || exit 1
|
||||||
|
make build -e VERSION=$LYREBIRD_VERSION
|
||||||
|
cp ./lyrebird /usr/local/bin
|
||||||
|
popd || exit 1
|
||||||
|
|
||||||
|
cp -rv /go/bin /usr/local/bin
|
||||||
|
rm -rf /go
|
||||||
|
rm -rf /tmp/*
|
||||||
|
EOT
|
||||||
|
|
||||||
FROM node AS build
|
FROM node AS build
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
ENV PNPM_HOME="/pnpm"
|
ENV PNPM_HOME="/pnpm"
|
||||||
@ -30,7 +56,7 @@ RUN --mount=type=cache,id=pnpm,target=/pnpm/store pnpm install --frozen-lockfile
|
|||||||
FROM node
|
FROM node
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
|
|
||||||
COPY --from=tor /usr/local/bin/lyrebird /usr/local/bin/lyrebird
|
COPY --from=pluggables /usr/local/bin/lyrebird /usr/local/bin/lyrebird
|
||||||
COPY rootfs /
|
COPY rootfs /
|
||||||
|
|
||||||
ENV PROTOCOL_HEADER=x-forwarded-proto
|
ENV PROTOCOL_HEADER=x-forwarded-proto
|
||||||
@ -44,9 +70,10 @@ COPY --from=build /tmp/node_modules node_modules
|
|||||||
COPY --from=build /tmp/build build
|
COPY --from=build /tmp/build build
|
||||||
|
|
||||||
# Fix permissions
|
# Fix permissions
|
||||||
RUN mkdir -p /data/ && chmod 700 /data/
|
RUN mkdir -p /data/ /etc/tor/torrc.d/ /var/log/wireadmin/ \
|
||||||
RUN mkdir -p /etc/tor/torrc.d/ && chmod -R 400 /etc/tor/
|
&& chmod 700 /data/ \
|
||||||
RUN mkdir -p /var/log/wireadmin/ && touch /var/log/wireadmin/web.log
|
&& chmod -R 400 /etc/tor/ \
|
||||||
|
&& touch /var/log/wireadmin/web.log
|
||||||
|
|
||||||
RUN echo '* * * * * /usr/bin/env logrotate /etc/logrotate.d/rotator' > /etc/crontabs/root
|
RUN echo '* * * * * /usr/bin/env logrotate /etc/logrotate.d/rotator' > /etc/crontabs/root
|
||||||
|
|
||||||
@ -60,4 +87,4 @@ VOLUME ["/etc/tor", "/var/lib/tor", "/data"]
|
|||||||
|
|
||||||
# Run the app
|
# Run the app
|
||||||
EXPOSE 3000/tcp
|
EXPOSE 3000/tcp
|
||||||
CMD [ "node", "./build/index.js" ]
|
CMD [ "node", "/app/build/index.js" ]
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
services:
|
services:
|
||||||
wireadmin:
|
wireadmin:
|
||||||
image: ghcr.io/wireadmin/wireadmin
|
image: ghcr.io/wireadmin/wireadmin:dev
|
||||||
build:
|
build:
|
||||||
context: .
|
context: .
|
||||||
dockerfile: Dockerfile-Dev
|
dockerfile: Dockerfile-Dev
|
||||||
|
|||||||
@ -15,8 +15,12 @@ services:
|
|||||||
- wireadmin-data:/data
|
- wireadmin-data:/data
|
||||||
- tor-data:/var/lib/tor
|
- tor-data:/var/lib/tor
|
||||||
ports:
|
ports:
|
||||||
- '51820:51820/udp'
|
|
||||||
- '3000:3000/tcp'
|
- '3000:3000/tcp'
|
||||||
|
# Dnsmasq
|
||||||
|
#- '53:53/udp'
|
||||||
|
#- '53:53/tcp'
|
||||||
|
# WireGuard
|
||||||
|
- '51820:51820/udp'
|
||||||
cap_add:
|
cap_add:
|
||||||
- NET_ADMIN
|
- NET_ADMIN
|
||||||
- SYS_MODULE
|
- SYS_MODULE
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
"packageManager": "pnpm@8.15.0",
|
"packageManager": "pnpm@8.15.0",
|
||||||
"scripts": {
|
"scripts": {
|
||||||
"dev": "docker compose -f docker-compose.yml -f docker-compose.dev.yml up --force-recreate",
|
"dev": "docker compose -f docker-compose.yml -f docker-compose.dev.yml up --force-recreate",
|
||||||
"dev:image": "docker buildx build --tag ghcr.io/wireadmin/wireadmin -f Dockerfile-Dev .",
|
"dev:image": "docker buildx build --tag ghcr.io/wireadmin/wireadmin:dev -f Dockerfile-Dev .",
|
||||||
"build": "docker buildx build --tag ghcr.io/wireadmin/wireadmin .",
|
"build": "docker buildx build --tag ghcr.io/wireadmin/wireadmin .",
|
||||||
"start": "docker compose -f docker-compose.yml up --force-recreate",
|
"start": "docker compose -f docker-compose.yml up --force-recreate",
|
||||||
"format": "prettier --write .",
|
"format": "prettier --write .",
|
||||||
|
|||||||
@ -12,7 +12,7 @@ export const env = createEnv({
|
|||||||
server: {
|
server: {
|
||||||
STORAGE_PATH: z.string().default('/data/storage.pack'),
|
STORAGE_PATH: z.string().default('/data/storage.pack'),
|
||||||
AUTH_SECRET: z.string().default(sha256(randomUUID())),
|
AUTH_SECRET: z.string().default(sha256(randomUUID())),
|
||||||
HASHED_PASSWORD: z.string().default(sha256('insecure-password')),
|
ADMIN_PASSWORD: z.string().default('insecure-password'),
|
||||||
// -----
|
// -----
|
||||||
NODE_ENV: z.enum(['development', 'production', 'test']).default('development'),
|
NODE_ENV: z.enum(['development', 'production', 'test']).default('development'),
|
||||||
ORIGIN: z.string().optional(),
|
ORIGIN: z.string().optional(),
|
||||||
|
|||||||
@ -28,13 +28,10 @@ export const actions: Actions = {
|
|||||||
return fail(400, { ok: false, message: 'Bad Request', form });
|
return fail(400, { ok: false, message: 'Bad Request', form });
|
||||||
}
|
}
|
||||||
|
|
||||||
const { HASHED_PASSWORD } = env;
|
const { ADMIN_PASSWORD } = env;
|
||||||
const { password } = form.data;
|
const { password } = form.data;
|
||||||
|
|
||||||
const hashed = HASHED_PASSWORD.toLowerCase();
|
if (sha256(ADMIN_PASSWORD).toLowerCase() !== sha256(password).toLowerCase()) {
|
||||||
const receivedHashed = sha256(password).toLowerCase();
|
|
||||||
|
|
||||||
if (hashed !== receivedHashed) {
|
|
||||||
logger.debug('Action: Login: failed to validate password.');
|
logger.debug('Action: Login: failed to validate password.');
|
||||||
return setError(form, 'password', 'Incorrect password.');
|
return setError(form, 'password', 'Incorrect password.');
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user