Feat/bundle #59

0xfurai · 2025-07-05T00:50:45Z

No description provided.

…ure and enhance clarity on authentication

…on" feature and improve overall documentation clarity

…Dockerfiles, docker-compose files, and associated startup scripts, to streamline the project structure and eliminate unused components.

- Introduced a new job for running Playwright tests against multiple database configurations (SQLite, MongoDB, PostgreSQL). - Added steps for environment setup, including dependency installation and Docker container management. - Implemented health checks and logging for better visibility during test execution. - Ensured cleanup of test data and container resources after job completion.

… path and remove unused database configuration variables. Delete obsolete Dockerfile.bundle to streamline project structure.

… web service from './apps/web' to '../apps/web' across MongoDB, PostgreSQL, and SQLite configurations.

…s and improve configuration management - Updated docker-release.yml to use a consistent file naming convention for Dockerfiles. - Modified playwright.yml to utilize a unified docker-compose file structure based on the new configuration matrix. - Removed obsolete Docker Compose files and Dockerfiles for MongoDB, PostgreSQL, and SQLite to streamline project structure.

- Updated references in playwright-reusable.yml and release-candidate.yml to use a consistent dot notation for Docker image names. - Ensured uniformity in the naming structure for better clarity and maintainability across workflows.

- Updated MongoDB, PostgreSQL, and SQLite Docker Compose configurations to use a consistent dot notation for Dockerfile names. - Improved clarity and maintainability across the project by aligning naming conventions.

- Modified MongoDB, PostgreSQL, and SQLite Dockerfiles to copy the Caddyfile using a relative path for improved consistency and clarity in file references.

… and scripts - Deleted unused Docker Compose files and Dockerfiles for MongoDB, PostgreSQL, and SQLite to streamline the project structure. - Updated Makefile and README.md to reflect changes in file paths and configurations. - Improved clarity and maintainability by standardizing paths in Docker Compose and GitHub Actions workflows.

…check URLs - Changed the port mapping in the Docker run commands from 8384 to 8383 for SQLite, MongoDB, and PostgreSQL services. - Updated health check URLs in the workflows to reflect the new port configuration. - Adjusted the Playwright test command to use the correct base URL for the updated port.

…pdate installation process - Changed base image from Caddy Alpine to Ubuntu 22.04 for better compatibility. - Updated installation commands to include necessary dependencies and MongoDB setup. - Adjusted file paths for supervisor and startup scripts to follow consistent naming conventions. - Removed obsolete startup and supervisor configuration scripts to streamline the project structure.

- Changed environment variable from DB_TYPE=mongodb to DB_TYPE=mongo for consistency. - Updated Dockerfile to use the official mongo:7 image, removing unnecessary MongoDB installation steps. - Adjusted supervisord configuration files to log output to stdout and stderr instead of log files, enhancing logging visibility.

… enhance initialization process - Changed base image from Caddy Alpine to official PostgreSQL 17 image for improved compatibility. - Updated installation commands to include necessary dependencies and Caddy setup. - Enhanced PostgreSQL initialization script to ensure proper ownership and permissions for the data directory. - Replaced `su-exec` with `gosu` for better user switching during PostgreSQL operations.

…24 to 20 for improved efficiency

…cks by consolidating log commands into a single line

…ronment validation - Streamlined the Dockerfile by removing unnecessary comments and consolidating commands for building the Go server and React web app. - Added environment variable validation in the startup script to ensure critical variables are set and meet security requirements. - Implemented security measures for sensitive files and improved MongoDB initialization with enhanced error handling and user creation processes. - Updated configuration defaults in the Go application to ensure consistent behavior across environments.

…ility - Removed local variable declarations for retry counts in the MongoDB readiness checks, simplifying the script. - Enhanced clarity by maintaining consistent variable usage across different sections of the script.

…onment validation - Refactored the Dockerfile to streamline the build process and reduce unnecessary comments. - Added comprehensive environment variable validation in the startup script to ensure critical variables are set and meet security requirements. - Implemented secure handling of sensitive information and improved PostgreSQL initialization with enhanced error handling and user creation processes. - Updated permissions for sensitive files and ensured proper cleanup of environment variables after use.

- Removed the secure command execution function for MongoDB, simplifying the script. - Updated MongoDB startup to run without authentication for initial setup. - Consolidated user creation commands into a single operation for clarity and efficiency. - Enhanced supervisord configuration with priority settings and start parameters for better process management.

- Modified the startup script to initialize the API_URL in the generated env.js file as an empty string instead of using the environment variable, ensuring a consistent default value during container startup.

… security enhancements - Changed the base image in the Dockerfile from PostgreSQL to Ubuntu 24.04 for better control over package installations. - Added security measures by installing necessary packages with minimal privileges and setting up proper locales. - Implemented PostgreSQL installation from the official repository and configured environment variables for PostgreSQL paths. - Updated permissions for PostgreSQL data directories to enhance security. - Modified the startup script to ensure temporary SQL files are owned by the postgres user for improved security during execution.

…curity improvements - Changed the base image in the Dockerfile from MongoDB to Ubuntu 22.04 for better control over package installations. - Added environment variables for non-interactive installation and updated system dependencies. - Installed MongoDB 7 from the official repository with proper versioning and security measures. - Enhanced directory permissions and ownership for MongoDB data and configuration files. - Updated the startup script to ensure correct permissions for MongoDB directories and improved initialization logic. - Modified supervisord configuration for MongoDB to include port settings and process management enhancements.

- Cleaned up existing MongoDB processes before starting a new instance to prevent conflicts. - Modified MongoDB startup to run in the background and capture the process ID for better management. - Implemented graceful shutdown of MongoDB after initialization to ensure proper resource cleanup. - Enhanced waiting mechanism for MongoDB readiness to improve reliability during setup.

… settings - Changed ACCESS_TOKEN_EXPIRED_IN from 1h to 15m to reduce token lifespan for security. - Updated REFRESH_TOKEN_EXPIRED_IN from 60m to 1h to maintain a balance between security and usability.

…n handling - Added ownership and permission settings for MongoDB log files to ensure proper access. - Implemented cleanup of existing log files to prevent permission conflicts during initialization. - Enhanced user creation logic to handle existing users gracefully with error handling. - Improved process management by ensuring MongoDB processes are killed properly and verified after initialization.

…ient - Changed the pnpm install filter from 'web-client' to 'web' in both MongoDB and PostgreSQL Dockerfiles to ensure the correct application dependencies are installed during the build process.

- Reduced the minimum length requirement for ACCESS_TOKEN_SECRET_KEY and REFRESH_TOKEN_SECRET_KEY from 32 to 16 characters in both MongoDB and PostgreSQL startup scripts to enhance flexibility while maintaining security standards.

- Removed sensitive variable clearing from the PostgreSQL startup script, ensuring environment variables remain accessible to supervisor processes. - Added environment variable definitions in the supervisor configuration to maintain necessary settings for PostgreSQL and related services.

- Added error handling to the service startup command in the Playwright workflow to display container and individual service logs if the startup fails. - Introduced a new environment variable CLIENT_URL to the workflow configuration for improved service accessibility.

cursor

Bug: SQL Injection Risk via Unescaped Variables

The DB_PASS variable is not substituted into the CREATE USER SQL command because it is enclosed in single quotes. This causes PostgreSQL to receive the literal string '$DB_PASS' as the password, leading to user creation failure or an incorrect password being set. Furthermore, if the variable were correctly substituted, its direct interpolation into the SQL string without proper escaping would introduce an SQL injection vulnerability.

startup.bundle.postgres.sh#L158-L159

peekaping/startup.bundle.postgres.sh

Lines 158 to 159 in 9e36bb2

    
           # Create user with secure password handling 
        
           execute_sql_safely "CREATE USER \"$DB_USER\" WITH PASSWORD '$DB_PASS';"

Fix in Cursor • Fix in Web

Was this report helpful? Give feedback by reacting with 👍 or 👎

- Changed ACCESS_TOKEN_SECRET_KEY and REFRESH_TOKEN_SECRET_KEY in .env.prod.example to use test values for improved clarity during development and testing.

github-actions · 2025-07-07T02:16:14Z

🚀 Release Candidate Built: 0.0.24-rc.4

    The release candidate has been successfully built and published!

    **Docker Images:**
    - UI: `ghcr.io/0xfurai/peekaping-web:0.0.24-rc.4`
    - Server: `ghcr.io/0xfurai/peekaping-server:0.0.24-rc.4`
    - Migrate: `ghcr.io/0xfurai/peekaping-migrate:0.0.24-rc.4`

    **Bundle Containers:**
    - SQLite: `ghcr.io/0xfurai/peekaping-bundle-sqlite:0.0.24-rc.4`
    - MongoDB: `ghcr.io/0xfurai/peekaping-bundle-mongo:0.0.24-rc.4`
    - PostgreSQL: `ghcr.io/0xfurai/peekaping-bundle-postgres:0.0.24-rc.4`

    [View Release](https://github.com/0xfurai/peekaping/releases/tag/0.0.24-rc.4)

0xfurai added 3 commits July 4, 2025 18:06

Update README.md to reflect removal of "Real-time Collaboration" feat…

a99390a

…ure and enhance clarity on authentication

Update README.md to clarify the removal of the "Real-time Collaborati…

ac59c28

…on" feature and improve overall documentation clarity

Remove all Docker-related configuration files and scripts, including …

5e604f5

…Dockerfiles, docker-compose files, and associated startup scripts, to streamline the project structure and eliminate unused components.