diff --git a/Dockerfile b/Dockerfile index 5083d2c..d91fae5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,9 @@ FROM alpine:latest RUN apk add --update --no-cache \ - bash python3 py3-pip nginx uwsgi uwsgi-python3 certbot certbot-nginx + bash python3 py3-pip nginx uwsgi uwsgi-python3 certbot certbot-nginx npm jq + +RUN npm install -g web-push diff --git a/res/config.deploy.ini b/res/config.deploy.ini index 546da41..4afb438 100644 --- a/res/config.deploy.ini +++ b/res/config.deploy.ini @@ -4,6 +4,9 @@ # Remove or leave empty for temporary (/tmp/ftracker-db.json) storage db_file = /var/ftracker/db.json +# Delete all information after X days (e.g. for GDPR compliance) +delete_after_days = 28 + # List of people to be allowed, in .csv format (comma, no delimiters) # Col1: First Name(s), Col2: Last Name(s), Col3 (optional): EMail # Remove or leave empty for no check @@ -21,3 +24,11 @@ guideline_url = https://youtu.be/oHg5SJYRHA0 # JSON indentation for debugging json_indent = 4 + +# VAPID credentials for push notifications +# private key: base64url encoded private part of an EC-Prime256v1 keypair. See INSTALL.md +# sender info: usually mailto link to responsible party to contact about issues +push_private_key = abcdefghijklm_NOPQRSTUVWXYZ-0123456789 +push_sender_info = mailto:admin@example.com +# when to notify users, in hours after arrival +notify_after_hrs = 10 diff --git a/res/docker-entrypoint.sh b/res/docker-entrypoint.sh index ef08f87..b1e6713 100644 --- a/res/docker-entrypoint.sh +++ b/res/docker-entrypoint.sh @@ -1,5 +1,25 @@ #!/bin/bash +echo " >>> Checking / Creating & patching VAPID creds <<< " + +VAPID_CREDS_FILE=/etc/ftracker/vapid-creds.json +if [[ ! -f $VAPID_CREDS_FILE ]] +then + + echo "Generating keypair ..." + + web-push generate-vapid-keys --json > $VAPID_CREDS_FILE + + echo "Patching public key into frontend ..." + PUB_KEY=`cat $VAPID_CREDS_FILE | jq -r .publicKey` + sed -i "s/pushServerPublicKey = '[a-zA-Z0-9_\-]*'/pushServerPublicKey = '${PUB_KEY}'/" /var/www/html/ftracker/main.js + + echo "Patching private key into backend config ..." + PRIV_KEY=`cat $VAPID_CREDS_FILE | jq -r .privateKey` + echo "push_private_key = ${PRIV_KEY}" >> /etc/ftracker/config.ini + +fi + echo " >>> Starting nginx <<< " mkdir /run/nginx # needed because of bug in package