From e6e16a6b3791a1edd87cd69bef9c19cc744e57e3 Mon Sep 17 00:00:00 2001 From: Willian Galvani Date: Mon, 19 May 2025 20:18:31 -0300 Subject: [PATCH 1/3] Dockerfile: user non-root user --- Dockerfile | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/Dockerfile b/Dockerfile index 89d106080..8c80320a3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,6 +6,9 @@ WORKDIR /usr/src/app # Install git (needed for submodules) RUN apt-get update && apt-get install -y git +# Create a non-root user +RUN useradd -m -u 2000 nodeuser + # Copy package files first for better caching COPY package*.json ./ @@ -23,5 +26,14 @@ RUN git submodule update # Run the update-browserslist-db as suggested in the warning RUN npx update-browserslist-db@latest +# Change ownership of the app directory to the non-root user +RUN chown -R nodeuser:nodeuser /usr/src/app + +# Switch to non-root user +USER nodeuser + +# Configure git to trust the mounted directory +RUN git config --global --add safe.directory /usr/src/app + EXPOSE 8080 CMD [ "npm", "run", "dev" ] From 63f179cb9fc034ae92d8c37d88120e68ad1189af Mon Sep 17 00:00:00 2001 From: Willian Galvani Date: Mon, 19 May 2025 20:22:57 -0300 Subject: [PATCH 2/3] Allow passing Cesium Ion token via environment variables --- .github/workflows/nodejsdeploy.yml | 2 ++ config/dev.env.js | 3 ++- config/prod.env.js | 3 ++- src/components/CesiumViewer.vue | 5 ++--- 4 files changed, 8 insertions(+), 5 deletions(-) diff --git a/.github/workflows/nodejsdeploy.yml b/.github/workflows/nodejsdeploy.yml index 01a5f5468..a99092292 100644 --- a/.github/workflows/nodejsdeploy.yml +++ b/.github/workflows/nodejsdeploy.yml @@ -32,6 +32,8 @@ jobs: - run: npm install - run: npm run build --if-present + env: + VUE_APP_CESIUM_TOKEN: ${{ secrets.CESIUM_TOKEN }} - name: deploy to server uses: AEnterprise/rsync-deploy@v1.0.2 diff --git a/config/dev.env.js b/config/dev.env.js index 1f3ca8f42..332814a81 100644 --- a/config/dev.env.js +++ b/config/dev.env.js @@ -3,5 +3,6 @@ const { merge } = require('webpack-merge') const prodEnv = require('./prod.env') module.exports = merge(prodEnv, { - NODE_ENV: '"development"' + NODE_ENV: '"development"', + VUE_APP_CESIUM_TOKEN: JSON.stringify(process.env.VUE_APP_CESIUM_TOKEN || '') }) diff --git a/config/prod.env.js b/config/prod.env.js index a6f997616..cf6d3ab32 100644 --- a/config/prod.env.js +++ b/config/prod.env.js @@ -1,4 +1,5 @@ 'use strict' module.exports = { - NODE_ENV: '"production"' + NODE_ENV: '"production"', + VUE_APP_CESIUM_TOKEN: JSON.stringify(process.env.VUE_APP_CESIUM_TOKEN || '') } diff --git a/src/components/CesiumViewer.vue b/src/components/CesiumViewer.vue index 5fe7aeb20..55c5caa12 100644 --- a/src/components/CesiumViewer.vue +++ b/src/components/CesiumViewer.vue @@ -84,9 +84,8 @@ import { isPointInPolygon } from './cesiumExtra/boundingPolygon.js' -Ion.defaultAccessToken = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIwMTIzNmJhM' + - 'y1jNDE3LTQ0MzAtODVkMS1mZmUzODdjMTg0MGIiLCJpZCI6MzAzNjYzLCJpYXQiOjE3NDc2MjEzOTR9.Eu' + - 'W7FIgBv2OzYDyy0xfCWiExKyLIK9S4qJoT4D5-qrM' +// Set Cesium token from environment variable +Ion.defaultAccessToken = process.env.VUE_APP_CESIUM_TOKEN || '' const colorCoderMode = new ColorCoderMode(store) const colorCoderRange = new ColorCoderRange(store) From 4da492366c53786d766d46e4136c9b0b3c082380 Mon Sep 17 00:00:00 2001 From: Willian Galvani Date: Mon, 19 May 2025 21:07:28 -0300 Subject: [PATCH 3/3] Update Readme --- README.md | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index b443af2d1..5b3f8ee98 100644 --- a/README.md +++ b/README.md @@ -44,14 +44,10 @@ or build the docker file locally: docker build -t /uavlogviewer . # Run Docker Image -docker run -p 8080:8080 -d /uavlogviewer - -# View Running Containers -docker ps - -# View Container Log -docker logs +docker run -e VUE_APP_CESIUM_TOKEN= -it -p 8080:8080 -v ${PWD}:/usr/src/app /uavlogviewer # Navigate to localhost:8080 in your web browser +# changes should automatically be applied to the viewer + ```