diff --git a/Dockerfile b/Dockerfile index 8ad4bbbfb..7e0a77886 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,10 +4,6 @@ ARG NODE_VERSION=20.10.0-alpine3.18 FROM node:${NODE_VERSION} as build -RUN corepack enable - -WORKDIR /sharkey - RUN apk add git linux-headers build-base ENV PYTHONUNBUFFERED=1 @@ -15,55 +11,70 @@ RUN apk add --update python3 && ln -sf python3 /usr/bin/python RUN python3 -m ensurepip RUN pip3 install --no-cache --upgrade pip setuptools -COPY . ./ +RUN corepack enable + +WORKDIR /sharkey + +COPY --link . ./ RUN git submodule update --init --recursive RUN pnpm config set fetch-retries 5 RUN --mount=type=cache,target=/root/.local/share/pnpm/store,sharing=locked \ - pnpm i + pnpm i --frozen-lockfile --aggregate-output RUN pnpm build RUN node scripts/trim-deps.mjs RUN mv packages/frontend/assets sharkey-assets +RUN --mount=type=cache,target=/root/.local/share/pnpm/store,sharing=locked \ + pnpm prune RUN rm -r node_modules packages/frontend packages/sw RUN --mount=type=cache,target=/root/.local/share/pnpm/store,sharing=locked \ - pnpm i --prod + pnpm i --prod --frozen-lockfile --aggregate-output RUN rm -rf .git FROM node:${NODE_VERSION} +ARG UID="991" +ARG GID="991" + +RUN apk add ffmpeg tini jemalloc \ + && corepack enable \ + && addgroup -g "${GID}" sharkey \ + && adduser -D -u "${UID}" -G sharkey -h /sharkey sharkey \ + && find / -type d -path /sys -prune -o -type d -path /proc -prune -o -type f -perm /u+s -exec chmod u-s {} \; \ + && find / -type d -path /sys -prune -o -type d -path /proc -prune -o -type f -perm /g+s -exec chmod g-s {} \; + +USER sharkey WORKDIR /sharkey -RUN apk add ffmpeg tini +COPY --chown=sharkey:sharkey --from=build /sharkey/node_modules ./node_modules +COPY --chown=sharkey:sharkey --from=build /sharkey/packages/backend/node_modules ./packages/backend/node_modules +COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-js/node_modules ./packages/misskey-js/node_modules +COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-reversi/node_modules ./packages/misskey-reversi/node_modules +COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-bubble-game/node_modules ./packages/misskey-bubble-game/node_modules +COPY --chown=sharkey:sharkey --from=build /sharkey/packages/megalodon/node_modules ./packages/megalodon/node_modules +COPY --chown=sharkey:sharkey --from=build /sharkey/built ./built +COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-js/built ./packages/misskey-js/built +COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-reversi/built ./packages/misskey-reversi/built +COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-bubble-game/built ./packages/misskey-bubble-game/built +COPY --chown=sharkey:sharkey --from=build /sharkey/packages/backend/built ./packages/backend/built +COPY --chown=sharkey:sharkey --from=build /sharkey/packages/megalodon/lib ./packages/megalodon/lib +COPY --chown=sharkey:sharkey --from=build /sharkey/fluent-emojis ./fluent-emojis +COPY --chown=sharkey:sharkey --from=build /sharkey/tossface-emojis/dist ./tossface-emojis/dist +COPY --chown=sharkey:sharkey --from=build /sharkey/sharkey-assets ./packages/frontend/assets -COPY --from=build /sharkey/built ./built -COPY --from=build /sharkey/node_modules ./node_modules -COPY --from=build /sharkey/packages/backend/built ./packages/backend/built -COPY --from=build /sharkey/packages/backend/node_modules ./packages/backend/node_modules -COPY --from=build /sharkey/packages/megalodon/lib ./packages/megalodon/lib -COPY --from=build /sharkey/packages/megalodon/node_modules ./packages/megalodon/node_modules -COPY --from=build /sharkey/packages/misskey-js/built ./packages/misskey-js/built -COPY --from=build /sharkey/packages/misskey-js/node_modules ./packages/misskey-js/node_modules -COPY --from=build /sharkey/packages/misskey-reversi/built ./packages/misskey-reversi/built -COPY --from=build /sharkey/packages/misskey-reversi/node_modules ./packages/misskey-reversi/node_modules -COPY --from=build /sharkey/packages/misskey-bubble-game/built ./packages/misskey-bubble-game/built -COPY --from=build /sharkey/packages/misskey-bubble-game/node_modules ./packages/misskey-bubble-game/node_modules -COPY --from=build /sharkey/fluent-emojis ./fluent-emojis -COPY --from=build /sharkey/tossface-emojis/dist ./tossface-emojis/dist -COPY --from=build /sharkey/sharkey-assets ./packages/frontend/assets - -COPY package.json ./package.json -COPY pnpm-workspace.yaml ./pnpm-workspace.yaml -COPY packages/backend/package.json ./packages/backend/package.json -COPY packages/backend/check_connect.js ./packages/backend/check_connect.js -COPY packages/backend/ormconfig.js ./packages/backend/ormconfig.js -COPY packages/backend/migration ./packages/backend/migration -COPY packages/backend/assets ./packages/backend/assets -COPY packages/megalodon/package.json ./packages/megalodon/package.json -COPY packages/misskey-js/package.json ./packages/misskey-js/package.json -COPY packages/misskey-reversi/package.json ./packages/misskey-reversi/package.json -COPY packages/misskey-bubble-game/package.json ./packages/misskey-bubble-game/package.json +COPY --chown=sharkey:sharkey package.json ./package.json +COPY --chown=sharkey:sharkey pnpm-workspace.yaml ./pnpm-workspace.yaml +COPY --chown=sharkey:sharkey packages/backend/package.json ./packages/backend/package.json +COPY --chown=sharkey:sharkey packages/backend/check_connect.js ./packages/backend/check_connect.js +COPY --chown=sharkey:sharkey packages/backend/ormconfig.js ./packages/backend/ormconfig.js +COPY --chown=sharkey:sharkey packages/backend/migration ./packages/backend/migration +COPY --chown=sharkey:sharkey packages/backend/assets ./packages/backend/assets +COPY --chown=sharkey:sharkey packages/megalodon/package.json ./packages/megalodon/package.json +COPY --chown=sharkey:sharkey packages/misskey-js/package.json ./packages/misskey-js/package.json +COPY --chown=sharkey:sharkey packages/misskey-reversi/package.json ./packages/misskey-reversi/package.json +COPY --chown=sharkey:sharkey packages/misskey-bubble-game/package.json ./packages/misskey-bubble-game/package.json +ENV LD_PRELOAD=/usr/lib/libjemalloc.so.2 ENV NODE_ENV=production -RUN corepack enable ENTRYPOINT ["/sbin/tini", "--"] CMD ["pnpm", "run", "migrateandstart"] diff --git a/IMPORTANT_NOTES.md b/IMPORTANT_NOTES.md index fba40d21c..54d0440be 100644 --- a/IMPORTANT_NOTES.md +++ b/IMPORTANT_NOTES.md @@ -6,8 +6,11 @@ When using a service with Sharkey, there are several important points to keep in 2. Even for posts made in private, there is no guarantee that the recipient's server will treat them as private in the same way. Please exercise caution when posting personal or confidential information. (Again, this applies to the internet in general.) -3. Account deletion can be a resource-intensive process and may take a long time. In cases with a lot of uploaded data, it may even be impossible to delete an account. +3. The "Drive" feature is NOT secure cloud storage. This feature exists for easier managing of your uploaded files. +Any data uploaded, whether shared via post or not, will be publicly accessible. Please use 3rd party cloud storage providers if you need to upload data with sensitive information of any kind. -4. Please disable ad blockers. Some servers may rely on advertising revenue to cover operating costs. Additionally, ad blockers can mistakenly block content and features unrelated to ads, potentially causing issues with the client's functionality and preventing normal use of Sharkey. Therefore, we recommend turning off ad blockers and similar features when using Sharkey. +4. Account deletion can be a resource-intensive process and may take a long time. In cases with a lot of uploaded data, it may even be impossible to delete an account. -Please understand these points and enjoy using the service. \ No newline at end of file +5. Please disable ad blockers. Some servers may rely on advertising revenue to cover operating costs. Additionally, ad blockers can mistakenly block content and features unrelated to ads, potentially causing issues with the client's functionality and preventing normal use of Sharkey. Therefore, we recommend turning off ad blockers and similar features when using Sharkey. + +Please understand these points and enjoy using the service. diff --git a/packages/backend/ormconfig.js b/packages/backend/ormconfig.js index 229e5bf1f..c88b3b3d6 100644 --- a/packages/backend/ormconfig.js +++ b/packages/backend/ormconfig.js @@ -11,7 +11,11 @@ export default new DataSource({ username: config.db.user, password: config.db.pass, database: config.db.db, - extra: config.db.extra, + extra: { + ...config.db.extra, + // migrations may be very slow, give them longer to run (that 10*1000 comes from postgres.ts) + statement_timeout: (config.db.extra?.statement_timeout ?? 1000 * 10) * 10, + }, entities: entities, migrations: ['migration/*.js'], }); diff --git a/packages/frontend/src/account.ts b/packages/frontend/src/account.ts index 171826c9d..90cc2e51c 100644 --- a/packages/frontend/src/account.ts +++ b/packages/frontend/src/account.ts @@ -43,6 +43,7 @@ export async function signout() { waiting(); miLocalStorage.removeItem('account'); await removeAccount($i.id); + document.cookie = `token=; path=/; max-age=0${ location.protocol === 'https:' ? '; Secure' : ''}`; const accounts = await getAccounts(); //#region Remove service worker registration @@ -200,7 +201,7 @@ export async function login(token: Account['token'], redirect?: string) { throw reason; }); miLocalStorage.setItem('account', JSON.stringify(me)); - document.cookie = `token=${token}; path=/; max-age=31536000`; // bull dashboardの認証とかで使う + document.cookie = `token=${token}; path=/; max-age=31536000${ location.protocol === 'https:' ? '; Secure' : ''}`; // bull dashboardの認証とかで使う await addAccount(me.id, token); if (redirect) { diff --git a/packages/frontend/src/components/MkCode.core.vue b/packages/frontend/src/components/MkCode.core.vue index f9aaf4eff..a23b4dc3b 100644 --- a/packages/frontend/src/components/MkCode.core.vue +++ b/packages/frontend/src/components/MkCode.core.vue @@ -72,12 +72,16 @@ watch(() => props.lang, (to) => {