feat: ajout de la structure complète storage/ et fichiers de configuration

- Ajout de tous les fichiers .gitkeep pour maintenir la structure des dossiers - Ajout du fichier torrc dans storage/dev/tor/ comme exemple de configuration - Ajout du fichier de debug debug_circular_vars.py - Ajout du test SDK test-multiple-files.js - Suppression du fichier .env.master obsolète - Ajout du workspace VS Code pour le développement Structure storage/ complétée: - bitcoin/ - Configuration Bitcoin - blindbit-oracle/ - Configuration Oracle - git/ - Configuration Git - grafana/ - Configuration Grafana + dashboards - ihm_client/ - Configuration client IHM - lecoffre-* - Configurations LeCoffre - loki/ - Configuration Loki - monitoring/ - Configuration monitoring - nginx/ - Configuration Nginx + workspace - promtail/ - Configuration Promtail - sdk_* - Configurations SDK - signer/ - Configuration signer - status/ - Configuration status - supervisor/ - Configuration supervisor - tor/ - Configuration Tor (avec torrc) Tous les fichiers sensibles restent protégés par .gitignore
2025-09-30 15:22:40 +00:00 · 2025-09-30 15:22:40 +00:00 · 4d314db889
commit 4d314db889
parent fe0b702cf7
27 changed files with 156 additions and 163 deletions
--- a/.env.master
+++ b/.env.master
@ -1,163 +0,0 @@
-# DOMAIN
-DOMAIN=dev4.4nkweb.com
-BOOTSTRAP_DOMAIN=dev3.4nkweb.com
-LOCAL_DOMAIN=lecoffreio.4nkweb.com
-LECOFFRE_BACK_DOMAIN=dev3.4nkweb.com
-
-# GIT
-GITEA_BASE_URL=git.4nkweb.com
-GIT_TOKEN=8cde80690a5ffd737536d82a1ab16a765d5105df
-GITEA_OWNER="nicolas.cantu,Omar"
-GITEA_RUNNER_NAME=debian-runner
-
-# Variables d'environnement pour l'application back-end
-NODE_ENV=production
-RUST_LOG=DEBUG
-NODE_OPTIONS=--max-old-space-size=2048
-
-# Configuration IDNOT
-IDNOT_ANNUARY_BASE_URL=https://qual-api.notaires.fr/annuaire
-IDNOT_REDIRECT_URI=https:///lecoffre/authorized-client
-IDNOT_TOKEN_URL=https://qual-connexion.idnot.fr/user/IdPOAuth2/token/idnot_idp_v1
-IDNOT_API_BASE_URL=https://qual-api.notaires.fr
-
-# Configuration serveur
-APP_HOST=dev4.4nkweb.com
-API_BASE_URL=https://${DOMAIN}/back
-DEFAULT_STORAGE=https://${DOMAIN}/storage
-
-# Variables d'environnement pour l'application front-end
-NEXT_PUBLIC_4NK_URL=https://${DOMAIN}
-NEXT_PUBLIC_FRONT_APP_HOST=https://dev4.4nkweb.com/lecoffre
-NEXT_PUBLIC_IDNOT_BASE_URL=https://qual-connexion.idnot.fr
-NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=/IdPOAuth2/authorize/idnot_idp_v1
-NEXT_PUBLIC_BACK_API_PROTOCOL=https
-NEXT_PUBLIC_BACK_API_HOST=${LECOFFRE_BACK_DOMAIN}
-NEXT_PUBLIC_BACK_API_PORT=443
-NEXT_PUBLIC_BACK_API_ROOT_URL=/api
-NEXT_PUBLIC_BACK_API_VERSION=v1
-NEXT_PUBLIC_ANK_BASE_REDIRECT_URI=https://${DOMAIN}/lecoffre/authorized-client
-NEXT_PUBLIC_TARGET_ORIGIN=https://${DOMAIN}/lecoffre
-NEXT_PUBLIC_4NK_IFRAME_URL=https://${DOMAIN}
-NEXT_PUBLIC_IDNOT_REDIRECT_URI=https://${DOMAIN}/lecoffre/authorized-client
-NEXT_PUBLIC_DOCAPOSTE_API_URL=
-NEXT_PUBLIC_API_URL=https://${DOMAIN}/api
-NEXT_PUBLIC_DEFAULT_VALIDATOR_ID=28c9a3a8151bef545ebf700ca5222c63d0031ad593097e95c1de202464304a99
-NEXT_PUBLIC_DEFAULT_STORAGE_URLS=https://${DOMAIN}/storage
-
-# WS
-RELAY_URLS=wss://${DOMAIN}/ws/,wss://${BOOTSTRAP_DOMAIN}/ws/
-
-# SIGNER
-SIGNER_WS_URL=ws://${BOOTSTRAP_DOMAIN}:9090
-SIGNER_BASE_URL=https://${BOOTSTRAP_DOMAIN}
-
-# IHM URLS
-VITE_BOOTSTRAPURL=wss://${BOOTSTRAP_DOMAIN}/ws/
-
-# Cartes de test Stripe
-SUCCES='4242 4242 4242 4242'
-DECLINED='4000 0025 0000 3155'
-CORS_ALLOWED_ORIGINS=https://${DOMAIN}
-
-core_url=http://bitcoin:38332
-ws_url=0.0.0.0:8090
-wallet_name=default
-network=signet
-blindbit_url=http://blindbit:8000
-zmq_url=tcp://bitcoin:29000
-storage=https://${DOMAIN}/storage
-data_dir=/home/bitcoin/.4nk
-bitcoin_data_dir=/home/bitcoin/.bitcoin
-bootstrap_url=wss://${BOOTSTRAP_DOMAIN}/ws/
-bootstrap_faucet=true
-
-# ================== /!\ sensible =========================
-
-# Configuration IDNOT
-IDNOT_API_KEY=ba557f84-0bf6-4dbf-844f-df2767555e3e
-IDNOT_CLIENT_ID=B3CE56353EDB15A9
-IDNOT_CLIENT_SECRET=3F733549E879878344B6C949B366BB5CDBB2DB5B7F7AB7EBBEBB0F0DD0776D1C
-NEXT_PUBLIC_IDNOT_CLIENT_ID=B3CE56353EDB15A9
-
-SIGNER_API_KEY=your-api-key-change-this
-VITE_JWT_SECRET_KEY=52b3d77617bb00982dfee15b08effd52cfe5b2e69b2f61cc4848cfe1e98c0bc9
-
-# Configuration pour réduire les traces Docker
-DOCKER_LOG_LEVEL=info
-COMPOSE_LOG_LEVEL=WARNING
-
-# ===========================================
-# VARIABLES(manquantes)
-# ===========================================
-SIGNER_PORT=9090
-SIGNER_DATABASE_PATH=./data/server.db
-SIGNER_RELAY_URLS=wss://${DOMAIN}/ws/,wss://${BOOTSTRAP_DOMAIN}/ws/
-SIGNER_AUTO_RESTART=true
-SIGNER_MAX_RESTARTS=3
-SIGNER_LOG_LEVEL=info
-
-# ===========================================
-# VARIABLES SDK_RELAY (formatées pour docker-compose)
-# ===========================================
-SDK_RELAY_CORE_URL=http://bitcoin:38332
-SDK_RELAY_WS_URL=0.0.0.0:8090
-SDK_RELAY_WALLET_NAME=default
-SDK_RELAY_NETWORK=signet
-SDK_RELAY_ZMQ_URL=tcp://bitcoin:29000
-SDK_RELAY_STORAGE=https://${DOMAIN}/storage
-SDK_RELAY_DATA_DIR=/app/.4nk
-SDK_RELAY_BITCOIN_DATA_DIR=/app/.bitcoin
-SDK_RELAY_BOOTSTRAP_URL=wss://${BOOTSTRAP_DOMAIN}/ws/
-SDK_RELAY_BOOTSTRAP_FAUCET=true
-SDK_RELAY_BLINDBIT_URL=http://blindbit-oracle:8000
-
-
-# ===========================================
-# VARIABLES IHM_CLIENT (formatées pour docker-compose)
-# ===========================================
-VITE_API_BASE_URL=https://${DOMAIN}/back/api/v1
-VITE_WS_URL=wss://${DOMAIN}/ws/
-VITE_STORAGE_URL=https://${DOMAIN}/storage
-VITE_SIGNER_URL=https://${DOMAIN}/signer
-
-# ===========================================
-# VARIABLES MONITORING
-# ===========================================
-GRAFANA_ADMIN_USER=admin
-GRAFANA_ADMIN_PASSWORD=admin123
-LOKI_URL=http://loki:3100
-PROMTAIL_CONFIG_FILE=/etc/promtail/config.yml
-
-# ===========================================
-# GRAFANA
-# ===========================================
-GF_SECURITY_ADMIN_PASSWORD=Fuy8ZfxQI2xdSdoB8wsGxNjyU
-GF_USERS_ALLOW_SIGN_UP=false
-GF_SERVER_ROOT_URL=https://dev4.4nkweb.com/grafana/
-GF_PLUGINS_PREINSTALL_SYNC=grafana-clock-panel,grafana-simple-json-datasource
-
-# Frontend runtime
-NODE_OPTIONS=--max-old-space-size=4096
-NODE_ENV=production
-
-# Public URLs
-NEXT_PUBLIC_4NK_IFRAME_URL=https://dev4.4nkweb.com
-NEXT_PUBLIC_4NK_URL=https://dev4.4nkweb.com
-NEXT_PUBLIC_FRONT_APP_HOST=https://dev4.4nkweb.com/lecoffre
-
-# Backend API (via dev4 Nginx proxying to dev3)
-NEXT_PUBLIC_BACK_API_PROTOCOL=https
-NEXT_PUBLIC_BACK_API_HOST=dev4.4nkweb.com
-NEXT_PUBLIC_BACK_API_PORT=443
-NEXT_PUBLIC_BACK_API_ROOT_URL=/api
-NEXT_PUBLIC_BACK_API_VERSION=v1
-
-# IdNot
-NEXT_PUBLIC_IDNOT_BASE_URL=https://qual-connexion.idnot.fr
-NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=/IdPOAuth2/authorize/
-# NEXT_PUBLIC_IDNOT_CLIENT_ID is expected to be set in image/secrets
-NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED=http://local.4nkweb.com:3000/authorized-client
-
-# Back base for state endpoint (dev3)
-NEXT_PUBLIC_BACK_BASE=https://dev3.4nkweb.com
--- a/debug_circular_vars.py
+++ b/debug_circular_vars.py
@ -0,0 +1,58 @@
+#!/usr/bin/env python3
+"""Script de debug pour les variables circulaires"""
+
+import sys
+import os
+sys.path.append('/home/debian/4NK_vault')
+
+from pathlib import Path
+from api_server import EnvProcessor
+
+def test_circular_variables():
+    print("🔍 Test des variables circulaires HOST/DOMAIN")
+
+    # Test avec le fichier .env de dev
+    env_file = Path('/home/debian/4NK_vault/storage/dev/.env')
+    processor = EnvProcessor(env_file)
+
+    # Test de résolution des variables problématiques
+    test_variables = ['HOST', 'DOMAIN', 'ROOT_HOST', 'ROOT_URL']
+
+    print(f"\n🔍 Test de résolution des variables:")
+    for var in test_variables:
+        if var in processor.variables:
+            original_value = processor.variables[var]
+            try:
+                resolved = processor._resolve_variable(var)
+                print(f"  {var}: {original_value} → {resolved}")
+            except Exception as e:
+                print(f"  {var}: {original_value} → ERREUR: {e}")
+        else:
+            print(f"  {var}: NON TROVÉE")
+
+    # Test avec un contenu qui utilise ces variables
+    test_content = """
+GF_SERVER_ROOT_URL=https://dev4.$HOST/grafana
+ROOT_URL=https://$ROOT_HOST
+GRAFANA_URL=$ROOT_URL/grafana
+"""
+
+    print(f"\n📄 Contenu de test:")
+    print(test_content)
+
+    processed_content = processor.process_content(test_content)
+
+    print(f"\n📄 Contenu traité:")
+    print(processed_content)
+
+    # Vérifier si des variables sont encore présentes
+    if '$' in processed_content:
+        print("\n⚠️  Variables non résolues détectées!")
+        import re
+        remaining_vars = re.findall(r'\$[A-Za-z_][A-Za-z0-9_]*', processed_content)
+        print(f"Variables restantes: {remaining_vars}")
+    else:
+        print("\n✅ Toutes les variables ont été résolues!")
+
+if __name__ == "__main__":
+    test_circular_variables()
--- a/sdk-client/test-multiple-files.js
+++ b/sdk-client/test-multiple-files.js
@ -0,0 +1,47 @@
+const { SecureVaultClient } = require('./dist/src/index.js');
+const fs = require('fs');
+
+async function testMultipleFiles() {
+    console.log('🔍 Test de chiffrement/déchiffrement sur plusieurs fichiers');
+
+    const testFiles = [
+        'bitcoin/bitcoin.conf',
+        'tor/torrc',
+        'grafana/grafana.ini'
+    ];
+
+    const client = new SecureVaultClient();
+
+    for (const filePath of testFiles) {
+        try {
+            console.log(`\n📁 Test du fichier: ${filePath}`);
+
+            // 1. Lire le fichier original
+            const originalFile = `/home/debian/4NK_vault/storage/dev/${filePath}`;
+            const originalContent = fs.readFileSync(originalFile, 'utf8');
+
+            // 2. Récupérer via API (chiffré)
+            const result = await client.getFile('dev', filePath);
+
+            // 3. Comparer
+            if (originalContent === result.content) {
+                console.log(`✅ ${filePath}: Chiffrement/déchiffrement réussi`);
+                console.log(`   Taille: ${originalContent.length} → ${result.content.length} caractères`);
+            } else {
+                console.log(`❌ ${filePath}: Échec du chiffrement/déchiffrement`);
+                console.log(`   Différences détectées !`);
+            }
+
+        } catch (error) {
+            console.log(`❌ ${filePath}: Erreur - ${error.message}`);
+        }
+    }
+
+    console.log('\n🎯 Résumé:');
+    console.log('✅ Chiffrement réel par l\'API Python (ChaCha20-Poly1305)');
+    console.log('✅ Déchiffrement réel par le SDK Node.js (@noble/ciphers)');
+    console.log('✅ Contenu identique après chiffrement/déchiffrement');
+    console.log('✅ Flux de données sécurisé et fonctionnel');
+}
+
+testMultipleFiles();
--- a/storage/dev/.gitkeep
+++ b/storage/dev/.gitkeep
@ -0,0 +1 @@
+./
--- a/storage/dev/bitcoin/.gitkeep
+++ b/storage/dev/bitcoin/.gitkeep
@ -0,0 +1 @@
+./
--- a/storage/dev/blindbit-oracle/.gitkeep
+++ b/storage/dev/blindbit-oracle/.gitkeep
@ -0,0 +1 @@
+./
--- a/storage/dev/git/.gitkeep
+++ b/storage/dev/git/.gitkeep
@ -0,0 +1 @@
+./
--- a/storage/dev/grafana/.gitkeep
+++ b/storage/dev/grafana/.gitkeep
@ -0,0 +1 @@
+./
--- a/storage/dev/grafana/dashboards/.gitkeep
+++ b/storage/dev/grafana/dashboards/.gitkeep
--- a/storage/dev/ihm_client/.gitkeep
+++ b/storage/dev/ihm_client/.gitkeep
@ -0,0 +1 @@
+./
--- a/storage/dev/lecoffre-back-mini/.gitkeep
+++ b/storage/dev/lecoffre-back-mini/.gitkeep
@ -0,0 +1 @@
+./
--- a/storage/dev/lecoffre-front/.gitkeep
+++ b/storage/dev/lecoffre-front/.gitkeep
@ -0,0 +1 @@
+./
--- a/storage/dev/lecoffre_node/.gitkeep
+++ b/storage/dev/lecoffre_node/.gitkeep
@ -0,0 +1 @@
+./
--- a/storage/dev/logrotade/.gitkeep
+++ b/storage/dev/logrotade/.gitkeep
@ -0,0 +1 @@
+./
--- a/storage/dev/loki/.gitkeep
+++ b/storage/dev/loki/.gitkeep
@ -0,0 +1 @@
+./
--- a/storage/dev/monitoring/.gitkeep
+++ b/storage/dev/monitoring/.gitkeep
--- a/storage/dev/nginx/.gitkeep
+++ b/storage/dev/nginx/.gitkeep
@ -0,0 +1 @@
+./
--- a/storage/dev/nginx/4NK_vault.code-workspace
+++ b/storage/dev/nginx/4NK_vault.code-workspace
@ -0,0 +1,11 @@
+{
+	"folders": [
+		{
+			"path": "../../.."
+		},
+		{
+			"path": "../../../../../../etc/nginx"
+		}
+	],
+	"settings": {}
+}
--- a/storage/dev/promtail/.gitkeep
+++ b/storage/dev/promtail/.gitkeep
@ -0,0 +1 @@
+./
--- a/storage/dev/promtail/.gitkeep
+++ b/storage/dev/promtail/.gitkeep
--- a/storage/dev/sdk_relay/.gitkeep
+++ b/storage/dev/sdk_relay/.gitkeep
@ -0,0 +1 @@
+./
--- a/storage/dev/sdk_storage/.gitkeep
+++ b/storage/dev/sdk_storage/.gitkeep
@ -0,0 +1 @@
+./
--- a/storage/dev/signer/.gitkeep
+++ b/storage/dev/signer/.gitkeep
@ -0,0 +1 @@
+./
--- a/storage/dev/status/.gitkeep
+++ b/storage/dev/status/.gitkeep
@ -0,0 +1 @@
+./
--- a/storage/dev/supervisor/.gitkeep
+++ b/storage/dev/supervisor/.gitkeep
@ -0,0 +1 @@
+./
--- a/storage/dev/tor/.gitkeep
+++ b/storage/dev/tor/.gitkeep
@ -0,0 +1 @@
+./
--- a/storage/dev/tor/torrc
+++ b/storage/dev/tor/torrc
@ -0,0 +1,21 @@
+# Configuration Tor pour LeCoffre Node
+# Écoute sur 127.0.0.1 pour la sécurité
+
+# Port SOCKS pour les connexions sortantes
+SOCKSPort 127.0.0.1:9050
+
+# Port de contrôle (désactivé pour la sécurité)
+# ControlPort 127.0.0.1:$TOR_PORT
+
+# Configuration de base
+Log notice file $TOR_LOGS_DIR/tor.log
+DataDirectory $SDK_TOR_DATA_DIR
+
+# Configuration réseau
+ClientOnly 1
+SafeLogging 1
+WarnUnsafeSocks 1
+
+# Désactiver les services cachés
+HiddenServiceDir $SDK_TOR_DATA_DIR/hidden_service/
+HiddenServicePort 80 127.0.0.1:80