From 941bfb3b67f269e1215ab0a09d5086e286a1b292 Mon Sep 17 00:00:00 2001 From: Your Name Date: Tue, 26 Aug 2025 02:45:57 +0200 Subject: [PATCH] chore: publier pkg/ pour import externe; docs/iframe; Dockerfile/nginx tweaks; ensure pkg tracked --- .gitignore | 1 - Dockerfile | 5 +- docs/INTEGRATION_IFRAME.md | 6 +-- ngnix.conf | 103 +++++++++++++++++++++++++++++++++++++ 4 files changed, 110 insertions(+), 5 deletions(-) create mode 100644 ngnix.conf diff --git a/.gitignore b/.gitignore index fa09eb8..6b897af 100755 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,4 @@ target/ -pkg/ Cargo.lock node_modules/ dist/ diff --git a/Dockerfile b/Dockerfile index 1ec5b32..80f905c 100755 --- a/Dockerfile +++ b/Dockerfile @@ -25,7 +25,7 @@ COPY . . # Préparation des dépendances wasm (pkg/sdk_client) ARG SDK_CLIENT_PKG_URL="" ARG SDK_CLIENT_PKG_TARBALL="" -ARG SDK_CLIENT_PKG_BASE="" +ARG SDK_CLIENT_PKG_BASE="https://git.4nkweb.com/4nk/ihm_client/raw/branch/docker-support/pkg" ENV SDK_CLIENT_PKG_URL=${SDK_CLIENT_PKG_URL} ENV SDK_CLIENT_PKG_TARBALL=${SDK_CLIENT_PKG_TARBALL} ENV SDK_CLIENT_PKG_BASE=${SDK_CLIENT_PKG_BASE} @@ -44,6 +44,9 @@ RUN apk update && apk add --no-cache nodejs npm wget COPY --from=builder /app/dist /usr/share/nginx/html COPY --from=builder /app/package*.json /app/ +# Index HTML minimal chargeant le bundle +RUN printf '\n\n\n \n \n 4NK UI\n\n\n
\n \n\n\n' > /usr/share/nginx/html/index.html + # Copie de la configuration nginx optimisée pour 4NK_node COPY nginx.conf /etc/nginx/conf.d/default.conf diff --git a/docs/INTEGRATION_IFRAME.md b/docs/INTEGRATION_IFRAME.md index 9e2d665..32fc05b 100644 --- a/docs/INTEGRATION_IFRAME.md +++ b/docs/INTEGRATION_IFRAME.md @@ -39,7 +39,7 @@ Référence: `src/models/process.model.ts` (enum `MessageType`). ### RENEW_TOKEN (Requête) - Objet: obtenir un nouveau `accessToken` depuis un `refreshToken`. - Requête: `type`, `refreshToken`, `messageId` -- Réponses: +- Réponses: - Succès: `type`: `RENEW_TOKEN`, `accessToken`, `refreshToken`, `messageId` - Erreur: `ERROR` @@ -92,8 +92,8 @@ Référence: `src/models/process.model.ts` (enum `MessageType`). ### CREATE_PROCESS (Requête) - Objet: créer un nouveau processus. - Pré-requis: appairé + `accessToken` valide. -- Requête: - - `type` +- Requête: + - `type` - `processData`: Record (données brutes à répartir en public/privé) - `privateFields`: string[] (liste des nouveaux champs à forcer en privé) - `roles`: Record diff --git a/ngnix.conf b/ngnix.conf new file mode 100644 index 0000000..bab2899 --- /dev/null +++ b/ngnix.conf @@ -0,0 +1,103 @@ +server { + listen 80; + server_name localhost; + root /usr/share/nginx/html; + index index.html; + + # Types MIME explicites pour ES Modules et WASM + types { + application/javascript js mjs; + text/css css; + application/wasm wasm; + } + + # Gestion des fichiers statiques + location / { + try_files $uri $uri/ /index.html; + + # Headers de sécurité + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-XSS-Protection "1; mode=block" always; + add_header Referrer-Policy "strict-origin-when-cross-origin" always; + } + + # Proxy vers sdk_relay WebSocket + location /ws/ { + proxy_pass http://sdk_relay_1:8090; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 86400; + proxy_send_timeout 86400; + } + + # Proxy vers sdk_relay HTTP API + location /api/ { + proxy_pass http://sdk_relay_1:8091/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # CORS headers + add_header Access-Control-Allow-Origin "*" always; + add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, DELETE" always; + add_header Access-Control-Allow-Headers "Authorization,Content-Type,Accept,X-Requested-With" always; + + # Gestion des requêtes OPTIONS + if ($request_method = 'OPTIONS') { + add_header Access-Control-Allow-Origin "*"; + add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, DELETE"; + add_header Access-Control-Allow-Headers "Authorization,Content-Type,Accept,X-Requested-With"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 204; + } + } + + # Proxy vers Bitcoin Core RPC (si nécessaire) + location /bitcoin/ { + proxy_pass http://bitcoin:18443/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # Authentification basique pour Bitcoin RPC + auth_basic "Bitcoin RPC"; + auth_basic_user_file /etc/nginx/.htpasswd; + } + + # Proxy vers Blindbit (si nécessaire) + location /blindbit/ { + proxy_pass http://blindbit:8000/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + # Cache pour les assets statiques + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ { + expires 1y; + add_header Cache-Control "public, immutable"; + try_files $uri =404; + } + + # Gestion des erreurs + error_page 404 /index.html; + error_page 500 502 503 504 /50x.html; + + location = /50x.html { + root /usr/share/nginx/html; + } + + # Logs + access_log /var/log/nginx/ihm_client_access.log; + error_log /var/log/nginx/ihm_client_error.log; +}