Fixes

.dockerignore

@@ -16,3 +16,7 @@
 /report
 /tmp
 **/dist
+/uploader/client/index.html
+/expose/client/index.html
+/databox/client/index.html
+/dashboard/index.html

.env

@@ -93,7 +93,7 @@ UPLOADER_STORAGE_USE_PATH_STYLE_ENDPOINT=true
 UPLOADER_REQUEST_SIGNATURE_TTL=600
 UPLOADER_DELETE_ASSET_GRACEFUL_TIME=30
 UPLOADER_RABBITMQ_VHOST=uploader
-UPLOADER_ALLOWED_FILE_TYPES='image/*(jpg,jpeg,bmp,tif,gif,png,heic),application/*(pdf,doc,docx,xls,xlsx,odt),video/*(mpg,mpeg,mov,avi,mp3,mp2,mp4,m4v,m4a,mkv,hevc)audio/*(aac,aiff,wav)'
+UPLOADER_ALLOWED_FILE_TYPES='image/*(.jpg,.jpeg,.bmp,.tif,.gif,.png,.heic),application/*(.pdf,.doc,.docx,.xls,.xlsx,.odt),video/*(.mpg,.mpeg,.mov,.avi,.mp3,.mp2,.mp4,.m4v,.m4a,.mkv,.hevc)audio/*(.aac,.aiff,.wav)'
 
 # For admin OAuth clients
 EXPOSE_ADMIN_CLIENT_ID=expose-admin
@@ -231,6 +231,7 @@ VERIFY_SSL=true
 
 PHRASEANET_DOMAIN="${PHRASEANET_DOMAIN:-phraseanet.$PHRASEA_DOMAIN}"
 PHRASEANET_URL=https://${PHRASEANET_DOMAIN}
+PHRASEANET_VERIFY_SSL=true
 PHRASEANET_APP_OAUTH_TOKEN=define-me
 
 # Indexer
@@ -241,7 +242,7 @@ INDEXER_DATABOX_OWNER_ID=
 INDEXER_DATABOX_CONCURRENCY=3
 INDEXER_WATCH_DIR=/fs-watch
 INDEXER_WATCH_DIR_PREFIX=fs
-INDEXER_WATCH_SOURCE_DIR=/tmp
+INDEXER_WATCH_SOURCE_DIR=./tmp
 INDEXER_BUCKET_NAME=test-indexer
 INDEXER_PHRASEANET_DATABOX_ID=
 INDEXER_PHRASEANET_SEARCH_QUERY=
@@ -266,6 +267,7 @@ LEGO_AWS_SDK_LOAD_CONFIG=
 NEWRELIC_ENABLED=0
 NEWRELIC_LICENSE_KEY=
 
-SENTRY_DSN=
+PHP_SENTRY_DSN=
+CLIENT_SENTRY_DSN=
 SENTRY_ENVIRONMENT=prod
 SENTRY_RELEASE=unknown

.github/workflows/ci.yaml

@@ -73,8 +73,11 @@ jobs:
     uses: ./.github/workflows/build.yaml
     with:
       image: dashboard
-      context: ./dashboard
+      context: ./dashboard/client
+      withLibs: true
     secrets: inherit
+    needs:
+      - build_nodejs-base
 
   build_databox_api:
     name: 'Build Databox API'

configurator/src/Command/ConfigureCommand.php

@@ -20,6 +20,14 @@ public function __construct(
         parent::__construct();
     }
 
+    protected function configure()
+    {
+        parent::configure();
+
+        $this->addOption('preset');
+    }
+
+
     public function execute(InputInterface $input, OutputInterface $output): int
     {
         $this->configurator->configure($output);

configurator/src/Configurator/Vendor/Keycloak/KeycloakConfigurator.php

@@ -39,6 +39,7 @@ public function configure(OutputInterface $output): void
                  ] as $scope) {
             $this->keycloakManager->createScope($scope);
         }
+
         foreach ($this->getAppScopes() as $app => $appScopes) {
             foreach ($appScopes as $scope) {
                 $this->keycloakManager->createScope($scope, [
@@ -76,6 +77,24 @@ public function configure(OutputInterface $output): void
             );
         }
 
+        if (getenv('INDEXER_DATABOX_CLIENT_ID')) {
+            $clientData = $this->keycloakManager->createClient(
+                getenv('INDEXER_DATABOX_CLIENT_ID'),
+                getenv('INDEXER_DATABOX_CLIENT_SECRET'),
+                null,
+                [
+                    'standardFlowEnabled' => false,
+                    'implicitFlowEnabled' => false,
+                    'directAccessGrantsEnabled' => false,
+                    'serviceAccountsEnabled' => true,
+                ],
+            );
+
+            foreach ($this->getAppScopes()['databox'] as $scope) {
+                $this->keycloakManager->addScopeToClient($scope, $clientData['id']);
+            }
+        }
+
         $defaultAdmin = $this->keycloakManager->createUser([
             'username' => getenv('DEFAULT_ADMIN_USERNAME'),
             'enabled' => true,

dashboard/client/.dockerignore

@@ -0,0 +1,6 @@
+/node_modules
+Dockerfile
+/README.md
+.dockerignore
+/index.html
+.idea

dashboard/client/.eslintrc.cjs

@@ -0,0 +1,47 @@
+module.exports = {
+    root: true,
+    env: {browser: true, es2020: true},
+    extends: [
+        'eslint:recommended',
+        'plugin:@typescript-eslint/recommended',
+        'plugin:react-hooks/recommended',
+    ],
+    ignorePatterns: ['dist', '.eslintrc.cjs'],
+    parser: '@typescript-eslint/parser',
+    plugins: ['react-refresh', 'unused-imports'],
+    rules: {
+        '@typescript-eslint/no-explicit-any': ['warn'],
+        'no-unused-vars': 'off',
+        '@typescript-eslint/no-unused-vars': 'off',
+        'unused-imports/no-unused-imports-ts': 'error',
+        'unused-imports/no-unused-vars-ts': [
+            'error',
+            {
+                vars: 'all',
+                varsIgnorePattern: '^_',
+                args: 'after-used',
+                argsIgnorePattern: '^_',
+            },
+        ],
+        '@typescript-eslint/ban-types': [
+            'error',
+            {
+                types: {
+                    '{}': false,
+                },
+                extendDefaults: true,
+            },
+        ],
+        'react/react-in-jsx-scope': 'off',
+        'no-empty-pattern': 'off',
+        'no-undef': 'off',
+        'react/prop-types': 'off',
+        'react/display-name': 'off',
+        'react/no-unescaped-entities': 'off',
+        'no-irregular-whitespace': 'off',
+        'react-refresh/only-export-components': [
+            'warn',
+            {allowConstantExport: true},
+        ],
+    },
+};

dashboard/client/.gitignore

@@ -0,0 +1,44 @@
+# See https://help.github.com/articles/ignoring-files/ for more about ignoring files.
+# dependencies
+/node_modules
+/.pnp
+.pnp.js
+
+# testing
+/coverage
+
+# production
+/build
+
+# misc
+.DS_Store
+.env.local
+.env.development.local
+.env.test.local
+.env.production.local
+
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+/index.html
+# Logs
+logs
+*.log
+pnpm-debug.log*
+lerna-debug.log*
+
+node_modules
+dist
+dist-ssr
+*.local
+
+# Editor directories and files
+.vscode/*
+!.vscode/extensions.json
+.idea
+*.suo
+*.ntvs*
+*.njsproj
+*.sln
+*.sw?

dashboard/client/.prettierrc.js

@@ -0,0 +1,3 @@
+module.exports = {
+    ...require('../../.prettierrc'),
+};

dashboard/client/Dockerfile

@@ -0,0 +1,43 @@
+ARG BASE_TAG=latest
+ARG REGISTRY_NAMESPACE
+FROM ${REGISTRY_NAMESPACE}nodejs-base:${BASE_TAG} as client-build
+
+COPY --chown=node:node package.json pnpm-lock.yaml pnpm-workspace.yaml turbo.json ./
+COPY --chown=node:node ./lib/js ./lib/js
+COPY --chown=node:node ./dashboard/client ./dashboard/client
+
+USER node
+
+WORKDIR /srv/workspace/dashboard/client
+
+RUN pnpm install \
+    && mv index.tpl.html index.html
+
+RUN pnpm build
+
+############
+
+FROM nginx:1.17.6-alpine as client-nginx
+
+COPY --from=client-build /srv/workspace/dashboard/client/dist /var/app
+COPY ./dashboard/client/docker/nginx/conf.d /etc/nginx/conf.d
+
+RUN apk add --no-cache libstdc++ \
+    && apk add --virtual .build \
+        wget \
+    && mkdir -p /var/docker \
+    && wget -q -O /var/docker/generate-env https://github.com/alchemy-fr/config-compiler/releases/download/v2.2.1/generate-env-alpine \
+    && chmod +x /var/docker/generate-env \
+    && apk del .build \
+    && rm /etc/nginx/conf.d/default.conf
+
+EXPOSE 80
+
+ARG SENTRY_RELEASE
+ENV SENTRY_RELEASE=${SENTRY_RELEASE}
+
+COPY ./dashboard/client/config-compiler.js /var/app/
+
+WORKDIR /var/app
+
+CMD ["/bin/sh", "-c", "/var/docker/generate-env ./ && nginx -g 'daemon off;'"]

dashboard/client/config-compiler.js

@@ -0,0 +1,40 @@
+(function (config, env) {
+    const whiteList = [
+        'DATABOX_API_URL',
+        'DATABOX_CLIENT_URL',
+        'DEV_MODE',
+        'DISPLAY_SERVICES_MENU',
+        'ELASTICHQ_URL',
+        'EXPOSE_API_URL',
+        'EXPOSE_CLIENT_URL',
+        'KEYCLOAK_URL',
+        'MAILHOG_URL',
+        'MATOMO_URL',
+        'NOTIFY_API_URL',
+        'PGADMIN_URL',
+        'PHPMYADMIN_URL',
+        'RABBITMQ_CONSOLE_URL',
+        'REPORT_API_URL',
+        'SAML2_URL',
+        'SAML_URL',
+        'STACK_NAME',
+        'STACK_VERSION',
+        'TRAEFIK_CONSOLE_URL',
+        'UPLOADER_API_URL',
+        'UPLOADER_CLIENT_URL',
+        'ZIPPY_URL',
+    ];
+
+    const e = {};
+
+    Object.entries(env).forEach(([key, value]) => {
+        if (whiteList.includes(key)) {
+            e[key] = value;
+        }
+    });
+
+    return {
+        locales: config.available_locales,
+        env: e,
+    };
+});

dashboard/client/docker/nginx/conf.d/app.conf

@@ -0,0 +1,17 @@
+server {
+  listen 80;
+
+  server_name _;
+  server_tokens off;
+
+  add_header X-Content-Type-Options "nosniff";
+  add_header X-Frame-Options "deny";
+  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
+
+  root /var/app;
+  index index.html;
+
+  location / {
+    try_files $uri /index.html =404;
+  }
+}

dashboard/client/docker/nginx/conf.d/gzip.conf

@@ -0,0 +1,19 @@
+## Compression.
+gzip on;
+gzip_buffers 16 8k;
+gzip_comp_level 1;
+gzip_http_version 1.1;
+gzip_min_length 10;
+gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/x-icon application/vnd.ms-fontobject font/opentype application/x-font-ttf;
+gzip_vary on;
+gzip_proxied any; # Compression for all requests.
+## No need for regexps. See
+## http://wiki.nginx.org/NginxHttpGzipModule#gzip_disable
+gzip_disable msie6;
+
+## Serve already compressed files directly, bypassing on-the-fly
+## compression.
+##
+# Usually you don't make much use of this. It's better to just
+# enable gzip_static on the locations you need it.
+# gzip_static on;