diff --git a/Dockerfile b/Dockerfile index 2959a50..cb3c64b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -42,6 +42,12 @@ COPY supervisord.conf /etc/supervisord.conf # NGINX runtime folder RUN mkdir -p /run/nginx +# Create an unprivileged system user and adjust ownership of runtime/app folders +RUN adduser -S -h /workout_challenge appuser \ + && chown -R appuser:appuser /workout_challenge \ + && chown -R appuser:appuser /run/nginx \ + && chown -R appuser:appuser /usr/share/nginx/html + # Django data folder with mirgations and sqlite database VOLUME /workout_challenge/src-backend/data @@ -52,4 +58,7 @@ EXPOSE 9001 # celery flower - monitoring of celery tasks EXPOSE 5555 +# Run as non-root user +USER appuser + CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"] \ No newline at end of file diff --git a/db/base/16384/1259 b/db/base/16384/1259 index 66ff536..49b6c98 100644 Binary files a/db/base/16384/1259 and b/db/base/16384/1259 differ diff --git a/db/base/16384/16397 b/db/base/16384/16397 index 237b269..20d1481 100644 Binary files a/db/base/16384/16397 and b/db/base/16384/16397 differ diff --git a/db/base/16384/16398 b/db/base/16384/16398 index d019ced..952cefb 100644 Binary files a/db/base/16384/16398 and b/db/base/16384/16398 differ diff --git a/db/base/16384/16401 b/db/base/16384/16401 index f884fb5..9dbe829 100644 Binary files a/db/base/16384/16401 and b/db/base/16384/16401 differ diff --git a/db/base/16384/16409 b/db/base/16384/16409 index e40126f..c40ef61 100644 Binary files a/db/base/16384/16409 and b/db/base/16384/16409 differ diff --git a/db/base/16384/16410 b/db/base/16384/16410 index 3a216c0..28f198f 100644 Binary files a/db/base/16384/16410 and b/db/base/16384/16410 differ diff --git a/db/base/16384/16413 b/db/base/16384/16413 index b6e7581..6761a7f 100644 Binary files a/db/base/16384/16413 and b/db/base/16384/16413 differ diff --git a/db/base/16384/16415 b/db/base/16384/16415 index 0639181..78e7c84 100644 Binary files a/db/base/16384/16415 and b/db/base/16384/16415 differ diff --git a/db/base/16384/16418 b/db/base/16384/16418 index d0ab7b2..472b69a 100644 Binary files a/db/base/16384/16418 and b/db/base/16384/16418 differ diff --git a/db/base/16384/16429 b/db/base/16384/16429 index b85fd13..b66ff57 100644 Binary files a/db/base/16384/16429 and b/db/base/16384/16429 differ diff --git a/db/base/16384/16484 b/db/base/16384/16484 index 7e6bf6a..7de84f2 100644 Binary files a/db/base/16384/16484 and b/db/base/16384/16484 differ diff --git a/db/base/16384/16485 b/db/base/16384/16485 index 490715c..5df6419 100644 Binary files a/db/base/16384/16485 and b/db/base/16384/16485 differ diff --git a/db/base/16384/16490 b/db/base/16384/16490 index 2f5aa15..7739eaa 100644 Binary files a/db/base/16384/16490 and b/db/base/16384/16490 differ diff --git a/db/base/16384/16492 b/db/base/16384/16492 index e27ff98..ec13f84 100644 Binary files a/db/base/16384/16492 and b/db/base/16384/16492 differ diff --git a/db/base/16384/16500 b/db/base/16384/16500 index 1539566..6a9af17 100644 Binary files a/db/base/16384/16500 and b/db/base/16384/16500 differ diff --git a/db/base/16384/16501 b/db/base/16384/16501 index d8186f9..4f4bfb7 100644 Binary files a/db/base/16384/16501 and b/db/base/16384/16501 differ diff --git a/db/base/16384/16504 b/db/base/16384/16504 index adfa0dc..70ef285 100644 Binary files a/db/base/16384/16504 and b/db/base/16384/16504 differ diff --git a/db/base/16384/16518 b/db/base/16384/16518 index 538dbba..cf62407 100644 Binary files a/db/base/16384/16518 and b/db/base/16384/16518 differ diff --git a/db/base/16384/16519 b/db/base/16384/16519 index 9ecfe87..e10bef3 100644 Binary files a/db/base/16384/16519 and b/db/base/16384/16519 differ diff --git a/db/base/16384/16522 b/db/base/16384/16522 index c0866f1..13fc1ea 100644 Binary files a/db/base/16384/16522 and b/db/base/16384/16522 differ diff --git a/db/base/16384/16524 b/db/base/16384/16524 index eb7a080..ece8540 100644 Binary files a/db/base/16384/16524 and b/db/base/16384/16524 differ diff --git a/db/base/16384/16539 b/db/base/16384/16539 index 24debb0..489eaa2 100644 Binary files a/db/base/16384/16539 and b/db/base/16384/16539 differ diff --git a/db/base/16384/16551 b/db/base/16384/16551 index e56d6a9..dc101fc 100644 Binary files a/db/base/16384/16551 and b/db/base/16384/16551 differ diff --git a/db/base/16384/16552 b/db/base/16384/16552 index c6e9513..d92061f 100644 Binary files a/db/base/16384/16552 and b/db/base/16384/16552 differ diff --git a/db/base/16384/16591 b/db/base/16384/16591 index 8064af6..e1731ff 100644 Binary files a/db/base/16384/16591 and b/db/base/16384/16591 differ diff --git a/db/base/16384/16592 b/db/base/16384/16592 index 4b2e8a6..c8fa465 100644 Binary files a/db/base/16384/16592 and b/db/base/16384/16592 differ diff --git a/db/base/16384/16614 b/db/base/16384/16614 index 59d6a24..1b97fc2 100644 Binary files a/db/base/16384/16614 and b/db/base/16384/16614 differ diff --git a/db/base/16384/16615 b/db/base/16384/16615 index 80d6ee0..db566a3 100644 Binary files a/db/base/16384/16615 and b/db/base/16384/16615 differ diff --git a/db/base/16384/16615_fsm b/db/base/16384/16615_fsm new file mode 100644 index 0000000..d0149e2 Binary files /dev/null and b/db/base/16384/16615_fsm differ diff --git a/db/base/16384/16618 b/db/base/16384/16618 index 4e6c59e..9af700e 100644 Binary files a/db/base/16384/16618 and b/db/base/16384/16618 differ diff --git a/db/base/16384/16620 b/db/base/16384/16620 index ddac812..803db82 100644 Binary files a/db/base/16384/16620 and b/db/base/16384/16620 differ diff --git a/db/base/16384/16627 b/db/base/16384/16627 index 0da101e..0fed05d 100644 Binary files a/db/base/16384/16627 and b/db/base/16384/16627 differ diff --git a/db/base/16384/16665 b/db/base/16384/16665 index 44a6c96..860a4e3 100644 Binary files a/db/base/16384/16665 and b/db/base/16384/16665 differ diff --git a/db/base/16384/16667 b/db/base/16384/16667 index fdea438..5037fff 100644 Binary files a/db/base/16384/16667 and b/db/base/16384/16667 differ diff --git a/db/base/16384/16673 b/db/base/16384/16673 index 6971861..d4d6732 100644 Binary files a/db/base/16384/16673 and b/db/base/16384/16673 differ diff --git a/db/base/16384/16685 b/db/base/16384/16685 index df04d60..f109b51 100644 Binary files a/db/base/16384/16685 and b/db/base/16384/16685 differ diff --git a/db/base/16384/16695 b/db/base/16384/16695 index 1a8f9c4..7923c0c 100644 Binary files a/db/base/16384/16695 and b/db/base/16384/16695 differ diff --git a/db/base/16384/2619 b/db/base/16384/2619 index 4a97020..1781b9c 100644 Binary files a/db/base/16384/2619 and b/db/base/16384/2619 differ diff --git a/db/base/16384/2619_fsm b/db/base/16384/2619_fsm index bd71574..6620d57 100644 Binary files a/db/base/16384/2619_fsm and b/db/base/16384/2619_fsm differ diff --git a/db/base/16384/2696 b/db/base/16384/2696 index 863527d..8fdf990 100644 Binary files a/db/base/16384/2696 and b/db/base/16384/2696 differ diff --git a/db/base/16384/pg_internal.init b/db/base/16384/pg_internal.init index bb133db..f92e1e3 100644 Binary files a/db/base/16384/pg_internal.init and b/db/base/16384/pg_internal.init differ diff --git a/db/base/5/pg_internal.init b/db/base/5/pg_internal.init index 109d1b2..37a40ce 100644 Binary files a/db/base/5/pg_internal.init and b/db/base/5/pg_internal.init differ diff --git a/db/dump.rdb b/db/dump.rdb index f4689ed..b68777f 100644 Binary files a/db/dump.rdb and b/db/dump.rdb differ diff --git a/db/global/pg_control b/db/global/pg_control index 05d9cbe..93f4600 100644 Binary files a/db/global/pg_control and b/db/global/pg_control differ diff --git a/db/global/pg_internal.init b/db/global/pg_internal.init index 083d9f3..7050fee 100644 Binary files a/db/global/pg_internal.init and b/db/global/pg_internal.init differ diff --git a/db/pg_multixact/members/0000 b/db/pg_multixact/members/0000 index 3bfd246..4aca41d 100644 Binary files a/db/pg_multixact/members/0000 and b/db/pg_multixact/members/0000 differ diff --git a/db/pg_multixact/offsets/0000 b/db/pg_multixact/offsets/0000 index 821ff10..5a51f11 100644 Binary files a/db/pg_multixact/offsets/0000 and b/db/pg_multixact/offsets/0000 differ diff --git a/db/pg_subtrans/0000 b/db/pg_subtrans/0000 index bc780a7..6e9746d 100644 Binary files a/db/pg_subtrans/0000 and b/db/pg_subtrans/0000 differ diff --git a/db/pg_wal/000000010000000000000001 b/db/pg_wal/000000010000000000000001 index 675dee0..3a03c1b 100644 Binary files a/db/pg_wal/000000010000000000000001 and b/db/pg_wal/000000010000000000000001 differ diff --git a/db/pg_wal/000000010000000000000002 b/db/pg_wal/000000010000000000000002 new file mode 100644 index 0000000..dba78e9 Binary files /dev/null and b/db/pg_wal/000000010000000000000002 differ diff --git a/db/pg_xact/0000 b/db/pg_xact/0000 index 4666a1e..1cfa5aa 100644 Binary files a/db/pg_xact/0000 and b/db/pg_xact/0000 differ diff --git a/db/postmaster.pid b/db/postmaster.pid index ff4bda2..de383bd 100644 --- a/db/postmaster.pid +++ b/db/postmaster.pid @@ -1,6 +1,6 @@ 1 /var/lib/postgresql/data -1761510872 +1761795289 5432 /var/run/postgresql * diff --git a/src-frontend/public/config.js b/src-frontend/public/config.js index 5167c43..1c0d2c7 100644 --- a/src-frontend/public/config.js +++ b/src-frontend/public/config.js @@ -1 +1,4 @@ -// env variables will be added here via supervisord \ No newline at end of file +// Environment variables will be injected here via supervisord +window._env_ = { + STRAVA_CLIENT_ID: "${STRAVA_CLIENT_ID}" +}; diff --git a/src-frontend/src/forms/supportModal.js b/src-frontend/src/forms/supportModal.js index bc59577..9294e8a 100644 --- a/src-frontend/src/forms/supportModal.js +++ b/src-frontend/src/forms/supportModal.js @@ -32,7 +32,8 @@ const AccordionItem = ({title, content, link}) => { {isOpen && (
-
+ {/* Render content directly; React will escape strings. If content is JSX it will render safely. */} + {typeof content === 'string' ?
{content}
: content}
)}
@@ -47,8 +48,27 @@ function AccordionMenu() { {title: "Suggest a Feature", link: "https://github.com/vanalmsick/workout_challenge/discussions/categories/ideas"}, {title: "Report a Bug", link: "https://github.com/vanalmsick/workout_challenge/issues"}, {title: "Help developing", link: "https://github.com/vanalmsick/workout_challenge#do-you-want-to-help--contribute"}, - {title: "What data is saved and how is it handled?", content: "No data is sold/shared to/with anyone. If you delete your account all data is unrecoverably deleted. There might be backups containing your user data for a few more weeks until the retention period is exceeded. " + ((SENTRY_DSN !== undefined && SENTRY_DSN !== null && SENTRY_DSN !== '') ? "Sentry.io error and performance monitoring is enabled. In line with EU GDPR, if errors occur these are reported anonymized (no 'Personal-Identifiable-Information') to the administrator on top of some basic statics like loading speed of approx. 25% of sessions to detect malfunctions. Please see Sentry.io's data privacy policy. " : "") + "No user statistics or other analytics are collected by the website itself. The data you see when using the app is the data saved (e.g. personal profile, workout data, competition signups, points)."}, - {title: "Credits", content: "This is an Open Source project under the SSPL v1.0 license on github.com/vanalmsick/workout_challenge. See here for stock image credits."}, + {title: "What data is saved and how is it handled?", content: ( + <> + {"No data is sold/shared to/with anyone. If you delete your account all data is unrecoverably deleted. There might be backups containing your user data for a few more weeks until the retention period is exceeded. "} + {SENTRY_DSN ? ( + <> + Sentry.io + {" error and performance monitoring is enabled. In line with EU GDPR, if errors occur these are reported anonymized (no 'Personal-Identifiable-Information') to the administrator on top of some basic statics like loading speed of approx. 25% of sessions to detect malfunctions. Please see Sentry.io's data privacy policy. "} + + ) : null} + {"No user statistics or other analytics are collected by the website itself. The data you see when using the app is the data saved (e.g. personal profile, workout data, competition signups, points)."} + + )}, + {title: "Credits", content: ( + <> + {"This is an Open Source project under the SSPL v1.0 license on "} + github.com/vanalmsick/workout_challenge + {". See "} + here for stock image credits + {"."} + + )}, ]; return ( diff --git a/src-frontend/src/pages/StravaLink.js b/src-frontend/src/pages/StravaLink.js index 3c4e97b..b76d113 100644 --- a/src-frontend/src/pages/StravaLink.js +++ b/src-frontend/src/pages/StravaLink.js @@ -25,7 +25,10 @@ export function InitStravaLink() { return /iPad|iPhone|iPod/.test(navigator.userAgent) && !window.MSStream; }; - const urlSecondPart = 'client_id=178748&response_type=code&approval_prompt=force&scope=profile:read_all,activity:read_all&redirect_uri=' + encodedBaseUrl; + // Get Strava client ID from environment variable +29 ++ const stravaClientId = window._env_?.STRAVA_CLIENT_ID || '156364'; ++ const urlSecondPart = `client_id=${stravaClientId}&response_type=code&approval_prompt=force&scope=profile:read_all,activity:read_all&redirect_uri=${encodedBaseUrl}`; let urlFirstPart = ''; if (isIOS()) { @@ -35,7 +38,8 @@ export function InitStravaLink() { } console.log('Strava linkage url:', baseUrl); - + console.log('Strava client ID:', stravaClientId); + useEffect(() => { // redirect if user valid and logged in if (userIsSuccess) {