Arkon/NeveTimePanel
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Compare commits

base: Arkon:codex/pr-hosting-deploy
Branches Tags
Arkon:main Arkon:codex/full-build-all Arkon:codex/pr-frontend-sso Arkon:codex/pr-hosting-deploy Arkon:codex/pr-ci-speed Arkon:codex/hosting-drone-setup
Arkon:v1.2.0
..
compare: Arkon:main
Branches Tags
Arkon:codex/full-build-all Arkon:codex/pr-frontend-sso Arkon:codex/pr-hosting-deploy Arkon:codex/pr-ci-speed Arkon:codex/hosting-drone-setup Arkon:main
Arkon:v1.2.0

5 Commits
codex/pr-h ... main

Author SHA1 Message Date
administrator
7388962a7d Merge branch 'codex/hosting-drone-setup'
Some checks failed
continuous-integration/drone/push Build was killed
Details
2026-03-18 19:14:09 +07:00
administrator
7c54c57633 trying to merge this file 2026-03-18 19:12:13 +07:00
arkonsadter
05b8efd0f2 Prepare hosting deployment and Drone image builds
Some checks failed
continuous-integration/drone/push Build was killed
Details
continuous-integration/drone/pr Build was killed
Details
2026-03-18 15:26:18 +06:00
administrator
fd84094aa4 Another attempt to fix .drone.yml...
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-22 10:37:05 +07:00
administrator
7eb2ea5662 An attempt to fix .drone.yml, deleted python-security stage
Some checks failed
continuous-integration/drone/push Build encountered an error
Details
2026-01-22 10:32:21 +07:00
8 changed files with 83 additions and 148 deletions
Expand all files Collapse all files

125
.drone.yml
View File

@@ -8,27 +8,21 @@ trigger:
- pull_request - pull_request
steps: steps:
- name: python-lint - name: backend-sanity
image: python:3.11-slim image: python:3.11-slim
commands: commands:
- cd backend - cd backend
- pip install flake8 - pip install --no-cache-dir -r requirements.txt
- flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics - python -m py_compile main.py auth.py daemons.py oidc_config.py
- name: frontend-lint - name: frontend-build-check
image: node:20-alpine image: node:20-alpine
commands: commands:
- cd frontend - cd frontend
- npm ci --silent - npm ci --silent
- npm run build
- npm run lint || echo "ESLint warnings found" - npm run lint || echo "ESLint warnings found"
- name: python-security
image: python:3.11-slim
commands:
- cd backend
- pip install safety
- safety check --file=requirements.txt --exit-zero || echo "Security warnings found"
- name: frontend-security - name: frontend-security
image: node:20-alpine image: node:20-alpine
commands: commands:
@@ -39,7 +33,7 @@ steps:
--- ---
kind: pipeline kind: pipeline
type: docker type: docker
name: build-backend name: build-images
trigger: trigger:
branch: branch:
@@ -61,8 +55,9 @@ steps:
repo: registry.nevetime.ru/mc-panel-backend repo: registry.nevetime.ru/mc-panel-backend
tags: tags:
- latest - latest
- ${DRONE_COMMIT_SHA:0:8} - "${DRONE_BUILD_NUMBER}"
- ${DRONE_BRANCH} - "${DRONE_COMMIT_SHA:0:8}"
- "${DRONE_BRANCH}"
auto_tag: true auto_tag: true
dockerfile: backend/Dockerfile dockerfile: backend/Dockerfile
context: backend context: backend
@@ -70,33 +65,7 @@ steps:
from_secret: docker_username from_secret: docker_username
password: password:
from_secret: docker_password from_secret: docker_password
build_args:
- BUILD_DATE=${DRONE_BUILD_CREATED}
- VCS_REF=${DRONE_COMMIT_SHA}
- VERSION=${DRONE_TAG:-${DRONE_BRANCH}}
when:
event:
- push
- tag
---
kind: pipeline
type: docker
name: build-frontend
trigger:
branch:
- main
- master
- develop
event:
- push
- tag
depends_on:
- code-quality
steps:
- name: build-frontend-image - name: build-frontend-image
image: plugins/docker image: plugins/docker
settings: settings:
@@ -104,12 +73,12 @@ steps:
repo: registry.nevetime.ru/mc-panel-frontend repo: registry.nevetime.ru/mc-panel-frontend
tags: tags:
- latest - latest
- ${DRONE_COMMIT_SHA:0:8} - "${DRONE_BUILD_NUMBER}"
- ${DRONE_BRANCH} - "${DRONE_COMMIT_SHA:0:8}"
- "${DRONE_BRANCH}"
auto_tag: true auto_tag: true
dockerfile: frontend/Dockerfile dockerfile: frontend/Dockerfile
context: frontend context: frontend
target: production
username: username:
from_secret: docker_username from_secret: docker_username
password: password:
@@ -148,8 +117,8 @@ steps:
repo: registry.nevetime.ru/mc-panel repo: registry.nevetime.ru/mc-panel
tags: tags:
- latest - latest
- ${DRONE_COMMIT_SHA:0:8} - "${DRONE_COMMIT_SHA:0:8}"
- ${DRONE_BRANCH} - "${DRONE_BRANCH}"
auto_tag: true auto_tag: true
dockerfile: Dockerfile dockerfile: Dockerfile
context: . context: .
@@ -165,69 +134,3 @@ steps:
event: event:
- push - push
- tag - tag
---
kind: pipeline
type: docker
name: deploy-staging
trigger:
branch:
- develop
event:
- push
depends_on:
- build-backend
- build-frontend
- build-monolith
steps:
- name: deploy-separate-services
image: alpine:latest
environment:
STAGING_HOST:
from_secret: staging_host
STAGING_USER:
from_secret: staging_user
STAGING_KEY:
from_secret: staging_ssh_key
commands:
- apk add --no-cache openssh-client
- echo "Deploying separate services to staging..."
- echo "$STAGING_KEY" | base64 -d > /tmp/ssh_key
- chmod 600 /tmp/ssh_key
- ssh -o StrictHostKeyChecking=no -i /tmp/ssh_key $STAGING_USER@$STAGING_HOST "docker pull registry.nevetime.ru/mc-panel-backend:${DRONE_COMMIT_SHA:0:8} && docker pull registry.nevetime.ru/mc-panel-frontend:${DRONE_COMMIT_SHA:0:8}"
---
kind: pipeline
type: docker
name: deploy-production
trigger:
ref:
- refs/tags/v*
event:
- tag
depends_on:
- build-backend
- build-frontend
- build-monolith
steps:
- name: deploy-separate-services
image: alpine:latest
environment:
PROD_HOST:
from_secret: production_host
PROD_USER:
from_secret: production_user
PROD_KEY:
from_secret: production_ssh_key
commands:
- apk add --no-cache openssh-client
- echo "Deploying separate services to production..."
- echo "$PROD_KEY" | base64 -d > /tmp/ssh_key
- chmod 600 /tmp/ssh_key
- ssh -o StrictHostKeyChecking=no -i /tmp/ssh_key $PROD_USER@$PROD_HOST "docker pull registry.nevetime.ru/mc-panel-backend:${DRONE_TAG} && docker pull registry.nevetime.ru/mc-panel-frontend:${DRONE_TAG}"

48
backend/oidc_config.py
View File

@@ -4,28 +4,58 @@
import os import os
from typing import Dict, Any from typing import Dict, Any
# Конфигурация провайдеров OpenID Connect
OIDC_PROVIDERS = { def _is_truthy(value: str) -> bool:
"""Безопасный парсинг bool из переменных окружения."""
return value.strip().lower() in {"1", "true", "yes", "on"}
def _is_config_value_set(value: str) -> bool:
"""Проверка, что значение реально задано, а не заглушка."""
normalized = value.strip().lower()
return normalized not in {"", "none", "null", "undefined"}
def is_sso_enabled() -> bool:
"""Глобальный флаг включения SSO через env."""
# По умолчанию SSO включён, чтобы не ломать существующее поведение.
raw = os.getenv("SSO_ENABLED", "true")
return _is_truthy(raw)
def get_oidc_providers() -> Dict[str, Dict[str, Any]]:
"""Собрать конфигурацию OpenID Connect провайдеров из env."""
issuer = os.getenv("ZITADEL_ISSUER", "")
return {
"zitadel": { "zitadel": {
"name": "ZITADEL", "name": "ZITADEL",
"client_id": os.getenv("ZITADEL_CLIENT_ID", ""), "client_id": os.getenv("ZITADEL_CLIENT_ID", ""),
"client_secret": os.getenv("ZITADEL_CLIENT_SECRET", ""), "client_secret": os.getenv("ZITADEL_CLIENT_SECRET", ""),
"server_metadata_url": os.getenv("ZITADEL_ISSUER", "") + "/.well-known/openid-configuration", "server_metadata_url": issuer.rstrip("/") + "/.well-known/openid-configuration" if issuer else "",
"issuer": os.getenv("ZITADEL_ISSUER", ""), "issuer": issuer,
"scopes": ["openid", "email", "profile"], "scopes": ["openid", "email", "profile"],
"icon": "🔐", "icon": "🔐",
"color": "bg-purple-600 hover:bg-purple-700" "color": "bg-purple-600 hover:bg-purple-700"
} }
} }
# Для обратной совместимости с импортами из других модулей
OIDC_PROVIDERS = get_oidc_providers()
def get_enabled_providers() -> Dict[str, Dict[str, Any]]: def get_enabled_providers() -> Dict[str, Dict[str, Any]]:
"""Получить список включённых провайдеров (с настроенными client_id)""" """Получить список включённых провайдеров (с настроенным client_id)."""
enabled = {} if not is_sso_enabled():
for provider_id, config in OIDC_PROVIDERS.items(): return {}
if config.get("client_id") and config.get("issuer"):
enabled: Dict[str, Dict[str, Any]] = {}
for provider_id, config in get_oidc_providers().items():
if _is_config_value_set(config.get("client_id", "")) and _is_config_value_set(config.get("issuer", "")):
enabled[provider_id] = config enabled[provider_id] = config
return enabled return enabled
def get_redirect_uri(provider_id: str, base_url: str = "http://localhost:8000") -> str: def get_redirect_uri(provider_id: str, base_url: str = "http://localhost:8000") -> str:
"""Получить redirect URI для провайдера""" """Получить redirect URI для провайдера."""
return f"{base_url}/api/auth/oidc/{provider_id}/callback" return f"{base_url}/api/auth/oidc/{provider_id}/callback"

2
frontend/.env
View File

@@ -1 +1 @@
VITE_API_URL=http://26.62.117.104:8000 VITE_API_URL=

7
frontend/.env.example
View File

@@ -1,3 +1,4 @@
# API URL (необязательно, по умолчанию определяется автоматически) # API URL:
# Раскомментируйте и укажите ваш IP для удаленного доступа # - пусто: same-origin (/api), рекомендуется для production с nginx proxy
# VITE_API_URL=http://26.123.45.67:8000 # - http://localhost:4546: локальный backend
VITE_API_URL=

6
frontend/.env.local.example
View File

@@ -1,10 +1,10 @@
# Создайте файл .env.local и раскомментируйте нужную строку # Создайте файл .env.local и раскомментируйте нужную строку
# Для локального использования (по умолчанию) # Для локального использования (по умолчанию)
# VITE_API_URL=http://localhost:8000 # VITE_API_URL=http://localhost:4546
# Для Radmin VPN (замените на ваш IP) # Для Radmin VPN (замените на ваш IP)
# VITE_API_URL=http://26.62.117.104:8000 # VITE_API_URL=http://26.62.117.104:4546
# Для Hamachi (замените на ваш IP) # Для Hamachi (замените на ваш IP)
# VITE_API_URL=http://25.123.45.67:8000 # VITE_API_URL=http://25.123.45.67:4546

4
frontend/src/components/Auth.jsx
View File

@@ -41,7 +41,7 @@ export default function Auth({ onLogin }) {
try { try {
await onLogin(username, password, isLogin); await onLogin(username, password, isLogin);
} catch (err) { } catch (err) {
setError(err.message || 'Ошибка авторизации'); setError(err?.response?.data?.detail || err.message || 'Ошибка авторизации');
} finally { } finally {
setLoading(false); setLoading(false);
} }
@@ -182,7 +182,7 @@ export default function Auth({ onLogin }) {
{isLogin && ( {isLogin && (
<div className={`mt-6 text-center text-sm ${currentTheme.textSecondary}`}> <div className={`mt-6 text-center text-sm ${currentTheme.textSecondary}`}>
<p>Учётные данные по умолчанию:</p> <p>Учётные данные по умолчанию:</p>
<p className={`${currentTheme.text} font-mono mt-1`}>none / none</p> <p className={`${currentTheme.text} font-mono mt-1`}>admin / Admin</p>
</div> </div>
)} )}
</div> </div>

3
frontend/src/components/UserManagement.jsx
View File

@@ -2,6 +2,7 @@ import { useState, useEffect } from 'react';
import { Users, Shield, Ban, Trash2, UserCheck, Server } from 'lucide-react'; import { Users, Shield, Ban, Trash2, UserCheck, Server } from 'lucide-react';
import axios from 'axios'; import axios from 'axios';
import { notify } from './NotificationSystem'; import { notify } from './NotificationSystem';
import { API_URL } from '../config';
const UserManagement = ({ token, currentUser }) => { const UserManagement = ({ token, currentUser }) => {
const [users, setUsers] = useState([]); const [users, setUsers] = useState([]);
@@ -10,8 +11,6 @@ const UserManagement = ({ token, currentUser }) => {
const [showRoleModal, setShowRoleModal] = useState(false); const [showRoleModal, setShowRoleModal] = useState(false);
const [showAccessModal, setShowAccessModal] = useState(false); const [showAccessModal, setShowAccessModal] = useState(false);
const API_URL = import.meta.env.VITE_API_URL || 'http://localhost:8000';
// Загрузка пользователей // Загрузка пользователей
const loadUsers = async () => { const loadUsers = async () => {
try { try {

18
frontend/src/config.js
View File

@@ -1,21 +1,23 @@
// Автоматически определяем API URL // Автоматически определяем API URL
const getApiUrl = () => { const getApiUrl = () => {
// Если задана переменная окружения, используем её // Если переменная задана даже пустой строкой, используем её как явный override.
if (import.meta.env.VITE_API_URL) { // Пустая строка = same-origin (/api через nginx proxy).
return import.meta.env.VITE_API_URL; if (Object.prototype.hasOwnProperty.call(import.meta.env, 'VITE_API_URL')) {
const value = import.meta.env.VITE_API_URL || '';
return value.replace(/\/$/, '');
} }
// Иначе используем текущий хост с портом 8000 // Иначе используем текущий хост с портом 4546
const protocol = window.location.protocol; const protocol = window.location.protocol;
const hostname = window.location.hostname; const hostname = window.location.hostname;
// Если localhost, используем localhost:8000 // Если localhost, используем localhost:4546
if (hostname === 'localhost' || hostname === '127.0.0.1') { if (hostname === 'localhost' || hostname === '127.0.0.1') {
return `${protocol}//localhost:8000`; return `${protocol}//localhost:4546`;
} }
// Для удаленного доступа используем IP:8000 // Для удаленного доступа используем IP:4546
return `${protocol}//${hostname}:8000`; return `${protocol}//${hostname}:4546`;
}; };
export const API_URL = getApiUrl(); export const API_URL = getApiUrl();