Arkon/NeveTimePanel
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Compare commits

base: Arkon:main
Branches Tags
Arkon:main Arkon:codex/full-build-all Arkon:codex/pr-frontend-sso Arkon:codex/pr-hosting-deploy Arkon:codex/pr-ci-speed Arkon:codex/hosting-drone-setup
Arkon:v1.2.0
...
compare: Arkon:2551515130422045d1b31185a0975f90aaf9dff9
Branches Tags
Arkon:codex/full-build-all Arkon:codex/pr-frontend-sso Arkon:codex/pr-hosting-deploy Arkon:codex/pr-ci-speed Arkon:codex/hosting-drone-setup Arkon:main
Arkon:v1.2.0

5 Commits
main ... 2551515130

Author SHA1 Message Date
arkonsadter
2551515130 Rebuild Docker, Compose and Drone CI configuration
Some checks failed
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is failing
Details
2026-03-18 19:24:12 +06:00
arkonsadter
b9dc92cfd8 Drone build-images on any push/tag
Some checks failed
continuous-integration/drone/push Build was killed
Details
continuous-integration/drone/pr Build was killed
Details
2026-03-18 19:11:49 +06:00
arkonsadter
f8cd9149c3 Frontend API config and SSO toggles 2026-03-18 19:09:58 +06:00
arkonsadter
e8e8ed6ba3 Add hosting deployment setup and backend health endpoint 2026-03-18 19:09:39 +06:00
arkonsadter
c839e16d60 CI simplify Drone pipeline 2026-03-18 19:09:27 +06:00
18 changed files with 286 additions and 526 deletions
Expand all files Collapse all files

197
.drone.yml
View File

@@ -1,233 +1,68 @@
kind: pipeline kind: pipeline
type: docker type: docker
name: code-quality name: checks
trigger: trigger:
event: event:
- push
- pull_request - pull_request
steps: steps:
- name: python-lint - name: backend-syntax
image: python:3.11-slim image: python:3.11-slim
commands: commands:
- cd backend - cd backend
- pip install flake8 - python -m py_compile main.py auth.py daemons.py oidc_config.py
- flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
- name: frontend-lint - name: frontend-build-check
image: node:20-alpine image: node:20-alpine
commands: commands:
- cd frontend - cd frontend
- npm ci --silent - npm ci --silent
- npm run lint || echo "ESLint warnings found" - npm run build
- name: python-security
image: python:3.11-slim
commands:
- cd backend
- pip install safety
- safety check --file=requirements.txt --exit-zero || echo "Security warnings found"
- name: frontend-security
image: node:20-alpine
commands:
- cd frontend
- npm ci --silent
- npm audit --audit-level=moderate || echo "Security warnings found"
--- ---
kind: pipeline kind: pipeline
type: docker type: docker
name: build-backend name: build-images
trigger: trigger:
branch:
- main
- master
- develop
event: event:
- push - push
- tag - tag
depends_on:
- code-quality
steps: steps:
- name: build-backend-image - name: build-backend-image
image: plugins/docker image: plugins/docker
settings: settings:
registry: registry.nevetime.ru registry: registry.nevetime.ru
repo: registry.nevetime.ru/mc-panel-backend repo: registry.nevetime.ru/mc-panel-backend
context: backend
dockerfile: Dockerfile
tags: tags:
- latest - latest
- ${DRONE_COMMIT_SHA:0:8} - ${DRONE_BUILD_NUMBER}
- ${DRONE_BRANCH}
auto_tag: true auto_tag: true
dockerfile: backend/Dockerfile cache_from:
context: backend - registry.nevetime.ru/mc-panel-backend:latest
username: username:
from_secret: docker_username from_secret: docker_username
password: password:
from_secret: docker_password from_secret: docker_password
build_args:
- BUILD_DATE=${DRONE_BUILD_CREATED}
- VCS_REF=${DRONE_COMMIT_SHA}
- VERSION=${DRONE_TAG:-${DRONE_BRANCH}}
when:
event:
- push
- tag
---
kind: pipeline
type: docker
name: build-frontend
trigger:
branch:
- main
- master
- develop
event:
- push
- tag
depends_on:
- code-quality
steps:
- name: build-frontend-image - name: build-frontend-image
image: plugins/docker image: plugins/docker
settings: settings:
registry: registry.nevetime.ru registry: registry.nevetime.ru
repo: registry.nevetime.ru/mc-panel-frontend repo: registry.nevetime.ru/mc-panel-frontend
tags:
- latest
- ${DRONE_COMMIT_SHA:0:8}
- ${DRONE_BRANCH}
auto_tag: true
dockerfile: frontend/Dockerfile
context: frontend context: frontend
target: production dockerfile: Dockerfile
username:
from_secret: docker_username
password:
from_secret: docker_password
build_args:
- BUILD_DATE=${DRONE_BUILD_CREATED}
- VCS_REF=${DRONE_COMMIT_SHA}
- VERSION=${DRONE_TAG:-${DRONE_BRANCH}}
when:
event:
- push
- tag
---
kind: pipeline
type: docker
name: build-monolith
trigger:
branch:
- main
- master
- develop
event:
- push
- tag
depends_on:
- code-quality
steps:
- name: build-monolith-image
image: plugins/docker
settings:
registry: registry.nevetime.ru
repo: registry.nevetime.ru/mc-panel
tags: tags:
- latest - latest
- ${DRONE_COMMIT_SHA:0:8} - ${DRONE_BUILD_NUMBER}
- ${DRONE_BRANCH}
auto_tag: true auto_tag: true
dockerfile: Dockerfile cache_from:
context: . - registry.nevetime.ru/mc-panel-frontend:latest
username: username:
from_secret: docker_username from_secret: docker_username
password: password:
from_secret: docker_password from_secret: docker_password
build_args:
- BUILD_DATE=${DRONE_BUILD_CREATED}
- VCS_REF=${DRONE_COMMIT_SHA}
- VERSION=${DRONE_TAG:-${DRONE_BRANCH}}
when:
event:
- push
- tag
---
kind: pipeline
type: docker
name: deploy-staging
trigger:
branch:
- develop
event:
- push
depends_on:
- build-backend
- build-frontend
- build-monolith
steps:
- name: deploy-separate-services
image: alpine:latest
environment:
STAGING_HOST:
from_secret: staging_host
STAGING_USER:
from_secret: staging_user
STAGING_KEY:
from_secret: staging_ssh_key
commands:
- apk add --no-cache openssh-client
- echo "Deploying separate services to staging..."
- echo "$STAGING_KEY" | base64 -d > /tmp/ssh_key
- chmod 600 /tmp/ssh_key
- ssh -o StrictHostKeyChecking=no -i /tmp/ssh_key $STAGING_USER@$STAGING_HOST "docker pull registry.nevetime.ru/mc-panel-backend:${DRONE_COMMIT_SHA:0:8} && docker pull registry.nevetime.ru/mc-panel-frontend:${DRONE_COMMIT_SHA:0:8}"
---
kind: pipeline
type: docker
name: deploy-production
trigger:
ref:
- refs/tags/v*
event:
- tag
depends_on:
- build-backend
- build-frontend
- build-monolith
steps:
- name: deploy-separate-services
image: alpine:latest
environment:
PROD_HOST:
from_secret: production_host
PROD_USER:
from_secret: production_user
PROD_KEY:
from_secret: production_ssh_key
commands:
- apk add --no-cache openssh-client
- echo "Deploying separate services to production..."
- echo "$PROD_KEY" | base64 -d > /tmp/ssh_key
- chmod 600 /tmp/ssh_key
- ssh -o StrictHostKeyChecking=no -i /tmp/ssh_key $PROD_USER@$PROD_HOST "docker pull registry.nevetime.ru/mc-panel-backend:${DRONE_TAG} && docker pull registry.nevetime.ru/mc-panel-frontend:${DRONE_TAG}"

33
HOSTING_DEPLOY.md Normal file
View File

@@ -0,0 +1,33 @@
# Hosting Deployment
## 1) Prerequisites
- Docker Engine + Docker Compose plugin
- Domain pointing to your host IP
- (Optional) HTTPS reverse proxy in front of port 80
## 2) Prepare environment
```bash
cp backend/.env.example backend/.env
cp deploy/.env.hosting.example deploy/.env
```
Edit `backend/.env`:
- `SECRET_KEY`
- `BASE_URL` and `FRONTEND_URL` (your real domain)
- `SSO_ENABLED=true` + `ZITADEL_*` only if you use SSO
## 3) Pull and run published images
```bash
docker compose --env-file deploy/.env -f deploy/docker-compose.hosting.yml pull
docker compose --env-file deploy/.env -f deploy/docker-compose.hosting.yml up -d
```
## 4) Verify
- Frontend: `http://<your-host>/`
- Backend health: `docker compose -f deploy/docker-compose.hosting.yml logs backend`
- Frontend health: `docker compose -f deploy/docker-compose.hosting.yml logs frontend`
## Notes
- Frontend uses same-origin `/api` in production, so no hardcoded API host is required.
- Backend health endpoint is `/health`.
- If you need local frontend->local backend development, use `frontend/.env.local`.

14
backend/.env.example Normal file
View File

@@ -0,0 +1,14 @@
# JWT
SECRET_KEY=change-me-in-production
ALGORITHM=HS256
ACCESS_TOKEN_EXPIRE_MINUTES=43200
# OpenID Connect (SSO)
SSO_ENABLED=false
ZITADEL_ISSUER=
ZITADEL_CLIENT_ID=
ZITADEL_CLIENT_SECRET=
# URLs
BASE_URL=https://panel.example.com
FRONTEND_URL=https://panel.example.com

79
backend/Dockerfile
View File

@@ -1,79 +1,30 @@
# ================================ FROM python:3.11-slim
# MC Panel Backend - Production Dockerfile
# ================================
FROM python:3.11-slim AS production
# Метаданные
LABEL maintainer="MC Panel Team" \
version="2.0.0" \
description="MC Panel Backend - FastAPI Server" \
component="backend"
# Переменные окружения
ENV PYTHONDONTWRITEBYTECODE=1 \ ENV PYTHONDONTWRITEBYTECODE=1 \
PYTHONUNBUFFERED=1 \ PYTHONUNBUFFERED=1 \
PYTHONPATH=/app \ PYTHONPATH=/app \
PORT=8000 \ PORT=8000 \
WORKERS=1 \ WORKERS=2
DEBIAN_FRONTEND=noninteractive
# Устанавливаем системные зависимости
RUN apt-get update && apt-get install -y --no-install-recommends \
curl \
procps \
ca-certificates \
tini \
&& rm -rf /var/lib/apt/lists/* \
&& apt-get clean
# Создаем пользователя для безопасности
RUN groupadd -r -g 1000 mcpanel && \
useradd -r -u 1000 -g mcpanel -d /app -s /bin/bash mcpanel
# Создаем рабочую директорию
WORKDIR /app WORKDIR /app
# Копируем requirements и устанавливаем зависимости RUN apt-get update \
&& apt-get install -y --no-install-recommends curl \
&& rm -rf /var/lib/apt/lists/*
COPY requirements.txt ./ COPY requirements.txt ./
RUN pip install --no-cache-dir --upgrade pip && \ RUN pip install --no-cache-dir --upgrade pip \
pip install --no-cache-dir -r requirements.txt && pip install --no-cache-dir -r requirements.txt
# Копируем исходный код COPY . ./
COPY --chown=mcpanel:mcpanel . ./
# Создаем необходимые директории RUN mkdir -p /app/servers /app/data /app/logs \
RUN mkdir -p \ && ([ -f /app/users.json ] || echo '{}' > /app/users.json) \
servers \ && ([ -f /app/tickets.json ] || echo '{}' > /app/tickets.json)
data \
logs \
&& touch users.json tickets.json
# Создаем конфигурационные файлы по умолчанию если их нет
RUN [ ! -f users.json ] && echo '{}' > users.json || true && \
[ ! -f tickets.json ] && echo '{}' > tickets.json || true
# Устанавливаем права доступа
RUN chown -R mcpanel:mcpanel /app && \
chmod -R 755 /app && \
chmod +x main.py
# Переключаемся на непривилегированного пользователя
USER mcpanel
# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
CMD curl -f http://localhost:${PORT}/health 2>/dev/null || \
curl -f http://localhost:${PORT}/ 2>/dev/null || exit 1
# Expose порт
EXPOSE 8000 EXPOSE 8000
# Volumes для персистентных данных HEALTHCHECK --interval=30s --timeout=10s --start-period=20s --retries=3 \
VOLUME ["/app/servers", "/app/data", "/app/logs"] CMD curl -fsS "http://localhost:${PORT}/health" || exit 1
# Используем tini как init процесс CMD ["sh", "-c", "uvicorn main:app --host 0.0.0.0 --port ${PORT:-8000} --workers ${WORKERS:-2}"]
ENTRYPOINT ["/usr/bin/tini", "--"]
# Команда запуска
CMD ["sh", "-c", "python -m uvicorn main:app --host 0.0.0.0 --port ${PORT} --workers ${WORKERS}"]

7
backend/main.py
View File

@@ -172,6 +172,11 @@ def check_server_access(user: dict, server_name: str):
return False return False
return server_name in user.get("servers", []) return server_name in user.get("servers", [])
# Healthcheck endpoint for Docker/hosting probes
@app.get("/health")
async def health():
return {"status": "ok"}
# API для аутентификации # API для аутентификации
# OpenID Connect endpoints # OpenID Connect endpoints
@@ -1936,4 +1941,4 @@ app.include_router(daemons_router)
if __name__ == "__main__": if __name__ == "__main__":
import uvicorn import uvicorn
uvicorn.run(app, host="0.0.0.0", port=8000) uvicorn.run(app, host="0.0.0.0", port=4546)

66
backend/oidc_config.py
View File

@@ -4,28 +4,58 @@
import os import os
from typing import Dict, Any from typing import Dict, Any
# Конфигурация провайдеров OpenID Connect
OIDC_PROVIDERS = { def _is_truthy(value: str) -> bool:
"zitadel": { """Безопасный парсинг bool из переменных окружения."""
"name": "ZITADEL", return value.strip().lower() in {"1", "true", "yes", "on"}
"client_id": os.getenv("ZITADEL_CLIENT_ID", ""),
"client_secret": os.getenv("ZITADEL_CLIENT_SECRET", ""),
"server_metadata_url": os.getenv("ZITADEL_ISSUER", "") + "/.well-known/openid-configuration", def _is_config_value_set(value: str) -> bool:
"issuer": os.getenv("ZITADEL_ISSUER", ""), """Проверка, что значение реально задано, а не заглушка."""
"scopes": ["openid", "email", "profile"], normalized = value.strip().lower()
"icon": "🔐", return normalized not in {"", "none", "null", "undefined"}
"color": "bg-purple-600 hover:bg-purple-700"
def is_sso_enabled() -> bool:
"""Глобальный флаг включения SSO через env."""
# По умолчанию SSO включён, чтобы не ломать существующее поведение.
raw = os.getenv("SSO_ENABLED", "true")
return _is_truthy(raw)
def get_oidc_providers() -> Dict[str, Dict[str, Any]]:
"""Собрать конфигурацию OpenID Connect провайдеров из env."""
issuer = os.getenv("ZITADEL_ISSUER", "")
return {
"zitadel": {
"name": "ZITADEL",
"client_id": os.getenv("ZITADEL_CLIENT_ID", ""),
"client_secret": os.getenv("ZITADEL_CLIENT_SECRET", ""),
"server_metadata_url": issuer.rstrip("/") + "/.well-known/openid-configuration" if issuer else "",
"issuer": issuer,
"scopes": ["openid", "email", "profile"],
"icon": "🔐",
"color": "bg-purple-600 hover:bg-purple-700"
}
} }
}
# Для обратной совместимости с импортами из других модулей
OIDC_PROVIDERS = get_oidc_providers()
def get_enabled_providers() -> Dict[str, Dict[str, Any]]: def get_enabled_providers() -> Dict[str, Dict[str, Any]]:
"""Получить список включённых провайдеров (с настроенными client_id)""" """Получить список включённых провайдеров (с настроенным client_id)."""
enabled = {} if not is_sso_enabled():
for provider_id, config in OIDC_PROVIDERS.items(): return {}
if config.get("client_id") and config.get("issuer"):
enabled: Dict[str, Dict[str, Any]] = {}
for provider_id, config in get_oidc_providers().items():
if _is_config_value_set(config.get("client_id", "")) and _is_config_value_set(config.get("issuer", "")):
enabled[provider_id] = config enabled[provider_id] = config
return enabled return enabled
def get_redirect_uri(provider_id: str, base_url: str = "http://localhost:8000") -> str: def get_redirect_uri(provider_id: str, base_url: str = "http://localhost:8000") -> str:
"""Получить redirect URI для провайдера""" """Получить redirect URI для провайдера."""
return f"{base_url}/api/auth/oidc/{provider_id}/callback" return f"{base_url}/api/auth/oidc/{provider_id}/callback"

9
deploy/.env.hosting.example Normal file
View File

@@ -0,0 +1,9 @@
# Image tag produced by Drone (latest or build number)
IMAGE_TAG=latest
# Optional explicit image names
# BACKEND_IMAGE=registry.nevetime.ru/mc-panel-backend:latest
# FRONTEND_IMAGE=registry.nevetime.ru/mc-panel-frontend:latest
# External port for the frontend container
FRONTEND_PORT=80

49
deploy/docker-compose.hosting.yml Normal file
View File

@@ -0,0 +1,49 @@
version: '3.8'
services:
backend:
image: ${BACKEND_IMAGE:-registry.nevetime.ru/mc-panel-backend:${IMAGE_TAG:-latest}}
container_name: mc-panel-backend
restart: unless-stopped
env_file:
- ../backend/.env
environment:
PORT: 8000
WORKERS: 2
volumes:
- mc_servers:/app/servers
- mc_data:/app/data
- mc_logs:/app/logs
networks:
- mc-panel
healthcheck:
test: ["CMD", "curl", "-fsS", "http://localhost:8000/health"]
interval: 30s
timeout: 10s
retries: 3
frontend:
image: ${FRONTEND_IMAGE:-registry.nevetime.ru/mc-panel-frontend:${IMAGE_TAG:-latest}}
container_name: mc-panel-frontend
restart: unless-stopped
ports:
- "${FRONTEND_PORT:-80}:80"
depends_on:
backend:
condition: service_healthy
networks:
- mc-panel
healthcheck:
test: ["CMD", "wget", "-qO-", "http://localhost/health"]
interval: 30s
timeout: 10s
retries: 3
volumes:
mc_servers:
mc_data:
mc_logs:
networks:
mc-panel:
driver: bridge

41
docker-compose.dev.yml
View File

@@ -1,61 +1,48 @@
version: '3.8' version: '3.8'
services: services:
# Backend для разработки backend:
backend-dev:
build: build:
context: ./backend context: ./backend
dockerfile: Dockerfile dockerfile: Dockerfile
target: production
container_name: mc-panel-backend-dev container_name: mc-panel-backend-dev
restart: unless-stopped restart: unless-stopped
ports: ports:
- "8000:8000" - "8000:8000"
env_file:
- ./backend/.env
environment: environment:
- PORT=8000 PORT: 8000
- WORKERS=1 WORKERS: 1
- PYTHONPATH=/app
- DEBUG=true
- LOG_LEVEL=DEBUG
volumes: volumes:
# Монтируем исходный код для hot reload
- ./backend:/app - ./backend:/app
- mc_servers_dev:/app/servers - mc_servers_dev:/app/servers
- mc_data_dev:/app/data - mc_data_dev:/app/data
- mc_logs_dev:/app/logs - mc_logs_dev:/app/logs
command: ["sh", "-c", "uvicorn main:app --host 0.0.0.0 --port 8000 --reload"]
networks: networks:
- mc-panel-dev - mc-panel-dev
command: ["python", "-m", "uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000", "--reload"]
# Frontend для разработки frontend:
frontend-dev:
build: build:
context: ./frontend context: ./frontend
dockerfile: Dockerfile dockerfile: Dockerfile
target: development args:
VITE_API_URL: http://localhost:8000
container_name: mc-panel-frontend-dev container_name: mc-panel-frontend-dev
restart: unless-stopped restart: unless-stopped
ports: ports:
- "5173:5173" - "3000:80"
volumes: depends_on:
# Монтируем исходный код для hot reload - backend
- ./frontend:/app
- /app/node_modules
networks: networks:
- mc-panel-dev - mc-panel-dev
environment:
- VITE_API_URL=http://localhost:8000
depends_on:
- backend-dev
volumes: volumes:
mc_servers_dev: mc_servers_dev:
driver: local
mc_data_dev: mc_data_dev:
driver: local
mc_logs_dev: mc_logs_dev:
driver: local
networks: networks:
mc-panel-dev: mc-panel-dev:
driver: bridge driver: bridge

40
docker-compose.yml
View File

@@ -1,59 +1,49 @@
version: '3.8' version: '3.8'
services: services:
# Backend сервис
backend: backend:
image: registry.nevetime.ru/mc-panel-backend:${IMAGE_TAG:-latest} image: ${BACKEND_IMAGE:-registry.nevetime.ru/mc-panel-backend:${IMAGE_TAG:-latest}}
container_name: mc-panel-backend container_name: mc-panel-backend
restart: unless-stopped restart: unless-stopped
ports:
- "8000:8000"
environment:
- PORT=8000
- WORKERS=2
- PYTHONPATH=/app
- DEBUG=false
env_file: env_file:
- ./backend/.env - ./backend/.env
environment:
PORT: ${BACKEND_PORT:-8000}
WORKERS: ${BACKEND_WORKERS:-2}
volumes: volumes:
- mc_servers:/app/servers - mc_servers:/app/servers
- mc_data:/app/data - mc_data:/app/data
- mc_logs:/app/logs - mc_logs:/app/logs
networks: networks:
- mc-panel-network - mc-panel
healthcheck: healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8000/health"] test: ["CMD", "curl", "-fsS", "http://localhost:8000/health"]
interval: 30s interval: 30s
timeout: 10s timeout: 10s
retries: 3 retries: 3
start_period: 60s
# Frontend сервис
frontend: frontend:
image: registry.nevetime.ru/mc-panel-frontend:${IMAGE_TAG:-latest} image: ${FRONTEND_IMAGE:-registry.nevetime.ru/mc-panel-frontend:${IMAGE_TAG:-latest}}
container_name: mc-panel-frontend container_name: mc-panel-frontend
restart: unless-stopped restart: unless-stopped
ports: ports:
- "80:80" - "${FRONTEND_PORT:-80}:80"
depends_on: depends_on:
- backend backend:
condition: service_healthy
networks: networks:
- mc-panel-network - mc-panel
healthcheck: healthcheck:
test: ["CMD", "curl", "-f", "http://localhost/health"] test: ["CMD", "wget", "-qO-", "http://localhost/health"]
interval: 30s interval: 30s
timeout: 10s timeout: 10s
retries: 3 retries: 3
start_period: 30s
volumes: volumes:
mc_servers: mc_servers:
driver: local
mc_data: mc_data:
driver: local
mc_logs: mc_logs:
driver: local
networks: networks:
mc-panel-network: mc-panel:
driver: bridge driver: bridge

2
frontend/.env
View File

@@ -1 +1 @@
VITE_API_URL=http://26.62.117.104:8000 VITE_API_URL=

7
frontend/.env.example
View File

@@ -1,3 +1,4 @@
# API URL (необязательно, по умолчанию определяется автоматически) # API URL:
# Раскомментируйте и укажите ваш IP для удаленного доступа # - пусто: same-origin (/api), рекомендуется для production с nginx proxy
# VITE_API_URL=http://26.123.45.67:8000 # - http://localhost:4546: локальный backend
VITE_API_URL=

6
frontend/.env.local.example
View File

@@ -1,10 +1,10 @@
# Создайте файл .env.local и раскомментируйте нужную строку # Создайте файл .env.local и раскомментируйте нужную строку
# Для локального использования (по умолчанию) # Для локального использования (по умолчанию)
# VITE_API_URL=http://localhost:8000 # VITE_API_URL=http://localhost:4546
# Для Radmin VPN (замените на ваш IP) # Для Radmin VPN (замените на ваш IP)
# VITE_API_URL=http://26.62.117.104:8000 # VITE_API_URL=http://26.62.117.104:4546
# Для Hamachi (замените на ваш IP) # Для Hamachi (замените на ваш IP)
# VITE_API_URL=http://25.123.45.67:8000 # VITE_API_URL=http://25.123.45.67:4546

200
frontend/Dockerfile
View File

@@ -1,207 +1,25 @@
# ================================ FROM node:20-alpine AS build
# MC Panel Frontend - Multi-Stage Dockerfile
# ================================
# Stage 1: Build Stage
FROM node:20-alpine AS builder
# Метаданные
LABEL maintainer="MC Panel Team" \
version="2.0.0" \
description="MC Panel Frontend - React Build Stage" \
component="frontend"
# Устанавливаем зависимости для сборки
RUN apk add --no-cache git python3 make g++
# Создаем рабочую директорию
WORKDIR /app WORKDIR /app
# Копируем package files для кеширования зависимостей
COPY package*.json ./ COPY package*.json ./
# Устанавливаем зависимости
RUN npm ci --silent RUN npm ci --silent
# Копируем исходный код
COPY . ./ COPY . ./
# Собираем приложение для production ARG VITE_API_URL=
ENV VITE_API_URL=${VITE_API_URL}
RUN npm run build RUN npm run build
# Проверяем размер сборки FROM nginx:1.27-alpine
RUN du -sh dist/ && \
echo "Build completed successfully"
# ================================ COPY nginx.conf /etc/nginx/conf.d/default.conf
# Stage 2: Production Stage (Nginx) COPY --from=build /app/dist /usr/share/nginx/html
# ================================
FROM nginx:alpine AS production
# Метаданные
LABEL maintainer="MC Panel Team" \
version="2.0.0" \
description="MC Panel Frontend - Nginx Production Server" \
component="frontend"
# Устанавливаем дополнительные пакеты
RUN apk add --no-cache curl tini
# Создаем пользователя nginx если его нет
RUN addgroup -g 1000 -S mcpanel && \
adduser -u 1000 -D -S -G mcpanel mcpanel
# Копируем собранное приложение из builder stage
COPY --from=builder /app/dist /usr/share/nginx/html
# Создаем кастомную конфигурацию Nginx
RUN cat > /etc/nginx/conf.d/default.conf << 'EOF'
server {
listen 80;
listen [::]:80;
server_name _;
root /usr/share/nginx/html;
index index.html;
# Gzip compression
gzip on;
gzip_vary on;
gzip_min_length 1024;
gzip_types text/plain text/css text/xml text/javascript application/javascript application/xml+rss application/json;
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
# Cache static assets
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
expires 1y;
add_header Cache-Control "public, immutable";
}
# Handle React Router (SPA)
location / {
try_files $uri $uri/ /index.html;
}
# API proxy (если нужно)
location /api/ {
proxy_pass http://backend:8000/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# WebSocket proxy (если нужно)
location /ws/ {
proxy_pass http://backend:8000/ws/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Health check endpoint
location /health {
access_log off;
return 200 "healthy\n";
add_header Content-Type text/plain;
}
}
EOF
# Создаем кастомную конфигурацию nginx.conf
RUN cat > /etc/nginx/nginx.conf << 'EOF'
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
use epoll;
multi_accept on;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
client_max_body_size 100M;
include /etc/nginx/conf.d/*.conf;
}
EOF
# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=30s --retries=3 \
CMD curl -f http://localhost/health || exit 1
# Expose порт
EXPOSE 80 EXPOSE 80
# Используем tini как init процесс HEALTHCHECK --interval=30s --timeout=5s --start-period=15s --retries=3 \
ENTRYPOINT ["/sbin/tini", "--"] CMD wget -qO- http://localhost/health >/dev/null || exit 1
# Команда запуска
CMD ["nginx", "-g", "daemon off;"] CMD ["nginx", "-g", "daemon off;"]
# ================================
# Stage 3: Development Stage
# ================================
FROM node:20-alpine AS development
# Метаданные
LABEL maintainer="MC Panel Team" \
version="2.0.0" \
description="MC Panel Frontend - Development Server" \
component="frontend"
# Устанавливаем зависимости для разработки
RUN apk add --no-cache git python3 make g++
# Создаем пользователя для разработки
RUN addgroup -g 1000 -S mcpanel && \
adduser -u 1000 -D -S -G mcpanel mcpanel
# Создаем рабочую директорию
WORKDIR /app
# Меняем владельца директории
RUN chown mcpanel:mcpanel /app
# Переключаемся на пользователя
USER mcpanel
# Копируем package files
COPY --chown=mcpanel:mcpanel package*.json ./
# Устанавливаем зависимости
RUN npm ci
# Копируем исходный код
COPY --chown=mcpanel:mcpanel . ./
# Expose порт для dev сервера
EXPOSE 5173
# Команда для разработки
CMD ["npm", "run", "dev"]

37
frontend/nginx.conf Normal file
View File

@@ -0,0 +1,37 @@
server {
listen 80;
server_name _;
root /usr/share/nginx/html;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
location /api/ {
proxy_pass http://backend:8000;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /ws/ {
proxy_pass http://backend:8000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location = /health {
access_log off;
return 200 'ok';
add_header Content-Type text/plain;
}
}

4
frontend/src/components/Auth.jsx
View File

@@ -41,7 +41,7 @@ export default function Auth({ onLogin }) {
try { try {
await onLogin(username, password, isLogin); await onLogin(username, password, isLogin);
} catch (err) { } catch (err) {
setError(err.message || 'Ошибка авторизации'); setError(err?.response?.data?.detail || err.message || 'Ошибка авторизации');
} finally { } finally {
setLoading(false); setLoading(false);
} }
@@ -182,7 +182,7 @@ export default function Auth({ onLogin }) {
{isLogin && ( {isLogin && (
<div className={`mt-6 text-center text-sm ${currentTheme.textSecondary}`}> <div className={`mt-6 text-center text-sm ${currentTheme.textSecondary}`}>
<p>Учётные данные по умолчанию:</p> <p>Учётные данные по умолчанию:</p>
<p className={`${currentTheme.text} font-mono mt-1`}>none / none</p> <p className={`${currentTheme.text} font-mono mt-1`}>admin / Admin</p>
</div> </div>
)} )}
</div> </div>

3
frontend/src/components/UserManagement.jsx
View File

@@ -2,6 +2,7 @@ import { useState, useEffect } from 'react';
import { Users, Shield, Ban, Trash2, UserCheck, Server } from 'lucide-react'; import { Users, Shield, Ban, Trash2, UserCheck, Server } from 'lucide-react';
import axios from 'axios'; import axios from 'axios';
import { notify } from './NotificationSystem'; import { notify } from './NotificationSystem';
import { API_URL } from '../config';
const UserManagement = ({ token, currentUser }) => { const UserManagement = ({ token, currentUser }) => {
const [users, setUsers] = useState([]); const [users, setUsers] = useState([]);
@@ -10,8 +11,6 @@ const UserManagement = ({ token, currentUser }) => {
const [showRoleModal, setShowRoleModal] = useState(false); const [showRoleModal, setShowRoleModal] = useState(false);
const [showAccessModal, setShowAccessModal] = useState(false); const [showAccessModal, setShowAccessModal] = useState(false);
const API_URL = import.meta.env.VITE_API_URL || 'http://localhost:8000';
// Загрузка пользователей // Загрузка пользователей
const loadUsers = async () => { const loadUsers = async () => {
try { try {

18
frontend/src/config.js
View File

@@ -1,21 +1,23 @@
// Автоматически определяем API URL // Автоматически определяем API URL
const getApiUrl = () => { const getApiUrl = () => {
// Если задана переменная окружения, используем её // Если переменная задана даже пустой строкой, используем её как явный override.
if (import.meta.env.VITE_API_URL) { // Пустая строка = same-origin (/api через nginx proxy).
return import.meta.env.VITE_API_URL; if (Object.prototype.hasOwnProperty.call(import.meta.env, 'VITE_API_URL')) {
const value = import.meta.env.VITE_API_URL || '';
return value.replace(/\/$/, '');
} }
// Иначе используем текущий хост с портом 8000 // Иначе используем текущий хост с портом 4546
const protocol = window.location.protocol; const protocol = window.location.protocol;
const hostname = window.location.hostname; const hostname = window.location.hostname;
// Если localhost, используем localhost:8000 // Если localhost, используем localhost:4546
if (hostname === 'localhost' || hostname === '127.0.0.1') { if (hostname === 'localhost' || hostname === '127.0.0.1') {
return `${protocol}//localhost:8000`; return `${protocol}//localhost:4546`;
} }
// Для удаленного доступа используем IP:8000 // Для удаленного доступа используем IP:4546
return `${protocol}//${hostname}:8000`; return `${protocol}//${hostname}:4546`;
}; };
export const API_URL = getApiUrl(); export const API_URL = getApiUrl();