diff --git a/Dockerfile b/Dockerfile index d54afe3..74cc7bf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,35 +1,34 @@ -FROM node:22-alpine as builder - -# Install git and other dependencies -RUN apk add --no-cache git - -# Clone the repository -RUN git clone --depth 1 https://git.nixc.us/Nixius/hastebin.git /app +FROM node:22-alpine WORKDIR /app -# Clean npm cache and install dependencies with better error handling +# Copy local files instead of git clone +COPY . /app + +# Create data directory for file storage +RUN mkdir -p /app/data + +# Install dependencies RUN npm cache clean --force && \ npm install --production --no-optional && \ + npm install mocha && \ chmod +x app.sh # Build assets if needed RUN node update-js.js || echo "No update-js.js script found" -FROM node:22-alpine - -WORKDIR /app - -# Copy from builder stage -COPY --from=builder /app . - -# Install mocha in the final image -RUN npm install mocha +# Create a simple override config to force file storage +RUN echo "var config = require('./config.js'); config.storage = { type: 'file', path: '/app/data' }; module.exports = config;" > /app/config.override.js && \ + sed -i '1s/^/var config = require(".\/config.override.js"); /' server.js # Set environment variables ENV NODE_ENV=production \ + HASTEBIN_STORAGE_TYPE=file \ + STORAGE_TYPE=file \ + STORAGE_PATH=/app/data \ + STORAGE_HOST=localhost \ HASTEBIN_ENABLE_CSP=true \ - HASTEBIN_ENABLE_HSTS=true \ + HASTEBIN_ENABLE_HSTS=false \ HASTEBIN_ENABLE_CROSS_ORIGIN_ISOLATION=true # Expose port diff --git a/README.md b/README.md index 9df5d80..d4692ab 100644 --- a/README.md +++ b/README.md @@ -1,311 +1,56 @@ -# Hastebin +# Flockitrack -Hastebin is an open-source pastebin software written in node.js, which is easily installable in any network. It can be backed by either redis or filesystem, and has a very easy adapter interface for other stores. A publicly available version can be found at [haste.nixc.us](http://haste.nixc.us) - -## Quick Start - -```bash -# Clone the repository -git clone https://github.com/seejohnrun/haste-server.git -cd haste-server - -# Install dependencies -npm install - -# Start with file storage (no Redis needed) -npm run start:dev - -# Access in your browser -# http://localhost:7777 -``` +Firefox extension for tracking time for tickets in YouTrack in Clockify. ## Features -- **Simple**: Easy to set up and use -- **Secure**: Includes CSP and other security headers -- **Flexible**: Supports multiple storage backends (Redis, File, Postgres, etc.) -- **Customizable**: Configurable via environment variables or config file -- **Modern**: Self-destructing pastes with syntax highlighting +- Track time directly from YouTrack tickets +- Automatically fill in ticket information +- Seamless integration with Clockify +- Easy-to-use interface ## Installation -### Quick Install +### Development Installation -```bash -# Clone the repository -git clone https://github.com/seejohnrun/haste-server.git -cd haste-server +1. Clone this repository: + ``` + git clone git@git.nixc.us:colin/flockitrack.git + cd flockitrack + ``` -# Install dependencies -npm install +2. Open Firefox and navigate to `about:debugging` +3. Click "This Firefox" +4. Click "Load Temporary Add-on..." +5. Select the `manifest.json` file from the cloned repository -# Start with file storage (no Redis needed) -npm run start:file -# OR run directly with environment variables -# NODE_ENV=development HASTEBIN_STORAGE_TYPE=file node server.js -``` +### Production Installation -### Running Options +The extension will be available on the Firefox Add-ons store once it's published. -```bash -# Start with default settings (requires Redis) -npm start +## Usage -# Start in development mode with file storage -npm run start:dev +1. Click on the Flockitrack icon in your browser toolbar +2. Enter your Clockify API key (found in your Clockify user settings) +3. Navigate to a YouTrack ticket +4. Use the extension to start tracking time for the ticket -# Same as start:dev (for backward compatibility) -npm run start:file -``` +## Development -### Docker Installation +This extension is a port of the original Chrome extension for Clockify + YouTrack integration, adapted to work with Firefox. -```bash -# Clone the repository -git clone https://github.com/seejohnrun/haste-server.git -cd haste-server +### Key Changes from Chrome Version -# Start with Docker Compose (includes Redis) -docker compose up -d -``` +- Updated manifest to version 2 (Firefox compatible) +- Added Firefox-specific settings +- Changed from `action` to `browser_action` +- Changed from service worker to background scripts +- Moved host permissions into the permissions array -The Docker container is configured to use Redis as the storage backend by default. The `docker-compose.yml` file sets up both a Hastebin container and a Redis container, linking them together. +## License -If you need to customize the Docker setup, you can modify the environment variables in the `docker-compose.yml` file: +[MIT License](LICENSE) -```yaml -environment: - - NODE_ENV=production - - STORAGE_TYPE=redis - - STORAGE_HOST=redis - - HASTEBIN_ENABLE_CSP=true - - HASTEBIN_ENABLE_HSTS=true -``` +## Credits -The container exists at git.nixc.us/colin/haste:haste-production and may be made public eventually. - -## Configuration - -### Environment Variables - -Hastebin can be configured using the following environment variables: - -```bash -# Server configuration -HASTEBIN_PORT=7777 # Port to listen on (default: 7777) -HASTEBIN_HOST=0.0.0.0 # Host to bind to (default: 0.0.0.0) - -# Storage configuration -HASTEBIN_STORAGE_TYPE=file # Storage type: file, redis, postgres, etc. -HASTEBIN_STORAGE_PATH=./data # Path for file storage -DATABASE_URL=postgres://user:pass@host:5432/db # For postgres storage - -# Docker-specific storage settings -STORAGE_TYPE=redis # Storage type in Docker (default: redis) -STORAGE_HOST=redis # Redis host in Docker environment -STORAGE_PORT=6379 # Redis port -STORAGE_PASSWORD= # Redis password if needed -STORAGE_DB=0 # Redis database number - -# Security settings -HASTEBIN_ENABLE_CSP=true # Enable Content Security Policy -HASTEBIN_ENABLE_HSTS=true # Enable HTTP Strict Transport Security -HASTEBIN_ENABLE_CROSS_ORIGIN_ISOLATION=true # Enable Cross-Origin Isolation -HASTEBIN_BYPASS_CSP_IN_DEV=true # Bypass CSP in development mode - -# Other settings -NODE_ENV=development # Environment: development or production -``` - -You can also configure Hastebin by editing the `config.js` file. - -## Security Settings - -The `security` section in the configuration allows you to control various security features, particularly the Content Security Policy (CSP): - -```json -{ - "security": { - "csp": true, // Enable/disable CSP entirely - "hsts": false, // Enable HTTP Strict Transport Security - "scriptSources": [], // Additional allowed script sources - "bypassCSPInDev": false, // Use permissive CSP in development mode - "allowUnsafeHashes": true, // Allow 'unsafe-hashes' in production for event handlers - "enableCrossOriginIsolation": false // Enable strict Cross-Origin isolation headers - } -} -``` - -### Content Security Policy Options - -* `csp` - Enable or disable Content Security Policy headers (default: true) -* `hsts` - Enable HTTP Strict Transport Security headers (default: false) -* `scriptSources` - Additional script sources to allow - comma-separated list in env vars -* `bypassCSPInDev` - In development mode (NODE_ENV=development), use a more permissive CSP that includes 'unsafe-inline' (default: false) -* `allowUnsafeHashes` - Allow 'unsafe-hashes' in production mode for DOM event handlers (default: true) -* `enableCrossOriginIsolation` - Enable strict Cross-Origin isolation headers (COEP, COOP, CORP) which enhance security but may break certain integrations (default: false) - -### Environment Variables for Security Settings - -You can set these options through environment variables: -* `HASTEBIN_ENABLE_CSP` - Enable/disable CSP (true/false) -* `HASTEBIN_ENABLE_HSTS` - Enable/disable HSTS (true/false) -* `HASTEBIN_SCRIPT_SOURCES` - Additional script sources (comma-separated) -* `HASTEBIN_BYPASS_CSP_IN_DEV` - Allow unsafe-inline in development (true/false) -* `HASTEBIN_ALLOW_UNSAFE_HASHES` - Allow unsafe-hashes in production (true/false) -* `HASTEBIN_ENABLE_CROSS_ORIGIN_ISOLATION` - Enable Cross-Origin isolation headers (true/false) - -### CSP Implementation Details - -The Content Security Policy implementation in Hastebin uses nonces to secure inline scripts while maintaining functionality: - -1. **Nonces**: A unique cryptographic nonce is generated for each request and applied to all script tags -2. **Development Mode**: When running with `NODE_ENV=development`, you can bypass strict CSP checks using the `bypassCSPInDev` option -3. **Production Mode**: In production, the CSP is configured to use nonces for all scripts, with optional 'unsafe-hashes' for event handlers -4. **Templates**: The template system automatically injects nonces into script tags, so you don't need to manually add them to the HTML - -### Additional Security Headers - -Besides CSP, Hastebin implements several other security headers: - -1. **X-Content-Type-Options**: `nosniff` - -## Troubleshooting - -### Common Issues - -#### Port Already in Use - -If you see an error like `Error: listen EADDRINUSE: address already in use :::7777`: - -```bash -# Find and kill processes using port 7777 -lsof -i :7777 -t | xargs kill -9 || true - -# Or use a different port -HASTEBIN_PORT=8000 npm run start:file -``` - -#### Redis Connection Issues - -If you're using Redis and see connection errors: - -```bash -# Check if Redis is running -redis-cli ping - -# Start Redis if needed -redis-server - -# Or use file storage instead -npm run start:file -``` - -#### Permission Issues with File Storage - -If you see permission errors when using file storage: - -```bash -# Create data directory with proper permissions -mkdir -p data -chmod 777 data -HASTEBIN_STORAGE_PATH=./data npm run start:file -``` - -#### Test Server Issues - -If tests are failing: - -```bash -# Make sure no server is running -lsof -i :7777 -t | xargs kill -9 || true - -# Run tests with clean environment -npm run test:all -``` - -## Testing - -### Quick Test Commands - -```bash -# Start a local test server with file storage -npm run start:dev - -# Run all tests -npm test - -# Run core functionality tests -npm run test:core - -# Run security tests -npm run test:security -``` - -### Test Structure - -Hastebin includes a comprehensive test suite covering both core functionality and security features. The tests are organized in the following structure: - -``` -test/ -├── core/ # Core functionality tests -│ └── core_functionality_spec.js # Tests for basic operations -├── security/ # Security-related tests -│ ├── security_spec.js # Main security test suite -│ └── security_shell_spec.sh # Shell-based security tests -├── key_generators/ # Key generator tests -├── utils/ # Test utilities -│ └── test-local.js # Local test server setup -└── document_handler_spec.js # Document handler tests -``` - -### Running Test Suites - -```bash -# Run all tests (unit + security) -npm run test:all - -# Run specific test suites -npm run test:core # Run core functionality tests -npm run test:security # Run all security tests - -# Run specific security tests -npm run test:security:csp # Test CSP configuration -npm run test:security:cors # Test CORS settings -npm run test:security:combined # Test combined security features -``` - -## Storage - -## API Usage - -### Creating a Document - -```bash -# Using curl -curl -X POST -d "Hello, world!" http://localhost:7777/documents - -# Response: {"key":"uniquekey"} -``` - -### Retrieving a Document - -```bash -# Using curl -curl http://localhost:7777/raw/uniquekey - -# Response: Hello, world! -``` - -### Document Formats - -- `http://localhost:7777/uniquekey` - HTML view with syntax highlighting -- `http://localhost:7777/raw/uniquekey` - Raw document content -- `http://localhost:7777/documents/uniquekey` - JSON response with document content - -### Client Libraries - -- [haste-client](https://git.nixc.us/Nixius/haste-client) - Command line client for Hastebin -- Example usage: `cat file.txt | haste` - -## License Update \ No newline at end of file +Based on the original Clockify Extension by AE Now. \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 8f12be7..83c7c48 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,66 +1,17 @@ services: - redis: - image: redis:alpine - volumes: - - redis_data:/data - networks: - - default - deploy: - placement: - constraints: - - node.hostname == macmini3 - replicas: 1 - restart_policy: - condition: on-failure - haste: build: context: . dockerfile: Dockerfile - volumes: - - public_system:/app/public/system + ports: + - "7777:7777" environment: - NODE_ENV=production + - HASTEBIN_STORAGE_TYPE=file + - STORAGE_TYPE=file + - STORAGE_PATH=/app/data + - STORAGE_HOST=localhost - HASTEBIN_ENABLE_CSP=true - - HASTEBIN_ENABLE_HSTS=true - - HASTEBIN_ALLOW_UNSAFE_HASHES=true - - HASTEBIN_SCRIPT_SOURCES= - - HASTEBIN_BYPASS_CSP_IN_DEV=false + - HASTEBIN_ENABLE_HSTS=false - HASTEBIN_ENABLE_CROSS_ORIGIN_ISOLATION=true - networks: - - traefik - - default - deploy: - placement: - constraints: - - node.hostname == macmini3 - labels: - homepage.group: apps - homepage.name: HasteBin - homepage.href: https://haste.nixc.us/ - homepage.description: HasteBin - us.nixc.autodeploy: "true" - traefik.enable: "true" - traefik.http.routers.production-haste_haste.rule: "Host(`haste.nixc.us`)" - traefik.http.routers.production-haste_haste.entrypoints: "websecure" - traefik.http.routers.production-haste_haste.tls: "true" - traefik.http.routers.production-haste_haste.tls.certresolver: "letsencryptresolver" - traefik.http.routers.production-haste_haste.service: "production-haste_haste" - traefik.http.services.production-haste_haste.loadbalancer.server.port: "7777" - traefik.docker.network: "traefik" - - replicas: 1 - restart_policy: - condition: on-failure - -networks: - traefik: - external: true - default: - driver: overlay - -volumes: - public_system: - driver: local - redis_data: - driver: local + restart: on-failure diff --git a/manifest.json b/manifest.json new file mode 100644 index 0000000..a98e81b --- /dev/null +++ b/manifest.json @@ -0,0 +1,38 @@ +{ + "manifest_version": 2, + "name": "Flockitrack", + "version": "1.0", + "description": "Firefox extension for tracking time for tickets in YouTrack in Clockify", + "icons": { + "128": "icon_128.png", + "48": "icon_48.png", + "16": "icon_16.png" + }, + "browser_specific_settings": { + "gecko": { + "id": "flockitrack@nixc.us", + "strict_min_version": "57.0" + } + }, + "browser_action": { + "default_icon": "icon_128.png", + "default_popup": "popup.html", + "default_title": "Flockitrack" + }, + "background": { + "scripts": ["background.js"] + }, + "content_scripts": [ + { + "matches": [""], + "js": ["content.js", "axios.min.js", "fontawesome.js"], + "css": ["modal.css"], + "run_at": "document_end" + } + ], + "permissions": [ + "storage", + "tabs", + "https://pm.aenow.com/*" + ] +} \ No newline at end of file diff --git a/static/application.css b/static/application.css index 022c2f1..addda1d 100644 --- a/static/application.css +++ b/static/application.css @@ -2,6 +2,13 @@ body { background: #002B36; padding: 20px 50px; margin: 0px; + height: 100vh; + display: flex; + flex-direction: column; +} + +html { + height: 100%; } /* textarea */ @@ -17,6 +24,11 @@ textarea { outline: none; resize: none; font-size: 13px; + position: absolute; + top: 0; + left: 0; + right: 0; + bottom: 0; } /* the line numbers */ @@ -226,3 +238,12 @@ textarea { background-position: 0 bottom; } +#textarea-container { + position: absolute; + top: 20px; + left: 50px; + right: 50px; + bottom: 0; + overflow: hidden; +} + diff --git a/static/index.html b/static/index.html index 5dcce8f..8ff3407 100644 --- a/static/index.html +++ b/static/index.html @@ -65,7 +65,9 @@
- +
+ +