From b2cf4b50cb9b25d198168a67701164ebd898bfe4 Mon Sep 17 00:00:00 2001 From: ComplementaryPogo Date: Mon, 15 Dec 2025 02:28:02 -0600 Subject: [PATCH 01/15] Dockerfile and dockerignore --- .dockerignore | 45 +++++++++++++++++++++++++++++++++++++++++++++ Dockerfile | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 92 insertions(+) create mode 100644 .dockerignore create mode 100644 Dockerfile diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..3de65df --- /dev/null +++ b/.dockerignore @@ -0,0 +1,45 @@ +# Dependencies +node_modules + +# Build output +build +.svelte-kit + +# Git +.git +.gitignore + +# IDE +.vscode +.idea +*.swp +*.swo + +# Logs +logs +*.log +npm-debug.log* + +# OS files +.DS_Store +Thumbs.db + +# Docker +Dockerfile +docker-compose*.yml +.dockerignore + +# Documentation +README.md +LICENSE +*.md + +# Development/Test +.env.local +.env.*.local +coverage +.nyc_output + +# Config (mounted at runtime, not baked in) +# Keep config examples for build stage +!config/*.example.* diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..c876d7f --- /dev/null +++ b/Dockerfile @@ -0,0 +1,47 @@ +FROM node:22-slim AS base +RUN corepack enable && corepack prepare pnpm@latest --activate +WORKDIR /app + +FROM base AS deps + +COPY package.json pnpm-lock.yaml ./ +COPY patches ./patches/ +RUN pnpm install --frozen-lockfile + +FROM base AS builder +WORKDIR /app +COPY --from=deps /app/node_modules ./node_modules +COPY . . +RUN mkdir -p src/routes/\(custom\) && \ + mkdir -p src/components/custom && \ + mkdir -p src/lib/server && \ + cp config/custom.example.css config/custom.css && \ + cp config/Home.example.svelte config/Home.svelte && \ + cp config/config.example.toml config/config.toml && \ + ln config/custom.css src/custom.css && \ + ln config/Home.svelte src/components/custom/Home.svelte && \ + ln config/config.toml src/lib/server/config.toml +RUN pnpm run build + +FROM node:22-slim AS runtime +RUN apt-get update && apt-get install -y --no-install-recommends \ + ca-certificates \ + && rm -rf /var/lib/apt/lists/* +WORKDIR /app +RUN groupadd --gid 1001 diadem && \ + useradd --uid 1001 --gid diadem --shell /bin/bash --create-home diadem +COPY --from=builder --chown=diadem:diadem /app/build ./build +COPY --from=builder --chown=diadem:diadem /app/package.json ./ +COPY --from=deps --chown=diadem:diadem /app/node_modules ./node_modules +RUN mkdir -p /app/config && chown diadem:diadem /app/config +USER diadem +ENV NODE_ENV=production +ENV HOST=0.0.0.0 +ENV PORT=3900 + +EXPOSE 3900 + +HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ + CMD node -e "fetch('http://localhost:${PORT:-3900}').then(r => process.exit(r.ok ? 0 : 1)).catch(() => process.exit(1))" + +CMD ["node", "build/index.js"] From a9ac9c297382abf890ce9065d68a4b954d1a5a02 Mon Sep 17 00:00:00 2001 From: ComplementaryPogo Date: Mon, 15 Dec 2025 02:59:18 -0600 Subject: [PATCH 02/15] Docker entrypoint for DB --- .env.example | 8 ++++++ Dockerfile | 12 ++++++-- docker-compose.yml | 65 ++++++++++++++++++++++++++++++++++++++++++++ docker-entrypoint.sh | 17 ++++++++++++ 4 files changed, 100 insertions(+), 2 deletions(-) create mode 100644 .env.example create mode 100644 docker-compose.yml create mode 100644 docker-entrypoint.sh diff --git a/.env.example b/.env.example new file mode 100644 index 0000000..8fea93c --- /dev/null +++ b/.env.example @@ -0,0 +1,8 @@ +# Diadem Application +DIADEM_PORT=3900 + +# MariaDB Database (Diadem Internal) +MARIADB_ROOT_PASSWORD=changeme_root +MARIADB_DATABASE=diadem +MARIADB_USER=diadem +MARIADB_PASSWORD=changeme diff --git a/Dockerfile b/Dockerfile index c876d7f..b624c22 100644 --- a/Dockerfile +++ b/Dockerfile @@ -33,7 +33,15 @@ RUN groupadd --gid 1001 diadem && \ COPY --from=builder --chown=diadem:diadem /app/build ./build COPY --from=builder --chown=diadem:diadem /app/package.json ./ COPY --from=deps --chown=diadem:diadem /app/node_modules ./node_modules + +# Files needed for drizzle-kit db:push at runtime +COPY --from=builder --chown=diadem:diadem /app/drizzle.config.ts ./ +COPY --from=builder --chown=diadem:diadem /app/src/lib/server/db ./src/lib/server/db +COPY --from=builder --chown=diadem:diadem /app/src/lib/services ./src/lib/services + RUN mkdir -p /app/config && chown diadem:diadem /app/config +COPY --chown=diadem:diadem docker-entrypoint.sh ./ +RUN chmod +x docker-entrypoint.sh USER diadem ENV NODE_ENV=production ENV HOST=0.0.0.0 @@ -41,7 +49,7 @@ ENV PORT=3900 EXPOSE 3900 -HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ +HEALTHCHECK --interval=30s --timeout=10s --start-period=30s --retries=3 \ CMD node -e "fetch('http://localhost:${PORT:-3900}').then(r => process.exit(r.ok ? 0 : 1)).catch(() => process.exit(1))" -CMD ["node", "build/index.js"] +ENTRYPOINT ["./docker-entrypoint.sh"] diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..d4fb93d --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,65 @@ +services: + diadem: + build: + context: . + dockerfile: Dockerfile + image: diadem:latest + container_name: diadem + restart: unless-stopped + ports: + - "${DIADEM_PORT:-3900}:3900" + environment: + - NODE_ENV=production + - HOST=0.0.0.0 + - PORT=3900 + volumes: + # Required: Mount your config file (both paths needed for runtime and db:push) + - ./config/config.toml:/app/build/server/config.toml:ro + - ./config/config.toml:/app/src/lib/server/config.toml:ro + # Optional: Persistent logs + - diadem-logs:/app/logs + depends_on: + diadem-db: + condition: service_healthy + networks: + - diadem-network + healthcheck: + test: ["CMD", "node", "-e", "fetch('http://localhost:3900').then(r => process.exit(r.ok ? 0 : 1)).catch(() => process.exit(1))"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 30s + + diadem-db: + image: mariadb:11.4 + container_name: diadem-db + restart: unless-stopped + environment: + MARIADB_ROOT_PASSWORD: ${MARIADB_ROOT_PASSWORD:-changeme_root} + MARIADB_DATABASE: ${MARIADB_DATABASE:-diadem} + MARIADB_USER: ${MARIADB_USER:-diadem} + MARIADB_PASSWORD: ${MARIADB_PASSWORD:-changeme} + volumes: + - diadem-db-data:/var/lib/mysql + networks: + - diadem-network + healthcheck: + test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"] + interval: 10s + timeout: 5s + retries: 5 + start_period: 30s + command: + - --character-set-server=utf8mb4 + - --collation-server=utf8mb4_unicode_ci + +volumes: + diadem-db-data: + name: diadem-db-data + diadem-logs: + name: diadem-logs + +networks: + diadem-network: + name: diadem-network + driver: bridge diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh new file mode 100644 index 0000000..64e4b32 --- /dev/null +++ b/docker-entrypoint.sh @@ -0,0 +1,17 @@ +#!/bin/sh +set -e + +# Only run db:push if the database appears to be uninitialized +# This prevents accidental destructive schema changes in production +if [ "${SKIP_DB_PUSH:-}" = "true" ]; then + echo "Skipping database push (SKIP_DB_PUSH=true)" +elif [ "${FORCE_DB_PUSH:-}" = "true" ]; then + echo "Running database push (forced)..." + npx drizzle-kit push --force +else + echo "Running database push..." + npx drizzle-kit push +fi + +echo "Starting Diadem..." +exec node build/index.js From ef586b987a3182d57f4a04df2e6653903c5fdb58 Mon Sep 17 00:00:00 2001 From: ComplementaryPogo Date: Mon, 15 Dec 2025 03:14:22 -0600 Subject: [PATCH 03/15] Makefile for helping push to docker easily --- Makefile | 111 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 111 insertions(+) create mode 100644 Makefile diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..966d929 --- /dev/null +++ b/Makefile @@ -0,0 +1,111 @@ +# Diadem Docker Build & Release Makefile + +# Registry and image configuration (override with environment variables) +REGISTRY ?= ghcr.io +REPOSITORY ?= ccev/diadem +IMAGE_NAME ?= $(REGISTRY)/$(REPOSITORY) + +# Version tagging (defaults to git short hash) +GIT_HASH := $(shell git rev-parse --short HEAD 2>/dev/null || echo "unknown") +GIT_DIRTY := $(shell git diff --quiet 2>/dev/null || echo "-dirty") +VERSION ?= $(GIT_HASH)$(GIT_DIRTY) + +# Additional tags +LATEST_TAG ?= latest + +# Docker build options +DOCKER_BUILD_ARGS ?= +DOCKER_PLATFORM ?= linux/amd64,linux/arm64 +DOCKERFILE ?= Dockerfile + +# Helm chart +HELM_CHART_PATH := helm/diadem + +.PHONY: help build release build-and-release tag clean lint helm-lint helm-package + +help: ## Show this help message + @echo "Diadem Docker Build & Release" + @echo "" + @echo "Usage: make [target]" + @echo "" + @echo "Configuration (override with environment variables):" + @echo " REGISTRY = $(REGISTRY)" + @echo " REPOSITORY = $(REPOSITORY)" + @echo " IMAGE_NAME = $(IMAGE_NAME)" + @echo " VERSION = $(VERSION)" + @echo "" + @echo "Targets:" + @awk 'BEGIN {FS = ":.*##"; printf ""} /^[a-zA-Z_-]+:.*?##/ { printf " %-15s %s\n", $$1, $$2 }' $(MAKEFILE_LIST) + +build: ## Build image for local platform only + docker build \ + --tag $(IMAGE_NAME):$(VERSION) \ + --tag $(IMAGE_NAME):$(LATEST_TAG) \ + --file $(DOCKERFILE) \ + $(DOCKER_BUILD_ARGS) \ + . + +release: ## Push locally built image to registry + docker push $(IMAGE_NAME):$(VERSION) + docker push $(IMAGE_NAME):$(LATEST_TAG) + +build-and-release: ## Build multi-platform image and push to registry + docker buildx build \ + --platform $(DOCKER_PLATFORM) \ + --tag $(IMAGE_NAME):$(VERSION) \ + --tag $(IMAGE_NAME):$(LATEST_TAG) \ + --file $(DOCKERFILE) \ + --push \ + $(DOCKER_BUILD_ARGS) \ + . + +tag: ## Tag an existing image with a new tag (e.g., make tag VERSION=abc123 NEW_TAG=v1.0.0) + @test -n "$(NEW_TAG)" || (echo "NEW_TAG is required" && exit 1) + docker buildx imagetools create \ + --tag $(IMAGE_NAME):$(NEW_TAG) \ + $(IMAGE_NAME):$(VERSION) + +clean: ## Remove local images + -docker rmi $(IMAGE_NAME):$(VERSION) 2>/dev/null + -docker rmi $(IMAGE_NAME):$(LATEST_TAG) 2>/dev/null + +lint: ## Lint Dockerfile with hadolint + @command -v hadolint >/dev/null 2>&1 && hadolint $(DOCKERFILE) || \ + docker run --rm -i hadolint/hadolint < $(DOCKERFILE) + +helm-lint: ## Lint Helm chart + helm lint $(HELM_CHART_PATH) + +helm-package: ## Package Helm chart + helm package $(HELM_CHART_PATH) + +helm-template: ## Render Helm chart templates + helm template diadem $(HELM_CHART_PATH) + +# Docker Compose targets +.PHONY: up down logs + +up: ## Start services with docker-compose + docker compose up -d + +down: ## Stop services with docker-compose + docker compose down + +logs: ## View docker-compose logs + docker compose logs -f + +# Development helpers +.PHONY: setup-buildx info + +setup-buildx: ## Set up Docker buildx for multi-platform builds + docker buildx create --name diadem-builder --use 2>/dev/null || docker buildx use diadem-builder + docker buildx inspect --bootstrap + +info: ## Show build configuration + @echo "Registry: $(REGISTRY)" + @echo "Repository: $(REPOSITORY)" + @echo "Image: $(IMAGE_NAME)" + @echo "Version: $(VERSION)" + @echo "Git Hash: $(GIT_HASH)" + @echo "Platforms: $(DOCKER_PLATFORM)" + @echo "Dockerfile: $(DOCKERFILE)" From cbbf46dc8202da03eafd040279602f5094e6c460 Mon Sep 17 00:00:00 2001 From: ComplementaryPogo Date: Mon, 15 Dec 2025 03:16:16 -0600 Subject: [PATCH 04/15] Use DIADEM_DOCKER prefix actually --- Makefile | 72 ++++++++++++++++++++++++++++---------------------------- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/Makefile b/Makefile index 966d929..ba23f38 100644 --- a/Makefile +++ b/Makefile @@ -1,22 +1,22 @@ # Diadem Docker Build & Release Makefile # Registry and image configuration (override with environment variables) -REGISTRY ?= ghcr.io -REPOSITORY ?= ccev/diadem -IMAGE_NAME ?= $(REGISTRY)/$(REPOSITORY) +DIADEM_DOCKER_REGISTRY ?= ghcr.io +DIADEM_DOCKER_REPOSITORY ?= ccev/diadem +DIADEM_DOCKER_IMAGE ?= $(DIADEM_DOCKER_REGISTRY)/$(DIADEM_DOCKER_REPOSITORY) # Version tagging (defaults to git short hash) GIT_HASH := $(shell git rev-parse --short HEAD 2>/dev/null || echo "unknown") GIT_DIRTY := $(shell git diff --quiet 2>/dev/null || echo "-dirty") -VERSION ?= $(GIT_HASH)$(GIT_DIRTY) +DIADEM_DOCKER_VERSION ?= $(GIT_HASH)$(GIT_DIRTY) # Additional tags -LATEST_TAG ?= latest +DIADEM_DOCKER_LATEST_TAG ?= latest # Docker build options -DOCKER_BUILD_ARGS ?= -DOCKER_PLATFORM ?= linux/amd64,linux/arm64 -DOCKERFILE ?= Dockerfile +DIADEM_DOCKER_BUILD_ARGS ?= +DIADEM_DOCKER_PLATFORM ?= linux/amd64,linux/arm64 +DIADEM_DOCKER_FILE ?= Dockerfile # Helm chart HELM_CHART_PATH := helm/diadem @@ -29,49 +29,49 @@ help: ## Show this help message @echo "Usage: make [target]" @echo "" @echo "Configuration (override with environment variables):" - @echo " REGISTRY = $(REGISTRY)" - @echo " REPOSITORY = $(REPOSITORY)" - @echo " IMAGE_NAME = $(IMAGE_NAME)" - @echo " VERSION = $(VERSION)" + @echo " DIADEM_DOCKER_REGISTRY = $(DIADEM_DOCKER_REGISTRY)" + @echo " DIADEM_DOCKER_REPOSITORY = $(DIADEM_DOCKER_REPOSITORY)" + @echo " DIADEM_DOCKER_IMAGE = $(DIADEM_DOCKER_IMAGE)" + @echo " DIADEM_DOCKER_VERSION = $(DIADEM_DOCKER_VERSION)" @echo "" @echo "Targets:" @awk 'BEGIN {FS = ":.*##"; printf ""} /^[a-zA-Z_-]+:.*?##/ { printf " %-15s %s\n", $$1, $$2 }' $(MAKEFILE_LIST) build: ## Build image for local platform only docker build \ - --tag $(IMAGE_NAME):$(VERSION) \ - --tag $(IMAGE_NAME):$(LATEST_TAG) \ - --file $(DOCKERFILE) \ - $(DOCKER_BUILD_ARGS) \ + --tag $(DIADEM_DOCKER_IMAGE):$(DIADEM_DOCKER_VERSION) \ + --tag $(DIADEM_DOCKER_IMAGE):$(DIADEM_DOCKER_LATEST_TAG) \ + --file $(DIADEM_DOCKER_FILE) \ + $(DIADEM_DOCKER_BUILD_ARGS) \ . release: ## Push locally built image to registry - docker push $(IMAGE_NAME):$(VERSION) - docker push $(IMAGE_NAME):$(LATEST_TAG) + docker push $(DIADEM_DOCKER_IMAGE):$(DIADEM_DOCKER_VERSION) + docker push $(DIADEM_DOCKER_IMAGE):$(DIADEM_DOCKER_LATEST_TAG) build-and-release: ## Build multi-platform image and push to registry docker buildx build \ - --platform $(DOCKER_PLATFORM) \ - --tag $(IMAGE_NAME):$(VERSION) \ - --tag $(IMAGE_NAME):$(LATEST_TAG) \ - --file $(DOCKERFILE) \ + --platform $(DIADEM_DOCKER_PLATFORM) \ + --tag $(DIADEM_DOCKER_IMAGE):$(DIADEM_DOCKER_VERSION) \ + --tag $(DIADEM_DOCKER_IMAGE):$(DIADEM_DOCKER_LATEST_TAG) \ + --file $(DIADEM_DOCKER_FILE) \ --push \ - $(DOCKER_BUILD_ARGS) \ + $(DIADEM_DOCKER_BUILD_ARGS) \ . -tag: ## Tag an existing image with a new tag (e.g., make tag VERSION=abc123 NEW_TAG=v1.0.0) +tag: ## Tag an existing image with a new tag (e.g., make tag NEW_TAG=v1.0.0) @test -n "$(NEW_TAG)" || (echo "NEW_TAG is required" && exit 1) docker buildx imagetools create \ - --tag $(IMAGE_NAME):$(NEW_TAG) \ - $(IMAGE_NAME):$(VERSION) + --tag $(DIADEM_DOCKER_IMAGE):$(NEW_TAG) \ + $(DIADEM_DOCKER_IMAGE):$(DIADEM_DOCKER_VERSION) clean: ## Remove local images - -docker rmi $(IMAGE_NAME):$(VERSION) 2>/dev/null - -docker rmi $(IMAGE_NAME):$(LATEST_TAG) 2>/dev/null + -docker rmi $(DIADEM_DOCKER_IMAGE):$(DIADEM_DOCKER_VERSION) 2>/dev/null + -docker rmi $(DIADEM_DOCKER_IMAGE):$(DIADEM_DOCKER_LATEST_TAG) 2>/dev/null lint: ## Lint Dockerfile with hadolint - @command -v hadolint >/dev/null 2>&1 && hadolint $(DOCKERFILE) || \ - docker run --rm -i hadolint/hadolint < $(DOCKERFILE) + @command -v hadolint >/dev/null 2>&1 && hadolint $(DIADEM_DOCKER_FILE) || \ + docker run --rm -i hadolint/hadolint < $(DIADEM_DOCKER_FILE) helm-lint: ## Lint Helm chart helm lint $(HELM_CHART_PATH) @@ -102,10 +102,10 @@ setup-buildx: ## Set up Docker buildx for multi-platform builds docker buildx inspect --bootstrap info: ## Show build configuration - @echo "Registry: $(REGISTRY)" - @echo "Repository: $(REPOSITORY)" - @echo "Image: $(IMAGE_NAME)" - @echo "Version: $(VERSION)" + @echo "Registry: $(DIADEM_DOCKER_REGISTRY)" + @echo "Repository: $(DIADEM_DOCKER_REPOSITORY)" + @echo "Image: $(DIADEM_DOCKER_IMAGE)" + @echo "Version: $(DIADEM_DOCKER_VERSION)" @echo "Git Hash: $(GIT_HASH)" - @echo "Platforms: $(DOCKER_PLATFORM)" - @echo "Dockerfile: $(DOCKERFILE)" + @echo "Platforms: $(DIADEM_DOCKER_PLATFORM)" + @echo "Dockerfile: $(DIADEM_DOCKER_FILE)" From a30cf63f7b187be17387584857bf0846e3d4badf Mon Sep 17 00:00:00 2001 From: ComplementaryPogo Date: Mon, 15 Dec 2025 05:09:32 -0600 Subject: [PATCH 05/15] Config file paths # Conflicts: # src/lib/services/config/configNode.server.ts --- docker-compose.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index d4fb93d..a10caa6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -13,9 +13,8 @@ services: - HOST=0.0.0.0 - PORT=3900 volumes: - # Required: Mount your config file (both paths needed for runtime and db:push) - - ./config/config.toml:/app/build/server/config.toml:ro - - ./config/config.toml:/app/src/lib/server/config.toml:ro + # Required: Mount your config file + - ./config/config.toml:/app/config/config.toml:ro # Optional: Persistent logs - diadem-logs:/app/logs depends_on: From 1eb3be5cab9e4980541e4c50a1eec74f10c5a9dd Mon Sep 17 00:00:00 2001 From: ComplementaryPogo Date: Mon, 15 Dec 2025 05:18:15 -0600 Subject: [PATCH 06/15] Revert "Config file paths" This reverts commit 305ad680cf6a5a87add6a48cb37bbc64f5530f18. --- docker-compose.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index a10caa6..d4fb93d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -13,8 +13,9 @@ services: - HOST=0.0.0.0 - PORT=3900 volumes: - # Required: Mount your config file - - ./config/config.toml:/app/config/config.toml:ro + # Required: Mount your config file (both paths needed for runtime and db:push) + - ./config/config.toml:/app/build/server/config.toml:ro + - ./config/config.toml:/app/src/lib/server/config.toml:ro # Optional: Persistent logs - diadem-logs:/app/logs depends_on: From 6ba9a03acf30b70733c5bb99fe1c155c151db5ef Mon Sep 17 00:00:00 2001 From: ComplementaryPogo Date: Tue, 30 Dec 2025 16:30:46 -0600 Subject: [PATCH 07/15] Add logs directory --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index b624c22..86e3342 100644 --- a/Dockerfile +++ b/Dockerfile @@ -39,7 +39,7 @@ COPY --from=builder --chown=diadem:diadem /app/drizzle.config.ts ./ COPY --from=builder --chown=diadem:diadem /app/src/lib/server/db ./src/lib/server/db COPY --from=builder --chown=diadem:diadem /app/src/lib/services ./src/lib/services -RUN mkdir -p /app/config && chown diadem:diadem /app/config +RUN mkdir -p /app/config /app/logs && chown diadem:diadem /app/config /app/logs COPY --chown=diadem:diadem docker-entrypoint.sh ./ RUN chmod +x docker-entrypoint.sh USER diadem From 89e0cd2bff2c36fb436e98f08774e6b6a9ef471e Mon Sep 17 00:00:00 2001 From: ComplementaryPogo Date: Wed, 31 Dec 2025 17:28:25 -0600 Subject: [PATCH 08/15] Consolidate logic to just invoke setup.sh --- Dockerfile | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index 86e3342..6307281 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,16 +12,7 @@ FROM base AS builder WORKDIR /app COPY --from=deps /app/node_modules ./node_modules COPY . . -RUN mkdir -p src/routes/\(custom\) && \ - mkdir -p src/components/custom && \ - mkdir -p src/lib/server && \ - cp config/custom.example.css config/custom.css && \ - cp config/Home.example.svelte config/Home.svelte && \ - cp config/config.example.toml config/config.toml && \ - ln config/custom.css src/custom.css && \ - ln config/Home.svelte src/components/custom/Home.svelte && \ - ln config/config.toml src/lib/server/config.toml -RUN pnpm run build +RUN ./setup.sh && pnpm run build FROM node:22-slim AS runtime RUN apt-get update && apt-get install -y --no-install-recommends \ From c5f7500b28dd2582f7f4bcff164b4b45b9a18ce9 Mon Sep 17 00:00:00 2001 From: ComplementaryPogo Date: Sat, 24 Jan 2026 17:43:15 -0600 Subject: [PATCH 09/15] I don't remember why I made these changes --- Dockerfile | 3 +++ README.md | 5 +++++ setup.sh | 14 +++++++++++++- 3 files changed, 21 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 6307281..bb7df49 100644 --- a/Dockerfile +++ b/Dockerfile @@ -30,6 +30,9 @@ COPY --from=builder --chown=diadem:diadem /app/drizzle.config.ts ./ COPY --from=builder --chown=diadem:diadem /app/src/lib/server/db ./src/lib/server/db COPY --from=builder --chown=diadem:diadem /app/src/lib/services ./src/lib/services +# Create config.toml mount point (actual config mounted at runtime) +RUN touch ./src/lib/server/config.toml && chown diadem:diadem ./src/lib/server/config.toml + RUN mkdir -p /app/config /app/logs && chown diadem:diadem /app/config /app/logs COPY --chown=diadem:diadem docker-entrypoint.sh ./ RUN chmod +x docker-entrypoint.sh diff --git a/README.md b/README.md index 5afb2fd..ed4e979 100644 --- a/README.md +++ b/README.md @@ -35,6 +35,11 @@ set this up yourself. But I'm not stopping you: 2. `./setup.sh && pnpm install && pnpm run build` 3. `pm2 restart diadem` +### Running in Docker +1. `git clone https://github.com/ccev/diadem && cd ` +2. `cp ./config/config.example.toml ./config/config.toml` +3. Modify the config file to your liking by editing ./config/config.toml + ### Asset caching Diadem proxies and optimizes UICON repos. Clients will cache all uicons for 7 days. But I suggest adding your own caching rules, i.e. with Cloudflare: diff --git a/setup.sh b/setup.sh index 1eb4c25..f59cd24 100755 --- a/setup.sh +++ b/setup.sh @@ -9,12 +9,18 @@ ensure_linked_file() { local cfg="$2" # e.g. config/custom.txt local example="$3" # e.g. config/custom.example.txt - # if source already exists, do nothing + # if source already exists (and is not a broken symlink), do nothing if [ -e "$src" ]; then echo "$src exists, skipping" return fi + # remove broken symlinks if they exist + if [ -L "$src" ]; then + echo "$src is a broken symlink, removing" + rm "$src" + fi + echo "$src missing, setting it up" # ensure directories exist @@ -22,6 +28,12 @@ ensure_linked_file() { mkdir -p "$(dirname "$cfg")" # create config file from example if needed + # also handle case where Docker created a directory instead of a file (happens when mount source is missing) + if [ -d "$cfg" ]; then + echo "$cfg is a directory (Docker artifact?), removing" + rm -rf "$cfg" + fi + if [ ! -e "$cfg" ]; then if [ ! -e "$example" ]; then echo "ERROR: example file $example does not exist" From f1ac5da774c84b628dce5fead95ffa5f693fdf6c Mon Sep 17 00:00:00 2001 From: ComplementaryPogo Date: Sat, 24 Jan 2026 17:47:17 -0600 Subject: [PATCH 10/15] Rename docker-compose to docker-compose.example --- .dockerignore | 2 +- .gitignore | 3 +++ docker-compose.yml => docker-compose.example.yml | 0 3 files changed, 4 insertions(+), 1 deletion(-) rename docker-compose.yml => docker-compose.example.yml (100%) diff --git a/.dockerignore b/.dockerignore index 3de65df..ec1f0e7 100644 --- a/.dockerignore +++ b/.dockerignore @@ -26,7 +26,7 @@ Thumbs.db # Docker Dockerfile -docker-compose*.yml +docker-compose.example.yml .dockerignore # Documentation diff --git a/.gitignore b/.gitignore index b3a3184..7e0c0b1 100644 --- a/.gitignore +++ b/.gitignore @@ -29,3 +29,6 @@ Thumbs.db vite.config.js.timestamp-* vite.config.ts.timestamp-* .pnpm-store + +# Docker +docker-compose.yml \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.example.yml similarity index 100% rename from docker-compose.yml rename to docker-compose.example.yml From d5cbbf678b94b512fc1906bf477c83da2fd034ef Mon Sep 17 00:00:00 2001 From: ComplementaryPogo Date: Sat, 24 Jan 2026 18:13:58 -0600 Subject: [PATCH 11/15] Docker in README.md --- README.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ed4e979..e858405 100644 --- a/README.md +++ b/README.md @@ -35,10 +35,15 @@ set this up yourself. But I'm not stopping you: 2. `./setup.sh && pnpm install && pnpm run build` 3. `pm2 restart diadem` -### Running in Docker +### Quick-Start in Docker +These are the basic steps to get going in Docker, but are not production ready (single-node DB, no redundancy, etc) 1. `git clone https://github.com/ccev/diadem && cd ` 2. `cp ./config/config.example.toml ./config/config.toml` -3. Modify the config file to your liking by editing ./config/config.toml +3. Modify the config file to your liking by editing ./config/config.toml. You'll need to point the db at hostname `diadem-db` +4. `cp docker-compose.example.yml docker-compose.yml` +5. Modify the docker-compose file to your liking, such as pointing to an external database +6. `docker compose up --build` +7. Diadem is now running on http://localhost:3900 ### Asset caching Diadem proxies and optimizes UICON repos. Clients will cache all uicons for 7 days. From 110c832daf9174cd0d063dee300befdf858ac023 Mon Sep 17 00:00:00 2001 From: ComplementaryPogo Date: Wed, 31 Dec 2025 03:00:42 -0600 Subject: [PATCH 12/15] Add universal logging functionality --- config/config.example.toml | 3 ++ src/hooks.server.ts | 15 ++++++ src/lib/services/config/configTypes.d.ts | 5 ++ src/lib/services/user/checkPerm.ts | 11 ++++- src/lib/utils/logger.ts | 63 ++++++++++++++++++++++++ 5 files changed, 96 insertions(+), 1 deletion(-) create mode 100644 src/lib/utils/logger.ts diff --git a/config/config.example.toml b/config/config.example.toml index 1482ce7..a091973 100644 --- a/config/config.example.toml +++ b/config/config.example.toml @@ -2,6 +2,9 @@ level = "info" #crit, error, warning, info, debug # file = "/var/log/diadem.log" +[server.log.debug] +permissions = false # Enable verbose permission checking logs + [server.golbat] url = "http://127.0.0.1:9001" secret = "" diff --git a/src/hooks.server.ts b/src/hooks.server.ts index d35144f..a9c99c9 100644 --- a/src/hooks.server.ts +++ b/src/hooks.server.ts @@ -13,6 +13,21 @@ import type { User } from "@/lib/server/db/internal/schema"; import { DISCORD_REFRESH_INTERVAL, PERMISSION_UPDATE_INTERVAL } from "@/lib/constants"; import { getDiscordAuth } from "@/lib/server/auth/discord"; import type { Perms } from "@/lib/utils/features"; +import { getLogger } from "@/lib/server/logging"; +import { setServerLoggerFactory } from "@/lib/utils/logger"; +import { getServerConfig } from "@/lib/services/config/config.server"; + +// Inject winston logger into universal logger for server-side use +const logConfig = getServerConfig().log; +setServerLoggerFactory((name) => { + const winstonLogger = getLogger(name); + return { + debug: (message, ...args) => winstonLogger.debug(message, ...args), + info: (message, ...args) => winstonLogger.info(message, ...args), + warning: (message, ...args) => winstonLogger.warning(message, ...args), + error: (message, ...args) => winstonLogger.error(message, ...args), + }; +}, logConfig.debug); const permissionCache: TTLCache = new TTLCache({ ttl: PERMISSION_UPDATE_INTERVAL * 1000 diff --git a/src/lib/services/config/configTypes.d.ts b/src/lib/services/config/configTypes.d.ts index a285dc7..ad9585b 100644 --- a/src/lib/services/config/configTypes.d.ts +++ b/src/lib/services/config/configTypes.d.ts @@ -72,9 +72,14 @@ export type Permissions = { features?: FeaturesKey[] } +export type Debug = { + permissions?: boolean +} + export type Log = { level: string file?: string + debug?: Debug } export type MapStyle = { diff --git a/src/lib/services/user/checkPerm.ts b/src/lib/services/user/checkPerm.ts index 92fc383..d0b8dff 100644 --- a/src/lib/services/user/checkPerm.ts +++ b/src/lib/services/user/checkPerm.ts @@ -1,7 +1,16 @@ import type { Bounds } from "@/lib/mapObjects/mapBounds"; -import { bbox, feature as makeFeature, featureCollection, intersect, polygon } from "@turf/turf"; +import { bbox, feature as makeFeature, featureCollection, intersect, polygon, union } from "@turf/turf"; import type { Feature, Polygon } from "geojson"; import { Features, type FeaturesKey, type Perms } from "@/lib/utils/features"; +import { getUniversalLogger, isDebugEnabled } from "@/lib/utils/logger"; + +const log = getUniversalLogger("checkPerm"); + +function debugLog(message: string, ...args: unknown[]) { + if (isDebugEnabled("permissions")) { + log.debug(message, ...args); + } +} function isFeatureInFeatureList(featureList: FeaturesKey[] | undefined, feature: FeaturesKey) { if (featureList === undefined) return false; diff --git a/src/lib/utils/logger.ts b/src/lib/utils/logger.ts new file mode 100644 index 0000000..ec65d51 --- /dev/null +++ b/src/lib/utils/logger.ts @@ -0,0 +1,63 @@ +/** + * Universal logger that works in both server and browser environments. + * - Server: Uses winston logger (injected via setServerLoggerFactory) + * - Browser: Falls back to console methods + */ + +type LogFn = (message: string, ...args: unknown[]) => void; + +export interface Logger { + debug: LogFn; + info: LogFn; + warning: LogFn; + error: LogFn; +} + +// Keep in sync with Debug type in @/lib/services/config/configTypes.d.ts +export type DebugCategories = { + permissions?: boolean; +}; + +// Server-side logger factory, injected at startup +let serverLoggerFactory: ((name: string) => Logger) | null = null; + +// Debug categories configuration (injected at startup) +let debugCategories: DebugCategories = {}; + +/** + * Called by server initialization to inject the winston logger factory. + * This allows the universal logger to use winston without importing from server code. + */ +export function setServerLoggerFactory(factory: (name: string) => Logger, categories?: DebugCategories) { + serverLoggerFactory = factory; + debugCategories = categories ?? {}; +} + +/** + * Check if debug logging is enabled for a specific category. + */ +export function isDebugEnabled(category: keyof DebugCategories): boolean { + return debugCategories[category] ?? false; +} + +function createBrowserLogger(name: string): Logger { + const prefix = `[${name}]`; + return { + debug: (message, ...args) => console.debug(prefix, message, ...args), + info: (message, ...args) => console.info(prefix, message, ...args), + warning: (message, ...args) => console.warn(prefix, message, ...args), + error: (message, ...args) => console.error(prefix, message, ...args), + }; +} + +/** + * Get a logger instance for the given name. + * On server (after initialization), uses winston. + * On browser or before server init, uses console. + */ +export function getUniversalLogger(name: string): Logger { + if (serverLoggerFactory) { + return serverLoggerFactory(name); + } + return createBrowserLogger(name); +} From 7fc63d6c881a9bcda4592d4d5a0e1462020b4e8c Mon Sep 17 00:00:00 2001 From: ComplementaryPogo Date: Wed, 31 Dec 2025 03:23:14 -0600 Subject: [PATCH 13/15] Fix logic error when no areas match viewport --- src/lib/services/user/checkPerm.ts | 77 ++++++++++++++----- .../api/[queryMapObject=mapObject]/+server.ts | 6 ++ 2 files changed, 62 insertions(+), 21 deletions(-) diff --git a/src/lib/services/user/checkPerm.ts b/src/lib/services/user/checkPerm.ts index d0b8dff..b6f9f3d 100644 --- a/src/lib/services/user/checkPerm.ts +++ b/src/lib/services/user/checkPerm.ts @@ -29,42 +29,77 @@ export function hasFeatureAnywhere(perms: Perms, feature: FeaturesKey) { return false; } -export function checkFeatureInBounds(perms: Perms, feature: FeaturesKey, bounds: Bounds): Bounds { +export function checkFeatureInBounds(perms: Perms, feature: FeaturesKey, bounds: Bounds): Bounds | null { if (isFeatureInFeatureList(perms.everywhere, feature)) return bounds; const start = performance.now(); - const allPolygons: Feature[] = [ - polygon([ - [ - [bounds.minLon, bounds.minLat], - [bounds.minLon, bounds.maxLat], - [bounds.maxLon, bounds.maxLat], - [bounds.maxLon, bounds.minLat], - [bounds.minLon, bounds.minLat] - ] - ]) - ]; - + const viewportPolygon = polygon([ + [ + [bounds.minLon, bounds.minLat], + [bounds.minLon, bounds.maxLat], + [bounds.maxLon, bounds.maxLat], + [bounds.maxLon, bounds.minLat], + [bounds.minLon, bounds.minLat] + ] + ]); + + // Collect all permitted area polygons that have this feature + const permittedAreaPolygons: Feature[] = []; + const permittedAreaNames: string[] = []; for (const area of perms.areas) { if (isFeatureInFeatureList(area.features, feature)) { - allPolygons.push(makeFeature(area.polygon)); + if (area.polygon) { + permittedAreaPolygons.push(makeFeature(area.polygon)); + permittedAreaNames.push(area.name); + } else { + log.warning(`Area "${area.name}" has feature "${feature}" but no polygon defined`); + } } } - if (allPolygons.length === 1) { - return bounds; + debugLog( + `feature=${feature}, permittedAreas=[${permittedAreaNames.join(", ")}], viewport=[${bounds.minLat.toFixed(4)},${bounds.minLon.toFixed(4)} to ${bounds.maxLat.toFixed(4)},${bounds.maxLon.toFixed(4)}]` + ); + + // If no permitted areas have this feature (or none have polygons), deny access + if (permittedAreaPolygons.length === 0) { + log.warning(`No permitted area polygons for feature "${feature}" - denying access`); + return null; } - const intersection = intersect(featureCollection(allPolygons)); + // Find intersection of viewport with each permitted area and collect results + // (The old code incorrectly tried to intersect ALL polygons at once, which finds the common area of ALL, + // not the union of intersections with each permitted area) + let combinedIntersection: Feature | null = null; + for (let i = 0; i < permittedAreaPolygons.length; i++) { + const areaIntersection = intersect(featureCollection([viewportPolygon, permittedAreaPolygons[i]])); + if (areaIntersection) { + debugLog(`Viewport intersects with "${permittedAreaNames[i]}"`); + if (!combinedIntersection) { + combinedIntersection = areaIntersection as Feature; + } else { + // Union with previous intersections + combinedIntersection = union(featureCollection([combinedIntersection, areaIntersection as Feature])) as Feature | null; + } + } + } - console.debug( - `CheckFeatureInBound for ${feature} with ${allPolygons.length} polygons took ${performance.now() - start} ms` + debugLog( + `Checked ${feature} with ${permittedAreaPolygons.length} permitted areas in ${(performance.now() - start).toFixed(1)}ms` ); - if (!intersection) return bounds; + // If no intersection with any permitted area, deny access + if (!combinedIntersection) { + log.warning(`Viewport does not intersect any permitted area for feature "${feature}" - denying access`); + return null; + } + + const result = bbox(combinedIntersection); - const result = bbox(intersection); + debugLog( + `Restricted bounds: [${result[1].toFixed(4)},${result[0].toFixed(4)} to ${result[3].toFixed(4)},${result[2].toFixed(4)}]` + ); return { minLon: result[0], diff --git a/src/routes/api/[queryMapObject=mapObject]/+server.ts b/src/routes/api/[queryMapObject=mapObject]/+server.ts index 2d33fac..2e20891 100644 --- a/src/routes/api/[queryMapObject=mapObject]/+server.ts +++ b/src/routes/api/[queryMapObject=mapObject]/+server.ts @@ -17,6 +17,12 @@ export async function POST({ request, locals, params }) { const type = params.queryMapObject as MapObjectType; const bounds = checkFeatureInBounds(locals.perms, params.queryMapObject, data); + // If bounds is null, user doesn't have permission for the current viewport + if (bounds === null) { + log.warning("[%s] Access denied - viewport outside permitted areas", params.queryMapObject); + return json({ data: [] }); + } + const queried = await queryMapObjects(type, bounds, data.filter); log.info( From d5ac01b1134408aa02acade74c649d73ec0c30dd Mon Sep 17 00:00:00 2001 From: ComplementaryPogo Date: Wed, 31 Dec 2025 03:41:06 -0600 Subject: [PATCH 14/15] Render fences on map # Conflicts: # messages/en.json # src/app.css --- config/config.example.toml | 15 ++++++- messages/de.json | 2 + messages/es.json | 2 + messages/pt.json | 2 + src/app.css | 3 +- src/components/map/FenceLayer.svelte | 30 ++++++++++++++ src/components/map/Map.svelte | 5 +++ .../menus/profile/SectionAdvanced.svelte | 7 ++++ src/lib/features/koji.ts | 2 +- src/lib/features/mapFences.svelte.ts | 39 +++++++++++++++++++ src/lib/map/layers.ts | 1 + src/lib/services/config/configTypes.d.ts | 2 + src/lib/services/userSettings.svelte.ts | 2 + src/routes/api/koji/+server.ts | 24 ++++++++++++ 14 files changed, 133 insertions(+), 3 deletions(-) create mode 100644 src/components/map/FenceLayer.svelte create mode 100644 src/lib/features/mapFences.svelte.ts diff --git a/config/config.example.toml b/config/config.example.toml index a091973..a07fc26 100644 --- a/config/config.example.toml +++ b/config/config.example.toml @@ -17,12 +17,22 @@ defaultNestName = "Unknown Nest" url = "http://127.0.0.1:7272" secret = "" -# Optional Koji integrtion. Uncomment to disable +# Optional Koji integration. Uncomment to disable [server.koji] url = "http://127.0.0.1:8080" secret = "secret" projectName = "reactmap" +# Filter geofences based on user permissions +# When enabled, the /api/koji endpoint will only return geofences for areas +# the user has permission to access. This affects the "Show Map Fences" feature. +# +# Example: If a user only has permissions for ["Aurora", "Wheaton"], they will +# only see those two geofences on the map, not all geofences from Koji. +# +# Users with "everywhere" permissions (no area restrictions) will see all fences. +filterByPermissions = false + # Optional nominatim integration. Uncomment to disable [server.nominatim] url = "http://127.0.0.1:500" @@ -108,6 +118,9 @@ defaultLat = 51.516855 defaultLon = -0.080500 defaultZoom = 15 +# Default setting for showing area fences on map (new users only) +defaultShowMapFences = false + ### Map Styles [[client.mapStyles]] diff --git a/messages/de.json b/messages/de.json index 61ee12d..4bfbd1d 100644 --- a/messages/de.json +++ b/messages/de.json @@ -119,6 +119,8 @@ "boosted": "Gestärkt", "settings_show_debug_title": "Map-Debug-Menü anzeigen", "settings_show_debug_description": "Zeigt detaillierte Informationen über die App", + "settings_show_map_fences_title": "Gebiete anzeigen", + "settings_show_map_fences_description": "Gebietsgrenzen von Koji auf der Karte anzeigen", "search_address_loading": "Lädt...", "search_address_no_place_found": "Nichts gefunden", "search_area_no_areas_found": "Keine Gebiete gefunden", diff --git a/messages/es.json b/messages/es.json index 248d12a..90ef450 100644 --- a/messages/es.json +++ b/messages/es.json @@ -119,6 +119,8 @@ "boosted": "Impulsado", "settings_show_debug_title": "Mostrar el menú de depuración del mapa", "settings_show_debug_description": "Mostrar información detallada sobre la aplicación", + "settings_show_map_fences_title": "Mostrar límites del mapa", + "settings_show_map_fences_description": "Mostrar los límites de las áreas de Koji en el mapa", "search_address_loading": "Cargando...", "search_address_no_place_found": "No encontré nada", "search_area_no_areas_found": "No se encontraron áreas", diff --git a/messages/pt.json b/messages/pt.json index 530c8d9..8bfcdd3 100644 --- a/messages/pt.json +++ b/messages/pt.json @@ -119,6 +119,8 @@ "boosted": "Aprimorado", "settings_show_debug_title": "Exibir menu de depuração do mapa", "settings_show_debug_description": "Exibir informações detalhadas sobre o aplicativo", + "settings_show_map_fences_title": "Mostrar limites do mapa", + "settings_show_map_fences_description": "Exibir os limites das áreas do Koji no mapa", "search_address_loading": "Carregando...", "search_address_no_place_found": "Não encontrei nada.", "search_area_no_areas_found": "Nenhuma área encontrada", diff --git a/src/app.css b/src/app.css index bd79c87..9f075e3 100644 --- a/src/app.css +++ b/src/app.css @@ -51,7 +51,8 @@ --tier-4: var(--color-emerald-600); --nest-polygon: rgba(152, 248, 163, 0.3); --nest-polygon-stroke: rgba(152, 248, 163, 0.6); - --nest-polygon-selected: rgba(165, 243, 174, 0.5); + --fence-fill: rgba(100, 149, 237, 0.15); + --fence-stroke: rgba(100, 149, 237, 0.7); --nest-circle: rgba(121, 241, 135, 0.8); --nest-circle-stroke: rgba(152, 248, 163, 0.6); --spawnpoint: rgba(116, 223, 253, 0.6); diff --git a/src/components/map/FenceLayer.svelte b/src/components/map/FenceLayer.svelte new file mode 100644 index 0000000..642b0a0 --- /dev/null +++ b/src/components/map/FenceLayer.svelte @@ -0,0 +1,30 @@ + + + + + + diff --git a/src/components/map/Map.svelte b/src/components/map/Map.svelte index 733514b..e8ae1a4 100644 --- a/src/components/map/Map.svelte +++ b/src/components/map/Map.svelte @@ -21,6 +21,7 @@ } from "@/lib/map/events"; import maplibre from "maplibre-gl"; import GeometryLayer from "@/components/map/GeometryLayer.svelte"; + import FenceLayer from "@/components/map/FenceLayer.svelte"; import DebugMenu from "@/components/map/DebugMenu.svelte"; import { hasLoadedFeature, LoadedFeature } from "@/lib/services/initialLoad.svelte.js"; import { openToast } from "@/lib/ui/toasts.svelte.js"; @@ -28,6 +29,7 @@ import MarkerCurrentLocation from "@/components/map/MarkerCurrentLocation.svelte"; import MarkerContextMenu from "@/components/map/MarkerContextMenu.svelte"; import { getCurrentScoutData } from "@/lib/features/scout.svelte.js"; + import { getMapFencesGeojson } from "@/lib/features/mapFences.svelte"; import { Coords } from "@/lib/utils/coordinates"; import { isAnyModalOpen } from "@/lib/ui/modal.svelte.js"; import { @@ -161,6 +163,9 @@ + {#if getUserSettings().showMapFences && hasLoadedFeature(LoadedFeature.KOJI)} + + {/if} + onSettingsChange("showMapFences", !getUserSettings().showMapFences)} + value={getUserSettings().showMapFences} + /> + + +function buildMapFencesGeojson(): FeatureCollection { + const geofences = getKojiGeofences() + const styles = typeof document !== 'undefined' + ? getComputedStyle(document.documentElement) + : null + const strokeColor = styles?.getPropertyValue('--fence-stroke') || 'rgba(100, 149, 237, 0.7)' + const fillColor = styles?.getPropertyValue('--fence-fill') || 'rgba(100, 149, 237, 0.15)' + + return { + type: 'FeatureCollection', + features: geofences.map((fence, index): MapFenceFeature => ({ + type: 'Feature', + geometry: fence.geometry, + id: `fence-${index}`, + properties: { + id: `fence-${index}`, + name: fence.properties.name, + strokeColor, + fillColor + } + })) + } +} + +export function getMapFencesGeojson(): FeatureCollection { + return buildMapFencesGeojson() +} diff --git a/src/lib/map/layers.ts b/src/lib/map/layers.ts index d3fe227..e725984 100644 --- a/src/lib/map/layers.ts +++ b/src/lib/map/layers.ts @@ -7,6 +7,7 @@ export enum MapSourceId { SELECTED_WEATHER = "selectedWeather", SCOUT_BIG_POINTS = "scoutBigPoints", SCOUT_SMALL_POINTS = "scoutSmallPoints", + MAP_FENCES = "mapFences", } export enum MapObjectLayerId { diff --git a/src/lib/services/config/configTypes.d.ts b/src/lib/services/config/configTypes.d.ts index ad9585b..ad73e3e 100644 --- a/src/lib/services/config/configTypes.d.ts +++ b/src/lib/services/config/configTypes.d.ts @@ -36,6 +36,7 @@ type General = { defaultLat?: number defaultLon?: number defaultZoom?: number + defaultShowMapFences?: boolean } export type DbCreds = { @@ -113,6 +114,7 @@ export type ServerConfig = { url: string secret: string projectName: string + filterByPermissions?: boolean } nominatim?: { url: string diff --git a/src/lib/services/userSettings.svelte.ts b/src/lib/services/userSettings.svelte.ts index fb26832..7652bb7 100644 --- a/src/lib/services/userSettings.svelte.ts +++ b/src/lib/services/userSettings.svelte.ts @@ -44,6 +44,7 @@ export type UserSettings = { loadMapObjectsWhileMoving: boolean; loadMapObjectsPadding: number; showDebugMenu: boolean; + showMapFences: boolean; mapIconSize: number; searchRange: number; filters: { @@ -87,6 +88,7 @@ export function getDefaultUserSettings(): UserSettings { loadMapObjectsWhileMoving: false, loadMapObjectsPadding: 20, showDebugMenu: false, + showMapFences: general.defaultShowMapFences ?? false, mapIconSize: 1, searchRange: 20_000, filters: { diff --git a/src/routes/api/koji/+server.ts b/src/routes/api/koji/+server.ts index c2ef807..ff28c81 100644 --- a/src/routes/api/koji/+server.ts +++ b/src/routes/api/koji/+server.ts @@ -1,8 +1,32 @@ import { error, json } from '@sveltejs/kit'; import { fetchKojiGeofences } from '@/lib/server/api/kojiApi'; +import { getServerConfig } from '@/lib/services/config/config.server'; +import type { KojiFeatures } from '@/lib/features/koji'; export async function GET(event) { const data = await fetchKojiGeofences(event.fetch) if (!data) error(500) + + const kojiConfig = getServerConfig().koji + if (kojiConfig?.filterByPermissions) { + const perms = event.locals.perms + + // If user has any "everywhere" permissions, they can see all fences + if (perms.everywhere && perms.everywhere.length > 0) { + return json(data) + } + + // Otherwise, filter to only show fences matching user's permitted areas + const permittedAreaNames = new Set( + perms.areas.map(area => area.name.toLowerCase()) + ) + + const filteredData: KojiFeatures = data.filter( + fence => permittedAreaNames.has(fence.properties.name.toLowerCase()) + ) + + return json(filteredData) + } + return json(data) } From 57f5308b7a7887b80fdea1d1393181f40da971f6 Mon Sep 17 00:00:00 2001 From: Malte <42342921+ccev@users.noreply.github.com> Date: Sun, 1 Feb 2026 01:04:13 +0100 Subject: [PATCH 15/15] reverse changes from other prs --- config/config.example.toml | 3 --- src/lib/services/config/configTypes.d.ts | 5 ----- 2 files changed, 8 deletions(-) diff --git a/config/config.example.toml b/config/config.example.toml index 6a590cd..1a7a8dd 100644 --- a/config/config.example.toml +++ b/config/config.example.toml @@ -2,9 +2,6 @@ level = "info" # crit, error, warning, info, debug # file = "/var/log/diadem.log" -[server.log.debug] -permissions = false # Enable verbose permission checking logs - [server.golbat] url = "http://127.0.0.1:9001" secret = "" diff --git a/src/lib/services/config/configTypes.d.ts b/src/lib/services/config/configTypes.d.ts index ad73e3e..806259c 100644 --- a/src/lib/services/config/configTypes.d.ts +++ b/src/lib/services/config/configTypes.d.ts @@ -73,14 +73,9 @@ export type Permissions = { features?: FeaturesKey[] } -export type Debug = { - permissions?: boolean -} - export type Log = { level: string file?: string - debug?: Debug } export type MapStyle = {