From 5e828ae68dc989a6e4e5d8fa8a8420aca50a39f6 Mon Sep 17 00:00:00 2001 From: Tulir Asokan Date: Mon, 24 Aug 2020 18:53:56 +0300 Subject: [PATCH] Run as non-root user and add optional no-sandbox flag --- puppet/.dockerignore | 1 + puppet/Dockerfile | 3 +++ puppet/src/main.js | 2 ++ puppet/src/puppet.js | 10 ++++++++-- 4 files changed, 14 insertions(+), 2 deletions(-) create mode 100644 puppet/.dockerignore diff --git a/puppet/.dockerignore b/puppet/.dockerignore new file mode 100644 index 0000000..3c3629e --- /dev/null +++ b/puppet/.dockerignore @@ -0,0 +1 @@ +node_modules diff --git a/puppet/Dockerfile b/puppet/Dockerfile index 23706b6..acc248f 100644 --- a/puppet/Dockerfile +++ b/puppet/Dockerfile @@ -6,7 +6,10 @@ RUN echo $'\ @edge http://dl-cdn.alpinelinux.org/alpine/edge/community' >> /etc/apk/repositories RUN apk add --no-cache chromium@edge + WORKDIR /opt/mautrix-amp/puppet +RUN chown node:node /opt/mautrix-amp/puppet +USER node COPY package.json yarn.lock ./ RUN yarn --production && rm -rf node_modules/puppeteer/.local-chromium diff --git a/puppet/src/main.js b/puppet/src/main.js index 7f2783c..edcec8b 100644 --- a/puppet/src/main.js +++ b/puppet/src/main.js @@ -24,12 +24,14 @@ import MessagesPuppeteer from "./puppet.js" const args = arg({ "--config": String, "--browser": String, + "--no-sandbox": Boolean, "-c": "--config", "-b": "--browser", }) const configPath = args["--config"] || "config.json" MessagesPuppeteer.executablePath = args["--browser"] || MessagesPuppeteer.executablePath +MessagesPuppeteer.noSandbox = args["--no-sandbox"] console.log("Reading config from", configPath) const config = JSON.parse(fs.readFileSync(configPath).toString()) diff --git a/puppet/src/puppet.js b/puppet/src/puppet.js index 94a05a8..e281ba0 100644 --- a/puppet/src/puppet.js +++ b/puppet/src/puppet.js @@ -26,6 +26,7 @@ export default class MessagesPuppeteer { static profileDir = "./profiles" static executablePath = undefined static disableDebug = false + static noSandbox = false static viewport = { width: 1920, height: 1080 } static url = "https://messages.google.com/web/" @@ -64,6 +65,7 @@ export default class MessagesPuppeteer { this.browser = await puppeteer.launch({ executablePath: MessagesPuppeteer.executablePath, userDataDir: this.profilePath, + args: MessagesPuppeteer.noSandbox ? ["--no-sandbox"] : undefined, headless: MessagesPuppeteer.disableDebug || !debug, defaultViewport: MessagesPuppeteer.viewport, }) @@ -133,8 +135,12 @@ export default class MessagesPuppeteer { */ async stop() { this.taskQueue.stop() - await this.page.close() - await this.browser.close() + if (this.page) { + await this.page.close() + } + if (this.browser) { + await this.browser.close() + } this.log("Everything stopped") }