Run as non-root user and add optional no-sandbox flag

This commit is contained in:
Tulir Asokan 2020-08-24 18:53:56 +03:00
parent 03e8090cd1
commit 5e828ae68d
4 changed files with 14 additions and 2 deletions

1
puppet/.dockerignore Normal file
View File

@ -0,0 +1 @@
node_modules

View File

@ -6,7 +6,10 @@ RUN echo $'\
@edge http://dl-cdn.alpinelinux.org/alpine/edge/community' >> /etc/apk/repositories
RUN apk add --no-cache chromium@edge
WORKDIR /opt/mautrix-amp/puppet
RUN chown node:node /opt/mautrix-amp/puppet
USER node
COPY package.json yarn.lock ./
RUN yarn --production && rm -rf node_modules/puppeteer/.local-chromium

View File

@ -24,12 +24,14 @@ import MessagesPuppeteer from "./puppet.js"
const args = arg({
"--config": String,
"--browser": String,
"--no-sandbox": Boolean,
"-c": "--config",
"-b": "--browser",
})
const configPath = args["--config"] || "config.json"
MessagesPuppeteer.executablePath = args["--browser"] || MessagesPuppeteer.executablePath
MessagesPuppeteer.noSandbox = args["--no-sandbox"]
console.log("Reading config from", configPath)
const config = JSON.parse(fs.readFileSync(configPath).toString())

View File

@ -26,6 +26,7 @@ export default class MessagesPuppeteer {
static profileDir = "./profiles"
static executablePath = undefined
static disableDebug = false
static noSandbox = false
static viewport = { width: 1920, height: 1080 }
static url = "https://messages.google.com/web/"
@ -64,6 +65,7 @@ export default class MessagesPuppeteer {
this.browser = await puppeteer.launch({
executablePath: MessagesPuppeteer.executablePath,
userDataDir: this.profilePath,
args: MessagesPuppeteer.noSandbox ? ["--no-sandbox"] : undefined,
headless: MessagesPuppeteer.disableDebug || !debug,
defaultViewport: MessagesPuppeteer.viewport,
})
@ -133,8 +135,12 @@ export default class MessagesPuppeteer {
*/
async stop() {
this.taskQueue.stop()
await this.page.close()
await this.browser.close()
if (this.page) {
await this.page.close()
}
if (this.browser) {
await this.browser.close()
}
this.log("Everything stopped")
}