Run as non-root user and add optional no-sandbox flag

This commit is contained in:
Tulir Asokan 2020-08-24 18:53:56 +03:00
parent 03e8090cd1
commit 5e828ae68d
4 changed files with 14 additions and 2 deletions

1
puppet/.dockerignore Normal file
View File

@ -0,0 +1 @@
node_modules

View File

@ -6,7 +6,10 @@ RUN echo $'\
@edge http://dl-cdn.alpinelinux.org/alpine/edge/community' >> /etc/apk/repositories @edge http://dl-cdn.alpinelinux.org/alpine/edge/community' >> /etc/apk/repositories
RUN apk add --no-cache chromium@edge RUN apk add --no-cache chromium@edge
WORKDIR /opt/mautrix-amp/puppet WORKDIR /opt/mautrix-amp/puppet
RUN chown node:node /opt/mautrix-amp/puppet
USER node
COPY package.json yarn.lock ./ COPY package.json yarn.lock ./
RUN yarn --production && rm -rf node_modules/puppeteer/.local-chromium RUN yarn --production && rm -rf node_modules/puppeteer/.local-chromium

View File

@ -24,12 +24,14 @@ import MessagesPuppeteer from "./puppet.js"
const args = arg({ const args = arg({
"--config": String, "--config": String,
"--browser": String, "--browser": String,
"--no-sandbox": Boolean,
"-c": "--config", "-c": "--config",
"-b": "--browser", "-b": "--browser",
}) })
const configPath = args["--config"] || "config.json" const configPath = args["--config"] || "config.json"
MessagesPuppeteer.executablePath = args["--browser"] || MessagesPuppeteer.executablePath MessagesPuppeteer.executablePath = args["--browser"] || MessagesPuppeteer.executablePath
MessagesPuppeteer.noSandbox = args["--no-sandbox"]
console.log("Reading config from", configPath) console.log("Reading config from", configPath)
const config = JSON.parse(fs.readFileSync(configPath).toString()) const config = JSON.parse(fs.readFileSync(configPath).toString())

View File

@ -26,6 +26,7 @@ export default class MessagesPuppeteer {
static profileDir = "./profiles" static profileDir = "./profiles"
static executablePath = undefined static executablePath = undefined
static disableDebug = false static disableDebug = false
static noSandbox = false
static viewport = { width: 1920, height: 1080 } static viewport = { width: 1920, height: 1080 }
static url = "https://messages.google.com/web/" static url = "https://messages.google.com/web/"
@ -64,6 +65,7 @@ export default class MessagesPuppeteer {
this.browser = await puppeteer.launch({ this.browser = await puppeteer.launch({
executablePath: MessagesPuppeteer.executablePath, executablePath: MessagesPuppeteer.executablePath,
userDataDir: this.profilePath, userDataDir: this.profilePath,
args: MessagesPuppeteer.noSandbox ? ["--no-sandbox"] : undefined,
headless: MessagesPuppeteer.disableDebug || !debug, headless: MessagesPuppeteer.disableDebug || !debug,
defaultViewport: MessagesPuppeteer.viewport, defaultViewport: MessagesPuppeteer.viewport,
}) })
@ -133,8 +135,12 @@ export default class MessagesPuppeteer {
*/ */
async stop() { async stop() {
this.taskQueue.stop() this.taskQueue.stop()
if (this.page) {
await this.page.close() await this.page.close()
}
if (this.browser) {
await this.browser.close() await this.browser.close()
}
this.log("Everything stopped") this.log("Everything stopped")
} }