Add share/embed/payments frontends and hosts

2025-11-20 23:15:37 -06:00
parent 95758de781
commit 58e40897a5
3 changed files with 125 additions and 13 deletions
--- a/CloudronManifest.json
+++ b/CloudronManifest.json
@@ -7,7 +7,7 @@
  "contactEmail": "contact@ente.io",
  "website": "https://ente.io",
  "tagline": "Open source, end-to-end encrypted photo backup",
-  "version": "0.5.7",
+  "version": "0.5.6",
  "upstreamVersion": "git-main",
  "healthCheckPath": "/health",
  "httpPort": 3080,
@@ -40,6 +40,27 @@
      "defaultValue": "albums",
      "aliasableDomain": true
    },
+    "SHARE_DOMAIN": {
+      "title": "Public locker hostname",
+      "description": "Hostname for the Ente share/collaboration frontend (e.g. share)",
+      "containerPort": 3080,
+      "defaultValue": "share",
+      "aliasableDomain": true
+    },
+    "EMBED_DOMAIN": {
+      "title": "Embed hostname",
+      "description": "Hostname for the Ente embed frontend (e.g. embed)",
+      "containerPort": 3080,
+      "defaultValue": "embed",
+      "aliasableDomain": true
+    },
+    "PAYMENTS_DOMAIN": {
+      "title": "Payments hostname",
+      "description": "Hostname for the Ente payments frontend (e.g. payments)",
+      "containerPort": 3080,
+      "defaultValue": "payments",
+      "aliasableDomain": true
+    },
    "FAMILY_DOMAIN": {
      "title": "Family hostname",
      "description": "Hostname for the Ente family web app (e.g. family)",
--- a/12
+++ b/12
@@ -57,14 +57,17 @@ RUN apt-get update && \
    rm -rf /var/lib/apt/lists/*
 RUN corepack enable
 RUN yarn install --network-timeout 1000000
-RUN mkdir -p /build/web/photos /build/web/accounts /build/web/auth /build/web/cast /build/web/albums /build/web/family
+RUN mkdir -p /build/web/photos /build/web/accounts /build/web/auth /build/web/cast /build/web/albums /build/web/family /build/web/share /build/web/embed /build/web/payments
 RUN set -e; \
    yarn build:photos; \
    yarn build:accounts; \
    yarn build:auth; \
-    yarn build:cast
+    yarn build:cast; \
+    yarn build:share; \
+    yarn build:embed; \
+    yarn build:payments
 RUN if [ -d "apps" ]; then \
-      for app in photos accounts auth cast; do \
+      for app in photos accounts auth cast share embed payments; do \
        if [ -d "apps/${app}/out" ]; then \
          rm -rf "/build/web/${app}"; \
          mkdir -p "/build/web/${app}"; \
@@ -132,6 +135,9 @@ COPY --from=web-builder /build/web/accounts /app/web/accounts
 COPY --from=web-builder /build/web/auth /app/web/auth
 COPY --from=web-builder /build/web/cast /app/web/cast
 COPY --from=web-builder /build/web/albums /app/web/albums
+COPY --from=web-builder /build/web/share /app/web/share
+COPY --from=web-builder /build/web/embed /app/web/embed
+COPY --from=web-builder /build/web/payments /app/web/payments
 COPY --from=families-builder /build/family /app/web/family

 COPY start.sh /app/pkg/start.sh
--- a/start.sh
+++ b/start.sh
@@ -107,6 +107,9 @@ AUTH_HOST="$(resolve_http_hostname "AUTH_DOMAIN" "auth.${APP_FQDN}")"
 CAST_HOST="$(resolve_http_hostname "CAST_DOMAIN" "cast.${APP_FQDN}")"
 ALBUMS_HOST="$(resolve_http_hostname "ALBUMS_DOMAIN" "albums.${APP_FQDN}")"
 FAMILY_HOST="$(resolve_http_hostname "FAMILY_DOMAIN" "family.${APP_FQDN}")"
+SHARE_HOST="$(resolve_http_hostname "SHARE_DOMAIN" "share.${APP_FQDN}")"
+EMBED_HOST="$(resolve_http_hostname "EMBED_DOMAIN" "embed.${APP_FQDN}")"
+PAYMENTS_HOST="$(resolve_http_hostname "PAYMENTS_DOMAIN" "payments.${APP_FQDN}")"

 normalize_host() {
  local host="$1"
@@ -126,10 +129,13 @@ AUTH_HOST="$(normalize_host "$AUTH_HOST")"
 CAST_HOST="$(normalize_host "$CAST_HOST")"
 ALBUMS_HOST="$(normalize_host "$ALBUMS_HOST")"
 FAMILY_HOST="$(normalize_host "$FAMILY_HOST")"
+SHARE_HOST="$(normalize_host "$SHARE_HOST")"
+EMBED_HOST="$(normalize_host "$EMBED_HOST")"
+PAYMENTS_HOST="$(normalize_host "$PAYMENTS_HOST")"

 USE_SUBDOMAIN_ROUTING=false
 if [ "$APP_FQDN" != "localhost" ]; then
-  if [ "$PHOTOS_HOST" != "$APP_FQDN" ] || [ "$ACCOUNTS_HOST" != "$APP_FQDN" ] || [ "$AUTH_HOST" != "$APP_FQDN" ] || [ "$CAST_HOST" != "$APP_FQDN" ] || [ "$ALBUMS_HOST" != "$APP_FQDN" ] || [ "$FAMILY_HOST" != "$APP_FQDN" ]; then
+  if [ "$PHOTOS_HOST" != "$APP_FQDN" ] || [ "$ACCOUNTS_HOST" != "$APP_FQDN" ] || [ "$AUTH_HOST" != "$APP_FQDN" ] || [ "$CAST_HOST" != "$APP_FQDN" ] || [ "$ALBUMS_HOST" != "$APP_FQDN" ] || [ "$FAMILY_HOST" != "$APP_FQDN" ] || [ "$SHARE_HOST" != "$APP_FQDN" ] || [ "$EMBED_HOST" != "$APP_FQDN" ] || [ "$PAYMENTS_HOST" != "$APP_FQDN" ]; then
    USE_SUBDOMAIN_ROUTING=true
  fi
 fi
@@ -141,12 +147,18 @@ if [ "$USE_SUBDOMAIN_ROUTING" = true ]; then
  CAST_URL="https://${CAST_HOST}"
  FAMILY_URL="https://${FAMILY_HOST}"
  ALBUMS_URL="https://${ALBUMS_HOST}"
+  SHARE_URL="https://${SHARE_HOST}"
+  EMBED_URL="https://${EMBED_HOST}"
+  PAYMENTS_URL="https://${PAYMENTS_HOST}"
 else
  ACCOUNTS_URL="${BASE_URL}/accounts"
  AUTH_URL="${BASE_URL}/auth"
  CAST_URL="${BASE_URL}/cast"
  FAMILY_URL="${BASE_URL}/family"
  ALBUMS_URL="${BASE_URL}/albums"
+  SHARE_URL="${BASE_URL}/share"
+  EMBED_URL="${BASE_URL}/embed"
+  PAYMENTS_URL="${BASE_URL}/payments"
 fi

 if [ "$APP_FQDN" != "localhost" ]; then
@@ -155,13 +167,17 @@ else
  API_BASE="$BASE_URL"
 fi
 API_ORIGIN="${API_BASE}/api"
-RP_ID="$PHOTOS_HOST"
+if [[ "$PHOTOS_HOST" == *.*.* ]]; then
+  RP_ID="${PHOTOS_HOST#*.}"
+else
+  RP_ID="$PHOTOS_HOST"
+fi

 log INFO "Application base URL: $BASE_URL"
 log INFO "Relying party ID: $RP_ID"
 log INFO "API origin: $API_ORIGIN"
 if [ "$USE_SUBDOMAIN_ROUTING" = true ]; then
-  log INFO "Serving frontend hosts: photos=${PHOTOS_HOST}, accounts=${ACCOUNTS_HOST}, auth=${AUTH_HOST}, cast=${CAST_HOST}"
+  log INFO "Serving frontend hosts: photos=${PHOTOS_HOST}, accounts=${ACCOUNTS_HOST}, auth=${AUTH_HOST}, cast=${CAST_HOST}, share=${SHARE_HOST}, embed=${EMBED_HOST}, payments=${PAYMENTS_HOST}"
 fi

 S3_CONFIG_FILE="$CONFIG_DIR/s3.env"
@@ -687,7 +703,8 @@ http:

 apps:
  public-albums: "$ALBUMS_URL"
-  public-locker: "$PHOTOS_URL"
+  embed-albums: "$EMBED_URL"
+  public-locker: "$SHARE_URL"
  accounts: "$ACCOUNTS_URL"
  cast: "$CAST_URL"
  family: "$FAMILY_URL"
@@ -802,7 +819,7 @@ chmod 600 "$MUSEUM_CONFIG"

 log INFO "Preparing frontend assets"
 if [ -d "$WEB_SOURCE_DIR" ]; then
-  for app in photos accounts auth cast albums family; do
+  for app in photos accounts auth cast albums family share embed payments; do
    if [ -d "$WEB_SOURCE_DIR/$app" ]; then
      log INFO "Updating $app frontend assets"
      rm -rf "$WEB_RUNTIME_DIR/$app"
@@ -904,6 +921,9 @@ if [ -d "$WEB_RUNTIME_DIR" ]; then
    "https://web.ente.io|$PHOTOS_URL"
    "https://albums.ente.io|$ALBUMS_URL"
    "https://family.ente.io|$FAMILY_URL"
+    "https://share.ente.io|$SHARE_URL"
+    "https://embed.ente.io|$EMBED_URL"
+    "https://payments.ente.io|$PAYMENTS_URL"
    "https://ente.io|$PHOTOS_URL"
  )
  OLD_IFS="$IFS"
@@ -954,6 +974,10 @@ chmod 700 "$DATA_DIR/home"

 log INFO "Rendering Caddy configuration"
 if [ "$USE_SUBDOMAIN_ROUTING" = true ]; then
+PHOTOS_HOST_MATCHERS="$PHOTOS_HOST"
+if [ "$APP_FQDN" != "$PHOTOS_HOST" ]; then
+  PHOTOS_HOST_MATCHERS="$PHOTOS_HOST_MATCHERS $APP_FQDN"
+fi
 cat > "$CADDY_CONFIG" <<EOF_CADDY
 {
    admin off
@@ -1011,6 +1035,7 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
    handle /health {
        rewrite * /ping
        reverse_proxy localhost:8080 {
+            trusted_proxies private_ranges
            header_up Host {http.request.host}
            header_up X-Real-IP {http.request.header.X-Forwarded-For}
            header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
@@ -1020,6 +1045,7 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY

    handle /ping {
        reverse_proxy localhost:8080 {
+            trusted_proxies private_ranges
            header_up Host {http.request.host}
            header_up X-Real-IP {http.request.header.X-Forwarded-For}
            header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
@@ -1028,12 +1054,19 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
    }

    handle /public/* {
-        reverse_proxy localhost:8080
+        reverse_proxy localhost:8080 {
+            trusted_proxies private_ranges
+            header_up Host {http.request.host}
+            header_up X-Real-IP {http.request.header.X-Forwarded-For}
+            header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
+            header_up X-Forwarded-Proto {http.request.header.X-Forwarded-Proto}
+        }
    }

    @user_api path_regexp user_api ^/users($|/.*)
    handle @user_api {
        reverse_proxy localhost:8080 {
+            trusted_proxies private_ranges
            header_up Host {http.request.host}
            header_up X-Real-IP {http.request.header.X-Forwarded-For}
            header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
@@ -1047,6 +1080,7 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
    }
    handle @museum_api_get {
        reverse_proxy localhost:8080 {
+            trusted_proxies private_ranges
            header_up Host {http.request.host}
            header_up X-Real-IP {http.request.header.X-Forwarded-For}
            header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
@@ -1060,6 +1094,7 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
    }
    handle @write_methods {
        reverse_proxy localhost:8080 {
+            trusted_proxies private_ranges
            header_up Host {http.request.host}
            header_up X-Real-IP {http.request.header.X-Forwarded-For}
            header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
@@ -1067,7 +1102,7 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
        }
    }

-    @photos_host host ${PHOTOS_HOST}
+    @photos_host host ${PHOTOS_HOST_MATCHERS}
    handle @photos_host {
        root * $WEB_RUNTIME_DIR/photos
        try_files {path} {path}/index.html {path}.html index.html
@@ -1109,6 +1144,27 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
        file_server
    }

+    @share_host host ${SHARE_HOST}
+    handle @share_host {
+        root * $WEB_RUNTIME_DIR/share
+        try_files {path} {path}/index.html {path}.html index.html
+        file_server
+    }
+
+    @embed_host host ${EMBED_HOST}
+    handle @embed_host {
+        root * $WEB_RUNTIME_DIR/embed
+        try_files {path} {path}/index.html {path}.html index.html
+        file_server
+    }
+
+    @payments_host host ${PAYMENTS_HOST}
+    handle @payments_host {
+        root * $WEB_RUNTIME_DIR/payments
+        try_files {path} {path}/index.html {path}.html index.html
+        file_server
+    }
+
    handle {
        respond "Not Found" 404
    }
@@ -1172,6 +1228,7 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
    handle /health {
        rewrite * /ping
        reverse_proxy localhost:8080 {
+            trusted_proxies private_ranges
            header_up Host {http.request.host}
            header_up X-Real-IP {http.request.header.X-Forwarded-For}
            header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
@@ -1181,6 +1238,7 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY

    handle /ping {
        reverse_proxy localhost:8080 {
+            trusted_proxies private_ranges
            header_up Host {http.request.host}
            header_up X-Real-IP {http.request.header.X-Forwarded-For}
            header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
@@ -1189,12 +1247,19 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
    }

    handle /public/* {
-        reverse_proxy localhost:8080
+        reverse_proxy localhost:8080 {
+            trusted_proxies private_ranges
+            header_up Host {http.request.host}
+            header_up X-Real-IP {http.request.header.X-Forwarded-For}
+            header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
+            header_up X-Forwarded-Proto {http.request.header.X-Forwarded-Proto}
+        }
    }

    @user_api_path path_regexp user_api_path ^/users($|/.*)
    handle @user_api_path {
        reverse_proxy localhost:8080 {
+            trusted_proxies private_ranges
            header_up Host {http.request.host}
            header_up X-Real-IP {http.request.header.X-Forwarded-For}
            header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
@@ -1208,6 +1273,7 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
    }
    handle @museum_api_get_path {
        reverse_proxy localhost:8080 {
+            trusted_proxies private_ranges
            header_up Host {http.request.host}
            header_up X-Real-IP {http.request.header.X-Forwarded-For}
            header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
@@ -1221,6 +1287,7 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
    }
    handle @write_methods_path {
        reverse_proxy localhost:8080 {
+            trusted_proxies private_ranges
            header_up Host {http.request.host}
            header_up X-Real-IP {http.request.header.X-Forwarded-For}
            header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
@@ -1230,7 +1297,7 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY

    handle /_next/* {
        root * $WEB_RUNTIME_DIR
-        try_files {path} auth{path} accounts{path} photos{path} cast{path} albums{path} family{path}
+        try_files {path} auth{path} accounts{path} photos{path} cast{path} albums{path} family{path} share{path} embed{path} payments{path}
        file_server
    }

@@ -1269,6 +1336,24 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
        file_server
    }

+    handle /share/* {
+        root * $WEB_RUNTIME_DIR
+        try_files {path} {path}/index.html /share/index.html
+        file_server
+    }
+
+    handle /embed/* {
+        root * $WEB_RUNTIME_DIR
+        try_files {path} {path}/index.html /embed/index.html
+        file_server
+    }
+
+    handle /payments/* {
+        root * $WEB_RUNTIME_DIR
+        try_files {path} {path}/index.html /payments/index.html
+        file_server
+    }
+
    handle /photos/* {
        root * $WEB_RUNTIME_DIR
        try_files {path} {path}/index.html /photos/index.html