Restrict api by ip and https #2812
Comments
|
https://blog.logrocket.com/how-to-set-up-node-typescript-express/ Proposed usage: |
|
|
@github-actions run ⚡ Release! ⚡(async () => {
function exec(cmd) {
console.log(execSync(cmd).toString());
}
//set the version type
process.env.VERS = "minor"
// Config
const gitUserEmail = "github-actions[bot]@users.noreply.github.com";
const gitUserName = "github-actions[bot]";
exec(`echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > .npmrc`);
exec(`git config --global user.email "${gitUserEmail}"`);
exec(`git config --global user.name "${gitUserName}"`);
exec(`npm i -D`);
exec(`npm run release-ci $VERS`);
// types only package
exec('npm config set //registry.npmjs.org/:_authToken $NPM_TOKEN')
exec(`cd ./types-only && npm version $VERS && npm run build && npm publish && cd ..`);
exec(`git commit -a -m 'updated types-only package'`);
exec(`git push --force`);
//comment on the issue
var result = execSync(`npx auto-changelog -o ./tempchangelog.txt --commit-limit false --template ./compact-keepachangelog.hbs --stdout`).toString();
await postComment(result);
//create changelog image
exec(`npm run release-image`);
exec(`git commit -a -m 'updated release-image'`);
exec(`git push --force`);
})(); |
Changelog🚀 Release 4.44.0 (2022-08-16)
|
|
@barart please try the new changes thanks |
|
@github-actions run ⚡ Release! ⚡(async () => {
function exec(cmd) {
console.log(execSync(cmd).toString());
}
//set the version type
process.env.VERS = "patch"
// Config
const gitUserEmail = "github-actions[bot]@users.noreply.github.com";
const gitUserName = "github-actions[bot]";
exec(`echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > .npmrc`);
exec(`git config --global user.email "${gitUserEmail}"`);
exec(`git config --global user.name "${gitUserName}"`);
exec(`npm i -D`);
exec(`npm run release-ci $VERS`);
// types only package
exec('npm config set //registry.npmjs.org/:_authToken $NPM_TOKEN')
exec(`cd ./types-only && npm version $VERS && npm run build && npm publish && cd ..`);
exec(`git commit -a -m 'updated types-only package'`);
exec(`git push --force`);
//comment on the issue
var result = execSync(`npx auto-changelog -o ./tempchangelog.txt --commit-limit false --template ./compact-keepachangelog.hbs --stdout`).toString();
await postComment(result);
//create changelog image
exec(`npm run release-image`);
exec(`git commit -a -m 'updated release-image'`);
exec(`git push --force`);
})(); |
Changelog🚀 Release 4.44.1 (2022-08-16)
|
|
Wow! let me check |
|
i tried the ssl implementation and got error below
|
|
Same here using env on docker: WA_HELMET = true https dont open, http does, my .pem files are accesible and valid |
|
@github-actions run ⚡ Release! ⚡(async () => {
function exec(cmd) {
console.log(execSync(cmd).toString());
}
//set the version type
process.env.VERS = "patch"
// Config
const gitUserEmail = "github-actions[bot]@users.noreply.github.com";
const gitUserName = "github-actions[bot]";
exec(`echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > .npmrc`);
exec(`git config --global user.email "${gitUserEmail}"`);
exec(`git config --global user.name "${gitUserName}"`);
exec(`npm i -D`);
exec(`npm run release-ci $VERS`);
// types only package
exec('npm config set //registry.npmjs.org/:_authToken $NPM_TOKEN')
exec(`cd ./types-only && npm version $VERS && npm run build && npm publish && cd ..`);
exec(`git commit -a -m 'updated types-only package'`);
exec(`git push --force`);
//comment on the issue
var result = execSync(`npx auto-changelog -o ./tempchangelog.txt --commit-limit false --template ./compact-keepachangelog.hbs --stdout`).toString();
await postComment(result);
//create changelog image
exec(`npm run release-image`);
exec(`git commit -a -m 'updated release-image'`);
exec(`git push --force`);
})(); |
|
Should be working as expected now with the latest release |
Thanks @smashah, unfortunately the fix does not work, i can only access on http and not https |
|
@barart please share all of your logs |
|
Here you are @smashah: |
|
@barart I need all of the logs. If successful, it should show something like this at the end
|
|
You've cut off your logs right before the first qr code. HTTPS is only enabled at the end of the launch process of an authenticated session. If you want to scan QR codes using https then please use |
|
Thats all the logs @smashah, after the last line the qr code start to appearing in order to scan it, unfortunately on docker when recreate/update the container the session is deleted so i need to create a new session each time i update open-wa, im not scanning the code when it ask to scan the code in console logs because my phone does not recognize it, instead i go to the url with https in order to scan it on the browser and there is when i found that the https does not work only http, I dont want to scan the code on http because if i scan it and then recreate the container again to test if https works when a fix comes 2-3 or more times in few minutes or in a short period i dont want to give WA a reason to ban my number I also want to test the allow-ips feature and i dont want to scan the code more times for test this feature too Im trying to make https works first, then check the allow-ips feature and then when everything is working fine scan the code to create a unique session |
Ohhh i see... i did not know that, let me try |
In order to not have to scan every time you want to make a configuration change use the > npx @open-wa/wa-automateIn the same folder you can have a cli.config.json file also where you can set all the config options |
So i enabled the --ezqr and then i go to my https-url:port and still giving me the same error, and if i go to my http-url:port i can see the qrcode to scan, so the --ezqr option is not enabling the https on the QR codes part neither, i dont think the QRcode scan is a issue on http, but i thought configuring the cert and privkey will enable https on all the open-wa system and i was testing the https feature when starting the container after update it (no session because is a recreated container)...
I barely understand this... im using the docker image to create a container, i dont think this will be possible on docker, or am I not understanding correctly? although I understand, in order to run npx @open-wa/wa-atomate i need to run it outside the container and in order to run it outside the container i need to install node/npx, needed packages, and all open-wa dependecies on the node right? This will break all the beauty and purpose of docker... and in the end i will be running wa-automate directly on the node, that it will break in some point when a break changes updates arrive on the node, os, dependencies or with conflicting packages... Maybe if there would be a way to keep the session on a container recreation/upgrade as other docker containers would be very useful for updates/upgrades or at least to specify a custom route of cli-config.json file so i can map it to a file on the node and it will help to change the configuration and reboot the container (reboot do not destroy the session) so it can pick the new configuration, is there a way to do that? |
|
You can then open that link and scan that URL. if you want to receive that URL via webhook, you can add You only need to install node/npm in order to run an
When you scan a qr code there is a folder (called something like Docker is great, which is why I bothered to make a docker package but the main limitation is the fact that it destroys the container if you want to edit the runtime configuration. Each new docker container is essentially a whole new machine and thus has a new machine ID. This change in machine ID means that you can't maintain the session folder between containers. The reason I am asking you to use npx when trying new configurations is so you dont have this issue of scanning the qr code every single time. With npx, the session authentication is maintained between chrome versions, node versions, npm versions, open-wa versions, OS versions etc. Why? because the folder stays in the same place and the machine ID doesn't change. This way you can do rapid development or learn how to use open-wa in an easier way. When you have a configuration that is working then you can go back to using docker. Download/install node (which will install npm and npx automatically) then make a new folder in your machine to use the npx command in. > mkdir owa
> npm init -y #initialize a node project
> npm i @open-wa/wa-automate #This caches the library and it's dependencies locally so you dont download it every time
# move your cert and privkey here
# Run the EASY API
> npx @open-wa/wa-automate --cert mycert.pem --privkey mykey.pem --helmet --ezqr --ef qrUrl --ev https://somewebhook.com/12345 |
|
@smashah I understand it better, thanks for your time to explain it 👌🏻 i definitively will do that I have a question.. i see that there is a config variable: { If i create a config.json file and move all my ENV Variables to this file and only put this config file on the ENV.. does this will work? Im wondering a way to change the settings on the container without recreate it... 🤔 if this work we can change some settings in this way without need to destroy the session only with a simple reboot on the container, and only destroy the session on a container recreation or upgrade |
|
@barart the default is actually
And yes you can actually do that by creating a In the async function you can possibly request the whole config from an API |
|
Actually I don't think it can take the default export as a function yet. Try it out see if it works |
|
with version 4.44.2 i can confirm Easy-Api working with https i have tested but using as below didn't work
|
So... i created a cli.config.json file and i specify it on the ENV:
My cli.config.json has this: But and when i run the container i dont see that it picks the config file as you can see on the debug log: It use port 8080 (that is not the port i put on my cli.config.json) and all the other settings are missing, also after run the container i see that it adds the ports 8080 on the ENV Im using it correctly? |
|
@barart you js configs have a different format (pascal case) without the preceding See: https://openwa.dev/docs/api/interfaces/api_model_config.ConfigObject So for example the config Another example: config: So your config should be: {
"cert": "/ssl/cert.pem",
"helmet": true,
"key": "XxXxXxXxXxXxXxXxXxXxXxXxX",
"privkey": "/ssl/key.pem",
"ezqr": true
}I removed the port because it's not advisable to mess with the port assignments in the docker image. |
|
I changed my config file but when i run the container it dont pass the options: My config file: My debug log: What im missing here? 🤔 |
|
@barart I can't help you out with slivers of logs and missing CLI command. Please share everything, including the whole docker run command |
|
@smashah Here is my docker run command:
My cli.config.json: And my full log: |
|
Try mounting your config folder to So try this docker run --name=open-wa --volume=/containers/open-wa/config:/usr/src/app --volume=/containers/open-wa/ssl:/ssl -p 8080:8080 --restart=always --init openwa/wa-automate:latest |
When i run the container mounting the config folder to /user/src/app as you suggested open-wa cant run, my log only show this: [dumb-init] ./start.sh: No such file or directory |
|
After a lot trial and fail i find a way to load the settings from file but idk what of all i do make it works:
And it worked, it picks my file config and the https is now enabled, i can confirm that the https feature is working as expected :D now i need to test a "hot" change settings on the file and test the allow-ips feature, as i need to keep the bot running this weekend i will test it the Monday and update this so anyone can do the same |
|
@barart that makes sense. the first time you were replacing everything in the There is a way to mount the volume where the data is synced between the container and the host but it's relatively more complicated: docker volume create --driver local \
--opt type=none \
--opt device=/containers/open-wa/config \
--opt o=bind \
config_volthen docker run --name=open-wa --mount source=config_vol,target=/usr/src/app --volume=/containers/open-wa/ssl:/ssl -p 8080:8080 --restart=always --init openwa/wa-automate:latestTheoretically, that would work (but I haven't tested) Please track this issue to make mounting a |
|
open-wa/wa-automate-docker#54 is now resolved. open-wa/wa-automate-docker@490460c You can safely mount a host config folder to So this should now work: > docker pull openwa/wa-automate:latest
> docker run --name=open-wa --volume=/containers/open-wa/config:/config --volume=/containers/open-wa/ssl:/ssl -p 8080:8080 --restart=always --init openwa/wa-automate:latestand you can use a e.g
exports.default = async function(sessionId) => {
const chatwootConfiguration = await fetch(`http://myapi.com/getChatwootConfig?sessionId=${sessionId}`);
return {
cert: "/ssl/cert.pem",
helmet: true,
key: "xXxxXXxxXXxxxxxXXX",
privkey: "/ssl/key.pem",
ezqr: true
...chatwootConfiguration
}
} |
Hello, new user here
Im using the docker version of wa-automate, if is possible to restrict api access by ip instead of a key? Anyone is able to send post requests without authorization
Also im wondering if a https requests are possible instead http, this would improve privacy of the api requests
The text was updated successfully, but these errors were encountered: