🔀 Merge pull request #488 from Lissy93/FIX/general-issues

[FIX] General issues and improvements
Fixes #452
Fixes #454
Fixes #455
Fixes #463
Fixes #479
Fixes #482
Fixes #483
Fixes #485
Fixes #486
Fixes #487

Author: Lissy93

.github/CHANGELOG.md

@@ -1,5 +1,17 @@
 # Changelog
 
+## 🐛 2.0.3 - Bug Fixes [PR #488](https://github.com/Lissy93/dashy/pull/488)
+- Press enter to submit login form (Re: #483)
+- Allow disabling write to local storage and disk (Re: #485)
+- Fix malformed YAML from export config (Re: #482)
+- Allow global option for useProxy (Re: #486)
+- Look into arrow key navigation error (Re: #463)
+- Disallow displaying config (Re: #455)
+- Round values in Glances Alerts widget (Re: #454)
+- Create a CPU temp widget (Re: #452)
+- Add to docs: Keycloak in Kubernetes (Re: #479)
+- Add a widget for displaying images (Re: #487)
+
 ## ⬆️ 2.0.2 - Dependency Updates [PR #471](https://github.com/Lissy93/dashy/pull/471)
 - Updates Alpine version for main Dockerfile
 - Updates node_modules to latest stable versions

.github/workflows/docker-build-publish.yml

@@ -1,5 +1,4 @@
-# Builds, scans and tests the multi-architecture docker image
-# Then releases it to the DockerHub, GHCR and Quay registries
+# Scans, builds and releases a multi-architecture docker image
 name: 🐳 Build + Publish Multi-Platform Image
 
 on:
@@ -77,6 +76,9 @@ jobs:
         username: ${{ secrets.ACR_USERNAME }}
         password: ${{ secrets.ACR_PASSWORD }}
 
+    - name: 🚦 Check Registry Status
+      uses: crazy-max/ghaction-docker-status@v1
+
     - name: ⚒️ Build and push
       uses: docker/build-push-action@v2
       with:
@@ -87,11 +89,12 @@ jobs:
         labels: ${{ steps.meta.outputs.labels }}
         push: true
 
-    # - name: 💬 Set Docker Hub Description
-    #   uses: peter-evans/dockerhub-description@v2
-    #   with:
-    #     repository: lissy93/dashy
-    #     readme-filepath: ./README.md
-    #     short-description: Dashy - A self-hosted start page for your server
-    #     username: ${{ secrets.DOCKER_USERNAME }}
-    #     password: ${{ secrets.DOCKER_PASSWORD }}
+    - name: 💬 Set Docker Hub Description
+      uses: peter-evans/dockerhub-description@v2
+      with:
+        repository: lissy93/dashy
+        readme-filepath: ./docker/docker-readme.md
+        short-description: Dashy - A self-hosted start page for your server
+        username: ${{ secrets.DOCKER_USERNAME }}
+        password: ${{ secrets.DOCKER_PASSWORD }}
+

Dockerfile

@@ -1,9 +1,10 @@
 FROM node:16.13.2-alpine AS BUILD_IMAGE
 
+# Set the platform to build image for
 ARG TARGETPLATFORM
 ENV TARGETPLATFORM=${TARGETPLATFORM:-linux/amd64}
 
-# Install additional tools needed on arm64 and armv7
+# Install additional tools needed if on arm64 / armv7
 RUN \
   case "${TARGETPLATFORM}" in \
   'linux/arm64') apk add --no-cache python3 make g++ ;; \
@@ -23,7 +24,7 @@ COPY . ./
 # Build initial app for production
 RUN yarn build
 
-# Build the final image
+# Production stage
 FROM node:16.13.2-alpine
 
 # Define some ENV Vars
@@ -44,8 +45,8 @@ COPY --from=BUILD_IMAGE /app ./
 ENTRYPOINT [ "/sbin/tini", "--" ]
 CMD [ "yarn", "build-and-start" ]
 
-# Expose given port
+# Expose the port
 EXPOSE ${PORT}
 
-# Run simple healthchecks every 5 mins, to check the Dashy's everythings great
+# Run simple healthchecks every 5 mins, to check that everythings still great
 HEALTHCHECK --interval=5m --timeout=2s --start-period=30s CMD yarn health-check

docker/docker-readme.md

@@ -0,0 +1,136 @@
+<h1 align="center">Dashy</h1>
+<p align="center">
+  <i>Dashy helps you organize your self-hosted services by making them accessible from a single place</i>
+   <br/>
+  <img width="120" src="https://i.ibb.co/yhbt6CY/dashy.png" />
+  <br/>
+  <b><a href="https://github.com/Lissy93/dashy/blob/master/docs/showcase.md">User Showcase</a></b> | <b><a href="https://demo.dashy.to">Live Demo</a></b> | <b><a href="https://github.com/Lissy93/dashy/blob/master/docs/quick-start.md">Getting Started</a></b> | <b><a href="https://dashy.to/docs">Documentation</a></b> | <b><a href="https://github.com/Lissy93/dashy">GitHub</a></b>
+  <br/><br/>
+  <a href="https://github.com/awesome-selfhosted/awesome-selfhosted#personal-dashboards">
+    <img src="https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg" alt="Awesome Self-Hosted">
+  </a>
+  <a href="https://github.com/Lissy93/dashy/blob/master/LICENSE">
+    <img src="https://img.shields.io/badge/License-MIT-0aa8d2?logo=opensourceinitiative&logoColor=fff" alt="License MIT">
+  </a>
+  <a href="https://github.com/Lissy93/dashy/blob/master/.github/CHANGELOG.md">
+    <img src="https://img.shields.io/github/package-json/v/lissy93/dashy?logo=azurepipelines&amp;color=0aa8d2" alt="Current Version">
+  </a>
+  <a href="https://hub.docker.com/r/lissy93/dashy">
+    <img src="https://img.shields.io/docker/pulls/lissy93/dashy?logo=docker&color=0aa8d2&logoColor=fff" alt="Docker Pulls">
+  </a>
+  <a href="http://as93.link/dashy-build-status">
+   <img src="https://badgen.net/github/status/lissy93/dashy?icon=github" alt="GitHub Status">
+  </a>
+  <a href="https://snyk.io/test/github/lissy93/dashy">
+    <img src="https://snyk.io/test/github/lissy93/dashy/badge.svg" alt="Known Vulnerabilities">
+  </a>
+</p>
+
+## Features 🌈
+
+- 🔎 Instant search by name, domain, or tags + customizable hotkeys & keyboard shortcuts
+- 🎨 Multiple built-in color themes, with UI color editor and support for custom CSS
+- 🧸 Many icon options - Font-Awesome, homelab icons, auto-fetching Favicon, images, emojis, etc.
+- 🚦 Status monitoring for each of your apps/links for basic availability and uptime checking
+- 📊 Widgets for displaying info and dynamic content from your self-hosted services
+- 💂 Optional authentication with multi-user access, configurable privileges, and SSO support
+- 🌎 Multi-language support, with 10+ human-translated languages, and more on the way
+- ☁ Optional, encrypted, free off-site cloud backup and restore feature available
+- 💼 A workspace view, for easily switching between multiple apps simultaneously
+- 🛩️ A minimal view, for use as a fast-loading browser Startpage
+- 🖱️ Choose app launch method, either new tab, same tab, a pop-up modal, or in the workspace view
+- 📏 Customizable layout, sizes, text, component visibility, sort order, behavior, etc.
+- 🖼️ Options for a full-screen background image, custom nav-bar links, HTML footer, title, etc.
+- 🚀 Easy to setup with Docker, or on bare metal, or with 1-Click cloud deployment
+- ⚙️ Easy configuration, either through the UI, or using a YAML file
+- ✨ Under active development with improvements and new features added regularly 
+- 🤏 Small bundle size, fully responsive UI, and PWA for basic offline access
+- 🆓 100% free and open-source
+- 🔐 Strong focus on privacy
+- 🌈 And loads more...
+
+## Demo ⚡
+
+**Live Instances**: [Demo 1](https://demo.dashy.to) (Live Demo) ┆ [Demo 2](https://live.dashy.to) (Dashy Links) ┆ [Demo 3](https://dev.dashy.to) (Dev Preview)
+
+**Screenshots**: Checkout the [Showcase](https://github.com/Lissy93/dashy/blob/master/docs/showcase.md), to see example dashboards from the community
+
+**Spin up your own demo**: [![One-Click Deploy with PWD](https://img.shields.io/badge/Play--with--Docker-Deploy-2496ed?style=flat-square&logo=docker)](https://labs.play-with-docker.com/?stack=https://raw.githubusercontent.com/Lissy93/dashy/master/docker-compose.yml) or [`docker run -p 8080:80 lissy93/dashy`](./docs/quick-start.md)
+
+
+<p align="center">
+  <img width="800" src="https://i.ibb.co/L8YbNNc/dashy-demo2.gif" alt="Demo" />
+</p>
+
+
+**[⬆️ Back to Top](#dashy)**
+
+---
+
+## Getting Started 🛫
+
+To deploy Dashy with Docker, just run `docker run -p 8080:80 lissy93/dashy`, then open `http://localhost:8080`
+
+For full list of options and a Docker compose file, see the [Deployment Docs](https://github.com/Lissy93/dashy/blob/master/docs/deployment.md).
+
+Dashy can also be run on bare metal using Node.js, or deployed to a cloud service, using the 1-Click deploy script.
+
+---
+
+## Documentation 📝
+
+#### Running Dashy
+- **[Quick Start](https://github.com/Lissy93/dashy/blob/master/docs/quick-start.md)** - TDLR guide on getting Dashy up and running
+- **[Deployment](https://github.com/Lissy93/dashy/blob/master/docs/deployment.md)** - Full guide on deploying Dashy either locally or online
+- **[Configuring](https://github.com/Lissy93/dashy/blob/master/docs/configuring.md)** - Complete list of all available options in the config file
+- **[App Management](https://github.com/Lissy93/dashy/blob/master/docs/management.md)** - Managing your app, updating, security, web server configuration, etc
+- **[Troubleshooting](https://github.com/Lissy93/dashy/blob/master/docs/troubleshooting.md)** - Common errors and problems, and how to fix them
+
+#### Feature Docs
+- **[Authentication](https://github.com/Lissy93/dashy/blob/master/docs/authentication.md)** - Guide to setting up authentication to protect your dashboard
+- **[Alternate Views](https://github.com/Lissy93/dashy/blob/master/docs/alternate-views.md)** - Outline of available pages / views and item opening methods
+- **[Backup & Restore](https://github.com/Lissy93/dashy/blob/master/docs/backup-restore.md)** - Guide to backing up config with Dashy's cloud sync feature
+- **[Icons](https://github.com/Lissy93/dashy/blob/master/docs/icons.md)** - Outline of all available icon types for sections and items, with examples
+- **[Language Switching](https://github.com/Lissy93/dashy/blob/master/docs/multi-language-support.md)** - Details on how to switch language, or add a new locale
+- **[Status Indicators](https://github.com/Lissy93/dashy/blob/master/docs/status-indicators.md)** - Using Dashy to monitor uptime and status of your apps
+- **[Searching  & Shortcuts](https://github.com/Lissy93/dashy/blob/master/docs/searching.md)** - Searching, launching methods + keyboard shortcuts
+- **[Theming](https://github.com/Lissy93/dashy/blob/master/docs/theming.md)** - Complete guide to applying, writing and modifying themes + styles
+- **[Widgets](https://github.com/Lissy93/dashy/blob/master/docs/widgets.md)** - List of all dynamic content widgets, with usage guides and examples
+
+#### Development and Contributing 
+- **[Developing](https://github.com/Lissy93/dashy/blob/master/docs/developing.md)** - Running Dashy development server locally, and general workflow
+- **[Development Guides](https://github.com/Lissy93/dashy/blob/master/docs/development-guides.md)** - Common development tasks, to help new contributors
+- **[Contributing](https://github.com/Lissy93/dashy/blob/master/docs/contributing.md)** - How you can help keep Dashy alive
+- **[Showcase](https://github.com/Lissy93/dashy/blob/master/docs/showcase.md)** - See how others are using Dashy, and share your dashboard
+- **[Credits](https://github.com/Lissy93/dashy/blob/master/docs/credits.md)** - List of people and projects that have made Dashy possible
+- **[Release Workflow](https://github.com/Lissy93/dashy/blob/master/docs/release-workflow.md)** - Info about releases, CI and automated tasks
+
+---
+
+## License 📜
+
+Dashy is Licensed under [MIT X11](https://en.wikipedia.org/wiki/MIT_License)
+
+```
+Copyright © 2021 Alicia Sykes <https://aliciasykes.com>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this
+software and associated documentation files (the "Software"), to deal in the Software
+without restriction, including without limitation the rights to use, copy, modify, merge,
+publish, distribute, sublicense, and/or sell copies of the Software, and to permit
+persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or
+substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
+INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES, OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF, OR IN CONNECTION WITH THE SOFTWARE OR THE USE
+OR OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, Dashy shall not be used in advertising or otherwise
+to promote the sale, use, or other dealings in this Software without prior written
+authorization from the repo owner.
+```

docs/authentication.md

@@ -74,13 +74,15 @@ For Example:
     ...
 ```
 
-### Security
-Since all authentication is happening entirely on the client-side, it is vulnerable to manipulation by an adversary. An attacker could look at the source code, find the function used generate the auth token, then decode the minified JavaScript to find the hash, and manually generate a token using it, then just insert that value as a cookie using the console, and become a logged in user. Therefore, if you need secure authentication for your app, it is strongly recommended to implement this using your web server, or use a VPN to control access to Dashy. The purpose of the login page is merely to prevent immediate unauthorized access to your homepage.
+### Permissions
+Any user who is not an admin (with `type: admin`) will not be able to write changes to disk.
+
+You can also prevent any user from writing changes to disk, using `preventWriteToDisk`. Or prevent any changes from being saved locally in browser storage, using `preventLocalSave`. Both properties can be found under [`appConfig`](./docs/configuring.md#appconfig-optional).
 
-Addressing this is on the todo list, and there are several potential solutions:
-1. Encrypt all site data against the users password, so that an attacker can not physically access any data without the correct decryption key
-2. Use a backend service to handle authentication and configuration, with no user data returned from the server until the correct credentials are provided. However, this would require either Dashy to be run using it's Node.js server, or the use of an external service
-3. ~~Implement authentication using a self-hosted identity management solution, such as [Keycloak for Vue](https://www.keycloak.org/securing-apps/vue)~~ **This is now implemented, and released in PR #174 of V 1.6.5!**
+To disable all UI config features, including View Config, set `disableConfiguration`.
+
+### Security
+With basic auth, all logic is happening on the client-side, which could mean a skilled user could manipulate the code to view parts of your configuration, including the hash. If the SHA-256 hash is of a common password, it may be possible to determine it, using a lookup table, in order to find the original password. Which can be used to manually generate the auth token, that can then be inserted into session storage, to become a valid logged in user. Therefore, you should always use a long, strong and unique password, and if you instance contains security-critical info and/ or is exposed directly to the internet, and alternative authentication method may be better. The purpose of the login page is merely to prevent immediate unauthorized access to your homepage.
 
 **[⬆️ Back to Top](#authentication)**