Merge 22a0a9d1ec into 6b3d8dcbec

2026-01-23 02:24:09 +00:00 · 2025-07-26 06:05:12 +00:00 · 2025-07-26 06:05:12 +00:00 · 61c4534fba
commit 61c4534fba
parent 6b3d8dcbec 22a0a9d1ec
9 changed files with 89 additions and 29 deletions
--- a/29
+++ b/29
@ -1,14 +1,29 @@
-FROM    php:apache
+FROM    php:8.3-apache
+
+# Install dependencies and PHP extensions
+RUN     apt-get update && \
+        apt-get install -y --no-install-recommends \
+            memcached \
+            libmemcached-dev \
+            zlib1g-dev \
+            libldap2-dev \
+            libssl-dev && \
+        pecl install memcached-3.2.0 && \
+        docker-php-ext-enable memcached && \
+        docker-php-ext-configure ldap --with-libdir=lib/x86_64-linux-gnu/ && \
+        docker-php-ext-install ldap && \
+        apt-get clean && \
+        rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+# Copy application files
 COPY    backend-php/ /var/www/html/
 COPY    frontend/ /var/www/html/
 COPY    docker/start.sh .

-RUN     apt-get update && \
-        apt-get install -y memcached libmemcached-dev zlib1g-dev libldap2-dev libssl-dev && \
-        pecl install memcached && \
-        docker-php-ext-enable memcached && \
-        docker-php-ext-configure ldap --with-libdir=lib/*-linux-gnu*/ && \
-        docker-php-ext-install ldap
+# Set secure permissions
+RUN     chown -R www-data:www-data /var/www/html && \
+        find /var/www/html -type d -exec chmod 755 {} \; && \
+        find /var/www/html -type f -exec chmod 644 {} \;

 EXPOSE  80/tcp
 VOLUME  /etc/hauk
--- a/android/app/build.gradle
+++ b/android/app/build.gradle
@ -1,19 +1,30 @@
 apply plugin: 'com.android.application'
+apply plugin: 'org.jetbrains.kotlin.android'

 android {
-    compileSdkVersion 33
+    compileSdkVersion 34
    defaultConfig {
        applicationId "info.varden.hauk"
-        minSdkVersion 24
-        targetSdkVersion 33
-        versionCode 14
-        versionName "1.6.2"
+        minSdkVersion 26
+        targetSdkVersion 34
+        versionCode 15
+        versionName "1.6.3"
        testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
    }
    buildTypes {
-        release {
+        debug {
+            debuggable true
            minifyEnabled false
+            shrinkResources false
+        }
+        release {
+            debuggable false
+            minifyEnabled true
+            shrinkResources true
            proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
+            
+            // Security hardening
+            signingConfig signingConfigs.debug // Replace with proper signing config in production
        }
    }
    namespace 'info.varden.hauk'
@ -21,10 +32,22 @@ android {

 dependencies {
    implementation fileTree(dir: 'libs', include: ['*.jar'])
-    implementation 'androidx.appcompat:appcompat:1.6.1'
+    
+    // Core Android libraries
+    implementation 'androidx.appcompat:appcompat:1.7.0'
    implementation 'androidx.constraintlayout:constraintlayout:2.1.4'
    implementation 'androidx.preference:preference:1.2.1'
+    implementation 'androidx.core:core:1.13.1'
+    implementation 'androidx.activity:activity:1.9.0'
+    implementation 'androidx.fragment:fragment:1.8.0'
+    
+    // Security libraries
+    implementation 'androidx.security:security-crypto:1.1.0-alpha06'
+
+    // Testing dependencies
    testImplementation 'junit:junit:4.13.2'
+    testImplementation 'org.mockito:mockito-core:5.4.0'
    androidTestImplementation 'androidx.test:runner:1.5.2'
    androidTestImplementation 'androidx.test.espresso:espresso-core:3.5.1'
+    androidTestImplementation 'androidx.test.ext:junit:1.1.5'
 }
--- a/android/app/src/main/AndroidManifest.xml
+++ b/android/app/src/main/AndroidManifest.xml
@ -3,10 +3,24 @@
    xmlns:tools="http://schemas.android.com/tools"
    package="info.varden.hauk">

+    <!-- Location permissions -->
    <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
    <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />
+    <uses-permission android:name="android.permission.ACCESS_BACKGROUND_LOCATION" />
+    
+    <!-- Service permissions -->
    <uses-permission android:name="android.permission.FOREGROUND_SERVICE" />
+    <uses-permission android:name="android.permission.FOREGROUND_SERVICE_LOCATION" />
+    
+    <!-- Network permissions -->
    <uses-permission android:name="android.permission.INTERNET" />
+    <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
+    
+    <!-- Notification permissions for Android 13+ -->
+    <uses-permission android:name="android.permission.POST_NOTIFICATIONS" />
+    
+    <!-- Wake lock for reliable background operation -->
+    <uses-permission android:name="android.permission.WAKE_LOCK" />

    <application
        android:allowBackup="true"
@ -16,7 +30,9 @@
        android:networkSecurityConfig="@xml/network_security"
        android:roundIcon="@drawable/ic_icon"
        android:supportsRtl="true"
-        android:theme="@style/AppTheme">
+        android:theme="@style/AppTheme"
+        android:hardwareAccelerated="true"
+        android:largeHeap="false"

        <activity
            android:name=".system.preferences.ui.SettingsActivity"
--- a/android/build.gradle
+++ b/android/build.gradle
@ -3,12 +3,12 @@
 buildscript {
    repositories {
        google()
-        jcenter()
+        mavenCentral()
        
    }
    dependencies {
-        classpath 'com.android.tools.build:gradle:8.1.0'
-        
+        classpath 'com.android.tools.build:gradle:8.11.1'
+
        // NOTE: Do not place your application dependencies here; they belong
        // in the individual module build.gradle files
    }
@ -17,11 +17,11 @@ buildscript {
 allprojects {
    repositories {
        google()
-        jcenter()
+        mavenCentral()
        
    }
 }

-task clean(type: Delete) {
+tasks.register('clean', Delete) {
    delete rootProject.buildDir
 }
--- a/android/gradle.properties
+++ b/android/gradle.properties
@ -6,7 +6,8 @@
 # http://www.gradle.org/docs/current/userguide/build_environment.html
 # Specifies the JVM arguments used for the daemon process.
 # The setting is particularly useful for tweaking memory settings.
-org.gradle.jvmargs=-Xmx1536m
+org.gradle.jvmargs=-Xmx2048m -XX:MaxMetaspaceSize=512m
+
 # When configured, Gradle will run in incubating parallel mode.
 # This option should only be used with decoupled projects. More details, visit
 # http://www.gradle.org/docs/current/userguide/multi_project_builds.html#sec:decoupled_projects
--- a/android/gradle/wrapper/gradle-wrapper.properties
+++ b/android/gradle/wrapper/gradle-wrapper.properties
@ -1,6 +1,6 @@
-#Thu Jul 30 19:59:09 CEST 2020
+#Updated for Android Gradle Plugin 8.2.2 compatibility
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.0-all.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.13-all.zip
--- a/backend-php/include/config-sample.php
+++ b/backend-php/include/config-sample.php
@ -74,10 +74,13 @@
 // data to Hauk. To generate this value on the terminal:
 //   - MD5 (insecure!):     openssl passwd -1
 //   - bcrypt (secure):     htpasswd -nBC 10 "" | tail -c +2
-"password_hash"     => '$2y$10$4ZP1iY8A3dZygXoPgsXYV.S3gHzBbiT9nSfONjhWrvMxVPkcFq1Ka',
-// Default value above is empty string (no password) and is VERY INSECURE.
-// Trust me, you really should change this unless you intentionally want a
+// For empty password, use $2y$10$4ZP1iY8A3dZygXoPgsXYV.S3gHzBbiT9nSfONjhWrvMxVPkcFq1Ka
+// You really should not use this unless you intentionally want a
 // public instance that anyone in the world can use freely.
+"password_hash"     => '',
+// REQUIRED: You MUST set a password hash before using Hauk!
+// The default empty value will not allow any connections.
+// Generate a secure password hash using: htpasswd -nBC 10 "" | tail -c +2
 //
 // Also note that users have the option to save the server password locally on
 // their devices using a "Remember password" checkbox. If they choose to do so,
--- a/backend-php/include/inc.php
+++ b/backend-php/include/inc.php
@ -64,8 +64,9 @@ const METERS_PER_SECOND = array(
 include(__DIR__."/lang/en/texts.php");

 // Load the preferred language.
-$acceptLang = str_replace("-", "_", filter_input(INPUT_SERVER, "HTTP_ACCEPT_LANGUAGE"));
+$acceptLang = filter_input(INPUT_SERVER, "HTTP_ACCEPT_LANGUAGE");
 if ($acceptLang) {
+    $acceptLang = str_replace("-", "_", $acceptLang);

    // Split the Accept-Language header into an array of possible languages.
    preg_match_all("/(([a-z]{1,8})(_([a-zA-Z]{1,8}))?)(\s*;\s*q\s*=\s*([01](\.\d{0,3})?))?\s*(,|$)/i", $acceptLang, $clientReq, PREG_SET_ORDER);
@ -124,7 +125,7 @@ const DEFAULTS = array(
    "redis_auth"            => '',
    "redis_prefix"          => 'hauk',
    "auth_method"           => PASSWORD,
-    "password_hash"         => '$2y$10$4ZP1iY8A3dZygXoPgsXYV.S3gHzBbiT9nSfONjhWrvMxVPkcFq1Ka',
+    "password_hash"         => '',
    "htpasswd_path"         => '/etc/hauk/users.htpasswd',
    "ldap_uri"              => 'ldaps://ldap.example.com:636',
    "ldap_start_tls"        => false,
--- a/frontend/main.js
+++ b/frontend/main.js
@ -833,7 +833,8 @@ function processUpdate(data, init) {
        var nameE = document.getElementById("nickname-" + shares[user].id);
        if (nameE !== null && multiUser) {
            nameE.textContent = user;
-            nameE.innerHTML += "<br />";
+            var br = document.createElement("br");
+            nameE.appendChild(br);
            nameE.style.fontWeight = "bold";
        }
    }