From 5d3ef6d97d25f76ac3d65bbaf7cd4fecfe76e058 Mon Sep 17 00:00:00 2001 From: 007 Date: Sun, 29 Sep 2024 16:14:52 +0330 Subject: [PATCH 01/10] fix: update Content-Security-Policy header --- config/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/nginx.conf b/config/nginx.conf index 5c8c951..f9a1ce9 100644 --- a/config/nginx.conf +++ b/config/nginx.conf @@ -24,7 +24,7 @@ server { # error_page 403 /error-403; # Security Headers - add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' data: https://heydari-mi.com; connect-src 'self'; font-src 'self';"; + add_header Content-Security-Policy "default-src 'self'; script-src 'self' https://simurgh.00-team.org; style-src 'self' https://simurgh.00-team.org; object-src 'none';"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options SAMEORIGIN; add_header X-XSS-Protection "1; mode=block"; From 83efcdea2e838a09a519b8d6a2222e64d47f33d3 Mon Sep 17 00:00:00 2001 From: 007 Date: Sun, 29 Sep 2024 16:21:58 +0330 Subject: [PATCH 02/10] fix: update config --- .github/workflows/deploy.yml | 1 + .gitignore | 2 ++ config/deploy.sh | 13 ++++++++++--- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 6b5049a..800d3cc 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -18,4 +18,5 @@ jobs: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} key: ${{ secrets.KEY }} + command_timeout: 1h script: bash /heydari/config/deploy.sh diff --git a/.gitignore b/.gitignore index c9b623b..e44f1c4 100644 --- a/.gitignore +++ b/.gitignore @@ -17,3 +17,5 @@ main.db* logs/ __pycache__/ backup/ +log +*.db* diff --git a/config/deploy.sh b/config/deploy.sh index 5ccce69..0bc6ba5 100755 --- a/config/deploy.sh +++ b/config/deploy.sh @@ -61,11 +61,18 @@ fi if check_diff "src/*"; then echo "$EG cargo build" cargo build --release + systemctl restart heydari echo $SPACER fi -echo "$EG restart backend" -systemctl restart heydari -echo $SPACER +if check_diff "config/nginx.conf"; then + echo "$EG restart nginx" + if nginx -t; then + systemctl restart nginx + else + echo invalid nginx status ❌ + fi + echo $SPACER +fi echo "Deploy is Done! ✅" From b39650cf433bfd3a561dea6800871d5d33de5a4f Mon Sep 17 00:00:00 2001 From: 007 Date: Sun, 29 Sep 2024 17:01:49 +0330 Subject: [PATCH 03/10] fix: update nginx.conf --- config/nginx.conf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config/nginx.conf b/config/nginx.conf index f9a1ce9..e04c085 100644 --- a/config/nginx.conf +++ b/config/nginx.conf @@ -24,7 +24,8 @@ server { # error_page 403 /error-403; # Security Headers - add_header Content-Security-Policy "default-src 'self'; script-src 'self' https://simurgh.00-team.org; style-src 'self' https://simurgh.00-team.org; object-src 'none';"; + add_header Content-Security-Policy "default-src 'self' https://trustseal.enamad.ir https://simurgh.00-team.org"; + # add_header Content-Security-Policy "default-src 'self'; script-src 'self' https://simurgh.00-team.org; style-src 'self' https://simurgh.00-team.org; object-src 'none';"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options SAMEORIGIN; add_header X-XSS-Protection "1; mode=block"; From 95620be31944da9461b844ea3e5257c79b9be332 Mon Sep 17 00:00:00 2001 From: 007 Date: Sun, 29 Sep 2024 17:02:05 +0330 Subject: [PATCH 04/10] release: 1.1.8 --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index a5ba932..18efdb9 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.1.7 \ No newline at end of file +1.1.8 From 24d989dfd94398ef9f5c2c6c7584bd2754bc82dc Mon Sep 17 00:00:00 2001 From: 007 Date: Sun, 29 Sep 2024 17:08:25 +0330 Subject: [PATCH 05/10] release: 1.1.9 --- VERSION | 2 +- config/nginx.conf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/VERSION b/VERSION index 18efdb9..512a1fa 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.1.8 +1.1.9 diff --git a/config/nginx.conf b/config/nginx.conf index e04c085..e89ef77 100644 --- a/config/nginx.conf +++ b/config/nginx.conf @@ -24,7 +24,7 @@ server { # error_page 403 /error-403; # Security Headers - add_header Content-Security-Policy "default-src 'self' https://trustseal.enamad.ir https://simurgh.00-team.org"; + add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' https://trustseal.enamad.ir https://simurgh.00-team.org"; # add_header Content-Security-Policy "default-src 'self'; script-src 'self' https://simurgh.00-team.org; style-src 'self' https://simurgh.00-team.org; object-src 'none';"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options SAMEORIGIN; From e6630c374980bdb78b2b39b922f5cb917964150f Mon Sep 17 00:00:00 2001 From: 007 Date: Sun, 29 Sep 2024 17:09:32 +0330 Subject: [PATCH 06/10] release: 1.1.10 fix nginx conf --- VERSION | 2 +- config/nginx.conf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/VERSION b/VERSION index 512a1fa..5ed5faa 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.1.9 +1.1.10 diff --git a/config/nginx.conf b/config/nginx.conf index e89ef77..bf54eaf 100644 --- a/config/nginx.conf +++ b/config/nginx.conf @@ -24,7 +24,7 @@ server { # error_page 403 /error-403; # Security Headers - add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' https://trustseal.enamad.ir https://simurgh.00-team.org"; + add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'script-src-elem' https://trustseal.enamad.ir https://simurgh.00-team.org"; # add_header Content-Security-Policy "default-src 'self'; script-src 'self' https://simurgh.00-team.org; style-src 'self' https://simurgh.00-team.org; object-src 'none';"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options SAMEORIGIN; From ce115fe2b069c4d58280a67e84c124742228bc5d Mon Sep 17 00:00:00 2001 From: 007 Date: Sun, 29 Sep 2024 17:11:29 +0330 Subject: [PATCH 07/10] release: 1.1.11 fixing the nginx conf for the 100th time --- VERSION | 2 +- config/nginx.conf | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/VERSION b/VERSION index 5ed5faa..9ee1f78 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.1.10 +1.1.11 diff --git a/config/nginx.conf b/config/nginx.conf index bf54eaf..422540e 100644 --- a/config/nginx.conf +++ b/config/nginx.conf @@ -24,8 +24,7 @@ server { # error_page 403 /error-403; # Security Headers - add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'script-src-elem' https://trustseal.enamad.ir https://simurgh.00-team.org"; - # add_header Content-Security-Policy "default-src 'self'; script-src 'self' https://simurgh.00-team.org; style-src 'self' https://simurgh.00-team.org; object-src 'none';"; + add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' https://trustseal.enamad.ir https://simurgh.00-team.org https://www.googletagmanager.com"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options SAMEORIGIN; add_header X-XSS-Protection "1; mode=block"; From 0debb7405880d62d9ffec8117df811f7a9bacd37 Mon Sep 17 00:00:00 2001 From: 007 Date: Sun, 29 Sep 2024 17:23:55 +0330 Subject: [PATCH 08/10] release: 1.1.12 nginx conf --- VERSION | 2 +- config/nginx.conf | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 9ee1f78..ccad953 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.1.11 +1.1.12 diff --git a/config/nginx.conf b/config/nginx.conf index 422540e..e39633a 100644 --- a/config/nginx.conf +++ b/config/nginx.conf @@ -25,6 +25,7 @@ server { # Security Headers add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' https://trustseal.enamad.ir https://simurgh.00-team.org https://www.googletagmanager.com"; + add_header Permissions-Policy "geolocation=(self), microphone=()"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options SAMEORIGIN; add_header X-XSS-Protection "1; mode=block"; From 6efa18580be6abfeedb276da4eb710a50df6d5d0 Mon Sep 17 00:00:00 2001 From: 007 Date: Sun, 29 Sep 2024 17:27:54 +0330 Subject: [PATCH 09/10] release: 1.1.13 --- VERSION | 2 +- config/nginx.conf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/VERSION b/VERSION index ccad953..9ea63db 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.1.12 +1.1.13 diff --git a/config/nginx.conf b/config/nginx.conf index e39633a..7781679 100644 --- a/config/nginx.conf +++ b/config/nginx.conf @@ -24,7 +24,7 @@ server { # error_page 403 /error-403; # Security Headers - add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' https://trustseal.enamad.ir https://simurgh.00-team.org https://www.googletagmanager.com"; + add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' https://trustseal.enamad.ir https://simurgh.00-team.org https://www.googletagmanager.com https://www.google.com/"; add_header Permissions-Policy "geolocation=(self), microphone=()"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options SAMEORIGIN; From 970f29eecded43e836a62c85daa678f2bbf3ac22 Mon Sep 17 00:00:00 2001 From: 007 Date: Sun, 29 Sep 2024 17:38:57 +0330 Subject: [PATCH 10/10] release: 1.1.14 --- VERSION | 2 +- config/nginx.conf | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/VERSION b/VERSION index 9ea63db..e9bc149 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.1.13 +1.1.14 diff --git a/config/nginx.conf b/config/nginx.conf index 7781679..ad52616 100644 --- a/config/nginx.conf +++ b/config/nginx.conf @@ -24,7 +24,8 @@ server { # error_page 403 /error-403; # Security Headers - add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' https://trustseal.enamad.ir https://simurgh.00-team.org https://www.googletagmanager.com https://www.google.com/"; + # add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' https://trustseal.enamad.ir https://simurgh.00-team.org https://www.googletagmanager.com https://www.google.com/"; + add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' *"; add_header Permissions-Policy "geolocation=(self), microphone=()"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options SAMEORIGIN;