Added docker runtime and some env configurations

.dockerignore

@@ -0,0 +1,9 @@
+node_modules
+.env
+.dockerignore
+Dockerfile
+docker-compose.yml
+.git
+.idea
+.gitignore
+README.md

.env.docker.example

@@ -0,0 +1,20 @@
+# copy this to .env.docker.local and adjust it according your needs
+
+
+BOSH_URL=
+
+# If you want your app to work offline and load faster, you can change
+# false to true below. Note this comes with some pitfalls.
+# Learn more about service workers: https://bit.ly/CRA-PWA
+SERVICE_WORKER=false
+
+# This application stores passwords in the local storage. This should not be done on a website.
+# App check if it is not on website comparing the actual hostmane to following value.
+SECURE_HOSTNAME=localhost
+
+# This application stores passwords in the local storage. This should not be done on a website.
+# App checks this and according to follwing var it handles the unsecure situtaion:
+# 'strict' - it shows alert and refuses to start
+# 'lax' - it shows warning and if confirmed it starts, if not it doesn't start
+# 'persistent' - it shows warning and if confirmed it starts and stores decision for next time, if not it doesn't start
+ENVIRONMENT_SECURITY_MODE=strict

.gitignore

@@ -13,10 +13,12 @@
 
 # misc
 .DS_Store
+.idea
 .env.local
 .env.development.local
 .env.test.local
 .env.production.local
+.env.docker.local
 
 npm-debug.log*
 yarn-debug.log*

Dockerfile

@@ -0,0 +1,12 @@
+FROM node:latest
+ENV BOSH_URL='' \
+    SERVICE_WORKER=false \
+    SECURE_HOSTNAME=localhost \
+    ENVIRONMENT_SECURITY_MODE=strict
+WORKDIR /srv
+COPY ./ /srv
+RUN yarn upgrade && \
+    yarn install && \
+	yarn build && \
+    npx browserslist@latest --update-db
+ENTRYPOINT yarn start

config/webpack.config.js

@@ -604,6 +604,7 @@ module.exports = function(webpackEnv) {
           // The formatter is invoked directly in WebpackDevServerUtils during development
           formatter: isEnvProduction ? typescriptFormatter : undefined,
         }),
+      new webpack.EnvironmentPlugin(['BOSH_URL', 'SERVICE_WORKER', 'SECURE_HOSTNAME', 'ENVIRONMENT_SECURITY_MODE']),
     ].filter(Boolean),
     // Some libraries import Node modules but don't use them in the browser.
     // Tell Webpack to provide empty mocks for them so importing them works.

docker-compose.yml

@@ -0,0 +1,20 @@
+version: "2.4"
+x-logging:
+  &default-logging
+  driver: "json-file"
+  options:
+    max-size: "1M"
+    max-file: "10"
+services:
+  jsxc:
+    image: jsxc/jsxc-single-page:latest
+    build: ./
+    env_file: .env.docker.local
+    ports:
+      - 3000:3000
+    networks:
+      - proxy
+    restart: always
+    logging: *default-logging
+networks:
+  proxy:

package.json

@@ -71,12 +71,15 @@
     "webpack-manifest-plugin": "2.2.0",
     "workbox-webpack-plugin": "5.1.3"
   },
+  "resolutions": {
+    "sanitize.css": "12.0.1"
+  },
   "files": [
     "build/"
   ],
   "scripts": {
-    "start": "node scripts/start.js",
-    "build": "INLINE_RUNTIME_CHUNK=false node scripts/build.js",
+    "start": "NODE_OPTIONS=--openssl-legacy-provider node scripts/start.js",
+    "build": "INLINE_RUNTIME_CHUNK=false NODE_OPTIONS=--openssl-legacy-provider node scripts/build.js",
     "test": "node scripts/test.js"
   },
   "eslintConfig": {

src/AddAccount.tsx

@@ -62,10 +62,14 @@ const STATUS = {
 };
 
 class AddAccount extends React.Component<any, any> {
-	state = {
+	defaults = {
+        url: process.env.BOSH_URL ?? '',
+    }
+
+    state = {
 		status: STATUS.Idle,
 		warning: '',
-		url: '',
+		url: this.defaults.url,
 		jid: '',
 		password: '',
 	};
@@ -146,21 +150,25 @@ class AddAccount extends React.Component<any, any> {
 					/>
 
 					<form onSubmit={this.onSubmit}>
-						<TextField
-							autoFocus
-							disabled={disabled}
-							required
-							label="BOSH Url"
-							value={url}
-							onChange={this.onChange('url')}
-							InputProps={{
-								className: classes.field,
-							}}
-							InputLabelProps={{
-								className: classes.label,
-							}}
-							fullWidth
-						/>
+                        {this.defaults.url === ''
+                            ? <TextField
+                                autoFocus
+                                disabled={disabled}
+                                required
+                                label="BOSH Url"
+                                value={url}
+                                onChange={this.onChange('url')}
+                                InputProps={{
+                                    className: classes.field,
+                                }}
+                                InputLabelProps={{
+                                    className: classes.label,
+                                }}
+                                fullWidth
+                            />
+                            : ''
+                        }
+
 						<TextField
 							type="email"
 							disabled={disabled}

src/index.tsx

@@ -9,15 +9,39 @@ let bodyElement = document.getElementsByTagName('body')[0];
 bodyElement.classList.add('jsxc-fullscreen');
 bodyElement.classList.add('jsxc-two-columns');
 
-if (window.location.hostname && window.location.hostname !== 'localhost') {
-    alert('This application stores passwords in the local storage. This should not be done on a website.');
+const secureHostname = process.env.SECURE_HOSTNAME ?? 'localhost';
+console.info('secure hostname', secureHostname)
+if (window.location.hostname && window.location.hostname !== secureHostname) {
+    const environmentSecurityMode = process.env.ENVIRONMENT_SECURITY_MODE ?? 'strict';
+    console.info('environment security mode', environmentSecurityMode)
+    switch (environmentSecurityMode) {
+        case 'persistent':
+            if (window.localStorage.getItem('jsxc2:security-confirmed')) {
+                break;
+            }
+            if (!window.confirm('This application stores passwords in the local storage. This should be done only if your browser is only yours and properly secured.')) {
+                throw new Error('Unsecure enviornment');
+            }
+            window.localStorage.setItem('jsxc2:security-confirmed', 'true');
+            break;
+        case 'lax':
+            if (!window.confirm('This application stores passwords in the local storage. This should be done only if your browser is only yours and properly secured.')) {
+                throw new Error('Unsecure enviornment');
+            }
+            break;
+        default: //strict
+            alert('This application stores passwords in the local storage. This should not be done on a website.');
+            throw new Error('Unsecure enviornment');
+    }
 
-    throw new Error('Unsecure enviornment');
 }
 
-ReactDOM.render(<App />, document.getElementById('root'));
+ReactDOM.render(<App/>, document.getElementById('root'));
 
-// If you want your app to work offline and load faster, you can change
-// unregister() to register() below. Note this comes with some pitfalls.
-// Learn more about service workers: https://bit.ly/CRA-PWA
-serviceWorker.unregister();
+const useServiceWorker = process.env.SERVICE_WORKER === 'true'
+console.info('service worker', useServiceWorker)
+if (useServiceWorker) {
+    serviceWorker.register();
+} else {
+    serviceWorker.unregister();
+}