seatsurfing / backend Goto Github PK

When I create a new area and upload a floor plan and then add multiple spaces, only one space gets saved.

You can add multiple spaces, but after saving and re-entering only the last space was stored.

I tested this on our installation and I can reproduce on your demo site: https://app.seatsurfing.app/admin/locations/b9d488a9-62e0-4550-82ca-e246a252585a

with firefox and chrome

Hello,
I need some help to integrate a SAML IdP. I am probably stuck at errors because of the auth_state table not returning results. I already tried serveral configurations and IdPs but was not successfull.

Browser error is 502, bade gateway - as a result for process errors like these:

seatsurfing-db-1 | 2023-12-13 12:45:43.221 UTC [33] ERROR: invalid input syntax for type uuid: ""
seatsurfing-db-1 | 2023-12-13 12:45:43.221 UTC [33] STATEMENT: SELECT id, auth_provider_id, expiry, auth_state_type, payload FROM auth_states WHERE id = $1
seatsurfing-server-1 | 2023/12/13 12:45:43 state not found for id
seatsurfing-server-1 | 2023/12/13 12:45:43 http: panic serving 172.18.0.5:36644: runtime error: invalid memory address or nil pointer dereference
seatsurfing-server-1 | goroutine 2752 [running]:
seatsurfing-server-1 | net/http.(*conn).serve.func1()
seatsurfing-server-1 | /usr/local/go/src/net/http/server.go:1868 +0xb9
seatsurfing-server-1 | panic({0x786900?, 0xac70f0?})
seatsurfing-server-1 | /usr/local/go/src/runtime/panic.go:920 +0x270
seatsurfing-server-1 | main.(*AuthRouter).callback(0x7?, {0x895290, 0xc0000dc380}, 0x7f50e6?)
seatsurfing-server-1 | /go/src/app/server/auth-router.go:410 +0x191
seatsurfing-server-1 | net/http.HandlerFunc.ServeHTTP(0x412750?, {0x895290?, 0xc0000dc380?}, 0x7f5c24765f18?)
seatsurfing-server-1 | /usr/local/go/src/net/http/server.go:2136 +0x29
seatsurfing-server-1 | main.VerifyAuthMiddleware.func3({0x895290, 0xc0000dc380}, 0xc0002ee900)
seatsurfing-server-1 | /go/src/app/server/routes.go:198 +0x362
seatsurfing-server-1 | net/http.HandlerFunc.ServeHTTP(0x895290?, {0x895290?, 0xc0000dc380?}, 0x895c78?)
seatsurfing-server-1 | /usr/local/go/src/net/http/server.go:2136 +0x29
seatsurfing-server-1 | main.CorsMiddleware.func1({0x895290, 0xc0000dc380}, 0xc00032bc50?)
seatsurfing-server-1 | /go/src/app/server/routes.go:139 +0x56
seatsurfing-server-1 | net/http.HandlerFunc.ServeHTTP(0xc0002ee800?, {0x895290?, 0xc0000dc380?}, 0x7f5bddbb9cb8?)
seatsurfing-server-1 | /usr/local/go/src/net/http/server.go:2136 +0x29
seatsurfing-server-1 | github.com/gorilla/mux.(*Router).ServeHTTP(0xc000000300, {0x895290, 0xc0000dc380}, 0xc0002ee700)
seatsurfing-server-1 | /go/pkg/mod/github.com/gorilla/[email protected]/mux.go:210 +0x1c5
seatsurfing-server-1 | net/http.serverHandler.ServeHTTP({0xc00032b9b0?}, {0x895290?, 0xc0000dc380?}, 0x6?)
seatsurfing-server-1 | /usr/local/go/src/net/http/server.go:2938 +0x8e
seatsurfing-server-1 | net/http.(*conn).serve(0xc00013e990, {0x895c78, 0xc0004121b0})
seatsurfing-server-1 | /usr/local/go/src/net/http/server.go:2009 +0x5f4
seatsurfing-server-1 | created by net/http.(*Server).Serve in goroutine 35
seatsurfing-server-1 | /usr/local/go/src/net/http/server.go:3086 +0x5cb

Please provide some help. From my point of view, inspecting the browser cookies, the authentication results are ok. Either there is a problem with the auth_state id which is returned by doing a sql query manually for table - or probably for the user profile url?

Configuration for the authentication provider (ADFS instead of Azure, but Azure and Keycloak with same results) is:

auth: https://auth.xxx.yyy/adfs/oauth2/authorize
token: https://auth.xxx.yyy/adfs/oauth2/token
userinfo: https://auth.xxx.yyy/adfs/userinfo

Thank you for your help.

kind regards,
Ingo

Upgrade from 1.11.3 to 1.12.x fails with following error:

server_1  | panic: pq: column "disabled" of relation "users" already exists
server_1  |
server_1  | goroutine 1 [running]:
server_1  | main.(*UserRepository).RunSchemaUpgrade(0x806ae8?, 0xd, 0xc00021fe18?)
server_1  |     /go/src/app/server/user-repository.go:109 +0x385
server_1  | main.RunDBSchemaUpdates()
server_1  |     /go/src/app/server/db-updates.go:34 +0x34d
server_1  | main.(*App).InitializeDatabases(0xc00021ff60?)
server_1  |     /go/src/app/server/app.go:33 +0x17
server_1  | main.main()
server_1  |     /go/src/app/server/main.go:29 +0xaf

Database Error log:

db_1      | 2023-02-20 09:24:18.959 UTC [44] ERROR:  column "disabled" of relation "users" already exists
db_1      | 2023-02-20 09:24:18.959 UTC [44] STATEMENT:  ALTER TABLE users ADD COLUMN disabled boolean NOT NULL DEFAULT FALSE, ADD COLUMN ban_expiry TIMESTAMP NULL DEFAULT NULL

regards,
Michael

If I set a password from admin ui to be 5 characters, user can't login.
App say password must be at least 8 characters.

Hey everyone,

im still encountering an issue while trying to upgrade to version 1.14.x. I have added the FRONTEND_URL environment variable to the services as mentioned in the 1.14.1 release, but im getting "Secure Connection Failed" errors on versions 1.14.2 and above across different browsers.

My instance is hosted behind a NetScaler, and 1.14.1 is the latest version that seems to work (though im facing a language issue here #166 / #171). The latest stable version is still 1.13.8, which runs without any issues. The Docker logs dont show any interesting outputs, but I suspect that there might be a missing debug logging.

If youd like me to investigate further into the containers, please let me know where i should focus my attention in more detail.

Thank you all in advance!

Reported issue: Number of dates equals 7 (actual), not 8 (expected)

Hello!

I'd like to ask if it would be possible to publish the docker images to an alternative repository than dockerhub as well.

We're running seatsurfing on a multi-node k8s cluster, and if the app gets restarted and multiple nodes start pulling containers the limit can be triggered rather quickly:

Failed to pull image "docker.io/seatsurfing/backend:latest": rpc error: code = Unknown desc = reading manifest latest in docker.io/seatsurfing/backend: 
toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit

Maybe ghcr.io and/or quay.io (free public tier) would be an option?
Thanks for your consideration!

I.e. today (Oct 29 2023), switch to winter time. Day has 25 hours instead of 24.

Test case fails:

--- FAIL: TestBookingsSameDay (0.28s)
    /Users/heiner/git/seatsurfing/backend/server/main_test.go:204: Expected HTTP Status 201, but got 400 at:
        goroutine 34 [running]:
        runtime/debug.Stack()
        	/usr/local/Cellar/go/1.21.3/libexec/src/runtime/debug/stack.go:24 +0x5e
        server/server.checkTestResponseCode(0xc00021ad00, 0xc9, 0x190)
        	/Users/heiner/git/seatsurfing/backend/server/main_test.go:204 +0x38
        server/server.TestBookingsSameDay(0x0?)
        	/Users/heiner/git/seatsurfing/backend/server/booking-router_test.go:1056 +0x565
        testing.tRunner(0xc00021ad00, 0x146b2e0)
        	/usr/local/Cellar/go/1.21.3/libexec/src/testing/testing.go:1595 +0xff
        created by testing.(*T).Run in goroutine 1
        	/usr/local/Cellar/go/1.21.3/libexec/src/testing/testing.go:1648 +0x3ad

At the moment, logging in using an Auth Provider (i.e. Keycloak) needs to go through two steps.

Expectation: Avoid these two steps of login if there is only one organization with only one authorization provider.

Hi all,

We deployed an instance of SeatSurfing using docker compose.yml file on azure web apps. Everything seems to be working fine and then randomly lost our configuration/settings. This first happened earlier about 2 months again, we disabled the health check feature and turned on "Always on". It was working fine for a month then today it lost all the data and configuration again.

Hi,
I started using seatsurfing recently and I deployed version 1.13.8 in Kuberentes with the guide provided in the official documentation.
I've set it up as described Traefik ingressRoute + Nginx reverse proxy before it and it was running great.
However, I decided to upgrade to 1.15.0 latest version - suddenly the backend stopped working giving me this error:
Get "http://localhost:3000/admin/dashboard": dial tcp [::1]:3000: connect: connection refused
and respectively this for the UI:
Get "http://localhost:3001/ui/login": dial tcp [::1]:3001: connect: connection refused
I tried to deploy a new separate setup with 1.15.0 to start from scratch - it was giving me the same error from the start.
I also tried a new setup from scratch with 1.14.4 - the effect was the same.
So for now only 1.13.8 works for me and I can't understand why.
I am using the documentation as example how to deploy all the version - maybe something changed in 1.14/1.15 which is not properly added to documentation?

I don't know.
Can someone suggest how can I fix this and run a more recent version?
Thanks!
P.S. - here is my setup (URL are changed on purpose):

apiVersion: apps/v1
kind: Deployment
metadata:
  name: seatsurfing-backend
  namespace: services
spec:
  replicas: 1
  selector:
    matchLabels:
      app: seatsurfing-backend
  template:
    metadata:
      labels:
        app: seatsurfing-backend
    spec:
      containers:
      - image: seatsurfing/backend:latest
        name: server
        imagePullPolicy: Always
        ports:
        - name: port-http
          containerPort: 8080
        env:
        - name: POSTGRES_PASS
          valueFrom:
            secretKeyRef:
              name: seatsurfing-db
              key: db-password
        - name: POSTGRES_URL
          value: "postgres://seatsurfing:$(POSTGRES_PASS)@seatsurfing-db/seatsurfing?sslmode=disable"
        - name: JWT_SIGNING_KEY
          value: "a_random_key"
        - name: PUBLIC_URL
          value: "https://book.mycoworking.com" 
        - name: FRONTEND_URL
          value: "https://book.mycoworking.com"
      - image: seatsurfing/booking-ui:latest
        name: booking-ui
        imagePullPolicy: Always
        env:
        - name: FRONTEND_URL
          value: "https://book.mycoworking.com"
      - image: seatsurfing/admin-ui:latest
        name: admin-ui
        imagePullPolicy: Always
        env:
        - name: FRONTEND_URL
          value: "https://book.mycoworking.com"
---
apiVersion: v1
kind: Service
metadata:
  name: seatsurfing-backend
  namespace: services
spec:
  ports:
    - port: 80
      protocol: TCP
      targetPort: 8080
  selector:
    app: seatsurfing-backend
  type: ClusterIP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: seatsurfing-backend
  namespace: services
spec:
  entryPoints:
    - web
  routes:
  - match: Host(`book.mycoworking.com`)
    kind: Rule
    services:
    - name: seatsurfing-backend
      port: 80

Hi there,

each time I shut down the container and start it again, I lose every setting I made.
This Includes floorplans and seats

Good afternoon,

I had installed an older version of SeatSurfing on a Debian 11 machine and it was working apparently without any issue.

Currently im doing a fresh install using the latest version on Debian 12 but after some attemps repeting the installation process in different ways i always get a blank page when accessing the http://localhost:8080/admin/ and http://localhost:8080/ui/ .

Anyone knows what the problem might be and point me on the right direction to solve it?

Thanks in advance.

Situatiton: You are physically present at a desk which seems empty. At the desk there is a barcode which would allow direct booking for the current day.

I am using docker compose to test seatsurfing. After configuring keycloack from the admin UI, I am redirected to login page but right after I become The connection was reset with the following error on the server:

example-server-1 |  2023-10-11 11-23-22 code exchange failed: Post "http://localhost:8081/realms/bob/protocol/openid-connect/token": dial tcp 127.0.0.1:8081: connect: connection refused

Can relevant information such as phone numbers, network ports, etc. be added to each workstation?

Bookings are 2 hours back in time in Europe/Berlin timezone (summer time)

My bookings has no translation, strings are still in German:

Running latest images for testing and timezone seems to be off. Today is 11/01 but in "My bookings" shows bookings for both 11/01 and 11/02 as "Today". Not sure if this is on my end or due to the bug for winter time. Although I started noticing this issue even with the version before 1.14.4 on 10/27/2023.

Also testing with older image versions and same issue. Sorry for the annoyance but I really want to know if anyone else is experiencing this.

Thanks again.

Picture for reference:

Good morning, I am testing the application from Buenos Aires Argentina and I would like to be able to have it in Spanish.
I would like to collaborate with the translation, is it possible?

Thank you
Regards

I try seatsurfing.mydomain.com with Italian Language.

https://seatsurfing.mydomain.com/ui/it work fine

https://seatsurfing.mydomain.com doesn't work, after a timeout redirect me to /ui subpath and give me a 502 error Bad Gateway.

I use traefik for https...

similar situation on Docker Desktop (Windows - Italian) where with the standard docker-compose.yml it give me an error 405 (Method not Allowed) out of the box.

the docker-compose.yml is the one on website for desktop version
`version: '3.7'

services:
server:
image: seatsurfing/backend
restart: always
networks:
sql:
http:
ports:
- 8080:8080
environment:
POSTGRES_URL: 'postgres://seatsurfing:DB_PASSWORD@db/seatsurfing?sslmode=disable'
JWT_SIGNING_KEY: 'some_random_string'
BOOKING_UI_BACKEND: 'booking-ui:3001'
ADMIN_UI_BACKEND: 'admin-ui:3000'
PUBLIC_URL: 'https://seatsurfing.your-domain.com'
FRONTEND_URL: 'https://seatsurfing.your-domain.com'
booking-ui:
image: seatsurfing/booking-ui
restart: always
networks:
http:
environment:
FRONTEND_URL: 'https://seatsurfing.your-domain.com'
admin-ui:
image: seatsurfing/admin-ui
restart: always
networks:
http:
environment:
FRONTEND_URL: 'https://seatsurfing.your-domain.com'
db:
image: postgres:12
restart: always
networks:
sql:
volumes:
- db:/var/lib/postgresql/data
environment:
POSTGRES_PASSWORD: DB_PASSWORD
POSTGRES_USER: seatsurfing
POSTGRES_DB: seatsurfing

volumes:
db:

networks:
sql:
http:`

for remote version I just add traefik network and the relative label

thanks

When changing a super admin's user in the Admin UI, the role drop down only shows "org admin" as maximum assignable role. When saving, not only the user being modified is not a super admin anymore, he/she is also degraded to a normal user.

No logs, no instructions. After Azure auth setup get this error.
Possibly your account is not activated in this organization.

Next JS stores translation in local cache

admin- and booking-ui are using coth default Namespace common.
Resulting in admin-ui uses cached booking-ui translation and probable v.v.

PR on the way

Hello,
in our setup the language redirection is not working as expected. Sites are almost every time displayed in "en". I'd like to suggest to change the fallback from static redirection to organizational settings language if detection fails. This is much more flexible and a workaround for not having the language detected automatically.

I am unsure why redirects aren't working as expected. Probably it has to do with missing cookies. I am unsure why they aren't added but it might have to do with the paths the application is using and NEXT_LOCALE cookie as we aren't landing on path "/" but getting redirected.

A change might be required here:
admin-ui/src/middleware.ts: const locale = req.cookies.get('NEXT_LOCALE')?.value || 'en';
booking-ui/src/middleware.ts: const locale = req.cookies.get('NEXT_LOCALE')?.value || 'en';

If I am wrong could you please explain and help solving the issue? Why language redirection is not working as expected? If users are using the language code in the application paths it's working - at least until switching between administration and booking for example.

kind regards,
Ingo

Error report via email:

"I have tried the merge function since our confluence account emails does not match the seatsurfing account email. But I have not succeeded. I enter my seatsurfing email in Confluence and get a error 405 (page does not exist) reply."

Seatsurfing with Confluence (data center)

Is it possible to add a feature so when a user books a seat, an email is sent to them confirming what seat they booked. Also if cancelled, email is sent about their booking being cancelled?

Let me know what you guys think and thanks for the awesome project.

remove

I receive the following HTTP 502 "Bad Gateway" error as a local admin user since the update to 1.14:

Url: https://FQDN/admin/dashboard/
Error: Get "http://localhost:3000/admin/en/dashboard": dial tcp 127.0.0.1:3000: connect: connection refused

When i manually update the url with ../en/.. or ../de/.. then the frontend is working. As a local user the booking-ui redirect is working as expected but when i login with a OAuth user (Microsoft) then i receive a similar error like above:

Url: https://FQDN/ui/login/success/000-0-0-0-000
Error: Get "http://localhost:3001/ui/en/login/success/000-0-0-0-000": dial tcp 127.0.0.1:3001: connect: connection refused

Manually fixing the url works here too.
For testing purposes i already set up a new test instance because i initially thought that changing the environment configuration parameter INIT_ORG_LANGUAGE: 'de' after the first start of the instance was the issue but it looks like that version 1.14 has a bug here..?
Also tried to remove and update the language entry directly in the "organizations" psql table but nothing changed.

hats off for the project!

Hi,

Im trying to setup the docker seatsurfing but i can not succeed.
Im doing it on my docker desktop on my windows 11 computer with the following compose file

version: '3.7'

services:
  server:
    image: seatsurfing/backend
    restart: always
    networks:
      sql:
      http:
    ports:
      - 8080:8080
    environment:
      POSTGRES_URL: 'postgres://seatsurfing:DB_PASSWORD@db/seatsurfing?sslmode=disable'
      JWT_SIGNING_KEY: 'some_random_string'
      BOOKING_UI_BACKEND: 'localhost:3001'
      ADMIN_UI_BACKEND: 'localhost:3000'
      PUBLIC_URL: 'http://localhost'
      FRONTEND_URL: 'http://localhost'
  booking-ui:
    image: seatsurfing/booking-ui
    restart: always
    networks:
      http:
    ports:
      - 3001:3001
    environment:
      FRONTEND_URL: 'http://localhost:3001'
  admin-ui:
    image: seatsurfing/admin-ui
    restart: always
    networks:
      sql:
      http:
    ports:
      - 3000:3000
    environment:
      FRONTEND_URL: 'http://localhost:3000'
  db:
    image: postgres:12
    restart: always
    networks:
      sql:
      http:
    ports:
      - 5432:5432
    volumes:
      - db:/var/lib/postgresql/data
    environment:
      POSTGRES_PASSWORD: DB_PASSWORD
      POSTGRES_USER: seatsurfing
      POSTGRES_DB: seatsurfing

volumes:
  db:

networks:
  sql:
  http:

before you ask, yes thats the default stuff, im just trying to see if it works : (

i have inputed http over https because it says SSL error, and hard coded the ports because it could not find them.

now i get the following error on login:

all of the containers are up and running without errors btw, i cant see any logs and the connection to the database is present

Thank you in advance

Hey guys,

Now (for example):
Enter: 10/05/2023 , 00:00
Leave: 10/05/2023 , 23:59

Nice would be:
Enter: 10/05/2023
Leave: 10/05/2023

i even saw yesterday on a client that they was shown "24:00" instead of "00:00" (could be to some language formatting issues too) so would it be possible to completely remove the time when you enable "Allow bookings on a daily basis only"?

Currently running 1.13.8

Thanks a lot in advance!

Via email:

"The macro layout in Confluence “hides” the area-image quite much, compared to web-app layout (see screen shots below). Is this possible to configure in any way? Or can you give tips for how to make it better?"

Situation: You entered a floor and just need a random seat from there not knowing if there is one available. Scanning a floor barcode might help to book a seat faster.

Hello,

based on the problems described in #207, I would like to discuss an extension to provide compatibility with MS ADFS services. I would like to avoid additional identity brokers just for compatibility reasons.

It is possible to retrieve the required information by decoding the oAuth2 credentials that are already present in the authentication token. It is possible by including the required email attribute in the access token and skipping the user information service call altogether.

There are several ways in which this can be achieved. One way is to make the URL of the user profile optional and read the access token if the URL is not specified. This makes sense in order to preserve compatibility. On the other hand, relying on the access token and skipping the user profile call ought to be an option for any identity provider mechanism.

I have implemented the change locally, and it works this way. I am able to use ADFS to provide the email attribute using claim-based rules that also optionally skip specifying the "email" scope. Let me know if the code snippet might be helpful.

I am looking forward to have this changes implemented.

kind regards,
Ingo

I'm experiencing a problem with language redirects very similar to #166.
I'm using latest docker images and compose file from here: https://hub.docker.com/r/seatsurfing/backend

Specifically, if I try to click on Administration button on /ui page, then it redirects to https://seatsurfing.mydomain.test/admin/dashboard/ which returns an error:

Get "https://seatsurfing.mydomain.test/admin/en/dashboard": tls: failed to verify certificate: x509: certificate signed by unknown authority

If I manually add "en" to the path like that: https://seatsurfing.mydomain.test/admin/en/dashboard/ then it works fine.

Hi,

I am currently trying to use the REST API. Unfortunately, the documentation doesn't really help me because, for example, the expected parameters are not specified. Is it possible to customize the documentation?
I am currently trying to find out the parameters from the source code.

Thank you
Florian

With the option "Allow bookings on a daily basis only" ENabled instead of datetime-picker only datepicker gets used.
Here is the CSS File missing.

On Chrome it works (interesting), but not not in Firefox or on iOS

It looks that way:

PR on the way

Tracking issue for:

• https://github.com/seatsurfing/backend/security/code-scanning/2