tborychowski / courier Goto Github PK
View Code? Open in Web Editor NEWa self-hosted parcel tracker
License: GNU General Public License v3.0
courier's Introduction
courier's People
Contributors
Stargazers
Watchers
courier's Issues
Multi-arch image on Docker Hub
Hello,
The image on Docker Hub only supports amd64 when the base image (alpine) also supports arm/v6 and arm/v7, which would allow users to user courier on Raspberry Pies and similar ARM-based SBCs.
See
- Leverage multi-CPU architecture support (docs.docker.com)
- Multi-arch build and images, the simple way (docker.com/blog)
Error 500 on GET /api/trackings and couriers-list.json does not exist
Hello,
I just deployed courier 0.0.9 and I encounter the following problems/errors:
- the Select Courier dropdown in the front-end is empty
- the GET request to
/api/trackingsreturns an HTTP 500 error with{"code":500,"msg":"Internal server error."}as the response - I get the following errors in the Docker logs:
[09:03:59] [info] --- STARTING -----------------------------------------------------
[09:03:59] [info] Server started: http://localhost:3000
[09:15:56] [info] Caching response for: /trackings?pageId=1&limit=100
[09:15:56] [error] Internal server error.
[09:15:57] [info] Caching response for: /couriers/list
node:fs:585
handleErrorFromBinding(ctx);
^
Error: ENOENT: no such file or directory, open '/app/server/cache/couriers-list.json'
at Object.openSync (node:fs:585:3)
at Object.writeFileSync (node:fs:2153:35)
at Object.writeFileSync (/app/node_modules/jsonfile/index.js:78:13)
at setCache (/app/server/lib/request.js:22:5)
at /app/server/lib/request.js:55:4
at processTicksAndRejections (node:internal/process/task_queues:96:5) {
errno: -2,
syscall: 'open',
code: 'ENOENT',
path: '/app/server/cache/couriers-list.json'
}
Node.js v17.2.0
[09:15:59] [info] --- STARTING -----------------------------------------------------
[09:15:59] [info] Server started: http://localhost:3000
"latest" tag on Docker Hub targets arm64
The current "latest" container on Docker Hub targets arm64 instead of amd64, which seems to be a change from previous images.
I'm guessing this was done by mistake, but if ARM is the preferred platform going forward, a "latest-amd" tag for the equivalent version targeting x86_64 would be much appreciated.
Expected date is off by one day
The Expected field is off by a day on all of my deliveries.
You can see in the network response that "expected_delivery" for the "Rift S" tracking is "2021-05-17", but Courier displays "Expected" as "Sun May 16 2021".
I suspect this has something to do with the Javascript Date object converting between UTC and local time.
Some couriers show "Invalid Date" for Expected
All of my shipments from FedEx show "Invalid Date" for the Expected field. I suspect that this has something to do with the time being included ("T00:00:00") in the "expected_delivery" field.
Cannot build Docker image
Hello,
Due to the lack of multi-arch image on Docker Hub (see #3), I tried building the image myself on my ARM-based SBC and encountered the following error:
sudo docker build https://github.com/tborychowski/courier.git -t tborychowski/courier:0.0.9-arm
Sending build context to Docker daemon 769.5kB
Step 1/9 : FROM node:alpine
alpine: Pulling from library/node
be307f383ecc: Pull complete
1822d4fff1a7: Pull complete
a1faa0e8c7a6: Pull complete
45097cae72dc: Pull complete
Digest: sha256:e64dc950217610c86f29aef803b123e1b6a4a372d6fa4bcf71f9ddcbd39eba5c
Status: Downloaded newer image for node:alpine
---> 931d0903ad7e
Step 2/9 : RUN apk --no-cache add curl
---> Running in 96ae3401c6b8
fetch https://dl-cdn.alpinelinux.org/alpine/v3.14/main/aarch64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.14/community/aarch64/APKINDEX.tar.gz
(1/5) Installing ca-certificates (20191127-r5)
(2/5) Installing brotli-libs (1.0.9-r5)
(3/5) Installing nghttp2-libs (1.43.0-r0)
(4/5) Installing libcurl (7.79.1-r0)
(5/5) Installing curl (7.79.1-r0)
Executing busybox-1.33.1-r6.trigger
Executing ca-certificates-20191127-r5.trigger
OK: 9 MiB in 21 packages
Removing intermediate container 96ae3401c6b8
---> 6ebbd8dd18d4
Step 3/9 : EXPOSE 3000
---> Running in 26f18f4dfc8c
Removing intermediate container 26f18f4dfc8c
---> 2571d94fe69f
Step 4/9 : WORKDIR /app
---> Running in 141259bd01e6
Removing intermediate container 141259bd01e6
---> ef252dbf269a
Step 5/9 : COPY *.* ./
---> 4f09ae8f54f5
Step 6/9 : RUN npm ci --only=production
---> Running in 685af1a80aaa
npm WARN old lockfile
npm WARN old lockfile The package-lock.json file was created with an old version of npm,
npm WARN old lockfile so supplemental metadata must be fetched from the registry.
npm WARN old lockfile
npm WARN old lockfile This is a one-time fix-up, please be patient...
npm WARN old lockfile
npm WARN deprecated [email protected]: Critical security vulnerability fixed in v0.21.1. For more information, see https://github.com/axios/axios/pull/3410
added 94 packages, and audited 95 packages in 35s
1 package is looking for funding
run `npm fund` for details
2 vulnerabilities (1 moderate, 1 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
npm notice
npm notice New minor version of npm available! 8.1.4 -> 8.3.0
npm notice Changelog: <https://github.com/npm/cli/releases/tag/v8.3.0>
npm notice Run `npm install -g [email protected]` to update!
npm notice
Removing intermediate container 685af1a80aaa
---> 7aff909f1c76
Step 7/9 : COPY public ./public
COPY failed: file not found in build context or excluded by .dockerignore: stat public: file does not exist
Not sure what info I can give you to help troubleshooting the issue.
Fix Docker Build
The Docker build does not work and assumes app build is done locally. This should be done in the Docker build stage as well. This will allow users to easily build the project as well as enable automatic builds in Docker Hub or GitHub Actions & GHCR.
Resolve package dependency vulnerabilities
There are a number of Vulnerabilities and deprecated packages being reported during the npm build. Enabling DependaBot on this repo would help automate these.
12 vulnerabilities (4 moderate, 7 high, 1 critical)# npm audit
# npm audit report
axios 0.8.1 - 1.5.1
Severity: moderate
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/axios
glob-parent <5.1.2
Severity: high
glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/chokidar/node_modules/glob-parent
node_modules/glob-stream/node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of glob-parent
node_modules/chokidar
glob-watcher 3.0.0 - 5.0.5
Depends on vulnerable versions of chokidar
node_modules/glob-watcher
glob-stream 5.3.0 - 6.1.0
Depends on vulnerable versions of glob-parent
node_modules/glob-stream
vinyl-fs 2.4.2 - 3.0.3
Depends on vulnerable versions of glob-stream
node_modules/vinyl-fs
gulp >=4.0.0
Depends on vulnerable versions of glob-watcher
Depends on vulnerable versions of vinyl-fs
node_modules/gulp
gulp-nodemon >=2.4.1
Depends on vulnerable versions of gulp
node_modules/gulp-nodemon
semver 7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix`
node_modules/simple-update-notifier/node_modules/semver
simple-update-notifier 1.0.7 - 1.1.0
Depends on vulnerable versions of semver
node_modules/simple-update-notifier
nodemon 2.0.19 - 2.0.22
Depends on vulnerable versions of simple-update-notifier
node_modules/nodemon
simple-git <=3.15.1
Severity: critical
Command injection in simple-git - https://github.com/advisories/GHSA-3f95-r44v-8mrg
Remote code execution in simple-git - https://github.com/advisories/GHSA-9w5j-4mwv-2wj8
Command injection in simple-git - https://github.com/advisories/GHSA-28xr-mwxg-3qc8
simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol - https://github.com/advisories/GHSA-9p95-fxvg-qgq2Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.