Merge branch 'master' into dependabot/npm_and_yarn/light-my-request-5…

….3.0
relaycorp · Oct 18, 2023 · b861e07 · b861e07
2 parents 25d06ec + 43c17d0
commit b861e07
Show file tree

Hide file tree

Showing 80 changed files with 9,633 additions and 8,083 deletions.
diff --git a/.github/scripts/build.sh b/.github/scripts/build.sh
@@ -0,0 +1,9 @@
+set -o nounset -o errexit -o pipefail
+
+cd packages/daemon
+npm run build
+# Work around https://github.com/webpack-contrib/copy-webpack-plugin/issues/59
+npm prune --omit=dev
+
+cd ../ui
+npm run build
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -55,9 +55,12 @@ jobs:
       - run: ../../node_modules/.bin/npm ci
         working-directory: packages/ui
 
-      - run: npm run build
-        timeout-minutes: 5
-      - run: npm run test:ci
+      - run: npm test
+
+      - name: Build
+        shell: bash
+        run: .github/scripts/build.sh
+
       - run: npm run dist
         working-directory: packages/ui
 
@@ -150,8 +153,11 @@ jobs:
         if: ${{ steps.version-artefact.outcome == 'success' }}
         working-directory: packages/ui
 
-      - run: npm run build
+      - name: Build
         if: ${{ steps.version-artefact.outcome == 'success' }}
+        shell: bash
+        run: .github/scripts/build.sh
+
       - name: Set version in app
         if: ${{ steps.version-artefact.outcome == 'success' }}
         run: npm version ${{ steps.set-version.outputs.content }}

diff --git a/.prettierignore b/.prettierignore
@@ -1,3 +1,2 @@
 # package.json is formatted by package managers, so we ignore it here
 package.json
-build
diff --git a/README.md b/README.md
@@ -13,7 +13,7 @@ This document is aimed at advanced users and (prospective) contributors. We aim
 This private gateway implements [Awala bindings](https://specs.awala.network/RS-000#message-transport-bindings) as follows:
 
 - Local endpoints communicate with the private gateway via a [PoWeb](https://specs.awala.network/RS-016) server on `127.0.0.1:13276`. This server is implemented with the PoWeb binding, and the [Fastify](https://www.fastify.io/) and [`ws`](https://github.com/websockets/ws) servers.
-- When the Internet is available and the public gateway is reachable, this private gateway will communicate with its public counterpart using [Relaycorp's PoWeb client](https://github.com/relaycorp/relaynet-poweb-js).
+- When the Internet is available and the Internet gateway is reachable, this private gateway will communicate with its public counterpart using [Relaycorp's PoWeb client](https://github.com/relaycorp/relaynet-poweb-js).
 - When communicating with couriers over WiFi, this private gateway uses the [CogRPC binding](https://specs.awala.network/RS-008) through [Relaycorp's CogRPC client](https://github.com/relaycorp/relaynet-cogrpc-js).
 
 The local communication with endpoints does not use TLS, but all other connections are external and therefore require TLS.
@@ -28,13 +28,13 @@ The items below summarize the security and privacy considerations specific to th
 
 [This app does not (currently) support encryption at rest](https://github.com/relaycorp/awala-gateway-desktop/issues/441), so a malicious app on your computer could get hold of the private keys used by this gateway. Users are highly encouraged to use full-disk encryption to protect such keys in the event that the device were lost or stolen.
 
-Note that because Awala employs end-to-end encryption, compromising these keys won't compromise the encryption of the messages exchanged by your Awala-compatible apps. The keys of any private gateway are used to sign messages and issue Awala PKI certificates, and to encrypt/decrypt cargo exchanged with its public gateway.
+Note that because Awala employs end-to-end encryption, compromising these keys won't compromise the encryption of the messages exchanged by your Awala-compatible apps. The keys of any private gateway are used to sign messages and issue Awala PKI certificates, and to encrypt/decrypt cargo exchanged with its Internet gateway.
 
 ### External communication
 
-In addition to communicating with its public gateway, this app communicates with the following:
+In addition to communicating with its Internet gateway, this app communicates with the following:
 
-- `https://cloudflare-dns.com/dns-query` as the DNS-over-HTTPS (DoH) resolver. DoH is only used to resolve SRV records for the public gateway (e.g., [`_awala-gsc._tcp.frankfurt.relaycorp.cloud`](https://mxtoolbox.com/SuperTool.aspx?action=srv%3a_awala-gsc._tcp.frankfurt.relaycorp.cloud&run=toolpage)), as we delegate the DNSSEC validation to the DoH resolver.
+- `https://cloudflare-dns.com/dns-query` as the DNS-over-HTTPS (DoH) resolver. DoH is only used to resolve SRV records for the Internet gateway (e.g., [`_awala-gsc._tcp.frankfurt.relaycorp.cloud`](https://mxtoolbox.com/SuperTool.aspx?action=srv%3a_awala-gsc._tcp.frankfurt.relaycorp.cloud&run=toolpage)), as we delegate the DNSSEC validation to the DoH resolver.
 - The host running the DHCP server on port `21473`, when the device is connected to a WiFi network but disconnected from the Internet. We do this to check whether the device is connected to the WiFi hotspot of a courier.
 - Other apps on the same device can potentially communicate with the local PoWeb server provided by this app on `127.0.0.1:13276`. Because this server uses the HTTP and WebSocket protocols, we block web browser requests by disabling CORS and refusing WebSocket connections with the `Origin` header (per the PoWeb specification).
 

diff --git a/jest.config.ci.json b/jest.config.ci.json