Compare commits
	
		
			253 Commits
		
	
	
		
			v3.0.0-bet
			...
			v3.2.5-bet
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
|  | f63105c5eb | ||
|  | cb4ed3f581 | ||
|  | 148676513d | ||
|  | 42a5b7a796 | ||
|  | 59fccd9a93 | ||
|  | 5fe6434027 | ||
|  | 91a5a24c8b | ||
|  | ff83364870 | ||
|  | df31b325f6 | ||
|  | cce9847242 | ||
|  | 39dc94b7f8 | ||
|  | ab5ea156a3 | ||
|  | 4ff1eb28d9 | ||
|  | 17080e4465 | ||
|  | c798c1bb1d | ||
|  | 0d7f9ca2b3 | ||
|  | f78ecab2ed | ||
|  | fcc877738f | ||
|  | 92722692f9 | ||
|  | 94e021d8c6 | ||
|  | 95ac0f195b | ||
|  | d6c9b0d7d2 | ||
|  | 59f9e19ffb | ||
|  | 6086d2a0ac | ||
|  | f3aeaf66df | ||
|  | 6b979a22fb | ||
|  | e4bae380c9 | ||
|  | 3117904009 | ||
|  | 331624e2f2 | ||
|  | b078e94189 | ||
|  | ba512ebe95 | ||
|  | bd4212b44c | ||
|  | b699bffb5b | ||
|  | a755c5324f | ||
|  | 9072e7e866 | ||
|  | d3d1057ba8 | ||
|  | 24eda85fdc | ||
|  | d49d15ac9b | ||
|  | e7b2062764 | ||
|  | f21f972825 | ||
|  | 4f4e4a079e | ||
|  | 6fbb9aa9da | ||
|  | 0e610d002c | ||
|  | abd8366e94 | ||
|  | 5d8c243125 | ||
|  | d23af700da | ||
|  | 494161eb47 | ||
|  | 6a9728be4b | ||
|  | 5e889956c7 | ||
|  | 5afc6ea271 | ||
|  | cc368377c2 | ||
|  | 51764be7d4 | ||
|  | fe598b4a30 | ||
|  | 80286e57d9 | ||
|  | 9f36a48d15 | ||
|  | 94286e8452 | ||
|  | 0ce2d6a998 | ||
|  | 9e15fd7d2e | ||
|  | 736348ebe8 | ||
|  | ddb981cba2 | ||
|  | 724452fb40 | ||
|  | a2ac6a6268 | ||
|  | aecda25b25 | ||
|  | 0f22b0bb23 | ||
|  | edf6d70d69 | ||
|  | a2ecd2e221 | ||
|  | 2f022cae5d | ||
|  | bb3669f5b2 | ||
|  | 87fd8caf2c | ||
|  | e8087a7c01 | ||
|  | 4075a7df29 | ||
|  | c081b6f764 | ||
|  | ecaa6d0321 | ||
|  | e7ae7833ad | ||
|  | 22f34f6f81 | ||
|  | 29efe0a10e | ||
|  | 965c64b468 | ||
|  | ce57cda672 | ||
|  | a59857079e | ||
|  | 9ae2a0c628 | ||
|  | f2c514cd82 | ||
|  | 6755230c53 | ||
|  | f2a0e60f20 | ||
|  | 6cb21e95c4 | ||
|  | 868add68a5 | ||
|  | 307148d951 | ||
|  | 9cb4235550 | ||
|  | 6014b3e961 | ||
|  | 32f0a891ba | ||
|  | 124ac46eeb | ||
|  | d3e76c19bf | ||
|  | dd1ce189ae | ||
|  | 82e43b06c6 | ||
|  | aab4e6d9df | ||
|  | 1f097678ce | ||
|  | 96cb4a04ec | ||
|  | b7c4b37e89 | ||
|  | 952cf27ecb | ||
|  | 765810e4e5 | ||
|  | 36d09a7679 | ||
|  | c6d6648942 | ||
|  | 54ca7580b0 | ||
|  | 4e53d239bb | ||
|  | 6491894f0e | ||
|  | 93e05dd913 | ||
|  | 2efe69e50b | ||
|  | 761865a6a3 | ||
|  | 25fed8db61 | ||
|  | de42e1ca47 | ||
|  | 138e20d36d | ||
|  | 433610286c | ||
|  | 236f94247a | ||
|  | 1a5c1de510 | ||
|  | 6fb55005d4 | ||
|  | 4779671323 | ||
|  | e7876739e7 | ||
|  | e699e30af3 | ||
|  | 7541a2b085 | ||
|  | 24aa605973 | ||
|  | fd28445680 | ||
|  | 19b7448c3a | ||
|  | 53c39135af | ||
|  | b9147038e6 | ||
|  | 9a0b7f5c55 | ||
|  | 2a5f9f03ae | ||
|  | 78f6e36fc9 | ||
|  | 8e7aadd183 | ||
|  | 794a2782ac | ||
|  | 383f26e777 | ||
|  | 2db88d3902 | ||
|  | 5e96633a1e | ||
|  | 6c80ad8b2a | ||
|  | 96bd39eb25 | ||
|  | b4bf227603 | ||
|  | 90c0300d77 | ||
|  | a5a22ca5c4 | ||
|  | f1ef32b5d4 | ||
|  | a4bc5ec015 | ||
|  | 2e56b7e59f | ||
|  | 5672d25bce | ||
|  | edf20e6190 | ||
|  | dc3da45c2d | ||
|  | f3f792e053 | ||
|  | ad689bd6d9 | ||
|  | ffd5005c8b | ||
|  | e9ae414a6e | ||
|  | a3389b8b0d | ||
|  | 199dd9ffd4 | ||
|  | 233ea0da41 | ||
|  | 1134beb6a6 | ||
|  | b26450d277 | ||
|  | 61255b5e19 | ||
|  | e4bdfb8432 | ||
|  | 7f76d48314 | ||
|  | 4d101fbdeb | ||
|  | 008f19b8b0 | ||
|  | 1294329083 | ||
|  | 1999949129 | ||
|  | f1cb7a6216 | ||
|  | b908dcf69d | ||
|  | 82842508ef | ||
|  | c466bba77a | ||
|  | 91b6a9913b | ||
|  | 84dc949d5c | ||
|  | 0329829185 | ||
|  | 8ddfa382b4 | ||
|  | 95939f8f47 | ||
|  | c9a9f1d6cf | ||
|  | 6f9813c2c7 | ||
|  | d63b2ab053 | ||
|  | 9fa138a417 | ||
|  | 82861d91e9 | ||
|  | 1d2caa9e34 | ||
|  | 4ea799ae80 | ||
|  | 3265f9d1a2 | ||
|  | 5e82e8c709 | ||
|  | 961d7b4f45 | ||
|  | cc97a8e60d | ||
|  | 5e367b67fa | ||
|  | 0b87c6e803 | ||
|  | 1ea4115578 | ||
|  | d5918c3088 | ||
|  | 3551732aa3 | ||
|  | 6b0972c2ea | ||
|  | 0ff4661ccd | ||
|  | 75d6049b87 | ||
|  | 4fb7007db2 | ||
|  | 2c6699b604 | ||
|  | 8db3304b56 | ||
|  | 8a954e14fa | ||
|  | 00174fd9af | ||
|  | bb7872eed1 | ||
|  | 96f098f343 | ||
|  | fa0684ebbd | ||
|  | 5b04dd6415 | ||
|  | 7e05724a2a | ||
|  | b4e29294d9 | ||
|  | 48019df81a | ||
|  | 9e1c6c0e9a | ||
|  | 7eaae9fcb4 | ||
|  | 099546d525 | ||
|  | d1de4c78c5 | ||
|  | 69b808ef5e | ||
|  | 503ab4055f | ||
|  | 8f85874cbe | ||
|  | f1449f6b10 | ||
|  | 9a086d7b40 | ||
|  | bbadb956af | ||
|  | 898586108f | ||
|  | 6fbf9af388 | ||
|  | 11d834aea7 | ||
|  | 828fbd4cfd | ||
|  | ea68e771a8 | ||
|  | 229f9a3ca0 | ||
|  | dd10c17a3a | ||
|  | ab071916b8 | ||
|  | 1ab0504288 | ||
|  | 652f1f47d2 | ||
|  | cd9598a6d3 | ||
|  | 017a1debd3 | ||
|  | b917dbc05f | ||
|  | 4fdee6b98b | ||
|  | a669a6c048 | ||
|  | 264521f1c4 | ||
|  | b1cc9dbb21 | ||
|  | 719b7f0036 | ||
|  | 68c565f265 | ||
|  | 22c5a44af8 | ||
|  | 4e841b272c | ||
|  | 6af10c6f33 | ||
|  | 978a1e5755 | ||
|  | c265b8e08d | ||
|  | d0173a0bf9 | ||
|  | 0d346b75cc | ||
|  | 0a65917cbf | ||
|  | f651f50180 | ||
|  | 1125665bb1 | ||
|  | b65aac3044 | ||
|  | a865aabed0 | ||
|  | 561e8faf33 | ||
|  | 6445b0ce3e | ||
|  | 90cd3333cb | ||
|  | 2ca0db70c3 | ||
|  | 28697fa270 | ||
|  | d739c1b213 | ||
|  | 25a0c39135 | ||
|  | 185fa4c191 | ||
|  | 9dfb034c2e | ||
|  | 936a2b71c7 | ||
|  | cd14c28be1 | ||
|  | 3c084a6686 | ||
|  | 6a1381684b | ||
|  | dc20770fe6 | 
| @@ -62,9 +62,9 @@ docker-compose* | |||||||
|  |  | ||||||
| # Storage directories (created at runtime) | # Storage directories (created at runtime) | ||||||
| uploads/ | uploads/ | ||||||
| temp-chunks/ | temp-uploads/ | ||||||
| apps/server/uploads/ | apps/server/uploads/ | ||||||
| apps/server/temp-chunks/ | apps/server/temp-uploads/ | ||||||
|  |  | ||||||
| # Static files | # Static files | ||||||
| apps/server/prisma/*.db | apps/server/prisma/*.db | ||||||
|   | |||||||
							
								
								
									
										259
									
								
								.github/copilot-instructions.md
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						| @@ -0,0 +1,259 @@ | |||||||
|  | # GitHub Copilot Instructions for Palmr | ||||||
|  |  | ||||||
|  | This file contains instructions for GitHub Copilot to help contributors work effectively with the Palmr codebase. | ||||||
|  |  | ||||||
|  | ## Project Overview | ||||||
|  |  | ||||||
|  | Palmr is a flexible and open-source alternative to file transfer services like WeTransfer and SendGB. It's built with: | ||||||
|  |  | ||||||
|  | - **Backend**: Fastify (Node.js) with TypeScript, SQLite database, and filesystem/S3 storage | ||||||
|  | - **Frontend**: Next.js 15 + React + TypeScript + Shadcn/ui | ||||||
|  | - **Documentation**: Next.js + Fumadocs + MDX | ||||||
|  | - **Package Manager**: pnpm (v10.6.0) | ||||||
|  | - **Monorepo Structure**: Three main apps (web, server, docs) in the `apps/` directory | ||||||
|  |  | ||||||
|  | ## Architecture and Structure | ||||||
|  |  | ||||||
|  | ### Monorepo Layout | ||||||
|  |  | ||||||
|  | ``` | ||||||
|  | apps/ | ||||||
|  | ├── docs/       # Documentation site (Next.js + Fumadocs) | ||||||
|  | ├── server/     # Backend API (Fastify + TypeScript) | ||||||
|  | └── web/        # Frontend application (Next.js 15) | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### Key Technologies | ||||||
|  |  | ||||||
|  | - **TypeScript**: Primary language for all applications | ||||||
|  | - **Database**: Prisma ORM with SQLite (optional S3-compatible storage) | ||||||
|  | - **Authentication**: Multiple OAuth providers (Google, GitHub, Discord, etc.) | ||||||
|  | - **Internationalization**: Multi-language support with translation scripts | ||||||
|  | - **Validation**: Husky pre-push hooks for linting and type checking | ||||||
|  |  | ||||||
|  | ## Development Workflow | ||||||
|  |  | ||||||
|  | ### Base Branch | ||||||
|  |  | ||||||
|  | Always create new branches from and submit PRs to the `next` branch, not `main`. | ||||||
|  |  | ||||||
|  | ### Commit Convention | ||||||
|  |  | ||||||
|  | Use Conventional Commits format for all commits: | ||||||
|  |  | ||||||
|  | ``` | ||||||
|  | <type>(<scope>): <description> | ||||||
|  |  | ||||||
|  | Types: | ||||||
|  | - feat: New feature | ||||||
|  | - fix: Bug fix | ||||||
|  | - docs: Documentation changes | ||||||
|  | - test: Adding or updating tests | ||||||
|  | - refactor: Code refactoring | ||||||
|  | - style: Code formatting | ||||||
|  | - chore: Maintenance tasks | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | Examples: | ||||||
|  |  | ||||||
|  | - `feat(web): add user authentication system` | ||||||
|  | - `fix(api): resolve null pointer exception in user service` | ||||||
|  | - `docs: update installation instructions in README` | ||||||
|  | - `test(server): add unit tests for user validation` | ||||||
|  |  | ||||||
|  | ### Code Quality Standards | ||||||
|  |  | ||||||
|  | 1. **Linting**: All apps use ESLint. Run `pnpm lint` before committing | ||||||
|  | 2. **Formatting**: Use Prettier for code formatting. Run `pnpm format` | ||||||
|  | 3. **Type Checking**: Run `pnpm type-check` to validate TypeScript | ||||||
|  | 4. **Validation**: Run `pnpm validate` to run both linting and type checking | ||||||
|  | 5. **Pre-push Hook**: Automatically validates all apps before pushing | ||||||
|  |  | ||||||
|  | ### Testing Changes | ||||||
|  |  | ||||||
|  | - Test incrementally during development | ||||||
|  | - Run validation locally before pushing: `pnpm validate` in each app directory | ||||||
|  | - Keep changes focused on a single issue or feature | ||||||
|  | - Review your work before committing | ||||||
|  |  | ||||||
|  | ## Application-Specific Guidelines | ||||||
|  |  | ||||||
|  | ### Web App (`apps/web/`) | ||||||
|  |  | ||||||
|  | - Framework: Next.js 15 with App Router | ||||||
|  | - Port: 3000 (development) | ||||||
|  | - Scripts: | ||||||
|  |   - `pnpm dev`: Start development server | ||||||
|  |   - `pnpm build`: Build for production | ||||||
|  |   - `pnpm validate`: Run linting and type checking | ||||||
|  | - Translations: Use Python scripts in `scripts/` directory | ||||||
|  |   - `pnpm translations:check`: Check translation status | ||||||
|  |   - `pnpm translations:sync`: Synchronize translations | ||||||
|  |  | ||||||
|  | ### Server App (`apps/server/`) | ||||||
|  |  | ||||||
|  | - Framework: Fastify with TypeScript | ||||||
|  | - Port: 3333 (default) | ||||||
|  | - Scripts: | ||||||
|  |   - `pnpm dev`: Start development server with watch mode | ||||||
|  |   - `pnpm build`: Build TypeScript to JavaScript | ||||||
|  |   - `pnpm validate`: Run linting and type checking | ||||||
|  |   - `pnpm db:seed`: Seed database | ||||||
|  | - Database: Prisma ORM with SQLite | ||||||
|  |  | ||||||
|  | ### Docs App (`apps/docs/`) | ||||||
|  |  | ||||||
|  | - Framework: Next.js with Fumadocs | ||||||
|  | - Port: 3001 (development) | ||||||
|  | - Content: MDX files in `content/docs/` | ||||||
|  | - Scripts: | ||||||
|  |   - `pnpm dev`: Start development server | ||||||
|  |   - `pnpm build`: Build documentation site | ||||||
|  |   - `pnpm validate`: Run linting and type checking | ||||||
|  |  | ||||||
|  | ## Code Style and Best Practices | ||||||
|  |  | ||||||
|  | ### General Guidelines | ||||||
|  |  | ||||||
|  | 1. **Follow Style Guidelines**: Ensure code adheres to ESLint and Prettier configurations | ||||||
|  | 2. **TypeScript First**: Always use TypeScript, avoid `any` types when possible | ||||||
|  | 3. **Component Organization**: Keep components focused and single-purpose | ||||||
|  | 4. **Error Handling**: Implement proper error handling and logging | ||||||
|  | 5. **Comments**: Add comments only when necessary to explain complex logic | ||||||
|  | 6. **Imports**: Use absolute imports where configured, keep imports organized | ||||||
|  |  | ||||||
|  | ### API Development (Server) | ||||||
|  |  | ||||||
|  | - Use Fastify's schema validation for all routes | ||||||
|  | - Follow REST principles for endpoint design | ||||||
|  | - Implement proper authentication and authorization | ||||||
|  | - Handle errors gracefully with appropriate status codes | ||||||
|  | - Document API endpoints in the docs app | ||||||
|  |  | ||||||
|  | ### Frontend Development (Web) | ||||||
|  |  | ||||||
|  | - Use React Server Components where appropriate | ||||||
|  | - Implement proper loading and error states | ||||||
|  | - Follow accessibility best practices (WCAG guidelines) | ||||||
|  | - Optimize performance (lazy loading, code splitting) | ||||||
|  | - Use Shadcn/ui components for consistent UI | ||||||
|  |  | ||||||
|  | ### Documentation | ||||||
|  |  | ||||||
|  | - Write clear, concise documentation | ||||||
|  | - Include code examples where helpful | ||||||
|  | - Update documentation when changing functionality | ||||||
|  | - Use MDX features for interactive documentation | ||||||
|  | - Follow the existing documentation structure | ||||||
|  |  | ||||||
|  | ## Translation and Internationalization | ||||||
|  |  | ||||||
|  | - All user-facing strings should be translatable | ||||||
|  | - Use the Next.js internationalization system | ||||||
|  | - Translation files are in `apps/web/messages/` | ||||||
|  | - Reference file: `en-US.json` | ||||||
|  | - Run `pnpm translations:check` to verify translations | ||||||
|  | - Mark untranslated strings with `[TO_TRANSLATE]` prefix | ||||||
|  |  | ||||||
|  | ## Common Patterns | ||||||
|  |  | ||||||
|  | ### Authentication Providers | ||||||
|  |  | ||||||
|  | - Provider configurations in `apps/server/src/modules/auth-providers/providers.config.ts` | ||||||
|  | - Support for OAuth2 and OIDC protocols | ||||||
|  | - Field mappings for user data normalization | ||||||
|  | - Special handling for providers like GitHub that require additional API calls | ||||||
|  |  | ||||||
|  | ### File Storage | ||||||
|  |  | ||||||
|  | - Default: Filesystem storage | ||||||
|  | - Optional: S3-compatible object storage | ||||||
|  | - File metadata stored in SQLite database | ||||||
|  |  | ||||||
|  | ### Environment Variables | ||||||
|  |  | ||||||
|  | - Configure via `.env` files (not committed to repository) | ||||||
|  | - Required variables documented in README or docs | ||||||
|  | - Use environment-specific configurations | ||||||
|  |  | ||||||
|  | ## Contributing Guidelines | ||||||
|  |  | ||||||
|  | ### Pull Request Process | ||||||
|  |  | ||||||
|  | 1. Fork the repository | ||||||
|  | 2. Create a branch from `next`: `git checkout -b feature/your-feature upstream/next` | ||||||
|  | 3. Make focused changes addressing a single issue/feature | ||||||
|  | 4. Write or update tests as needed | ||||||
|  | 5. Update documentation to reflect changes | ||||||
|  | 6. Ensure all validations pass: `pnpm validate` in each app | ||||||
|  | 7. Commit using Conventional Commits | ||||||
|  | 8. Push to your fork | ||||||
|  | 9. Create Pull Request targeting the `next` branch | ||||||
|  |  | ||||||
|  | ### Code Review | ||||||
|  |  | ||||||
|  | - Be responsive to feedback | ||||||
|  | - Keep discussions constructive and professional | ||||||
|  | - Make requested changes promptly | ||||||
|  | - Ask questions if requirements are unclear | ||||||
|  |  | ||||||
|  | ### What to Avoid | ||||||
|  |  | ||||||
|  | - Don't mix unrelated changes in a single PR | ||||||
|  | - Don't skip linting or type checking | ||||||
|  | - Don't commit directly to `main` or `next` branches | ||||||
|  | - Don't add unnecessary dependencies | ||||||
|  | - Don't ignore existing code style and patterns | ||||||
|  | - Don't remove or modify tests without good reason | ||||||
|  |  | ||||||
|  | ## Helpful Commands | ||||||
|  |  | ||||||
|  | ### Root Level | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | pnpm install          # Install all dependencies | ||||||
|  | git config core.hooksPath .husky  # Configure Git hooks | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### Per App (web/server/docs) | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | pnpm dev              # Start development server | ||||||
|  | pnpm build            # Build for production | ||||||
|  | pnpm lint             # Run ESLint | ||||||
|  | pnpm lint:fix         # Fix ESLint issues automatically | ||||||
|  | pnpm format           # Format code with Prettier | ||||||
|  | pnpm format:check     # Check code formatting | ||||||
|  | pnpm type-check       # Run TypeScript type checking | ||||||
|  | pnpm validate         # Run lint + type-check | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### Docker | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | docker-compose up     # Start all services | ||||||
|  | docker-compose down   # Stop all services | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ## Resources | ||||||
|  |  | ||||||
|  | - **Documentation**: [https://palmr.kyantech.com.br](https://palmr.kyantech.com.br) | ||||||
|  | - **Contributing Guide**: [CONTRIBUTING.md](../CONTRIBUTING.md) | ||||||
|  | - **Issue Tracker**: GitHub Issues | ||||||
|  | - **License**: Apache-2.0 | ||||||
|  |  | ||||||
|  | ## Getting Help | ||||||
|  |  | ||||||
|  | - Review existing documentation in `apps/docs/content/docs/` | ||||||
|  | - Check contribution guide in `CONTRIBUTING.md` | ||||||
|  | - Review existing code for patterns and examples | ||||||
|  | - Ask questions in PR discussions or issues | ||||||
|  | - Read error messages and logs carefully | ||||||
|  |  | ||||||
|  | ## Important Notes | ||||||
|  |  | ||||||
|  | - **Beta Status**: This project is in beta; expect changes and improvements | ||||||
|  | - **Focus on Quality**: Prioritize code quality and maintainability over speed | ||||||
|  | - **Test Locally**: Always test your changes locally before submitting | ||||||
|  | - **Documentation Matters**: Keep documentation synchronized with code | ||||||
|  | - **Community First**: Be respectful, patient, and constructive with all contributors | ||||||
							
								
								
									
										56
									
								
								.github/pull_request_template.md
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						| @@ -0,0 +1,56 @@ | |||||||
|  | ## **🎯 Please make sure you are opening this Pull Request against the `next` branch!** | ||||||
|  |  | ||||||
|  | ## 📝 Description | ||||||
|  |  | ||||||
|  | Please provide a clear and concise description of the changes introduced by this pull request. | ||||||
|  |  | ||||||
|  | ## 🔗 Related Issue(s) | ||||||
|  |  | ||||||
|  | If this PR fixes or relates to an issue, please link it here (e.g., `Closes #123`). | ||||||
|  |  | ||||||
|  | ## 💡 Motivation and Context | ||||||
|  |  | ||||||
|  | Why is this change required? What problem does it solve? | ||||||
|  |  | ||||||
|  | ## 🤖 Use of Artificial Intelligence (AI) | ||||||
|  |  | ||||||
|  | The use of AI tools is absolutely welcome and not an issue. For transparency and continuous improvement, please answer the following: | ||||||
|  |  | ||||||
|  | - Did you use any AI tools (such as GitHub Copilot, ChatGPT, etc.) to help develop this PR? | ||||||
|  |     - [ ] No, this PR was developed without the assistance of AI tools. | ||||||
|  |     - [ ] Yes, AI tools assisted in the development of this PR (please specify which ones and how they were used): | ||||||
|  |         - Tool(s) used: | ||||||
|  |         - Brief description of how AI contributed: | ||||||
|  | - Was this PR generated entirely by an AI tool (i.e., with minimal human intervention)?   | ||||||
|  |     - [ ] No   | ||||||
|  |     - [ ] Yes (please provide details): | ||||||
|  |  | ||||||
|  | ## 🧪 How Has This Been Tested? | ||||||
|  |  | ||||||
|  | Please describe the tests that you ran to verify your changes. Include details about your test environment, and the test cases you ran. | ||||||
|  |  | ||||||
|  | ## 📸 Screenshots (if appropriate) | ||||||
|  |  | ||||||
|  | Add any relevant screenshots to help explain your changes. | ||||||
|  |  | ||||||
|  | ## 🔄 Types of Changes | ||||||
|  |  | ||||||
|  | Check the relevant option(s) below: | ||||||
|  |  | ||||||
|  | - [ ] 🐛 Bug fix (non-breaking change which fixes an issue) | ||||||
|  | - [ ] ✨ New feature (non-breaking change which adds functionality) | ||||||
|  | - [ ] ⚠️ Breaking change (fix or feature that would cause existing functionality to change) | ||||||
|  | - [ ] 📚 Documentation update | ||||||
|  |  | ||||||
|  | ## ✅ Checklist | ||||||
|  |  | ||||||
|  | - [ ] My code follows the code style of this project | ||||||
|  | - [ ] I have performed a self-review of my code | ||||||
|  | - [ ] I have commented my code, particularly in hard-to-understand areas | ||||||
|  | - [ ] I have added tests that prove my fix is effective or that my feature works | ||||||
|  | - [ ] I have added necessary documentation (if appropriate) | ||||||
|  | - [ ] I have rebased and/or merged on top of the latest `next` branch | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | 🙏 Thank you for your contribution! | ||||||
							
								
								
									
										4
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							
							
						
						| @@ -30,4 +30,8 @@ apps/server/dist/* | |||||||
|  |  | ||||||
| #DEFAULT | #DEFAULT | ||||||
| .env | .env | ||||||
|  | .steering | ||||||
| data/ | data/ | ||||||
|  |  | ||||||
|  | node_modules/ | ||||||
|  | screenshots/ | ||||||
							
								
								
									
										12
									
								
								.husky/pre-push
									
									
									
									
									
										Executable file
									
								
							
							
						
						| @@ -0,0 +1,12 @@ | |||||||
|  | echo "🔍 Running pre-push validation for all apps..." | ||||||
|  |  | ||||||
|  | echo "📱 Validating web app..." | ||||||
|  | cd apps/web && pnpm validate | ||||||
|  |  | ||||||
|  | echo "📚 Validating docs app..." | ||||||
|  | cd ../docs && pnpm validate | ||||||
|  |  | ||||||
|  | echo "🖥️ Validating server app..." | ||||||
|  | cd ../server && pnpm validate | ||||||
|  |  | ||||||
|  | echo "✅ All validations passed!"  | ||||||
							
								
								
									
										17
									
								
								Dockerfile
									
									
									
									
									
								
							
							
						
						| @@ -1,4 +1,4 @@ | |||||||
| FROM node:20-alpine AS base | FROM node:24-alpine AS base | ||||||
|  |  | ||||||
| # Install system dependencies | # Install system dependencies | ||||||
| RUN apk add --no-cache \ | RUN apk add --no-cache \ | ||||||
| @@ -82,7 +82,7 @@ RUN addgroup --system --gid ${PALMR_GID} nodejs | |||||||
| RUN adduser --system --uid ${PALMR_UID} --ingroup nodejs palmr | RUN adduser --system --uid ${PALMR_UID} --ingroup nodejs palmr | ||||||
|  |  | ||||||
| # Create application directories  | # Create application directories  | ||||||
| RUN mkdir -p /app/palmr-app /app/web /home/palmr/.npm /home/palmr/.cache | RUN mkdir -p /app/palmr-app /app/web /app/infra /home/palmr/.npm /home/palmr/.cache | ||||||
| RUN chown -R palmr:nodejs /app /home/palmr | RUN chown -R palmr:nodejs /app /home/palmr | ||||||
|  |  | ||||||
| # === Copy Server Files to /app/palmr-app (separate from /app/server for bind mounts) === | # === Copy Server Files to /app/palmr-app (separate from /app/server for bind mounts) === | ||||||
| @@ -117,10 +117,13 @@ WORKDIR /app | |||||||
| # Create supervisor configuration | # Create supervisor configuration | ||||||
| RUN mkdir -p /etc/supervisor/conf.d | RUN mkdir -p /etc/supervisor/conf.d | ||||||
|  |  | ||||||
| # Copy server start script | # Copy server start script and configuration files | ||||||
| COPY infra/server-start.sh /app/server-start.sh | COPY infra/server-start.sh /app/server-start.sh | ||||||
|  | COPY infra/configs.json /app/infra/configs.json | ||||||
|  | COPY infra/providers.json /app/infra/providers.json | ||||||
|  | COPY infra/check-missing.js /app/infra/check-missing.js | ||||||
| RUN chmod +x /app/server-start.sh | RUN chmod +x /app/server-start.sh | ||||||
| RUN chown palmr:nodejs /app/server-start.sh | RUN chown -R palmr:nodejs /app/server-start.sh /app/infra | ||||||
|  |  | ||||||
| # Copy supervisor configuration | # Copy supervisor configuration | ||||||
| COPY infra/supervisord.conf /etc/supervisor/conf.d/supervisord.conf | COPY infra/supervisord.conf /etc/supervisor/conf.d/supervisord.conf | ||||||
| @@ -133,15 +136,15 @@ set -e | |||||||
| echo "Starting Palmr Application..." | echo "Starting Palmr Application..." | ||||||
| echo "Storage Mode: \${ENABLE_S3:-false}" | echo "Storage Mode: \${ENABLE_S3:-false}" | ||||||
| echo "Secure Site: \${SECURE_SITE:-false}" | echo "Secure Site: \${SECURE_SITE:-false}" | ||||||
|  | echo "Encryption: \${DISABLE_FILESYSTEM_ENCRYPTION:-true}" | ||||||
| echo "Database: SQLite" | echo "Database: SQLite" | ||||||
|  |  | ||||||
| # Set global environment variables | # Set global environment variables | ||||||
| export DATABASE_URL="file:/app/server/prisma/palmr.db" | export DATABASE_URL="file:/app/server/prisma/palmr.db" | ||||||
| export UPLOAD_PATH="/app/server/uploads" | export NEXT_PUBLIC_DEFAULT_LANGUAGE=\${DEFAULT_LANGUAGE:-en-US} | ||||||
| export TEMP_CHUNKS_PATH="/app/server/temp-chunks" |  | ||||||
|  |  | ||||||
| # Ensure /app/server directory exists for bind mounts | # Ensure /app/server directory exists for bind mounts | ||||||
| mkdir -p /app/server/uploads /app/server/temp-chunks /app/server/uploads/logo /app/server/prisma | mkdir -p /app/server/uploads /app/server/temp-uploads /app/server/prisma | ||||||
|  |  | ||||||
| echo "Data directories ready for first run..." | echo "Data directories ready for first run..." | ||||||
|  |  | ||||||
|   | |||||||
							
								
								
									
										212
									
								
								LICENSE
									
									
									
									
									
								
							
							
						
						| @@ -1,40 +1,190 @@ | |||||||
| Kyantech-Permissive License (Based on BSD 2-Clause) |                                  Apache License | ||||||
|  |                            Version 2.0, January 2004 | ||||||
|  |                         http://www.apache.org/licenses/ | ||||||
|  |  | ||||||
| Copyright (c) 2025, Daniel Luiz Alves (danielalves96) - Kyantech Solutions |    TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION | ||||||
| All rights reserved. |  | ||||||
|  |  | ||||||
| Redistribution and use in source and binary forms, with or without |    1. Definitions. | ||||||
| modification, are permitted for any purpose — private, commercial, |  | ||||||
| educational, governmental — **fully free and unrestricted**, provided |  | ||||||
| that the following conditions are met: |  | ||||||
|  |  | ||||||
| 1. Redistributions of source code must retain the above copyright |       "License" shall mean the terms and conditions for use, reproduction, | ||||||
|    notice, this list of conditions, and the following disclaimer. |       and distribution as defined by Sections 1 through 9 of this document. | ||||||
|  |  | ||||||
| 2. Redistributions in binary form must reproduce the above copyright |       "Licensor" shall mean the copyright owner or entity authorized by | ||||||
|    notice, this list of conditions, and the following disclaimer in the |       the copyright owner that is granting the License. | ||||||
|    documentation and/or other materials provided with the distribution. |  | ||||||
|  |  | ||||||
| 3. **If this software (or derivative works) is used in any public-facing |       "Legal Entity" shall mean the union of the acting entity and all | ||||||
|    interface** — such as websites, apps, dashboards, admin panels, or |       other entities that control, are controlled by, or are under common | ||||||
|    similar — a **simple credit** must appear in the footer or similar |       control with that entity. For the purposes of this definition, | ||||||
|    location. The credit text should read: |       "control" means (i) the power, direct or indirect, to cause the | ||||||
|  |       direction or management of such entity, whether by contract or | ||||||
|  |       otherwise, or (ii) ownership of fifty percent (50%) or more of the | ||||||
|  |       outstanding shares, or (iii) beneficial ownership of such entity. | ||||||
|  |  | ||||||
|       > “Powered by Kyantech Solutions · https://kyantech.com.br” |       "You" (or "Your") shall mean an individual or Legal Entity | ||||||
|  |       exercising permissions granted by this License. | ||||||
|  |  | ||||||
|    This credit must be reasonably visible but **must not interfere** with |       "Source" form shall mean the preferred form for making modifications, | ||||||
|    your UI, branding, or user experience. You may style it to match your |       including but not limited to software source code, documentation | ||||||
|    own design and choose its size, placement, or color. |       source, and configuration files. | ||||||
|  |  | ||||||
| --- |       "Object" form shall mean any form resulting from mechanical | ||||||
|  |       transformation or translation of a Source form, including but | ||||||
|  |       not limited to compiled object code, generated documentation, | ||||||
|  |       and conversions to other media types. | ||||||
|  |  | ||||||
| THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" |       "Work" shall mean the work of authorship, whether in Source or | ||||||
| AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, |       Object form, made available under the License, as indicated by a | ||||||
| THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |       copyright notice that is included in or attached to the work | ||||||
| ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE |       (an example is provided in the Appendix below). | ||||||
| FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |  | ||||||
| DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR |       "Derivative Works" shall mean any work, whether in Source or Object | ||||||
| SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER |       form, that is based on (or derived from) the Work and for which the | ||||||
| CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, |       editorial revisions, annotations, elaborations, or other modifications | ||||||
| OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |       represent, as a whole, an original work of authorship. For the purposes | ||||||
| OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |       of this License, Derivative Works shall not include works that remain | ||||||
|  |       separable from, or merely link (or bind by name) to the interfaces of, | ||||||
|  |       the Work and Derivative Works thereof. | ||||||
|  |  | ||||||
|  |       "Contribution" shall mean any work of authorship, including | ||||||
|  |       the original version of the Work and any modifications or additions | ||||||
|  |       to that Work or Derivative Works thereof, that is intentionally | ||||||
|  |       submitted to Licensor for inclusion in the Work by the copyright owner | ||||||
|  |       or by an individual or Legal Entity authorized to submit on behalf of | ||||||
|  |       the copyright owner. For the purposes of this definition, "submitted" | ||||||
|  |       means any form of electronic, verbal, or written communication sent | ||||||
|  |       to the Licensor or its representatives, including but not limited to | ||||||
|  |       communication on electronic mailing lists, source code control systems, | ||||||
|  |       and issue tracking systems that are managed by, or on behalf of, the | ||||||
|  |       Licensor for the purpose of discussing and improving the Work, but | ||||||
|  |       excluding communication that is conspicuously marked or otherwise | ||||||
|  |       designated in writing by the copyright owner as "Not a Contribution." | ||||||
|  |  | ||||||
|  |       "Contributor" shall mean Licensor and any individual or Legal Entity | ||||||
|  |       on behalf of whom a Contribution has been received by Licensor and | ||||||
|  |       subsequently incorporated within the Work. | ||||||
|  |  | ||||||
|  |    2. Grant of Copyright License. Subject to the terms and conditions of | ||||||
|  |       this License, each Contributor hereby grants to You a perpetual, | ||||||
|  |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable | ||||||
|  |       copyright license to reproduce, prepare Derivative Works of, | ||||||
|  |       publicly display, publicly perform, sublicense, and distribute the | ||||||
|  |       Work and such Derivative Works in Source or Object form. | ||||||
|  |  | ||||||
|  |    3. Grant of Patent License. Subject to the terms and conditions of | ||||||
|  |       this License, each Contributor hereby grants to You a perpetual, | ||||||
|  |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable | ||||||
|  |       (except as stated in this section) patent license to make, have made, | ||||||
|  |       use, offer to sell, sell, import, and otherwise transfer the Work, | ||||||
|  |       where such license applies only to those patent claims licensable | ||||||
|  |       by such Contributor that are necessarily infringed by their | ||||||
|  |       Contribution(s) alone or by combination of their Contribution(s) | ||||||
|  |       with the Work to which such Contribution(s) was submitted. If You | ||||||
|  |       institute patent litigation against any entity (including a | ||||||
|  |       cross-claim or counterclaim in a lawsuit) alleging that the Work | ||||||
|  |       or a Contribution incorporated within the Work constitutes direct | ||||||
|  |       or contributory patent infringement, then any patent licenses | ||||||
|  |       granted to You under this License for that Work shall terminate | ||||||
|  |       as of the date such litigation is filed. | ||||||
|  |  | ||||||
|  |    4. Redistribution. You may reproduce and distribute copies of the | ||||||
|  |       Work or Derivative Works thereof in any medium, with or without | ||||||
|  |       modifications, and in Source or Object form, provided that You | ||||||
|  |       meet the following conditions: | ||||||
|  |  | ||||||
|  |       (a) You must give any other recipients of the Work or | ||||||
|  |           Derivative Works a copy of this License; and | ||||||
|  |  | ||||||
|  |       (b) You must cause any modified files to carry prominent notices | ||||||
|  |           stating that You changed the files; and | ||||||
|  |  | ||||||
|  |       (c) You must retain, in the Source form of any Derivative Works | ||||||
|  |           that You distribute, all copyright, patent, trademark, and | ||||||
|  |           attribution notices from the Source form of the Work, | ||||||
|  |           excluding those notices that do not pertain to any part of | ||||||
|  |           the Derivative Works; and | ||||||
|  |  | ||||||
|  |       (d) If the Work includes a "NOTICE" text file as part of its | ||||||
|  |           distribution, then any Derivative Works that You distribute must | ||||||
|  |           include a readable copy of the attribution notices contained | ||||||
|  |           within such NOTICE file, excluding those notices that do not | ||||||
|  |           pertain to any part of the Derivative Works, in at least one | ||||||
|  |           of the following places: within a NOTICE text file distributed | ||||||
|  |           as part of the Derivative Works; within the Source form or | ||||||
|  |           documentation, if provided along with the Derivative Works; or, | ||||||
|  |           within a display generated by the Derivative Works, if and | ||||||
|  |           wherever such third-party notices normally appear. The contents | ||||||
|  |           of the NOTICE file are for informational purposes only and | ||||||
|  |           do not modify the License. You may add Your own attribution | ||||||
|  |           notices within Derivative Works that You distribute, alongside | ||||||
|  |           or as an addendum to the NOTICE text from the Work, provided | ||||||
|  |           that such additional attribution notices cannot be construed | ||||||
|  |           as modifying the License. | ||||||
|  |  | ||||||
|  |       You may add Your own copyright statement to Your modifications and | ||||||
|  |       may provide additional or different license terms and conditions | ||||||
|  |       for use, reproduction, or distribution of Your modifications, or | ||||||
|  |       for any such Derivative Works as a whole, provided Your use, | ||||||
|  |       reproduction, and distribution of the Work otherwise complies with | ||||||
|  |       the conditions stated in this License. | ||||||
|  |  | ||||||
|  |    5. Submission of Contributions. Unless You explicitly state otherwise, | ||||||
|  |       any Contribution intentionally submitted for inclusion in the Work | ||||||
|  |       by You to the Licensor shall be under the terms and conditions of | ||||||
|  |       this License, without any additional terms or conditions. | ||||||
|  |       Notwithstanding the above, nothing herein shall supersede or modify | ||||||
|  |       the terms of any separate license agreement you may have executed | ||||||
|  |       with Licensor regarding such Contributions. | ||||||
|  |  | ||||||
|  |    6. Trademarks. This License does not grant permission to use the trade | ||||||
|  |       names, trademarks, service marks, or product names of the Licensor, | ||||||
|  |       except as required for reasonable and customary use in describing the | ||||||
|  |       origin of the Work and reproducing the content of the NOTICE file. | ||||||
|  |  | ||||||
|  |    7. Disclaimer of Warranty. Unless required by applicable law or | ||||||
|  |       agreed to in writing, Licensor provides the Work (and each | ||||||
|  |       Contributor provides its Contributions) on an "AS IS" BASIS, | ||||||
|  |       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or | ||||||
|  |       implied, including, without limitation, any warranties or conditions | ||||||
|  |       of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A | ||||||
|  |       PARTICULAR PURPOSE. You are solely responsible for determining the | ||||||
|  |       appropriateness of using or redistributing the Work and assume any | ||||||
|  |       risks associated with Your exercise of permissions under this License. | ||||||
|  |  | ||||||
|  |    8. Limitation of Liability. In no event and under no legal theory, | ||||||
|  |       whether in tort (including negligence), contract, or otherwise, | ||||||
|  |       unless required by applicable law (such as deliberate and grossly | ||||||
|  |       negligent acts) or agreed to in writing, shall any Contributor be | ||||||
|  |       liable to You for damages, including any direct, indirect, special, | ||||||
|  |       incidental, or consequential damages of any character arising as a | ||||||
|  |       result of this License or out of the use or inability to use the | ||||||
|  |       Work (including but not limited to damages for loss of goodwill, | ||||||
|  |       work stoppage, computer failure or malfunction, or any and all | ||||||
|  |       other commercial damages or losses), even if such Contributor | ||||||
|  |       has been advised of the possibility of such damages. | ||||||
|  |  | ||||||
|  |    9. Accepting Warranty or Additional Liability. While redistributing | ||||||
|  |       the Work or Derivative Works thereof, You may choose to offer, | ||||||
|  |       and charge a fee for, acceptance of support, warranty, indemnity, | ||||||
|  |       or other liability obligations and/or rights consistent with this | ||||||
|  |       License. However, in accepting such obligations, You may act only | ||||||
|  |       on Your own behalf and on Your sole responsibility, not on behalf | ||||||
|  |       of any other Contributor, and only if You agree to indemnify, | ||||||
|  |       defend, and hold each Contributor harmless for any liability | ||||||
|  |       incurred by, or claims asserted against, such Contributor by reason | ||||||
|  |       of your accepting any such warranty or additional liability. | ||||||
|  |  | ||||||
|  |    END OF TERMS AND CONDITIONS | ||||||
|  |  | ||||||
|  |    Copyright 2025 Daniel Luiz Alves (danielalves96) - Kyantech Solutions, Inc. | ||||||
|  |  | ||||||
|  |    Licensed under the Apache License, Version 2.0 (the "License"); | ||||||
|  |    you may not use this file except in compliance with the License. | ||||||
|  |    You may obtain a copy of the License at | ||||||
|  |  | ||||||
|  |        http://www.apache.org/licenses/LICENSE-2.0 | ||||||
|  |  | ||||||
|  |    Unless required by applicable law or agreed to in writing, software | ||||||
|  |    distributed under the License is distributed on an "AS IS" BASIS, | ||||||
|  |    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||||
|  |    See the License for the specific language governing permissions and | ||||||
|  |    limitations under the License. | ||||||
|   | |||||||
							
								
								
									
										19
									
								
								Makefile
									
									
									
									
									
								
							
							
						
						| @@ -1,10 +1,11 @@ | |||||||
| .PHONY: help build start clean logs stop restart | .PHONY: help build start clean logs stop restart update-version | ||||||
|  |  | ||||||
| # Default target | # Default target | ||||||
| help: | help: | ||||||
| 	@echo "🚀 Palmr - Available Commands:" | 	@echo "🚀 Palmr - Available Commands:" | ||||||
| 	@echo "" | 	@echo "" | ||||||
| 	@echo "  make build         - Build Docker image with multi-platform support" | 	@echo "  make build         - Build Docker image with multi-platform support" | ||||||
|  | 	@echo "  make update-version - Update version in all package.json files" | ||||||
| 	@echo "  make start         - Start the application using docker-compose" | 	@echo "  make start         - Start the application using docker-compose" | ||||||
| 	@echo "  make stop          - Stop all running containers" | 	@echo "  make stop          - Stop all running containers" | ||||||
| 	@echo "  make logs          - Show application logs" | 	@echo "  make logs          - Show application logs" | ||||||
| @@ -16,9 +17,25 @@ help: | |||||||
| # Build Docker image using the build script | # Build Docker image using the build script | ||||||
| build: | build: | ||||||
| 	@echo "🏗️  Building Palmr Docker image..." | 	@echo "🏗️  Building Palmr Docker image..." | ||||||
|  | 	@echo "📝 This will update version numbers in all package.json files before building" | ||||||
|  | 	@echo "" | ||||||
|  | 	@chmod +x ./infra/update-versions.sh | ||||||
| 	@chmod +x ./infra/build-docker.sh | 	@chmod +x ./infra/build-docker.sh | ||||||
|  | 	@echo "🔄 Starting build process..." | ||||||
| 	@./infra/build-docker.sh | 	@./infra/build-docker.sh | ||||||
|  |  | ||||||
|  | # Update version in all package.json files | ||||||
|  | update-version: | ||||||
|  | 	@echo "🔄 Updating version numbers..." | ||||||
|  | 	@echo "🏷️  Please enter the new version (e.g., v3.0.0, 3.0-beta):" | ||||||
|  | 	@read -p "Version: " VERSION; \ | ||||||
|  | 	if [ -z "$$VERSION" ]; then \ | ||||||
|  | 		echo "❌ Error: Version cannot be empty"; \ | ||||||
|  | 		exit 1; \ | ||||||
|  | 	fi; \ | ||||||
|  | 	chmod +x ./infra/update-versions.sh; \ | ||||||
|  | 	./infra/update-versions.sh "$$VERSION" | ||||||
|  |  | ||||||
| # Start the application | # Start the application | ||||||
| start: | start: | ||||||
| 	@echo "🚀 Starting Palmr application..." | 	@echo "🚀 Starting Palmr application..." | ||||||
|   | |||||||
							
								
								
									
										12
									
								
								README.md
									
									
									
									
									
								
							
							
						
						| @@ -6,6 +6,17 @@ | |||||||
|  |  | ||||||
| **Palmr.** is a **flexible** and **open-source** alternative to file transfer services like **WeTransfer**, **SendGB**, **Send Anywhere**, and **Files.fm**. | **Palmr.** is a **flexible** and **open-source** alternative to file transfer services like **WeTransfer**, **SendGB**, **Send Anywhere**, and **Files.fm**. | ||||||
|  |  | ||||||
|  | <div align="center"> | ||||||
|  |   <div style="background: linear-gradient(135deg, #ff4757, #ff3838); padding: 20px; border-radius: 12px; margin: 20px 0; box-shadow: 0 4px 15px rgba(255, 71, 87, 0.3); border: 2px solid #ff3838;"> | ||||||
|  |     <h3 style="color: white; margin: 0 0 10px 0; font-size: 18px; font-weight: bold;"> | ||||||
|  |       ⚠️ BETA VERSION | ||||||
|  |     </h3> | ||||||
|  |     <p style="color: white; margin: 0; font-size: 14px; opacity: 0.95;"> | ||||||
|  |       <strong>This project is currently in beta phase.</strong><br> | ||||||
|  |       Not recommended for production environments. | ||||||
|  |     </p> | ||||||
|  |   </div> | ||||||
|  | </div> | ||||||
|  |  | ||||||
| 🔗 **For detailed documentation visit:** [Palmr. - Documentation](https://palmr.kyantech.com.br) | 🔗 **For detailed documentation visit:** [Palmr. - Documentation](https://palmr.kyantech.com.br) | ||||||
|  |  | ||||||
| @@ -14,6 +25,7 @@ | |||||||
| - **Self-hosted** – Deploy on your own server or VPS. | - **Self-hosted** – Deploy on your own server or VPS. | ||||||
| - **Full control** – No third-party dependencies, ensuring privacy and security. | - **Full control** – No third-party dependencies, ensuring privacy and security. | ||||||
| - **No artificial limits** – Share files without hidden restrictions or fees. | - **No artificial limits** – Share files without hidden restrictions or fees. | ||||||
|  | - **Folder organization** – Create folders to organize and share files. | ||||||
| - **Simple deployment** – SQLite database and filesystem storage for easy setup. | - **Simple deployment** – SQLite database and filesystem storage for easy setup. | ||||||
| - **Scalable storage** – Optional S3-compatible object storage for enterprise needs. | - **Scalable storage** – Optional S3-compatible object storage for enterprise needs. | ||||||
|  |  | ||||||
|   | |||||||
| @@ -1,3 +0,0 @@ | |||||||
| { |  | ||||||
|   "extends": ["next/core-web-vitals", "next/typescript"] |  | ||||||
| } |  | ||||||
							
								
								
									
										4
									
								
								apps/docs/.prettierignore
									
									
									
									
									
										Normal file
									
								
							
							
						
						| @@ -0,0 +1,4 @@ | |||||||
|  | /node_modules | ||||||
|  | /.next | ||||||
|  | /out | ||||||
|  | /build  | ||||||
							
								
								
									
										16
									
								
								apps/docs/.prettierrc.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						| @@ -0,0 +1,16 @@ | |||||||
|  | { | ||||||
|  |   "importOrder": [ | ||||||
|  |     "^(react/(.*)$)|^(react$)", | ||||||
|  |     "^(next/(.*)$)|^(next$)", | ||||||
|  |     "<THIRD_PARTY_MODULES>", | ||||||
|  |     "", | ||||||
|  |     "^@/(.*)$", | ||||||
|  |     "^[./]" | ||||||
|  |   ], | ||||||
|  |   "importOrderParserPlugins": ["typescript", "jsx", "decorators-legacy"], | ||||||
|  |   "plugins": ["@ianvs/prettier-plugin-sort-imports", "prettier-plugin-sort-json"], | ||||||
|  |   "printWidth": 120, | ||||||
|  |   "singleQuote": false, | ||||||
|  |   "tabWidth": 2, | ||||||
|  |   "trailingComma": "es5" | ||||||
|  | } | ||||||
| @@ -1,15 +1,5 @@ | |||||||
| { | { | ||||||
|   "$schema": "https://ui.shadcn.com/schema.json", |   "$schema": "https://ui.shadcn.com/schema.json", | ||||||
|   "style": "new-york", |  | ||||||
|   "rsc": true, |  | ||||||
|   "tsx": true, |  | ||||||
|   "tailwind": { |  | ||||||
|     "config": "", |  | ||||||
|     "css": "src/app/global.css", |  | ||||||
|     "baseColor": "neutral", |  | ||||||
|     "cssVariables": true, |  | ||||||
|     "prefix": "" |  | ||||||
|   }, |  | ||||||
|   "aliases": { |   "aliases": { | ||||||
|     "components": "@/components", |     "components": "@/components", | ||||||
|     "utils": "@/lib/utils", |     "utils": "@/lib/utils", | ||||||
| @@ -17,5 +7,15 @@ | |||||||
|     "lib": "@/lib", |     "lib": "@/lib", | ||||||
|     "hooks": "@/hooks" |     "hooks": "@/hooks" | ||||||
|   }, |   }, | ||||||
|   "iconLibrary": "lucide" |   "iconLibrary": "lucide", | ||||||
|  |   "rsc": true, | ||||||
|  |   "style": "new-york", | ||||||
|  |   "tailwind": { | ||||||
|  |     "config": "", | ||||||
|  |     "css": "src/app/global.css", | ||||||
|  |     "baseColor": "neutral", | ||||||
|  |     "cssVariables": true, | ||||||
|  |     "prefix": "" | ||||||
|  |   }, | ||||||
|  |   "tsx": true | ||||||
| } | } | ||||||
| @@ -1,50 +0,0 @@ | |||||||
| --- |  | ||||||
| title: API Endpoints |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| Palmr. provides a **highly documented and typed API** that can be accessed at:   |  | ||||||
|  |  | ||||||
| - **In a production environment:** `{your_server_domain}/docs`   |  | ||||||
| - **In a local environment:** [http://localhost:3333/docs](http://localhost:3333/docs)   |  | ||||||
|  |  | ||||||
| The API documentation is powered by **Scalar** ([https://scalar.com](https://scalar.com)), which offers a fully interactive interface for testing all the available requests within Palmr. Below is an example screenshot of the API documentation interface:   |  | ||||||
|  |  | ||||||
|    |  | ||||||
|  |  | ||||||
| ---   |  | ||||||
|  |  | ||||||
| ### Accessing the API Documentation   |  | ||||||
|  |  | ||||||
| We do **not provide an online version** of the API documentation because it may change depending on the specific version of Palmr. you are using. Therefore, we recommend checking the documentation only after starting your API service. The API service corresponds to the **server** within the official Palmr. GitHub repository.   |  | ||||||
|  |  | ||||||
| ---   |  | ||||||
|  |  | ||||||
| ### Scalar-Based Documentation   |  | ||||||
|  |  | ||||||
| We recommend using **Scalar** for querying and testing the API because the system was designed with Scalar in mind. Scalar offers an intuitive and interactive environment for exploring endpoints, sending requests, and viewing responses directly within the interface.   |  | ||||||
|  |  | ||||||
| ---   |  | ||||||
|  |  | ||||||
| ### Swagger-Based Documentation   |  | ||||||
|  |  | ||||||
| If you prefer not to use Scalar or are more comfortable with an alternative tool, a **Swagger-based version** of the documentation is also available.  |  | ||||||
|  |  | ||||||
|    |  | ||||||
|  |  | ||||||
| You can access it at:   |  | ||||||
|  |  | ||||||
| - **In a production environment:** `{your_server_domain}/swagger`   |  | ||||||
| - **In a local environment:** [http://localhost:3333/swagger](http://localhost:3333/swagger)   |  | ||||||
|  |  | ||||||
| Both the Scalar and Swagger versions contain the same endpoints and are documented at a level sufficient for testing and integrating with other systems.   |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| Both options ensure that you have all the necessary tools and information to integrate Palmr. with your systems or third-party services effectively.   |  | ||||||
|  |  | ||||||
| ### Useful Links   |  | ||||||
|  |  | ||||||
| Here are some useful links related to Palmr.'s API and its components:   |  | ||||||
|  |  | ||||||
| - [Scalar Official Website](https://scalar.com)   |  | ||||||
| - [Swagger Official Website](https://swagger.io) |  | ||||||
| @@ -1,54 +0,0 @@ | |||||||
| --- |  | ||||||
| title: Architecture of Palmr. |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ##### Overview of the core architecture components of Palmr.   |  | ||||||
|    |  | ||||||
|  |  | ||||||
| Understanding the architecture of Palmr. is crucial for both deploying and scaling the application. Below is a diagram illustrating the main components: |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| ## **Technologies Used**   |  | ||||||
|  |  | ||||||
| Each component in the Palmr. architecture plays a vital role in ensuring reliability, performance, and scalability:   |  | ||||||
|  |  | ||||||
| ### **PostgreSQL**   |  | ||||||
| Palmr. uses **PostgreSQL** as the primary database solution. It provides reliable and secure data storage, ensuring consistency and high performance for all database operations. PostgreSQL's powerful indexing, query optimization, and support for complex data types make it an ideal choice for handling large amounts of data.   |  | ||||||
|  |  | ||||||
| ### **React + TypeScript + Vite**   |  | ||||||
| The frontend of Palmr. is built using **React** and **TypeScript**, bundled with **Vite** for fast development and optimized builds.   |  | ||||||
| - **React** enables the creation of a dynamic and responsive user interface with a component-based architecture.   |  | ||||||
| - **TypeScript** adds static typing, enhancing code quality and reducing runtime errors.   |  | ||||||
| - **Vite** provides a fast and efficient development environment with hot module replacement (HMR) and optimized production builds.   |  | ||||||
|  |  | ||||||
| ### **MinIO**   |  | ||||||
| Palmr. uses **MinIO** for object storage. MinIO is a high-performance, S3-compatible object storage solution designed for large-scale data infrastructure.   |  | ||||||
| - Supports high-throughput file storage and retrieval.   |  | ||||||
| - Ensures data integrity and redundancy.   |  | ||||||
| - Compatible with AWS S3 APIs, making integration seamless.   |  | ||||||
|  |  | ||||||
| ### **Fastify**   |  | ||||||
| The backend of Palmr. is powered by **Fastify**, a high-performance, low-overhead web framework for Node.js.   |  | ||||||
| - Provides fast request handling with a lightweight core.   |  | ||||||
| - Built-in schema-based validation for secure and reliable API handling.   |  | ||||||
| - Supports plugin-based architecture for easy extensibility.   |  | ||||||
|  |  | ||||||
| ### **How It Works**   |  | ||||||
| 1. **Frontend** — React + TypeScript + Vite handle the user interface and user interactions.   |  | ||||||
| 2. **Backend** — Fastify processes requests and communicates with the database and storage layers.   |  | ||||||
| 3. **Database** — PostgreSQL stores metadata and transactional data.   |  | ||||||
| 4. **Object Storage** — MinIO stores the actual files and ensures scalable, high-performance storage.   |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### **Useful Links** |  | ||||||
| - [PostgreSQL Documentation](https://www.postgresql.org/docs/) |  | ||||||
| - [React Documentation](https://react.dev/) |  | ||||||
| - [TypeScript Handbook](https://www.typescriptlang.org/docs/) |  | ||||||
| - [Vite Guide](https://vitejs.dev/guide/) |  | ||||||
| - [MinIO Documentation](https://min.io/docs/minio/container/index.html) |  | ||||||
| - [Fastify Documentation](https://fastify.dev/docs/latest/) |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| @@ -1,48 +0,0 @@ | |||||||
| --- |  | ||||||
| title: Available languages |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| The project uses i18next for internationalization (i18n) support. The language detection is handled automatically through i18next-browser-languagedetector . |  | ||||||
|  |  | ||||||
| ### Available Languages in Palmr. |  | ||||||
| ---- |  | ||||||
|  |  | ||||||
| ##### 1. 🇺🇸 English (en-US) |  | ||||||
| ##### 2. 🇧🇷 Portuguese (pt-BR) |  | ||||||
| ##### 3. 🇫🇷 French (fr-FR) |  | ||||||
| ##### 4. 🇪🇸 Spanish (es-ES) |  | ||||||
| ##### 5. 🇩🇪 German (de-DE) |  | ||||||
| ##### 6. 🇷🇺 Russian (ru-RU) |  | ||||||
| ##### 7. 🇮🇳 Hindi (hi-IN) |  | ||||||
| ##### 8. 🇸🇦 Arabic (ar-SA) |  | ||||||
| ##### 9. 🇯🇵 Japanese (ja-JP) |  | ||||||
| ##### 10. 🇰🇷 Korean (ko-KR) |  | ||||||
| ##### 11. 🇹🇷 Turkish (tr-TR) |  | ||||||
| ##### 12. 🇨🇳 Chinese (zh-CN) |  | ||||||
|  |  | ||||||
| </br> |  | ||||||
|  |  | ||||||
| ### Language Selection |  | ||||||
| ##### The language can be changed in two ways: |  | ||||||
|  |  | ||||||
| #### 1. Automatic Detection |  | ||||||
|     |  | ||||||
|    - The application automatically detects the user's browser language |  | ||||||
|    - Uses the browser's language settings as the initial language |  | ||||||
|  |  | ||||||
| #### 2. Manual Selection |  | ||||||
|  |  | ||||||
|  |  | ||||||
|     |  | ||||||
|    - Users can manually switch languages through the language selector in the UI |  | ||||||
|    - Language preference is saved in the browser's localStorage |  | ||||||
|  |  | ||||||
| ### Default Language |  | ||||||
| ##### English (en-US) is set as the fallback language. |  | ||||||
| </br> |  | ||||||
|  |  | ||||||
| ### Language Detection |  | ||||||
| The application automatically detects the user's browser language and sets it as the initial language. Users can manually change the language using the language switcher in the interface (globe icon in the navigation bar). |  | ||||||
|  |  | ||||||
| ### RTL Support |  | ||||||
| The application includes special handling for right-to-left (RTL) languages, specifically for Arabic (ar-SA). |  | ||||||
| @@ -1,67 +0,0 @@ | |||||||
| --- |  | ||||||
| title: Configuring SMTP |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| For Palmr to function with all its best features, we need to configure our email server. To make this easier, there is a built-in configuration panel inside **Settings** in Palmr. However, only users with an **ADMIN** profile can access and configure these settings. |  | ||||||
|  |  | ||||||
| ## Why Configure SMTP? |  | ||||||
|  |  | ||||||
| The main functionalities that depend on SMTP configuration are: |  | ||||||
| - **Password Reset** – Users who forget their password and cannot access the **Settings** panel need this feature. |  | ||||||
| - **Email Notifications** – Recipients will receive emails when new shares are sent to them. |  | ||||||
|  |  | ||||||
| Now, let's go through the step-by-step process to configure the **SMTP Server**. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## Accessing SMTP Settings |  | ||||||
|  |  | ||||||
| To access **Settings**, an **ADMIN** user must click on the profile picture in the **header** and select **Settings** from the dropdown menu. |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| Once inside the **Settings** panel, click on the **Email** card to expand the SMTP configuration options. |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| After expanding the card, the following SMTP configuration fields will appear: |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## Configuring SMTP Server |  | ||||||
|  |  | ||||||
| The first step is to **enable SMTP** by selecting "Yes" in the **SMTP Enabled** field. |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| Once SMTP is enabled, you can configure the other necessary fields: |  | ||||||
|  |  | ||||||
| - **Sender Name** – This will appear as the sender’s name in emails. (Example: "Palmr") |  | ||||||
| - **Sender Email** – The email address from which notifications will be sent. (Example: "noreply@palmr.app") |  | ||||||
| - **SMTP Server** – The SMTP server address. You can use any email service provider. For Gmail, use `smtp.gmail.com` (this is the recommended option and set as default). |  | ||||||
| - **SMTP Port** – The server port. For Gmail, the standard port is **587**. |  | ||||||
| - **SMTP Username** – The username for the SMTP server. For Gmail, enter your email address. |  | ||||||
| - **SMTP Password** – The SMTP password. (Generate an App Password for Gmail) |  | ||||||
|  |  | ||||||
| > **Important:** If using **Gmail**, you need to generate an **App Password** instead of using your standard email password. |  | ||||||
| > For other email services, consult the official documentation of the service provider you are using. We recommend using Gmail for simplicity and limits the number of emails sent. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## Generating a Gmail App Password |  | ||||||
|  |  | ||||||
| To generate an App Password for Gmail: |  | ||||||
| 1. Go to [Google My Account](https://myaccount.google.com/). |  | ||||||
| 2. Select **Security**. |  | ||||||
| 3. Scroll down to **App Passwords**. |  | ||||||
| 4. Generate a new password specifically for Palmr. |  | ||||||
|  |  | ||||||
| For a complete guide, refer to: **[How to set up SMTP credentials with Gmail](https://medium.com/rails-to-rescue/how-to-set-up-smtp-credentials-with-gmail-for-your-app-send-email-cf236d11087d)**. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## Finalizing SMTP Configuration |  | ||||||
|  |  | ||||||
| After entering the correct information, save the settings. Palmr is now ready to send emails for password resets and share notifications! |  | ||||||
| @@ -1,161 +0,0 @@ | |||||||
| --- |  | ||||||
| title: How to Contribute |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| Thank you for your interest in contributing to the **Palmr.** project! Contributions are what make the open-source community such an amazing place to learn, inspire, and create. This guide will walk you through the process of contributing to Palmr. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Step 1: Log in to GitHub |  | ||||||
|  |  | ||||||
| Before you can contribute, you need to be logged into your GitHub account. If you don't have an account yet, you can sign up for free at **[GitHub](https://github.com/)**. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Step 2: Go to the Palmr Repository |  | ||||||
|  |  | ||||||
| Once you're logged in, go to the Palmr repository by clicking on this link: **[https://github.com/kyantech/Palmr](https://github.com/kyantech/Palmr)**. |  | ||||||
|  |  | ||||||
| Alternatively, you can search for "Palmr" in the GitHub search bar and click on the repository owned by **kyantech**. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Step 3: Fork the Repository |  | ||||||
|  |  | ||||||
| To contribute to the project, you’ll need to create your own copy of the repository. This is called a **fork**. Here’s how to do it: |  | ||||||
| 1. Click the **Fork** button at the top right of the repository page. |  | ||||||
| 2. This will create a copy of the repository under your GitHub account. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Step 4: Clone Your Forked Repository |  | ||||||
|  |  | ||||||
| Next, you’ll need to clone your forked repository to your local machine. Here’s how: |  | ||||||
| 1. On your forked repository page, click the **Code** button. |  | ||||||
| 2. Copy the repository URL (HTTPS or SSH). |  | ||||||
| 3. Open your terminal or command prompt and run the following command to clone the repository: |  | ||||||
|  |  | ||||||
|    ```bash  |  | ||||||
|    git clone <repository-url> |  | ||||||
|    ``` |  | ||||||
| 4. Navigate into the cloned directory: |  | ||||||
|  |  | ||||||
|    ```bash |  | ||||||
|    cd Palmr |  | ||||||
|    ``` |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Step 5: Set Up the `next` Branch as the Base |  | ||||||
|  |  | ||||||
| Before making changes, ensure your local repository is set up to track the `next` branch from the original Palmr repository. Here’s how: |  | ||||||
| 1. Add the original Palmr repository as a remote: |  | ||||||
|  |  | ||||||
|    ```bash |  | ||||||
|    git remote add upstream https://github.com/kyantech/Palmr.git |  | ||||||
|    ``` |  | ||||||
| 2. Fetch the latest changes from the `next` branch: |  | ||||||
|  |  | ||||||
|    ```bash |  | ||||||
|    git fetch upstream next |  | ||||||
|    ``` |  | ||||||
|  |  | ||||||
| 3. Create a new branch for your contribution based on `upstream/next`: |  | ||||||
|  |  | ||||||
|    ```bash |  | ||||||
|    git checkout -b your-branch-name upstream/next |  | ||||||
|    ``` |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Step 6: Make Your Changes |  | ||||||
|  |  | ||||||
| Now you’re ready to make your contributions! This could include: |  | ||||||
| - Fixing a bug |  | ||||||
| - Adding a new feature |  | ||||||
| - Improving documentation |  | ||||||
| - Writing tests |  | ||||||
|  |  | ||||||
| Make your changes in your local repository using your preferred code editor. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Step 7: Commit Your Changes Using Conventional Commits |  | ||||||
|  |  | ||||||
| Once you’ve made your changes, commit them to your branch using **Conventional Commits**. Conventional Commits help maintain a clean and consistent commit history. Here’s how to format your commit messages: |  | ||||||
|  |  | ||||||
| #### Commit Message Format: |  | ||||||
| `<type>(<scope>): <description>` |  | ||||||
|  |  | ||||||
| #### Examples: |  | ||||||
| - `feat: add user authentication` |  | ||||||
| - `fix(api): resolve null pointer exception` |  | ||||||
| - `docs: update README file` |  | ||||||
| - `chore: update dependencies` |  | ||||||
|  |  | ||||||
| #### Steps to Commit: |  | ||||||
| 1. Stage your changes: |  | ||||||
|  |  | ||||||
|   ```bash |  | ||||||
|   git add . |  | ||||||
|   ``` |  | ||||||
| 2. Commit your changes with a properly formatted message: |  | ||||||
|  |  | ||||||
|   ```bash |  | ||||||
|   git commit -m "feat: add new feature for user profiles" |  | ||||||
|   ``` |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Step 8: Push Your Changes to GitHub |  | ||||||
|  |  | ||||||
| After committing your changes, push them to your forked repository on GitHub: |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| git push origin your-branch-name |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Step 9: Open a Pull Request to the `next` Branch |  | ||||||
|  |  | ||||||
| Now that your changes are on GitHub, you can open a **Pull Request (PR)** to propose your changes to the `next` branch of the Palmr repository. Here’s how: |  | ||||||
| 1. Go to your forked repository on GitHub. |  | ||||||
| 2. Click the **Pull Request** button. |  | ||||||
| 3. On the PR creation page: |  | ||||||
|    - Set the **base repository** to `kyantech/Palmr`. |  | ||||||
|    - Set the **base branch** to `next`. |  | ||||||
|    - Set the **head repository** to your forked repository. |  | ||||||
|    - Set the **compare branch** to your branch (`your-branch-name`). |  | ||||||
| 4. Fill out the PR form with a clear title and description of your changes. |  | ||||||
| 5. Click **Create Pull Request**. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Step 10: Wait for Review |  | ||||||
|  |  | ||||||
| Once your PR is submitted, the maintainers will review your changes. They may provide feedback or request additional changes. Be sure to respond to their comments and make any necessary updates. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Tips for Contributing |  | ||||||
|  |  | ||||||
| To ensure your contribution is accepted, follow these tips: |  | ||||||
| - **Use Conventional Commits**: Write clear and consistent commit messages using the Conventional Commits format. |  | ||||||
| - **Keep Your PRs Small**: Focus on one issue or feature per PR to make it easier to review. |  | ||||||
| - **Be Patient**: Maintainers are often volunteers and may take some time to review your PR. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Why Contributing is Important |  | ||||||
|  |  | ||||||
| Contributing to open-source projects like Palmr has many benefits: |  | ||||||
| 1. **Improves the Project**: Your contributions help make the project better for everyone. |  | ||||||
| 2. **Builds Your Skills**: You’ll gain experience working with Git, GitHub, and collaborative coding. |  | ||||||
| 3. **Supports the Community**: Open-source thrives on community contributions. Your work helps sustain the project. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Conclusion |  | ||||||
|  |  | ||||||
| That's it! You've successfully contributed to the **🌴 Palmr.** project on GitHub. Thank you for your time and effort in making Palmr better for everyone. We appreciate your contribution!  |  | ||||||
| @@ -1,128 +0,0 @@ | |||||||
| --- |  | ||||||
| title: Creating a share |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| To create a share in Palmr, the process is very intuitive and self-explanatory. There are multiple ways to create a share, but the most straightforward method is through the **Home Page**, specifically in the **Recent Shares** section. |  | ||||||
|  |  | ||||||
| ## Home Page |  | ||||||
|  |  | ||||||
| On the home page, there is a **"Recent Shares"** section. When no shares have been created yet, this section will appear as follows: |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| Since no shares exist yet, you will see a **"Create Share"** button prominently displayed. |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| > **Note:** You don’t need to upload files to create a share! Yes, it’s entirely possible to create a share without adding any files. While this might not make sense in every scenario, some users and use cases find this feature highly valuable. |  | ||||||
|  |  | ||||||
| As mentioned above, shares in Palmr are created first with their settings, and then files can be added later. You can also edit a share at any time. |  | ||||||
|  |  | ||||||
| To create a share, simply click the **"Create Share"** button in the center of the **Recent Shares** section. Doing so will open the following **Create Share** modal: |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| Fill in the required information in the modal. The fields **Expiration Date**, **Max Views**, and **Password** are optional but significantly impact how the share functions for recipients: |  | ||||||
| - **Password:** If set, the recipient must enter the correct password to access the share. |  | ||||||
| - **Max Views:** If the limit is reached, the share will no longer be accessible unless the creator increases or removes the limit. |  | ||||||
| - **Expiration Date:** After the expiration date, the share will automatically be disabled unless extended by the creator. |  | ||||||
|  |  | ||||||
| Even the **name** field is optional, but we recommend setting a name for better organization. |  | ||||||
|  |  | ||||||
| Once a share is created, the **Recent Shares** section updates to display a table with the following fields: |  | ||||||
|  |  | ||||||
| - **Name** |  | ||||||
| - **Created At** |  | ||||||
| - **Expires At** |  | ||||||
| - **Status** |  | ||||||
| - **Security** |  | ||||||
| - **Files** |  | ||||||
| - **Recipients** |  | ||||||
| - **Actions** |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| To create additional shares, a **"New Share"** button appears in the upper right corner of the **Recent Shares** section. |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| Clicking this button will reopen the **Create Share** modal. |  | ||||||
|  |  | ||||||
| The **Recent Shares** section displays only the **last 5 shares**. To view all created shares, click the **"View All"** button. |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| Clicking this redirects you to the **Shares Management** page. |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| Another way to access the **Shares Management** page is by clicking the **"My Shares"** card on the home page. |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## Shares Management Page |  | ||||||
|  |  | ||||||
| The **Shares Management** page is similar to the **Uploads Management** page, but here, you can **add, remove, edit, and view all created shares** without the limitation of only displaying the last 5 shares. |  | ||||||
|  |  | ||||||
| ##### Each share has an **Actions** column with the following options: |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| ## Edit Share |  | ||||||
|  |  | ||||||
| Clicking the **Edit** button allows you to modify the share details. |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| ## Manage Files |  | ||||||
|  |  | ||||||
| Clicking the **Manage Files** button lets you add or remove files from the share. |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| ## Manage Recipients |  | ||||||
|  |  | ||||||
| Clicking the **Manage Recipients** button lets you add or remove recipients for the share. |  | ||||||
|  |  | ||||||
| > **Note:** Email notifications will only be sent if SMTP settings are properly configured in the system. |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| ## View Share Details |  | ||||||
|  |  | ||||||
| Clicking **View Details** lets you see all details of a share. |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| ## Generate Share Link |  | ||||||
|  |  | ||||||
| Clicking the **Generate Link** button creates a shareable link, which can be customized. |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| Once generated, you can view and copy the link. |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| The generated link can be edited or copied from a dropdown menu. |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| When the generated link is accessed, the recipient can **view and download** the shared files. |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| ## Delete Share |  | ||||||
|  |  | ||||||
| Clicking the **Delete** button allows you to permanently remove a share. |  | ||||||
|  |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## Summary |  | ||||||
|  |  | ||||||
| Palmr’s share creation process is intuitive and flexible. You can create a share without files, edit share settings, manage recipients, and generate shareable links. The **Shares Management** page provides a full overview of all shares, ensuring you have complete control over your file-sharing process. |  | ||||||
| @@ -1,77 +0,0 @@ | |||||||
| --- |  | ||||||
| title: Github Sponsors |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| Sponsoring a project on GitHub is a powerful way to support its development and ensure its long-term sustainability. This tutorial will guide you through the process of sponsoring the **Palmr.** project on GitHub using GitHub Sponsors. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Step 1: Log in to GitHub |  | ||||||
|  |  | ||||||
| Before you can star a project, you need to be logged into your GitHub account. If you don't have an account yet, you can sign up for free at [GitHub](https://github.com/). |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Step 2: Go to the Palmr. Repository |  | ||||||
|  |  | ||||||
| Once you're logged in, go to the Palmr. repository by clicking on this link: [https://github.com/kyantech/Palmr](https://github.com/kyantech/Palmr). |  | ||||||
|  |  | ||||||
| Alternatively, you can search for "Palmr" in the GitHub search bar and click on the repository owned by **Kyantech**. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Step 3: Click on the "Sponsor" Button |  | ||||||
|  |  | ||||||
| On the Palmr repository page, you'll see a "Sponsor" button at the top right corner of the page. Click this button to proceed. |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Step 4: Choose a Custom Sponsorship Amount |  | ||||||
|  |  | ||||||
| GitHub Sponsors allows you to sponsor the project with a **custom amount starting at $1**. Here's how to do it: |  | ||||||
| 1. On the sponsorship page, look for the option to **enter a custom amount**. |  | ||||||
| 2. Type in the amount you'd like to sponsor (e.g., $1, $5, $10, or any amount you choose). |  | ||||||
| 3. Select the billing frequency (monthly or one-time). |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Step 5: Complete the Sponsorship |  | ||||||
|  |  | ||||||
| After entering your custom amount and selecting the billing frequency, you'll be prompted to enter your payment details. Follow the instructions to complete the sponsorship process. Once done, you'll officially be a sponsor of the Palmr project! |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Why Sponsoring is Important for Project Development |  | ||||||
|  |  | ||||||
| Sponsoring a project goes beyond starring—it provides direct financial support to the developers, enabling them to focus on improving and maintaining the project. Here's why sponsoring is so important: |  | ||||||
|  |  | ||||||
| #### 1. **Supports Sustainability** |  | ||||||
|    - Sponsoring helps ensure the long-term sustainability of the project by providing developers with the resources they need to continue their work. |  | ||||||
|  |  | ||||||
| #### 2. **Encourages Innovation** |  | ||||||
|    - Financial support allows developers to experiment, innovate, and add new features to the project. |  | ||||||
|  |  | ||||||
| #### 3. **Shows Deep Appreciation** |  | ||||||
|    - Sponsoring is a tangible way to show your appreciation for the hard work and effort that goes into maintaining and developing a project. |  | ||||||
|  |  | ||||||
| #### 4. **Gives You Recognition** |  | ||||||
|    - Many projects offer recognition for sponsors, such as listing your name or company on the project's README or website. |  | ||||||
|  |  | ||||||
| #### 5. **Helps Open Source Thrive** |  | ||||||
|    - Open-source projects like Palmr rely on community support. By sponsoring, you're contributing to the growth and success of the open-source ecosystem. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### A Meaningful Way to Give Back |  | ||||||
| Sponsoring a project is a meaningful way to give back to the developers who create the tools and software you rely on. Even a small contribution of **$1** can make a big difference. Your support ensures that Palmr continues to grow and improve. Thank you for considering sponsoring! 💖 |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Conclusion |  | ||||||
|  |  | ||||||
| That's it! You've successfully sponsored the **Palmr** project on GitHub. Your contribution, no matter the amount, will help ensure the project continues to grow and improve. Thank you for your support! |  | ||||||
| @@ -1,72 +0,0 @@ | |||||||
| --- |  | ||||||
| title: Star this project on Github |  | ||||||
| --- |  | ||||||
|  |  | ||||||
|  Starring a project on GitHub is a great way to show appreciation for a repository and to bookmark it for easy access later. This tutorial will guide you through the process of starring the **Palmr** project on GitHub. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Step 1: Log in to GitHub |  | ||||||
|  |  | ||||||
| Before you can star a project, you need to be logged into your GitHub account. If you don't have an account yet, you can sign up for free at [GitHub](https://github.com/). |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Step 2: Go to the Palmr. Repository |  | ||||||
|  |  | ||||||
| Once you're logged in, go to the Palmr. repository by clicking on this link: [https://github.com/kyantech/Palmr](https://github.com/kyantech/Palmr). |  | ||||||
|  |  | ||||||
| Alternatively, you can search for "Palmr" in the GitHub search bar and click on the repository owned by **Kyantech**. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Step 3: Star the Repository |  | ||||||
|  |  | ||||||
| On the Palmr. repository page, you'll see a "Star" button at the top right corner of the page. Click this button to star the repository. |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Step 4: Confirm the Star |  | ||||||
|  |  | ||||||
| After clicking the "Star" button, the button will change to "Unstar," indicating that the repository has been successfully starred. You can always unstar the repository by clicking the "Unstar" button. |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Why Starring is Important for Project Development |  | ||||||
|  |  | ||||||
| Starring a repository on GitHub is more than just a bookmarking tool—it’s a way to support the project and its developers. Here’s why starring is so important: |  | ||||||
|  |  | ||||||
| #### 1. **Shows Appreciation** |  | ||||||
|    - Starring a repository is a simple way to show your appreciation for the hard work and effort that goes into maintaining and developing a project. It’s like giving a thumbs-up to the developers! |  | ||||||
|  |  | ||||||
| #### 2. **Increases Visibility** |  | ||||||
|    - The more stars a repository has, the more visible it becomes on GitHub. This can attract more contributors, users, and even potential sponsors, which helps the project grow. |  | ||||||
|  |  | ||||||
| #### 3. **Encourages Developers** |  | ||||||
|    - Seeing stars on a repository motivates developers to continue improving the project. It’s a sign that people find the project useful and valuable. |  | ||||||
|  |  | ||||||
| #### 4. **Helps with Discovery** |  | ||||||
|    - GitHub’s trending and recommendation algorithms often prioritize repositories with more stars. By starring Palmr, you’re helping others discover it more easily. |  | ||||||
|  |  | ||||||
| #### 5. **Tracks Your Interests** |  | ||||||
|    - Starring a repository adds it to your "Starred" list, making it easy for you to find and revisit the project later. It’s a great way to keep track of projects you love or want to follow. |  | ||||||
|  |  | ||||||
| #### 6. **Supports Open Source** |  | ||||||
|    - Open-source projects like Palmr thrive on community support. By starring the repository, you’re contributing to the open-source ecosystem and helping ensure the project’s longevity. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### A Small Action with a Big Impact |  | ||||||
| Starring a repository takes just a second, but it can have a huge impact on the project’s growth and development. Your support means a lot to the developers and the community behind Palmr. So, if you find the project useful, don’t forget to hit that **Star** button! ⭐ |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Conclusion |  | ||||||
|  |  | ||||||
| That's it! You've successfully starred the **Palmr.** project on GitHub. Starring repositories is a simple yet powerful way to keep track of projects you find interesting or useful. Thank you for supporting Palmr! |  | ||||||
|  |  | ||||||
| @@ -1,80 +0,0 @@ | |||||||
| --- |  | ||||||
| title: Github Architecture |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## Project Structure |  | ||||||
|  |  | ||||||
| ```plaintext |  | ||||||
| ├── apps/ |  | ||||||
| │   ├── web/         # Frontend application |  | ||||||
| │   ├── server/      # Backend API service |  | ||||||
| │   └── docs/        # Documentation site |  | ||||||
| └── composes/        # Docker compose configurations |  | ||||||
| configurations |  | ||||||
|  ``` |  | ||||||
|  |  | ||||||
|  |  | ||||||
| ## Core Components |  | ||||||
| ### 1. Frontend Application (apps/web) |  | ||||||
| ##### Technology Stack: |  | ||||||
|   - React 18 |  | ||||||
|   - TypeScript |  | ||||||
|   - Vite |  | ||||||
|   - HeroUI Components |  | ||||||
|   - TailwindCSS |  | ||||||
|   - i18next for internationalization |  | ||||||
|  |  | ||||||
|  |  | ||||||
| ##### The frontend follows a feature-based architecture with: |  | ||||||
|  |  | ||||||
| - Components-based structure |  | ||||||
| - Custom hooks for business logic |  | ||||||
| - Route protection system |  | ||||||
| - File management system |  | ||||||
| - Modal system for file operations |  | ||||||
|  |  | ||||||
| ### 2. Backend Service (apps/server) |  | ||||||
| ##### Technology Stack: |  | ||||||
|   - Fastify |  | ||||||
|   - PostgreSQL |  | ||||||
|   - MinIO for object storage |  | ||||||
|   - Prisma as ORM |  | ||||||
|  |  | ||||||
| ##### Key features include: |  | ||||||
| - User authentication/authorization |  | ||||||
| - File management |  | ||||||
| - Storage management |  | ||||||
| - Share system |  | ||||||
|  |  | ||||||
| ### 3. Documentation (apps/docs) |  | ||||||
| - Built with Astro and Starlight |  | ||||||
| - Provides comprehensive documentation for the project |  | ||||||
|  |  | ||||||
| ### 4. Infrastructure |  | ||||||
| - Docker-based deployment |  | ||||||
| - Containerized services |  | ||||||
| - Environment-specific configurations through docker-compose |  | ||||||
|  |  | ||||||
| ## Key Features |  | ||||||
| ##### 1. File Management |  | ||||||
|     |  | ||||||
|    - Upload/Download capabilities |  | ||||||
|    - File preview system |  | ||||||
|    - Share management |  | ||||||
|    - Storage usage monitoring |  | ||||||
|  |  | ||||||
| ##### 2. User System |  | ||||||
|     |  | ||||||
|    - Authentication |  | ||||||
|    - User management |  | ||||||
|    - Profile management |  | ||||||
|  |  | ||||||
| ##### 3. Storage System |  | ||||||
|     |  | ||||||
|    - MinIO integration for object storage |  | ||||||
|    - Disk space monitoring |  | ||||||
|    - Upload size validation |  | ||||||
| ##### 4. Internationalization |  | ||||||
|     |  | ||||||
|    - Multi-language support |  | ||||||
|    - Translation management |  | ||||||
| @@ -1,42 +0,0 @@ | |||||||
| --- |  | ||||||
| title: Welcome to Palmr. |  | ||||||
| --- |  | ||||||
|  |  | ||||||
|   |  | ||||||
|  |  | ||||||
| ## 🌴 What is **Palmr.** ?    |  | ||||||
| ___ |  | ||||||
| **Palmr.** is a powerful and **flexible open-source alternative** to popular file transfer services like **WeTransfer**, **SendGB**, **Send Anywhere** and **Files.fm**. The key advantage of Palmr. is that you can **host it on your own infrastructure**, such as a **dedicated server** or **VPS**, giving you full control over your files and data security — without relying on third-party services or worrying about artificial limits or high fees.   |  | ||||||
|  |  | ||||||
| ## **Why Choose Palmr.?**   |  | ||||||
| ___ |  | ||||||
| ### **1. No Artificial Limits**   |  | ||||||
| Unlike traditional services, Palmr. does not impose file size or quantity limits. The only limit is the **available storage** on your server or VPS. If you have the storage capacity, you can send files without restrictions, no premium plans, no ads, and no hidden fees.   |  | ||||||
|  |  | ||||||
| ### **2. Open Source and Free**   |  | ||||||
|  |  | ||||||
| Palmr. is completely **open source** and free to use. You can:   |  | ||||||
| - Deploy it on any infrastructure (VPS, dedicated server, Docker, etc.).   |  | ||||||
| - Review and audit the code to ensure security and integrity.   |  | ||||||
| - Contribute improvements or custom features.   |  | ||||||
| - Adapt it for different use cases as needed.   |  | ||||||
|  |  | ||||||
| ### **3. Security and Privacy Under Your Control**   |  | ||||||
| By hosting Palmr. on your own infrastructure, you retain **full control over your data**. Your files are not stored or processed by third parties, ensuring **privacy** and **confidentiality** of transferred information.   |  | ||||||
|  |  | ||||||
| ### **4. Highly Customizable**   |  | ||||||
| Palmr. is fully customizable, allowing you to align it with your brand identity and user experience:   |  | ||||||
| - Add your own **logo**.   |  | ||||||
| - Set a **custom app name**.   |  | ||||||
| - Configure an **SMTP server** for email notifications.   |  | ||||||
| - Customize some text to create a unique experience for users.   |  | ||||||
|  |  | ||||||
| ### **5. Complete User and Admin Management**   |  | ||||||
| Palmr. offers a robust user and admin management system:   |  | ||||||
| - Create and manage multiple **administrators** .   |  | ||||||
| - Add unlimited **users**.   |  | ||||||
| - Control who can view, upload, and manage files.   |  | ||||||
| - Easily monitor usage.   |  | ||||||
|  |  | ||||||
| ### **6. Fast, Lightweight, and Scalable**   |  | ||||||
| Palmr. is designed to be lightweight and scalable, ensuring high performance even with large files or high user traffic. Its efficient architecture allows you to scale easily as your needs grow.   |  | ||||||
| @@ -1,135 +0,0 @@ | |||||||
| --- |  | ||||||
| title: Installation (Docker Compose) |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| import { Tab, Tabs } from 'fumadocs-ui/components/tabs'; |  | ||||||
|  |  | ||||||
| ### Quick Start with Default Docker Compose |  | ||||||
|  |  | ||||||
| There is a default `docker-compose.yml` file in the project root that can be used for quick execution. While this provides a convenient way to get started, it's important to note that using the default passwords is **not secure**, especially if the application is exposed to public networks. Malicious users could potentially exploit known default credentials to attack your deployment. |  | ||||||
|  |  | ||||||
| This base Docker Compose configuration works perfectly for localhost development but may require modifications when deployed to a VPS or production environment for optimal performance and security. Please consult the complete documentation for proper production deployment configurations. |  | ||||||
|  |  | ||||||
| For a quick start using the default configuration, simply run: |  | ||||||
| ```bash |  | ||||||
| docker compose up -d |  | ||||||
| ``` |  | ||||||
| This command will start the project using the default configuration. |  | ||||||
|  |  | ||||||
| > ⚠️ **Important:** We strongly recommend testing your configuration locally first, especially if you've made any modifications to the Docker Compose files. Only after confirming everything works as expected locally should you proceed with deployment to a VPS or server environment. |  | ||||||
|  |  | ||||||
| ### Startup Script for Docker Compose |  | ||||||
|  |  | ||||||
| To simplify the execution of the project and enable it to run on any machine, a **startup script** for Docker Compose was created. This script automates the generation of secure credentials and facilitates local setup. While this method provides better security than using default passwords, for maximum security, we strongly recommend moving all sensitive credentials to environment variables instead. |  | ||||||
|  |  | ||||||
| To execute the project using this approach, you need to have **Docker** and **Docker Compose** installed on your machine. While this is the simplest way to execute the project, it is **not recommended for production environments**.   |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Ways to Execute the Startup Script   |  | ||||||
|  |  | ||||||
| First of all, download the relase v1.1.7-beta:  |  | ||||||
| [Release version - 1.1.7-beta](https://github.com/kyantech/Palmr/releases/tag/v1.1.7-beta) |  | ||||||
|  |  | ||||||
| There are two ways to execute the script:   |  | ||||||
|  |  | ||||||
| <Tabs items={['Using a Makefile', 'Running the Script Directly']}> |  | ||||||
|   <Tab > |  | ||||||
|     To use this method, you need to have the `make` command installed on your machine. |  | ||||||
|      |  | ||||||
|     To generate the new `docker-compose.yml` file using a Makefile, run the following command from the project root:   |  | ||||||
|  |  | ||||||
|     ```bash |  | ||||||
|     make gen-compose |  | ||||||
|     ``` |  | ||||||
|  |  | ||||||
|     This command will subcribe the `docker-compose.yml` file in the root of the project.   |  | ||||||
|     - The script's primary function is to generate secure passwords for **MinIO** (object storage) and **Postgres** (database).   |  | ||||||
|     - The generated `docker-compose.yml` file serves as a base and can be modified at any time.   |  | ||||||
|     - It is configured to run locally via `localhost` and is **not intended for production** or VPS environments.   |  | ||||||
|  |  | ||||||
|     After the file is generated, you can modify or adapt it for deployment in other environments.   |  | ||||||
|   </Tab> |  | ||||||
|   <Tab > |  | ||||||
|     To generate the `docker-compose.yml` file by running the script directly, use the following commands:   |  | ||||||
|  |  | ||||||
|     ```bash |  | ||||||
|     chmod +x ./scripts/generate-docker-compose.sh   |  | ||||||
|     ./scripts/generate-docker-compose.sh   |  | ||||||
|     ``` |  | ||||||
|  |  | ||||||
|     This will have the same effect as running `make gen-compose`.   |  | ||||||
|   </Tab> |  | ||||||
| </Tabs> |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Running the Project   |  | ||||||
| After generating the new `docker-compose.yml` file, you can start the project by running the following command from the project root:   |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| docker compose up -d |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| To access Palmr. in a local environment, open your browser and visit:   |  | ||||||
|  |  | ||||||
| [http://localhost:4173](http://localhost:4173)   |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Deployment in Production   |  | ||||||
| For production environments with high scalability and availability requirements, we recommend using **Kubernetes**, **Docker Swarm**, or a similar container orchestrator.   |  | ||||||
|  |  | ||||||
| For homelab, personal projects, or environments where high availability and scalability are not critical, Docker Compose can be used without issues. The `docker-compose.yml` file pulls the latest Palmr. images from Docker and makes them available on specific ports, as shown below:   |  | ||||||
|  |  | ||||||
| - **Frontend:** [http://localhost:4173](http://localhost:4173)   |  | ||||||
| - **Backend:** [http://localhost:3333](http://localhost:3333)   |  | ||||||
| - **MinIO API:** [http://localhost:9000](http://localhost:9000)   |  | ||||||
| - **MinIO Console:** [http://localhost:9001](http://localhost:9001)   |  | ||||||
| - **Postgres Database:** [http://localhost:5423](http://localhost:5423)   |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Port Configuration Recommendations   |  | ||||||
| In this version of `docker-compose.yml`, none of the ports for the frontend and backend should be modified. Consequently, none of the URLs should be changed because the frontend image contains a pre-built version configured to work on port **4173**.   |  | ||||||
|  |  | ||||||
| > ⚠️ Due to technical limitations related to **ReactJS**, environment variables executed at runtime cannot be changed. Therefore, to ensure that the system functions correctly as designed, keep the `docker-compose.yml` file unchanged.   |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Running in Development Mode   |  | ||||||
| If you want to modify the ports in a local environment and run the project using Docker with Docker Compose, we recommend using the `docker-compose-dev.yaml` file. This file builds the project based on the files in the cloned repository.   |  | ||||||
|  |  | ||||||
| When using `docker-compose-dev.yaml`, make sure to configure all port and URL settings correctly. Incorrect configuration will prevent Palmr. from functioning as expected.   |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Docker Compose in Production Environments   |  | ||||||
| We **do not recommend** using `docker-compose.yml` in production or VPS environments. Docker Compose is designed for development and testing purposes only, not for handling production workloads.   |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Recommended Deployment for Production   |  | ||||||
| For production environments, we recommend using **Kubernetes**. However, the repository does not include a ready-to-use Kubernetes configuration, so you will need to configure it manually.   |  | ||||||
|  |  | ||||||
| Alternatively, you can set up the application using separate services as follows:   |  | ||||||
|  |  | ||||||
| - **Frontend:** Host on **Vercel** or **AWS Amplify**.   |  | ||||||
| - **Backend:** Host on **Render.com** or similar services.   |  | ||||||
| - **MinIO:** Deploy separately on a server using Docker.   |  | ||||||
| - **Database:** Host on a managed service like **Neon.tech**.   |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Environment Variables   |  | ||||||
| The Palmr. code is completely open-source, allowing you to adjust the deployment to meet your needs. Ensure that the environment variables are correctly configured to avoid issues during execution.   |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Additional Resources |  | ||||||
|  |  | ||||||
| - [Docker Documentation](https://docs.docker.com/) |  | ||||||
| - [Docker Compose Documentation](https://docs.docker.com/compose/) |  | ||||||
| - [Kubernetes Documentation](https://kubernetes.io/docs/) |  | ||||||
| - [MinIO Documentation](https://min.io/docs/minio/container/index.html) |  | ||||||
| - [PostgreSQL Documentation](https://www.postgresql.org/docs/) |  | ||||||
| @@ -1,104 +0,0 @@ | |||||||
| --- |  | ||||||
| title: First Login (Admin) |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| Once you have started all the services as described in the deployment instructions, you will be able to access the frontend at:   |  | ||||||
|  |  | ||||||
| - **Production environment:** `{your_web_domain}`   |  | ||||||
| - **Local environment:** [http://localhost:4173](http://localhost:4173)   |  | ||||||
|  |  | ||||||
| Upon accessing the frontend, you will see a screen similar to the image below:   |  | ||||||
|  |  | ||||||
|    |  | ||||||
|  |  | ||||||
| This is the **Palmr. landing page**, which provides basic information about the application. This landing page can be hidden later when you configure your app, allowing the login page to become the default home page. However, on the first execution, it is displayed by default.   |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## First Login   |  | ||||||
|  |  | ||||||
| At the top of the landing page, you will see a button to log in to Palmr.:   |  | ||||||
|  |  | ||||||
| > **But you may wonder:**  |  | ||||||
|  |  | ||||||
| To simplify the process, Palmr. comes pre-configured with **seed data** upon the first initialization. This seed data includes a default **admin user** with full access to all settings and user management within the application.   |  | ||||||
|  |  | ||||||
| After clicking the **Login** button, you will be redirected to the login screen, which looks like this:   |  | ||||||
|  |  | ||||||
|    |  | ||||||
|  |  | ||||||
| Use the following default credentials to log in for the first time:   |  | ||||||
|  |  | ||||||
| | User       | Password   | |  | ||||||
| |------------|------------| |  | ||||||
| | `admin@example.com` | `admin123` |   |  | ||||||
|  |  | ||||||
| If everything is set up correctly, you will be authenticated and redirected to Palmr.'s main dashboard, which looks like this:   |  | ||||||
|  |  | ||||||
|    |  | ||||||
|  |  | ||||||
| At this point, you are officially logged in and ready to start using all the features of Palmr.!   |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## Recommendations After First Access   |  | ||||||
|  |  | ||||||
| Since Palmr. includes a single default admin user in the seed data, it is **highly recommended** to change the default admin credentials immediately after the first login. This is crucial for maintaining the security of your instance.   |  | ||||||
|  |  | ||||||
| Follow these steps to update the admin credentials and secure your Palmr. instance:   |  | ||||||
|  |  | ||||||
| ### Step 1: Access the Profile Settings   |  | ||||||
| 1. Click the **user icon** located in the top right corner of the screen.   |  | ||||||
| 2. A dropdown menu will appear with several options:   |  | ||||||
|  |  | ||||||
|    |  | ||||||
|  |  | ||||||
| 3. Select **"Profile"** from the dropdown menu. This will redirect you to the profile settings page:   |  | ||||||
|  |  | ||||||
|    |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Step 2: Update the Admin Profile   |  | ||||||
| On the profile settings page, you can update all the information related to the admin account.   |  | ||||||
|  |  | ||||||
| - To update the password, enter a new secure password and confirm it.   |  | ||||||
| - Update other details as needed based on your preferences.   |  | ||||||
|  |  | ||||||
| **Tip:** For better security, use a strong password containing:   |  | ||||||
| - At least 12 characters   |  | ||||||
| - A mix of uppercase and lowercase letters   |  | ||||||
| - Numbers and special characters   |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Step 3: Update the Profile Picture   |  | ||||||
| You can also update the profile picture for better personalization.   |  | ||||||
|  |  | ||||||
| 1. Click the **camera icon** next to the avatar.   |  | ||||||
| 2. Select an image from your local device.   |  | ||||||
|  |  | ||||||
|    |  | ||||||
|  |  | ||||||
| > **Recommendation:** Use a square image to ensure proper display.   |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## Troubleshooting   |  | ||||||
|  |  | ||||||
| If you encounter any issues during the first login or profile update, please check the following:   |  | ||||||
| - Ensure that all services (frontend, backend, MinIO, and database) are running correctly.   |  | ||||||
| - Make sure the environment variables are properly configured.   |  | ||||||
| - Confirm that the database seeds have been applied correctly.   |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## Security Best Practices   |  | ||||||
|  |  | ||||||
| - After setting up your admin account, create separate user accounts with limited access based on roles.   |  | ||||||
| - Use HTTPS to secure the connection between the client and the server.   |  | ||||||
| - Regularly update the Palmr. instance to benefit from the latest security patches and improvements.   |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
|  |  | ||||||
| @@ -1,85 +0,0 @@ | |||||||
| --- |  | ||||||
| title: Manage users |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| Manage users to **Palmr** is a straightforward process. Below is a detailed step-by-step guide explaining how to create and manage users within the application. |  | ||||||
|  |  | ||||||
|  |  | ||||||
| ### Step 1: Accessing User Management |  | ||||||
|  |  | ||||||
| To begin, you need to navigate to the **User Management** section: |  | ||||||
|  |  | ||||||
| 1. Click on the **user icon** located in the header of the app. |  | ||||||
| 2. A dropdown menu will appear. From the options available, select **"User Management"** |  | ||||||
|  |  | ||||||
|   |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Step 2: User Management Dashboard |  | ||||||
|  |  | ||||||
| After selecting **User Management**, you will be redirected to the **User Management Dashboard**.  |  | ||||||
|  |  | ||||||
| - On your first access, the only user listed will be the **default Admin** user. |  | ||||||
| - If you need to update the Admin user details, you must follow the steps outlined in the **Profile Management** section.   |  | ||||||
| - User details for the logged-in Admin cannot be modified from the **User Management Dashboard**. |  | ||||||
|  |  | ||||||
|   |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Step 3: Adding a New User |  | ||||||
|  |  | ||||||
| 1. To add a new user, click on the **"Add User"** button located at the top right corner of the screen. |  | ||||||
|  |  | ||||||
|   |  | ||||||
|  |  | ||||||
| 2. A modal form will appear, allowing you to enter the new user's details: |  | ||||||
|  |  | ||||||
|   |  | ||||||
|  |  | ||||||
| 3. After filling in the user details, click on **"Create"** to confirm.   |  | ||||||
|    Alternatively, you can click **"Cancel"** to abort the user creation process. |  | ||||||
|  |  | ||||||
| 4. Once the user is created successfully, it will appear in the user list. |  | ||||||
|  |  | ||||||
|   |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Step 4: Managing User Actions |  | ||||||
|  |  | ||||||
| In the **User List**, under the **"Actions"** column, you will find a dropdown menu for each user. |  | ||||||
|  |  | ||||||
|   |  | ||||||
|  |  | ||||||
|  |  | ||||||
| Available actions include: |  | ||||||
|  |  | ||||||
| - **Edit User** – Opens a modal form to update user information: |  | ||||||
|    - Change user details including role. |  | ||||||
|    - Change the user password. |  | ||||||
|  |  | ||||||
|   |  | ||||||
|  |  | ||||||
| - **Deactivate User** – Marks the user as inactive, preventing them from logging into the system. |  | ||||||
| - **Activate User** – Reactivates a deactivated user, allowing them to log in again. |  | ||||||
| - **Delete User** – Permanently removes the user from the system. |  | ||||||
|  |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Troubleshooting |  | ||||||
|  |  | ||||||
| #### User Creation Fails |  | ||||||
| - Ensure all mandatory fields (name, email, role) are filled out correctly. |  | ||||||
| - Check for duplicate emails. |  | ||||||
| - Verify that the system has proper connectivity to the backend. |  | ||||||
|  |  | ||||||
| #### User Cannot Log In |  | ||||||
| - Ensure the user is marked as **Active**. |  | ||||||
| - Verify that the correct email and password are being used. |  | ||||||
| - Reset the user password if needed. |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| @@ -1,170 +0,0 @@ | |||||||
| --- |  | ||||||
| title: Manual Installation |  | ||||||
| --- |  | ||||||
| Manual installation is a bit more complex and labor-intensive compared to installation via Docker Compose. However, by following this step-by-step guide, you can execute the project cleanly. |  | ||||||
|  |  | ||||||
| It's worth noting that even though our frontend and backend are run manually, we will still need to use Docker or another third-party service to run Postgres and MinIO. In this tutorial, we will use Docker with Docker Compose to set up MinIO and Postgres. |  | ||||||
|  |  | ||||||
| For this, within our `apps/server` directory, we already have a Docker Compose file that runs MinIO and Postgres, which are necessary for the application to function. However, feel free to use another service if you prefer. Once again, we are using Docker Compose to reduce the manual effort required to set up these services, especially third-party services like Postgres and MinIO. |  | ||||||
|  |  | ||||||
| Now, let's proceed with the step-by-step guide. |  | ||||||
|  |  | ||||||
| ## Prerequisites |  | ||||||
|  |  | ||||||
| Before we begin, we need to have the following tools installed in our environment: |  | ||||||
|  |  | ||||||
| - Docker |  | ||||||
| - Docker Compose |  | ||||||
| - Node.js |  | ||||||
| - pnpm |  | ||||||
| - Git |  | ||||||
|  |  | ||||||
| It's important to emphasize that the entire repository was written using the `pnpm` package manager. Therefore, it is highly recommended to use `pnpm` to run the services to avoid potential issues. However, if you prefer to use another package manager like `npm`, `yarn`, or `bun`, you may do so at your own risk. The system might work normally, but it could also present unknown and unmapped errors when using other package managers. So, we strongly recommend using `pnpm`. |  | ||||||
|  |  | ||||||
| ## Running the Application |  | ||||||
|  |  | ||||||
| ### Step 1: Clone the Repository |  | ||||||
|  |  | ||||||
| First, clone the official repository: |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| git clone https://github.com/kyantech/Palmr.git |  | ||||||
| ``` |  | ||||||
| In the root of this repository, you will find a folder called apps. Inside this folder, there are three subfolders: docs, server, and web. For now, we are interested in the server and web folders, which contain our backend (written in Fastify) and frontend (written in React + Vite), respectively. |  | ||||||
|  |  | ||||||
| ### Step 2: Set Up Backend Services |  | ||||||
| Navigate to the backend folder, where the Docker Compose file for MinIO and Postgres is located: |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| cd ./apps/server |  | ||||||
| ``` |  | ||||||
| Inside this folder, you can start by running: |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| docker compose up -d |  | ||||||
| ``` |  | ||||||
| This command will run Postgres and MinIO in the background. If you need to make any changes, the file being executed with docker compose up is located at `apps/server/docker-compose.yaml`. However, we recommend using the default settings for the first run and making changes only after you have a functional version of the base code. |  | ||||||
|  |  | ||||||
| ### Step 3: Set Up Backend |  | ||||||
|  |  | ||||||
| With MinIO and Postgres running via Docker Compose, let's proceed to the next steps, which involve running the project itself. Here, we will build and run the project in production mode, not development mode. To do this, we need to build both the backend and frontend applications. |  | ||||||
|  |  | ||||||
| Since we are already in the server folder, let's start with the backend. |  | ||||||
|  |  | ||||||
| #### 3.1: Set Up Environment Variables |  | ||||||
|  |  | ||||||
| We need some environment variables for Palmr to run successfully. For this, we will use the `.env.example` file provided in the repository as a base. |  | ||||||
|  |  | ||||||
| Simply run: |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| cp .env.example .env |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| This command copies the necessary environment variables to a `.env` file in the root directory. |  | ||||||
|  |  | ||||||
| #### 3.2: Install Dependencies |  | ||||||
| Next, we need to initialize the database connected directly to Postgres via Prisma, our ORM. But for Prisma to work, we need to install the dependencies for our backend project. With Node and pnpm installed, run: |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| pnpm install |  | ||||||
| ``` |  | ||||||
| #### 3.3: Generate Prisma Client |  | ||||||
| After the installation is complete, run the following command: |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| pnpm dlx prisma generate |  | ||||||
| ``` |  | ||||||
| The prisma generate command generates the Prisma client for the project. This client allows programmatic access to the database. |  | ||||||
|  |  | ||||||
| #### 3.4: Deploy Prisma Migrations |  | ||||||
| Once the generation is complete, run: |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| pnpm dlx prisma migrate deploy |  | ||||||
| ``` |  | ||||||
| The prisma migrate deploy command deploys the Prisma migration. |  | ||||||
|  |  | ||||||
| #### 3.5: Seed the Database |  | ||||||
| After the migration is deployed, we can seed the database to populate the initial tables with the following command: |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| pnpm db:seed |  | ||||||
| ``` |  | ||||||
| Now, our database is ready for the project to run. |  | ||||||
|  |  | ||||||
| #### 3.6: Build and Run the Backend |  | ||||||
| To run the backend, simply execute: |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| pnpm run build |  | ||||||
| ``` |  | ||||||
| This command builds the application for production. After the build is complete, run: |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| pnpm start |  | ||||||
| ``` |  | ||||||
| Following these steps, the backend will be functional. To test it, you can access: |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| http://localhost:3333/docs |  | ||||||
| ``` |  | ||||||
| This is the API documentation page. |  | ||||||
|  |  | ||||||
| ### Step 4: Set Up Frontend |  | ||||||
| The frontend setup is similar to the backend, but we don't need to run any Docker containers—only the service itself. |  | ||||||
|  |  | ||||||
| #### 4.1: Navigate to the Frontend Directory |  | ||||||
| If you are in the server folder: |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| cd ../web |  | ||||||
| ``` |  | ||||||
| If you are in the root of the repository: |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| cd apps/web |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| #### 4.2: Set Up Environment Variables |  | ||||||
| Once in the web directory, first run: |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| cp .env.example .env |  | ||||||
| ``` |  | ||||||
| This populates the environment variables, just like in the backend. |  | ||||||
|  |  | ||||||
| #### 4.3: Install Dependencies |  | ||||||
| Next, install the dependencies: |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| pnpm install |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| #### 4.4: Build and Run the Frontend |  | ||||||
| Now, the process for the frontend is simpler. We can simply run the build with: |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| pnpm run build |  | ||||||
| ``` |  | ||||||
| Once the build is complete, start the service with: |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| pnpm preview |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| Wait for the service to start, and then you can test the entire application at: |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| http://localhost:4173 |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| ##### Conclusion |  | ||||||
| That's it! This is the step-by-step guide to manually running a production version of Palmr. |  | ||||||
|  |  | ||||||
| ### Useful Links |  | ||||||
|  |  | ||||||
| - [Docker Documentation](https://docs.docker.com/) |  | ||||||
| - [Node.js Documentation](https://nodejs.org/en/docs/) |  | ||||||
| - [pnpm Documentation](https://pnpm.io/) |  | ||||||
| - [Prisma Documentation](https://www.prisma.io/docs/) |  | ||||||
| @@ -1,28 +0,0 @@ | |||||||
| { |  | ||||||
|   "title": "v1.1.7-beta", |  | ||||||
|   "description": "(Deprecated)", |  | ||||||
|   "root": true, |  | ||||||
|   "icon": "Trash2", |  | ||||||
|   "pages": [ |  | ||||||
|     "---Introduction---", |  | ||||||
|     "index", |  | ||||||
|     "architecture", |  | ||||||
|     "github-architecture", |  | ||||||
|     "installation", |  | ||||||
|     "manual-installation", |  | ||||||
|     "api", |  | ||||||
|     "---How to use Palmr.---", |  | ||||||
|     "login", |  | ||||||
|     "manage-users", |  | ||||||
|     "upload", |  | ||||||
|     "generate-share", |  | ||||||
|     "configuring-smtp", |  | ||||||
|     "available-languages", |  | ||||||
|     "---Developers---", |  | ||||||
|     "contribute", |  | ||||||
|     "open-an-issue", |  | ||||||
|     "---Sponsor this project---", |  | ||||||
|     "gh-star", |  | ||||||
|     "gh-sponsor" |  | ||||||
|   ] |  | ||||||
| } |  | ||||||
| @@ -1,81 +0,0 @@ | |||||||
| --- |  | ||||||
| title: How to open an issue |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| Opening an issue on GitHub is a great way to report bugs, request features, or ask questions about a project. This tutorial will guide you through the process of opening an issue for the **Palmr.** project on GitHub. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Step 1: Log in to GitHub |  | ||||||
|  |  | ||||||
| Before you can star a project, you need to be logged into your GitHub account. If you don't have an account yet, you can sign up for free at [GitHub](https://github.com/). |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Step 2: Go to the Palmr. Repository |  | ||||||
|  |  | ||||||
| Once you're logged in, go to the Palmr. repository by clicking on this link: [https://github.com/kyantech/Palmr](https://github.com/kyantech/Palmr). |  | ||||||
|  |  | ||||||
| Alternatively, you can search for "Palmr" in the GitHub search bar and click on the repository owned by **Kyantech**. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Step 3: Navigate to the Issues Tab |  | ||||||
|  |  | ||||||
| On the Palmr repository page, click on the **Issues** tab near the top of the page. This will take you to the issues section of the repository. |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Step 4: Click on "New Issue" |  | ||||||
|  |  | ||||||
| Once you're in the issues section, click the **New Issue** button to start creating a new issue. |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Step 5: Fill Out the Issue Form |  | ||||||
|  |  | ||||||
| You’ll now see a form where you can provide details about your issue. Here’s how to fill it out: |  | ||||||
|  |  | ||||||
| 1. **Title**: Write a clear and concise title that summarizes the issue. |  | ||||||
| 2. **Description**: Provide a detailed description of the issue. Include steps to reproduce the problem (if it’s a bug), expected behavior, and actual behavior. If you’re requesting a feature, explain why it would be useful. |  | ||||||
| 3. **Labels (Optional)**: Add labels to categorize your issue (e.g., `bug`, `enhancement`, `question`). This helps the maintainers organize and prioritize issues. |  | ||||||
| 4. **Attachments (Optional)**: You can attach screenshots, logs, or other files to help explain the issue. |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Step 6: Submit the Issue |  | ||||||
|  |  | ||||||
| Once you’ve filled out the form, click the **Create** button. Your issue will now be visible to the project maintainers and other contributors. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Tips for Writing a Good Issue |  | ||||||
|  |  | ||||||
| To ensure your issue is addressed quickly and effectively, follow these tips: |  | ||||||
| - **Be Clear and Specific**: Provide as much detail as possible. |  | ||||||
| - **Use a Descriptive Title**: A good title helps maintainers understand the issue at a glance. |  | ||||||
| - **Include Steps to Reproduce**: If it’s a bug, explain how to reproduce it. |  | ||||||
| - **Be Polite and Respectful**: Remember that maintainers and contributors are volunteering their time. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Why Opening Issues is Important |  | ||||||
|  |  | ||||||
| Opening issues is a key part of contributing to open-source projects. Here’s why it matters: |  | ||||||
| 1. **Improves the Project**: Your feedback helps identify bugs and suggest new features. |  | ||||||
| 2. **Helps Maintainers**: Clear and detailed issues make it easier for maintainers to address problems. |  | ||||||
| 3. **Encourages Collaboration**: Issues can spark discussions and attract contributors to help solve problems. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Conclusion |  | ||||||
|  |  | ||||||
| That's it! You've successfully opened an issue for the **Palmr** project on GitHub. Your contribution helps improve the project and supports the open-source community. Thank you for taking the time to share your feedback! |  | ||||||
| @@ -1,94 +0,0 @@ | |||||||
| --- |  | ||||||
| title: Uploading Files |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| To upload a file in Palmr, the process is very simple. There are two main locations where you can upload files.  |  | ||||||
| However, before proceeding, it’s important to highlight that the core functionality of Palmr is file sharing.  |  | ||||||
| But for this to work, you need to first upload one or more files to share. Later, you can create a sharing session,  |  | ||||||
| which may contain one or multiple files. |  | ||||||
|  |  | ||||||
| Now let's focus on the file upload process. As mentioned, it is very simple, and you can upload files from two locations:  |  | ||||||
| **the Home Page** or **the My Files Page**. We will go through both examples below, but the process is exactly the same in both cases. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## Home Page |  | ||||||
|  |  | ||||||
| On the home page, there is a **"Recent Uploads"** section. On the first initialization (when no file has been uploaded yet),  |  | ||||||
| it will appear like this: |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| To upload a file, simply click on the **"Upload File"** button. This will open a modal where you can select the file you want  |  | ||||||
| to upload from your device. Some file types, such as images, audio, and video, will have a preview available. |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| ### Example with an image: |  | ||||||
|  |  | ||||||
|  |  | ||||||
| After selecting the file, you can either confirm the upload by clicking the **"Upload"** button or cancel the operation by clicking the **"Cancel"** button. |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| Once one or more files have been uploaded, the **"Recent Uploads"** section will update and look like this: |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| To upload a new file from this screen, click the **"Upload File"** button in the upper right corner of the section, and follow the same steps as before. |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| This list on the home page shows only the **last 5 uploads**. To view older files or upload more, you need to go to the **"My Files"** page.  |  | ||||||
| You can access this by clicking on the **"View All"** button in the upper right corner of the section or by clicking on the **"My Files"** card on the home page. |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| Or: |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## My Files Page |  | ||||||
|  |  | ||||||
| On the **"My Files"** page, the layout will look like this: |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| Here, you have the option to **filter** your uploaded files or upload new ones by clicking the **"Upload File"** button and following the same steps explained earlier. |  | ||||||
|  |  | ||||||
| Notice that the tables in the **"Recent Files"** section and the **"My Files"** page are the same — the only difference is the number of results shown.  |  | ||||||
| The **"Recent Files"** section shows only the last 5 uploads, while the **"My Files"** table displays all uploads. |  | ||||||
|  |  | ||||||
| The table fields include: |  | ||||||
| - **Name** |  | ||||||
| - **Description** |  | ||||||
| - **Size** |  | ||||||
| - **Created At** |  | ||||||
| - **Updated At** |  | ||||||
| - **Actions** |  | ||||||
|  |  | ||||||
| ### Actions Column |  | ||||||
| In the **"Actions"** column, you will find an icon that opens the following dropdown: |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| Each option is self-explanatory, but let’s detail the **Edit** option: |  | ||||||
|  |  | ||||||
| - **Edit** – Opens a modal where you can edit the file name, description, and other details. |  | ||||||
|  |  | ||||||
|    |  | ||||||
|  |  | ||||||
| - You can also **delete** a file directly from the dropdown by selecting the **Delete** option. |  | ||||||
|  |  | ||||||
| The preview feature is only available for files like images, audio, PDFs and video. For other file types,  |  | ||||||
| you can download them using the **Download** option in the dropdown. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## Notes and Recommendations |  | ||||||
|  |  | ||||||
| - For a better user experience, we recommend using optimized files for upload.   |  | ||||||
| - Upload errors or issues are logged and can be reviewed through the admin panel.   |  | ||||||
| - Admins can manage file access permissions.   |  | ||||||
| @@ -18,7 +18,6 @@ The API documentation is powered by **[Scalar](https://scalar.com/)**, which pro | |||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| We have made a deliberate decision to **not provide an online version** of the API documentation, as the endpoints and functionality may vary significantly depending on the specific version of Palmr. you have deployed in your environment. To ensure you're always working with accurate and version-specific documentation, we strongly recommend accessing the documentation only after initializing your API service. It's important to note that the API service is specifically designated as the **server** component within the official Palmr. GitHub repository. | We have made a deliberate decision to **not provide an online version** of the API documentation, as the endpoints and functionality may vary significantly depending on the specific version of Palmr. you have deployed in your environment. To ensure you're always working with accurate and version-specific documentation, we strongly recommend accessing the documentation only after initializing your API service. It's important to note that the API service is specifically designated as the **server** component within the official Palmr. GitHub repository. | ||||||
|  |  | ||||||
| We strongly recommend utilizing **Scalar** as your primary tool for querying and testing the API, as the entire documentation system has been carefully optimized and designed with Scalar integration in mind. Scalar provides developers with an exceptionally intuitive and feature-rich interactive environment that streamlines the process of exploring endpoints, constructing and sending requests, and analyzing responses directly within its sophisticated interface. | We strongly recommend utilizing **Scalar** as your primary tool for querying and testing the API, as the entire documentation system has been carefully optimized and designed with Scalar integration in mind. Scalar provides developers with an exceptionally intuitive and feature-rich interactive environment that streamlines the process of exploring endpoints, constructing and sending requests, and analyzing responses directly within its sophisticated interface. | ||||||
|   | |||||||
| @@ -12,51 +12,50 @@ Understanding the architecture of Palmr. is crucial for both deploying and scali | |||||||
|  |  | ||||||
| Each component in the Palmr. architecture plays a vital role in ensuring reliability, performance, and scalability. The stack is built with simplicity, performance, and flexibility in mind, everything is self-hosted, developer-friendly, and designed to scale without adding unnecessary complexity. | Each component in the Palmr. architecture plays a vital role in ensuring reliability, performance, and scalability. The stack is built with simplicity, performance, and flexibility in mind, everything is self-hosted, developer-friendly, and designed to scale without adding unnecessary complexity. | ||||||
|  |  | ||||||
|  |  | ||||||
| ### 💾 PostgreSQL | ### 💾 PostgreSQL | ||||||
|  |  | ||||||
| Palmr. uses **PostgreSQL** as the primary database solution. It's a powerful, open-source relational database that’s trusted by developers around the world. PostgreSQL is fully ACID-compliant, which means it handles transactions safely and reliably. It’s perfect for storing structured data like user accounts, file metadata, transfer logs, and anything else that requires consistency. With advanced features like full-text search, custom data types (like JSONB), and strong indexing capabilities, PostgreSQL gives us the tools to scale efficiently without giving up query performance or flexibility. | Palmr. uses **PostgreSQL** as the primary database solution. It's a powerful, open-source relational database that’s trusted by developers around the world. PostgreSQL is fully ACID-compliant, which means it handles transactions safely and reliably. It’s perfect for storing structured data like user accounts, file metadata, transfer logs, and anything else that requires consistency. With advanced features like full-text search, custom data types (like JSONB), and strong indexing capabilities, PostgreSQL gives us the tools to scale efficiently without giving up query performance or flexibility. | ||||||
|  |  | ||||||
| - Provides reliable and secure data storage, ensuring consistency and high performance for all database operations. | - Provides reliable and secure data storage, ensuring consistency and high performance for all database operations. | ||||||
| - Powerful indexing, query optimization, and support for complex data types. | - Powerful indexing, query optimization, and support for complex data types. | ||||||
| - Ideal for handling large amounts of metadata and transactional data in a predictable and scalable way. | - Ideal for handling large amounts of metadata and transactional data in a predictable and scalable way. | ||||||
|  |  | ||||||
|  |  | ||||||
| ### 🎨 Next.js 15 + React + TypeScript | ### 🎨 Next.js 15 + React + TypeScript | ||||||
|  |  | ||||||
| The frontend of Palmr. is built using **Next.js 15**, along with **React** and **TypeScript**, forming a modern stack that’s easy to maintain and super fast for end users. Next.js 15 brings server components, server actions, and a new app router system that makes rendering dynamic content incredibly efficient. This allows us to load only what’s needed, when it’s needed which makes the app feel snappy even under load. React provides a clean, component-based structure that makes it easy to break the UI into reusable pieces, and TypeScript helps prevent bugs before they even happen by enforcing static typing and better code navigation. Whether it's SSR, static pages, or dynamic user interactions, this trio handles it all seamlessly. | The frontend of Palmr. is built using **Next.js 15**, along with **React** and **TypeScript**, forming a modern stack that’s easy to maintain and super fast for end users. Next.js 15 brings server components, server actions, and a new app router system that makes rendering dynamic content incredibly efficient. This allows us to load only what’s needed, when it’s needed which makes the app feel snappy even under load. React provides a clean, component-based structure that makes it easy to break the UI into reusable pieces, and TypeScript helps prevent bugs before they even happen by enforcing static typing and better code navigation. Whether it's SSR, static pages, or dynamic user interactions, this trio handles it all seamlessly. | ||||||
|  |  | ||||||
| - **React** enables the creation of a dynamic and responsive user interface with a component-based architecture. | - **React** enables the creation of a dynamic and responsive user interface with a component-based architecture. | ||||||
| - **TypeScript** adds static typing, enhancing code quality and reducing runtime errors. | - **TypeScript** adds static typing, enhancing code quality and reducing runtime errors. | ||||||
| - **Next.js 15** handles routing, server-side rendering, and server components for performance at scale. | - **Next.js 15** handles routing, server-side rendering, and server components for performance at scale. | ||||||
|  |  | ||||||
|  |  | ||||||
| ### 📦 MinIO | ### 📦 MinIO | ||||||
|  |  | ||||||
| Palmr. uses **MinIO** for object storage. MinIO is a lightweight, high-performance, S3-compatible storage solution that makes file handling simple and scalable. Every file uploaded to Palmr. Whether it's a personal file transfer or a shared asset is stored in MinIO. It’s built to handle huge amounts of data and can be deployed locally, on-premise, or in the cloud. Because it speaks the same API as Amazon S3, integrating with it is straightforward and familiar to most developers. And since it’s self-hosted, we have full control over performance, redundancy, and security. | Palmr. uses **MinIO** for object storage. MinIO is a lightweight, high-performance, S3-compatible storage solution that makes file handling simple and scalable. Every file uploaded to Palmr. Whether it's a personal file transfer or a shared asset is stored in MinIO. It’s built to handle huge amounts of data and can be deployed locally, on-premise, or in the cloud. Because it speaks the same API as Amazon S3, integrating with it is straightforward and familiar to most developers. And since it’s self-hosted, we have full control over performance, redundancy, and security. | ||||||
|  |  | ||||||
| - Supports high-throughput file storage and retrieval. | - Supports high-throughput file storage and retrieval. | ||||||
| - Ensures data integrity and redundancy. | - Ensures data integrity and redundancy. | ||||||
| - Compatible with AWS S3 APIs, making integration seamless. | - Compatible with AWS S3 APIs, making integration seamless. | ||||||
|  |  | ||||||
|  |  | ||||||
| ### ⚡ Fastify | ### ⚡ Fastify | ||||||
|  |  | ||||||
| The backend of Palmr. is powered by **Fastify**, a super-fast Node.js web framework optimized for performance and low overhead. It’s designed to handle lots of concurrent requests with minimal resource usage, which is key for scalable backend services. Fastify also has a built-in schema validation system that ensures all incoming data is properly validated before reaching business logic, which helps prevent bugs and security issues. It follows a plugin-based architecture, making it easy to keep route handlers, services, and middlewares cleanly separated and easy to extend as the project grows. | The backend of Palmr. is powered by **Fastify**, a super-fast Node.js web framework optimized for performance and low overhead. It’s designed to handle lots of concurrent requests with minimal resource usage, which is key for scalable backend services. Fastify also has a built-in schema validation system that ensures all incoming data is properly validated before reaching business logic, which helps prevent bugs and security issues. It follows a plugin-based architecture, making it easy to keep route handlers, services, and middlewares cleanly separated and easy to extend as the project grows. | ||||||
|  |  | ||||||
| - Provides fast request handling with a lightweight core. | - Provides fast request handling with a lightweight core. | ||||||
| - Built-in schema-based validation for secure and reliable API handling. | - Built-in schema-based validation for secure and reliable API handling. | ||||||
| - Supports plugin-based architecture for easy extensibility. | - Supports plugin-based architecture for easy extensibility. | ||||||
|  |  | ||||||
|  |  | ||||||
| ### 🔄 How It Works | ### 🔄 How It Works | ||||||
|  |  | ||||||
| 1. **Frontend** — React + TypeScript + Next.js 15 handle the user interface and user interactions. | 1. **Frontend** — React + TypeScript + Next.js 15 handle the user interface and user interactions. | ||||||
| 2. **Backend** — Fastify processes requests and communicates with the database and storage layers. | 2. **Backend** — Fastify processes requests and communicates with the database and storage layers. | ||||||
| 3. **Database** — PostgreSQL stores metadata and transactional data. | 3. **Database** — PostgreSQL stores metadata and transactional data. | ||||||
| 4. **Object Storage** — MinIO stores the actual files and ensures scalable, high-performance storage. | 4. **Object Storage** — MinIO stores the actual files and ensures scalable, high-performance storage. | ||||||
|  |  | ||||||
|  |  | ||||||
| ### 📚 Useful Links | ### 📚 Useful Links | ||||||
|  |  | ||||||
| - [PostgreSQL Documentation](https://www.postgresql.org/docs/) | - [PostgreSQL Documentation](https://www.postgresql.org/docs/) | ||||||
| - [Next.js Documentation](https://nextjs.org/docs) | - [Next.js Documentation](https://nextjs.org/docs) | ||||||
| - [React Documentation](https://react.dev/) | - [React Documentation](https://react.dev/) | ||||||
| - [TypeScript Handbook](https://www.typescriptlang.org/docs/) | - [TypeScript Handbook](https://www.typescriptlang.org/docs/) | ||||||
| - [MinIO Documentation](https://min.io/docs/minio/container/index.html) | - [MinIO Documentation](https://min.io/docs/minio/container/index.html) | ||||||
| - [Fastify Documentation](https://fastify.dev/docs/latest/) | - [Fastify Documentation](https://fastify.dev/docs/latest/) | ||||||
|  |  | ||||||
|   | |||||||
| @@ -9,7 +9,7 @@ The project leverages next-intl, a powerful and flexible internationalization (i | |||||||
| --- | --- | ||||||
|  |  | ||||||
| | Language      | Code  | Description                                              | Translation | | | Language      | Code  | Description                                              | Translation | | ||||||
| |----------|------|-------------|-------------| | | ------------- | ----- | -------------------------------------------------------- | ----------- | | ||||||
| | 🇺🇸 English    | en-US | Primary development language and default fallback option | 100%        | | | 🇺🇸 English    | en-US | Primary development language and default fallback option | 100%        | | ||||||
| | 🇧🇷 Portuguese | pt-BR | Standard Brazilian Portuguese support                    | 100%        | | | 🇧🇷 Portuguese | pt-BR | Standard Brazilian Portuguese support                    | 100%        | | ||||||
| | 🇫🇷 French     | fr-FR | Standard French language support                         | 100%        | | | 🇫🇷 French     | fr-FR | Standard French language support                         | 100%        | | ||||||
|   | |||||||
| @@ -7,6 +7,7 @@ For Palmr to function with all its best features, we need to configure our email | |||||||
| ## ❓ Why Configure SMTP? | ## ❓ Why Configure SMTP? | ||||||
|  |  | ||||||
| The main functionalities that depend on SMTP configuration are: | The main functionalities that depend on SMTP configuration are: | ||||||
|  |  | ||||||
| - 🔑 **Password Reset** – Users who forget their password and cannot access the **Settings** panel need this feature. | - 🔑 **Password Reset** – Users who forget their password and cannot access the **Settings** panel need this feature. | ||||||
| - 📧 **Email Notifications** – Recipients will receive emails when new shares are sent to them. | - 📧 **Email Notifications** – Recipients will receive emails when new shares are sent to them. | ||||||
|  |  | ||||||
| @@ -53,6 +54,7 @@ Once SMTP is enabled, you can configure the other necessary fields: | |||||||
| ### 🔐 Generating a Gmail App Password | ### 🔐 Generating a Gmail App Password | ||||||
|  |  | ||||||
| To generate an App Password for Gmail: | To generate an App Password for Gmail: | ||||||
|  |  | ||||||
| 1. Go to [Google My Account](https://myaccount.google.com/). | 1. Go to [Google My Account](https://myaccount.google.com/). | ||||||
| 2. Select **Security**. | 2. Select **Security**. | ||||||
| 3. Scroll down to **App Passwords**. | 3. Scroll down to **App Passwords**. | ||||||
|   | |||||||
| @@ -15,6 +15,7 @@ Before you can contribute, you need to be logged into your GitHub account. If yo | |||||||
| --- | --- | ||||||
|  |  | ||||||
| ### 🔍 Access the Repository | ### 🔍 Access the Repository | ||||||
|  |  | ||||||
| Once you're logged in, go to the Palmr repository by clicking on this link: **[https://github.com/kyantech/Palmr](https://github.com/kyantech/Palmr)**. The repository contains all the source code, documentation, and resources for the Palmr project. Take a moment to explore the repository structure, including the README file, which provides an overview of the project. | Once you're logged in, go to the Palmr repository by clicking on this link: **[https://github.com/kyantech/Palmr](https://github.com/kyantech/Palmr)**. The repository contains all the source code, documentation, and resources for the Palmr project. Take a moment to explore the repository structure, including the README file, which provides an overview of the project. | ||||||
|  |  | ||||||
| Alternatively, you can search for "Palmr" in the GitHub search bar and click on the repository owned by **kyantech**. When searching, make sure you're looking at the official repository by checking the owner and repository name. The repository should have a description that matches the Palmr project and show recent activity from the maintainers. You can also check the number of stars, forks, and watchers to verify you're accessing the correct repository. | Alternatively, you can search for "Palmr" in the GitHub search bar and click on the repository owned by **kyantech**. When searching, make sure you're looking at the official repository by checking the owner and repository name. The repository should have a description that matches the Palmr project and show recent activity from the maintainers. You can also check the number of stars, forks, and watchers to verify you're accessing the correct repository. | ||||||
| @@ -32,6 +33,7 @@ To contribute to the project, you'll need to create your own copy of the reposit | |||||||
| 5. You'll be automatically redirected to your forked repository once it's ready. | 5. You'll be automatically redirected to your forked repository once it's ready. | ||||||
|  |  | ||||||
| The fork will maintain a connection to the original repository, allowing you to: | The fork will maintain a connection to the original repository, allowing you to: | ||||||
|  |  | ||||||
| - Keep your fork synchronized with the original repository | - Keep your fork synchronized with the original repository | ||||||
| - Submit pull requests from your fork to the original repository | - Submit pull requests from your fork to the original repository | ||||||
| - Work independently on your own copy without affecting the original | - Work independently on your own copy without affecting the original | ||||||
| @@ -41,6 +43,7 @@ The fork will maintain a connection to the original repository, allowing you to: | |||||||
| ### 📥 Clone the Fork | ### 📥 Clone the Fork | ||||||
|  |  | ||||||
| Next, you’ll need to clone your forked repository to your local machine. Here’s how: | Next, you’ll need to clone your forked repository to your local machine. Here’s how: | ||||||
|  |  | ||||||
| 1. On your forked repository page, click the **Code** button. | 1. On your forked repository page, click the **Code** button. | ||||||
| 2. Copy the repository URL (HTTPS or SSH). | 2. Copy the repository URL (HTTPS or SSH). | ||||||
| 3. Open your terminal or command prompt and run the following command to clone the repository: | 3. Open your terminal or command prompt and run the following command to clone the repository: | ||||||
| @@ -60,6 +63,7 @@ Next, you’ll need to clone your forked repository to your local machine. Here | |||||||
| ### 🔄 Set up Base Branch | ### 🔄 Set up Base Branch | ||||||
|  |  | ||||||
| Before making changes, ensure your local repository is set up to track the `next` branch from the original Palmr repository. Here’s how: | Before making changes, ensure your local repository is set up to track the `next` branch from the original Palmr repository. Here’s how: | ||||||
|  |  | ||||||
| 1. Add the original Palmr repository as a remote: | 1. Add the original Palmr repository as a remote: | ||||||
|  |  | ||||||
|    ```bash |    ```bash | ||||||
| @@ -81,7 +85,9 @@ Before making changes, ensure your local repository is set up to track the `next | |||||||
| --- | --- | ||||||
|  |  | ||||||
| ### ✏️ Make Local Changes | ### ✏️ Make Local Changes | ||||||
|  |  | ||||||
| Now you're ready to make your contributions! This could include: | Now you're ready to make your contributions! This could include: | ||||||
|  |  | ||||||
| - Fixing a bug | - Fixing a bug | ||||||
| - Adding a new feature | - Adding a new feature | ||||||
| - Improving documentation | - Improving documentation | ||||||
| @@ -113,12 +119,14 @@ Once you’ve made your changes, commit them to your branch using **Conventional | |||||||
| `<type>(<scope>): <description>` | `<type>(<scope>): <description>` | ||||||
|  |  | ||||||
| **Examples:** | **Examples:** | ||||||
|  |  | ||||||
| - `feat: add user authentication` | - `feat: add user authentication` | ||||||
| - `fix(api): resolve null pointer exception` | - `fix(api): resolve null pointer exception` | ||||||
| - `docs: update README file` | - `docs: update README file` | ||||||
| - `chore: update dependencies` | - `chore: update dependencies` | ||||||
|  |  | ||||||
| **Steps to Commit:** | **Steps to Commit:** | ||||||
|  |  | ||||||
| 1. Stage your changes: | 1. Stage your changes: | ||||||
|  |  | ||||||
|    ```bash |    ```bash | ||||||
| @@ -138,6 +146,7 @@ Once you’ve made your changes, commit them to your branch using **Conventional | |||||||
| After committing your changes, you'll need to push them to your forked repository on GitHub. This step synchronizes your local changes with your remote repository. Here's how to do it: | After committing your changes, you'll need to push them to your forked repository on GitHub. This step synchronizes your local changes with your remote repository. Here's how to do it: | ||||||
|  |  | ||||||
| 1. First, ensure your branch is up-to-date with any remote changes: | 1. First, ensure your branch is up-to-date with any remote changes: | ||||||
|  |  | ||||||
|    ```bash |    ```bash | ||||||
|    git pull origin your-branch-name |    git pull origin your-branch-name | ||||||
|    ``` |    ``` | ||||||
| @@ -148,11 +157,13 @@ After committing your changes, you'll need to push them to your forked repositor | |||||||
|    ``` |    ``` | ||||||
|  |  | ||||||
| If this is the first time pushing this branch, you might need to set the upstream branch: | If this is the first time pushing this branch, you might need to set the upstream branch: | ||||||
|  |  | ||||||
| ```bash | ```bash | ||||||
| git push -u origin your-branch-name | git push -u origin your-branch-name | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| If you encounter any errors while pushing: | If you encounter any errors while pushing: | ||||||
|  |  | ||||||
| - Make sure you have the correct permissions on your fork | - Make sure you have the correct permissions on your fork | ||||||
| - Verify your remote URL is correct using `git remote -v` | - Verify your remote URL is correct using `git remote -v` | ||||||
| - Check if you need to authenticate with GitHub | - Check if you need to authenticate with GitHub | ||||||
| @@ -162,6 +173,7 @@ If you encounter any errors while pushing: | |||||||
| ### 🔀 Create Pull Request | ### 🔀 Create Pull Request | ||||||
|  |  | ||||||
| Now that your changes are on GitHub, you can open a **Pull Request (PR)** to propose your changes to the `next` branch of the Palmr repository. Here’s how: | Now that your changes are on GitHub, you can open a **Pull Request (PR)** to propose your changes to the `next` branch of the Palmr repository. Here’s how: | ||||||
|  |  | ||||||
| 1. Go to your forked repository on GitHub. | 1. Go to your forked repository on GitHub. | ||||||
| 2. Click the **Pull Request** button. | 2. Click the **Pull Request** button. | ||||||
| 3. On the PR creation page: | 3. On the PR creation page: | ||||||
| @@ -191,6 +203,7 @@ Remember that code review is a collaborative process aimed at ensuring code qual | |||||||
| ## 💡 Contribution Tips | ## 💡 Contribution Tips | ||||||
|  |  | ||||||
| To ensure your contribution is accepted, follow these tips: | To ensure your contribution is accepted, follow these tips: | ||||||
|  |  | ||||||
| - **Use Conventional Commits**: Write clear and consistent commit messages using the Conventional Commits format. | - **Use Conventional Commits**: Write clear and consistent commit messages using the Conventional Commits format. | ||||||
| - **Keep Your PRs Small**: Focus on one issue or feature per PR to make it easier to review. | - **Keep Your PRs Small**: Focus on one issue or feature per PR to make it easier to review. | ||||||
| - **Be Patient**: Maintainers are often volunteers and may take some time to review your PR. | - **Be Patient**: Maintainers are often volunteers and may take some time to review your PR. | ||||||
| @@ -206,6 +219,7 @@ To ensure your contribution is accepted, follow these tips: | |||||||
| ## ⭐ Why Contribute? | ## ⭐ Why Contribute? | ||||||
|  |  | ||||||
| Contributing to open-source projects like Palmr has many benefits: | Contributing to open-source projects like Palmr has many benefits: | ||||||
|  |  | ||||||
| 1. **Improves the Project**: Your contributions help make the project better for everyone. | 1. **Improves the Project**: Your contributions help make the project better for everyone. | ||||||
| 2. **Builds Your Skills**: You’ll gain experience working with Git, GitHub, and collaborative coding. | 2. **Builds Your Skills**: You’ll gain experience working with Git, GitHub, and collaborative coding. | ||||||
| 3. **Supports the Community**: Open-source thrives on community contributions. Your work helps sustain the project. | 3. **Supports the Community**: Open-source thrives on community contributions. Your work helps sustain the project. | ||||||
|   | |||||||
| @@ -6,7 +6,7 @@ title: 🔗 Managing shares | |||||||
|  |  | ||||||
| Creating a share in Palmr is designed to be a straightforward and user-friendly experience that anyone can master quickly. While the platform offers several methods for share creation, we recommend beginning with the most accessible approach: utilizing the **Home Page**, particularly through the well-organized **Recent Shares** section. | Creating a share in Palmr is designed to be a straightforward and user-friendly experience that anyone can master quickly. While the platform offers several methods for share creation, we recommend beginning with the most accessible approach: utilizing the **Home Page**, particularly through the well-organized **Recent Shares** section. | ||||||
|  |  | ||||||
| ___ | --- | ||||||
|  |  | ||||||
| ### Home Page | ### Home Page | ||||||
|  |  | ||||||
| @@ -19,7 +19,6 @@ For first-time users, the interface features a prominently positioned **"Create | |||||||
|  |  | ||||||
|  |  | ||||||
| > Note: One of Palmr's unique features is its flexibility - you don't need to upload files to create a share! This might seem counterintuitive at first, but it's a deliberately designed feature that many users find invaluable for their specific workflows and use cases. This approach allows you to set up the sharing framework first and add content later. | > Note: One of Palmr's unique features is its flexibility - you don't need to upload files to create a share! This might seem counterintuitive at first, but it's a deliberately designed feature that many users find invaluable for their specific workflows and use cases. This approach allows you to set up the sharing framework first and add content later. | ||||||
| >  |  | ||||||
|  |  | ||||||
| This design philosophy reflects Palmr's user-centric approach: you can establish your share's parameters and settings first, then populate it with files at your convenience. Furthermore, all aspects of your share remain fully editable at any time, providing maximum flexibility. | This design philosophy reflects Palmr's user-centric approach: you can establish your share's parameters and settings first, then populate it with files at your convenience. Furthermore, all aspects of your share remain fully editable at any time, providing maximum flexibility. | ||||||
|  |  | ||||||
| @@ -78,7 +77,7 @@ Each share has an **Actions** column with the following options: | |||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| ___ | --- | ||||||
|  |  | ||||||
| ## ✏️ Edit Share | ## ✏️ Edit Share | ||||||
|  |  | ||||||
| @@ -88,24 +87,23 @@ The **Edit** button provides access to a comprehensive interface where you can m | |||||||
|  |  | ||||||
| ## 📁 Manage Files | ## 📁 Manage Files | ||||||
|  |  | ||||||
| ___ | --- | ||||||
|  |  | ||||||
| Through the **Manage Files** button, you gain complete control over the content of your share, with the ability to both add new files and remove existing ones. | Through the **Manage Files** button, you gain complete control over the content of your share, with the ability to both add new files and remove existing ones. | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| ___ | --- | ||||||
|  |  | ||||||
| ## 👥 Manage Recipients | ## 👥 Manage Recipients | ||||||
|  |  | ||||||
| The **Manage Recipients** button opens an interface where you can maintain your recipient list, adding or removing access as needed. | The **Manage Recipients** button opens an interface where you can maintain your recipient list, adding or removing access as needed. | ||||||
|  |  | ||||||
| > Note: For email notifications to function properly, please ensure that your system's SMTP settings are correctly configured and active. | > Note: For email notifications to function properly, please ensure that your system's SMTP settings are correctly configured and active. | ||||||
| >  |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| ___ | --- | ||||||
|  |  | ||||||
| ## 👀 View Share Details | ## 👀 View Share Details | ||||||
|  |  | ||||||
| @@ -113,7 +111,7 @@ The **View Details** option provides a comprehensive overview of all aspects and | |||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| ___ | --- | ||||||
|  |  | ||||||
| ## 🔗 Generate Share Link | ## 🔗 Generate Share Link | ||||||
|  |  | ||||||
| @@ -133,7 +131,7 @@ When recipients access your generated link, they'll be able to both **view and d | |||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| ___ | --- | ||||||
|  |  | ||||||
| ## Delete Share | ## Delete Share | ||||||
|  |  | ||||||
|   | |||||||
| @@ -34,6 +34,7 @@ Once you're logged in, go to the Palmr. repository by clicking on this link: [ht | |||||||
| Alternatively, you can search for "Palmr" in the GitHub search bar and click on the repository owned by **Kyantech**. | Alternatively, you can search for "Palmr" in the GitHub search bar and click on the repository owned by **Kyantech**. | ||||||
|  |  | ||||||
| You can also: | You can also: | ||||||
|  |  | ||||||
| - Star the repository to show your support | - Star the repository to show your support | ||||||
| - Watch it for updates | - Watch it for updates | ||||||
| - Fork it if you want to contribute | - Fork it if you want to contribute | ||||||
| @@ -94,6 +95,7 @@ Open-source projects rely on community support. Sponsoring helps the ecosystem g | |||||||
| ## 🎁 What Happens After Sponsoring | ## 🎁 What Happens After Sponsoring | ||||||
|  |  | ||||||
| Once you become a sponsor: | Once you become a sponsor: | ||||||
|  |  | ||||||
| 1. You'll receive a confirmation email from GitHub | 1. You'll receive a confirmation email from GitHub | ||||||
| 2. Your name will appear in our sponsors list | 2. Your name will appear in our sponsors list | ||||||
| 3. You'll get access to sponsor-only updates and content | 3. You'll get access to sponsor-only updates and content | ||||||
| @@ -107,4 +109,3 @@ Once you become a sponsor: | |||||||
| That's it! You've successfully sponsored the **Palmr.** project on GitHub.   | That's it! You've successfully sponsored the **Palmr.** project on GitHub.   | ||||||
| Your support will help ensure this open-source project continues to evolve and thrive.   | Your support will help ensure this open-source project continues to evolve and thrive.   | ||||||
| **We appreciate you and welcome you to our community!** 🎉 | **We appreciate you and welcome you to our community!** 🎉 | ||||||
|  |  | ||||||
|   | |||||||
| @@ -66,6 +66,7 @@ After clicking the "Star" button, several things will happen: | |||||||
| 4. The repository will be added to your starred repositories list | 4. The repository will be added to your starred repositories list | ||||||
|  |  | ||||||
| You can access your starred repositories anytime by: | You can access your starred repositories anytime by: | ||||||
|  |  | ||||||
| - Clicking your profile picture | - Clicking your profile picture | ||||||
| - Selecting "Your stars" from the dropdown menu | - Selecting "Your stars" from the dropdown menu | ||||||
| - Or visiting: https://github.com/[your-username]?tab=stars | - Or visiting: https://github.com/[your-username]?tab=stars | ||||||
| @@ -119,6 +120,7 @@ Your star is more than just a number - it's a vote of confidence in our vision a | |||||||
| That's it! You've successfully starred the **Palmr** project on GitHub. Thank you for supporting Palmr and becoming part of our growing community! Your support helps us continue improving and expanding the project for everyone. | That's it! You've successfully starred the **Palmr** project on GitHub. Thank you for supporting Palmr and becoming part of our growing community! Your support helps us continue improving and expanding the project for everyone. | ||||||
|  |  | ||||||
| Feel free to explore our other ways to contribute, like: | Feel free to explore our other ways to contribute, like: | ||||||
|  |  | ||||||
| - Sharing Palmr with others | - Sharing Palmr with others | ||||||
| - Reporting issues | - Reporting issues | ||||||
| - Contributing code | - Contributing code | ||||||
|   | |||||||
| @@ -2,7 +2,7 @@ | |||||||
| title: </> Github Architecture | title: </> Github Architecture | ||||||
| --- | --- | ||||||
|  |  | ||||||
| import { File, Folder, Files } from "fumadocs-ui/components/files"; | import { File, Files, Folder } from "fumadocs-ui/components/files"; | ||||||
|  |  | ||||||
| ## Project Structure | ## Project Structure | ||||||
|  |  | ||||||
| @@ -21,7 +21,6 @@ import { File, Folder, Files } from "fumadocs-ui/components/files"; | |||||||
|   <File name="other project files" /> |   <File name="other project files" /> | ||||||
| </Files> | </Files> | ||||||
|  |  | ||||||
|  |  | ||||||
| ## Core Components | ## Core Components | ||||||
|  |  | ||||||
| ### 🖥️ Frontend Application (apps/web) | ### 🖥️ Frontend Application (apps/web) | ||||||
|   | |||||||
| @@ -2,13 +2,12 @@ | |||||||
| title: 🐳 Installation (Docker Compose) | title: 🐳 Installation (Docker Compose) | ||||||
| --- | --- | ||||||
|  |  | ||||||
|  |  | ||||||
| Installation via Docker Compose is the simplest way to run the project across different environments. For it to run correctly, we need two main tools installed in our environment: | Installation via Docker Compose is the simplest way to run the project across different environments. For it to run correctly, we need two main tools installed in our environment: | ||||||
|  |  | ||||||
| - Docker ([https://docs.docker.com](https://docs.docker.com/)) | - Docker ([https://docs.docker.com](https://docs.docker.com/)) | ||||||
| - Docker Compose ([https://docs.docker.com/compose](https://docs.docker.com/compose/)) | - Docker Compose ([https://docs.docker.com/compose](https://docs.docker.com/compose/)) | ||||||
|  |  | ||||||
| > *It's worth emphasizing that Palmr. was fully developed in a MacOS environment and extensively tested on Linux servers. Therefore, we can guarantee the best system performance in these environments. Windows and other environments have not been tested yet, and potential bugs may occur during execution. However, remember that we are still in a beta version of Palmr., and errors or bugs can occur in any operating system. If you identify any issues, we appreciate your help in notifying us through our GitHub [issues page](https://github.com/kyantech/Palmr/issues).* | > _It's worth emphasizing that Palmr. was fully developed in a MacOS environment and extensively tested on Linux servers. Therefore, we can guarantee the best system performance in these environments. Windows and other environments have not been tested yet, and potential bugs may occur during execution. However, remember that we are still in a beta version of Palmr., and errors or bugs can occur in any operating system. If you identify any issues, we appreciate your help in notifying us through our GitHub [issues page](https://github.com/kyantech/Palmr/issues)._ | ||||||
|  |  | ||||||
| --- | --- | ||||||
|  |  | ||||||
| @@ -25,6 +24,7 @@ Next, let's look at the content of our `docker-compose.yaml`. | |||||||
| --- | --- | ||||||
|  |  | ||||||
| ## 🐳 Docker Compose Content | ## 🐳 Docker Compose Content | ||||||
|  |  | ||||||
| Below is the complete content of our `docker-compose.yaml` that can be copied directly from here or from our official repository ([Docker Compose](https://github.com/kyantech/Palmr/blob/main/docker-compose.yaml)). | Below is the complete content of our `docker-compose.yaml` that can be copied directly from here or from our official repository ([Docker Compose](https://github.com/kyantech/Palmr/blob/main/docker-compose.yaml)). | ||||||
|  |  | ||||||
| ```yaml | ```yaml | ||||||
| @@ -61,7 +61,17 @@ services: | |||||||
|       - "${APP_EXTERNAL_PORT:-5487}:5487" # Web port |       - "${APP_EXTERNAL_PORT:-5487}:5487" # Web port | ||||||
|     restart: unless-stopped |     restart: unless-stopped | ||||||
|     healthcheck: |     healthcheck: | ||||||
|       test: ["CMD", "wget", "--no-verbose", "http://palmr:${API_INTERNAL_PORT:-3333}/health", "&&", "wget", "--no-verbose", "http://palmr:${APP_INTERNAL_PORT:-5487}"] |       test: | ||||||
|  |         [ | ||||||
|  |           "CMD", | ||||||
|  |           "wget", | ||||||
|  |           "--no-verbose", | ||||||
|  |           "http://palmr:${API_INTERNAL_PORT:-3333}/health", | ||||||
|  |           "&&", | ||||||
|  |           "wget", | ||||||
|  |           "--no-verbose", | ||||||
|  |           "http://palmr:${APP_INTERNAL_PORT:-5487}", | ||||||
|  |         ] | ||||||
|       interval: 30s |       interval: 30s | ||||||
|       timeout: 10s |       timeout: 10s | ||||||
|       retries: 3 |       retries: 3 | ||||||
| @@ -127,7 +137,6 @@ services: | |||||||
| volumes: | volumes: | ||||||
|   minio_data: |   minio_data: | ||||||
|   postgres_data: |   postgres_data: | ||||||
|  |  | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| Notice that the `docker-compose.yaml` has several comments that help you configure your own compose to meet your environment's needs. Let's give an overview of some changes we can make. | Notice that the `docker-compose.yaml` has several comments that help you configure your own compose to meet your environment's needs. Let's give an overview of some changes we can make. | ||||||
| @@ -139,7 +148,7 @@ Notice that the `docker-compose.yaml` has several comments that help you configu | |||||||
| Palmr. consists of four main services, each with specific responsibilities. Below, we present a detailed view of each component: | Palmr. consists of four main services, each with specific responsibilities. Below, we present a detailed view of each component: | ||||||
|  |  | ||||||
| | **Service**         | **Image**                                                                                                                                                                                         | **Exposed Ports**                   | **Main Features**                                                                                                                      | | | **Service**         | **Image**                                                                                                                                                                                         | **Exposed Ports**                   | **Main Features**                                                                                                                      | | ||||||
| | --- | --- | --- | --- | | | ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------- | | ||||||
| | palmr               | [kyantech/palmr:latest](https://hub.docker.com/repository/docker/kyantech/palmr/general)                                                                                                          | **3333** (API)<br/>**5487** (Web)   | • Combined backend API and frontend service<br/>• Depends on services: postgres and minio<br/>• Has healthcheck to ensure availability | | | palmr               | [kyantech/palmr:latest](https://hub.docker.com/repository/docker/kyantech/palmr/general)                                                                                                          | **3333** (API)<br/>**5487** (Web)   | • Combined backend API and frontend service<br/>• Depends on services: postgres and minio<br/>• Has healthcheck to ensure availability | | ||||||
| | minio (Storage)     | [minio/minio:RELEASE.2025-03-12T18-04-18Z](https://hub.docker.com/layers/minio/minio/RELEASE.2025-03-12T18-04-18Z/images/sha256-85f3e4cd1ca92a2711553ab79f222bcd8b75aa2c77a1a0b0ccf80d38e8ab2fe5) | **6421**(API)<br/>**6422**(Console) | • File storage service<br/>• Persistent volume for data                                                                                | | | minio (Storage)     | [minio/minio:RELEASE.2025-03-12T18-04-18Z](https://hub.docker.com/layers/minio/minio/RELEASE.2025-03-12T18-04-18Z/images/sha256-85f3e4cd1ca92a2711553ab79f222bcd8b75aa2c77a1a0b0ccf80d38e8ab2fe5) | **6421**(API)<br/>**6422**(Console) | • File storage service<br/>• Persistent volume for data                                                                                | | ||||||
| | minio-init (Config) | [minio/mc:RELEASE.2025-03-12T17-29-24Z](https://hub.docker.com/layers/minio/mc/RELEASE.2025-03-12T17-29-24Z/images/sha256-68d8c80f43908b02daa285e55547131870a1d36b3ffe272c26d7d8f4d52d1e5c)       | N/A                                 | • Initially configures the "files" bucket<br/>• Runs only once during initialization                                                   | | | minio-init (Config) | [minio/mc:RELEASE.2025-03-12T17-29-24Z](https://hub.docker.com/layers/minio/mc/RELEASE.2025-03-12T17-29-24Z/images/sha256-68d8c80f43908b02daa285e55547131870a1d36b3ffe272c26d7d8f4d52d1e5c)       | N/A                                 | • Initially configures the "files" bucket<br/>• Runs only once during initialization                                                   | | ||||||
| @@ -152,7 +161,7 @@ Palmr. consists of four main services, each with specific responsibilities. Belo | |||||||
| The table below shows all environment variables that can be set | The table below shows all environment variables that can be set | ||||||
|  |  | ||||||
| | **Variable**                | **Default Value**     | **Description**                                   | | | **Variable**                | **Default Value**     | **Description**                                   | | ||||||
| | --- | --- | --- | | | --------------------------- | --------------------- | ------------------------------------------------- | | ||||||
| | API_INTERNAL_PORT           | 3333                  | Internal API port in container                    | | | API_INTERNAL_PORT           | 3333                  | Internal API port in container                    | | ||||||
| | API_EXTERNAL_PORT           | 3333                  | Exposed port on host for API                      | | | API_EXTERNAL_PORT           | 3333                  | Exposed port on host for API                      | | ||||||
| | POSTGRES_PASSWORD           | postgresRootPassword  | PostgreSQL database password                      | | | POSTGRES_PASSWORD           | postgresRootPassword  | PostgreSQL database password                      | | ||||||
| @@ -169,9 +178,7 @@ The table below shows all environment variables that can be set | |||||||
| | POSTGRESQL_DATABASE         | palmr_db              | Database name                                     | | | POSTGRESQL_DATABASE         | palmr_db              | Database name                                     | | ||||||
| | MAX_FILESIZE                | 1073741824            | Max Uploadsize per file. Unit in Bytes            | | | MAX_FILESIZE                | 1073741824            | Max Uploadsize per file. Unit in Bytes            | | ||||||
|  |  | ||||||
| > *All these variables can be configured through a .env file in the project root or defined directly in the environment where docker-compose will be executed. The best way to do this is up to you. But be careful to replace correctly if doing directly in the compose instead of providing an environment var.* | > _All these variables can be configured through a .env file in the project root or defined directly in the environment where docker-compose will be executed. The best way to do this is up to you. But be careful to replace correctly if doing directly in the compose instead of providing an environment var._ | ||||||
| > |  | ||||||
|  |  | ||||||
|  |  | ||||||
| #### 🗂️ Persistent Volumes | #### 🗂️ Persistent Volumes | ||||||
|  |  | ||||||
| @@ -196,8 +203,7 @@ This will execute all necessary services and give you access to the following UR | |||||||
| - **MinIO Console:** [http://localhost:6422](http://localhost:6422) | - **MinIO Console:** [http://localhost:6422](http://localhost:6422) | ||||||
| - **Postgres Database:** [http://localhost:5432](http://localhost:5432/) (Connection only) | - **Postgres Database:** [http://localhost:5432](http://localhost:5432/) (Connection only) | ||||||
|  |  | ||||||
| > *If you have changed any port, simply access the URL with the port you configured.* | > _If you have changed any port, simply access the URL with the port you configured._ | ||||||
| >  |  | ||||||
|  |  | ||||||
| --- | --- | ||||||
|  |  | ||||||
| @@ -217,6 +223,7 @@ To generate a .env file with just the `server_ip` configuration, you can run thi | |||||||
| ```bash | ```bash | ||||||
| curl -fsSL https://gist.githubusercontent.com/danielalves96/5a68913d70e5e31b68b7331dc17dfa9c/raw | bash | curl -fsSL https://gist.githubusercontent.com/danielalves96/5a68913d70e5e31b68b7331dc17dfa9c/raw | bash | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| > execute this command in your server terminal, at same path of docker-compose.yaml. | > execute this command in your server terminal, at same path of docker-compose.yaml. | ||||||
|  |  | ||||||
| Basically, by paying attention to these points, you can quickly execute the project with the same command we used for localhost: | Basically, by paying attention to these points, you can quickly execute the project with the same command we used for localhost: | ||||||
| @@ -229,8 +236,7 @@ docker compose pull && docker compose up -d | |||||||
|  |  | ||||||
| At this stage, if you encounter any errors, it's worth reviewing your `docker-compose.yaml` and trying again, paying close attention to the points mentioned above. | At this stage, if you encounter any errors, it's worth reviewing your `docker-compose.yaml` and trying again, paying close attention to the points mentioned above. | ||||||
|  |  | ||||||
| > *First test without using reverse proxies like Caddy, Traefik, etc... if you plan to use them. Access the services via `server_ip:port` after confirming they work, then make the necessary routing configurations as desired.* | > _First test without using reverse proxies like Caddy, Traefik, etc... if you plan to use them. Access the services via `server_ip:port` after confirming they work, then make the necessary routing configurations as desired._ | ||||||
| >  |  | ||||||
|  |  | ||||||
| If you haven't changed the execution ports, you'll have access on your server at: | If you haven't changed the execution ports, you'll have access on your server at: | ||||||
|  |  | ||||||
| @@ -240,8 +246,7 @@ If you haven't changed the execution ports, you'll have access on your server at | |||||||
| - **MinIO Console:** `[server_ip]:6422` | - **MinIO Console:** `[server_ip]:6422` | ||||||
| - **Postgres Database:** `[server_ip]:5432` (Connection only) | - **Postgres Database:** `[server_ip]:5432` (Connection only) | ||||||
|  |  | ||||||
| > *If you've changed any port, simply access the URL with the port you configured.* | > _If you've changed any port, simply access the URL with the port you configured._ | ||||||
| >  |  | ||||||
|  |  | ||||||
| It's worth noting that this is just a quick start and we're not going into details about any of the developed services, but it's recommended for execution in any environment. However, if your focus is on using Palmr. with high availability in mind, it's recommended to use a container orchestrator prepared for this, such as Kubernetes or similar, but we don't cover this type of configuration in our documentation. | It's worth noting that this is just a quick start and we're not going into details about any of the developed services, but it's recommended for execution in any environment. However, if your focus is on using Palmr. with high availability in mind, it's recommended to use a container orchestrator prepared for this, such as Kubernetes or similar, but we don't cover this type of configuration in our documentation. | ||||||
|  |  | ||||||
|   | |||||||
| @@ -31,7 +31,6 @@ Before proceeding with the installation, it's essential to ensure that your deve | |||||||
|  |  | ||||||
| ⚠️ <strong>A critical note regarding package management:</strong> This repository has been specifically developed and thoroughly tested using the pnpm package manager. While technically possible to use alternative package managers such as `npm`, `yarn`, or `bun`, we strongly advise against this approach. | ⚠️ <strong>A critical note regarding package management:</strong> This repository has been specifically developed and thoroughly tested using the pnpm package manager. While technically possible to use alternative package managers such as `npm`, `yarn`, or `bun`, we strongly advise against this approach. | ||||||
|  |  | ||||||
|  |  | ||||||
| --- | --- | ||||||
|  |  | ||||||
| ## Running the Application | ## Running the Application | ||||||
|   | |||||||
| @@ -1,7 +1,5 @@ | |||||||
| { | { | ||||||
|   "title": "v2.0.0-beta", |  | ||||||
|   "description": "(Deprecated)", |   "description": "(Deprecated)", | ||||||
|   "root": true, |  | ||||||
|   "icon": "Trash2", |   "icon": "Trash2", | ||||||
|   "pages": [ |   "pages": [ | ||||||
|     "---Introduction---", |     "---Introduction---", | ||||||
| @@ -25,5 +23,7 @@ | |||||||
|     "gh-star", |     "gh-star", | ||||||
|     "gh-sponsor", |     "gh-sponsor", | ||||||
|     "..." |     "..." | ||||||
|   ] |   ], | ||||||
|  |   "root": true, | ||||||
|  |   "title": "v2.0.0-beta" | ||||||
| } | } | ||||||
| @@ -53,6 +53,7 @@ To access the issues section: | |||||||
| 4. You'll see a list of all existing issues, both open and closed | 4. You'll see a list of all existing issues, both open and closed | ||||||
|  |  | ||||||
| The issues tab shows important information like: | The issues tab shows important information like: | ||||||
|  |  | ||||||
| - Number of open issues | - Number of open issues | ||||||
| - Issue labels and categories | - Issue labels and categories | ||||||
| - Issue status (open/closed) | - Issue status (open/closed) | ||||||
| @@ -74,6 +75,7 @@ To start creating a new issue: | |||||||
| 5. Make sure you have all necessary information ready before starting | 5. Make sure you have all necessary information ready before starting | ||||||
|  |  | ||||||
| Pro Tips: | Pro Tips: | ||||||
|  |  | ||||||
| - Before creating a new issue, search existing issues to avoid duplicates | - Before creating a new issue, search existing issues to avoid duplicates | ||||||
| - Review any contribution guidelines or issue templates | - Review any contribution guidelines or issue templates | ||||||
| - Consider adding relevant labels when creating your issue | - Consider adding relevant labels when creating your issue | ||||||
| @@ -107,6 +109,7 @@ Once you've filled out the form, click the **Create** button at the bottom of th | |||||||
| ### 💡 Tips for Issues | ### 💡 Tips for Issues | ||||||
|  |  | ||||||
| To ensure your issue is addressed quickly and effectively, follow these tips: | To ensure your issue is addressed quickly and effectively, follow these tips: | ||||||
|  |  | ||||||
| - **Be Clear and Specific**: Provide as much detail as possible. | - **Be Clear and Specific**: Provide as much detail as possible. | ||||||
| - **Use a Descriptive Title**: A good title helps maintainers understand the issue at a glance. | - **Use a Descriptive Title**: A good title helps maintainers understand the issue at a glance. | ||||||
| - **Include Steps to Reproduce**: If it’s a bug, explain how to reproduce it. | - **Include Steps to Reproduce**: If it’s a bug, explain how to reproduce it. | ||||||
| @@ -117,6 +120,7 @@ To ensure your issue is addressed quickly and effectively, follow these tips: | |||||||
| ### ⭐ Why Issues Matter | ### ⭐ Why Issues Matter | ||||||
|  |  | ||||||
| Opening issues is a key part of contributing to open-source projects. Here’s why it matters: | Opening issues is a key part of contributing to open-source projects. Here’s why it matters: | ||||||
|  |  | ||||||
| 1. **Improves the Project**: Your feedback helps identify bugs and suggest new features. | 1. **Improves the Project**: Your feedback helps identify bugs and suggest new features. | ||||||
| 2. **Helps Maintainers**: Clear and detailed issues make it easier for maintainers to address problems. | 2. **Helps Maintainers**: Clear and detailed issues make it easier for maintainers to address problems. | ||||||
| 3. **Encourages Collaboration**: Issues can spark discussions and attract contributors to help solve problems. | 3. **Encourages Collaboration**: Issues can spark discussions and attract contributors to help solve problems. | ||||||
|   | |||||||
| @@ -20,7 +20,6 @@ To begin the upload process, locate and click the "Upload File" button. This act | |||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| **Example with an image:** | **Example with an image:** | ||||||
|  |  | ||||||
|  |  | ||||||
|   | |||||||
| @@ -1,148 +0,0 @@ | |||||||
| --- |  | ||||||
| title: Configuring SMTP |  | ||||||
| icon: Mail |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| For Palmr to function with all its best features, you need to configure an email server. To make this process easier, there's a built-in configuration panel inside **Settings** in Palmr. However, only users with an **ADMIN** profile can access and configure these settings. |  | ||||||
|  |  | ||||||
| This guide walks you through the complete process of setting up SMTP for your Palmr installation, ensuring that email-dependent features work seamlessly. |  | ||||||
|  |  | ||||||
| ## Why configure SMTP? |  | ||||||
|  |  | ||||||
| Configuring SMTP is essential for enabling key email functionalities that enhance the user experience and ensure proper system operation. |  | ||||||
|  |  | ||||||
| The main functionalities that depend on SMTP configuration are: |  | ||||||
|  |  | ||||||
| - **Password Reset** – Users who forget their password and cannot access the **Settings** panel need this feature to regain access to their accounts. |  | ||||||
| - **Email Notifications** – Recipients will receive email notifications when new shares are sent to them, keeping them informed about shared content. |  | ||||||
|  |  | ||||||
| Without proper SMTP configuration, these features will not work, potentially leaving users unable to recover their accounts or stay informed about shared files. |  | ||||||
|  |  | ||||||
| Now, let's go through the step-by-step process to configure the **SMTP Server**. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## Accessing SMTP settings |  | ||||||
|  |  | ||||||
| To configure SMTP settings, you'll need administrative access to the Palmr settings panel. |  | ||||||
|  |  | ||||||
| ### Prerequisites |  | ||||||
|  |  | ||||||
| Before beginning the configuration process: |  | ||||||
|  |  | ||||||
| - Ensure you have **ADMIN** user privileges in Palmr |  | ||||||
| - Have your SMTP server credentials ready |  | ||||||
| - For Gmail users, prepare to generate an App Password |  | ||||||
|  |  | ||||||
| ### Navigating to settings |  | ||||||
|  |  | ||||||
| To access **Settings**, an **ADMIN** user must click on the profile picture in the **header** and select **Settings** from the dropdown menu. |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| Once inside the **Settings** panel, click on the **Email** card to expand the SMTP configuration options. |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| After expanding the card, the following SMTP configuration fields will appear: |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## Configuring SMTP server |  | ||||||
|  |  | ||||||
| The SMTP configuration process involves enabling the service and configuring the necessary connection details. |  | ||||||
|  |  | ||||||
| ### Enabling SMTP |  | ||||||
|  |  | ||||||
| The first step is to **enable SMTP** by selecting "Yes" in the **SMTP Enabled** field. |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| ### Configuration fields |  | ||||||
|  |  | ||||||
| Once SMTP is enabled, you can configure the other necessary fields: |  | ||||||
|  |  | ||||||
| **Sender Name** – This will appear as the sender's name in all outgoing emails. Use a recognizable name like "Palmr" or your organization name. |  | ||||||
|  |  | ||||||
| **Sender Email** – The email address from which notifications will be sent. Use a professional address like "noreply@palmr.app" or "notifications@yourdomain.com". |  | ||||||
|  |  | ||||||
| **SMTP Server** – The SMTP server address provided by your email service. For Gmail, use `smtp.gmail.com` (this is the recommended option and set as default). |  | ||||||
|  |  | ||||||
| **SMTP Port** – The server port used for connections. For Gmail, the standard port is **587** (TLS encryption). |  | ||||||
|  |  | ||||||
| **SMTP Username** – The username for authenticating with your SMTP server. For Gmail, enter your complete email address. |  | ||||||
|  |  | ||||||
| **SMTP Password** – The password for SMTP authentication. For Gmail, you must use an **App Password** (not your regular email password). |  | ||||||
|  |  | ||||||
| ### Important security note |  | ||||||
|  |  | ||||||
| **Important:** If using **Gmail**, you need to generate an **App Password** instead of using your standard email password. This provides better security and is required for applications like Palmr. |  | ||||||
|  |  | ||||||
| For other email services, consult the official documentation of the service provider you are using. We recommend using Gmail for its simplicity, reliability, and reasonable email sending limits. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## Generating a Gmail App Password |  | ||||||
|  |  | ||||||
| Gmail requires App Passwords for third-party applications to ensure account security while maintaining functionality. |  | ||||||
|  |  | ||||||
| ### Step-by-step process |  | ||||||
|  |  | ||||||
| To generate an App Password for Gmail: |  | ||||||
|  |  | ||||||
| 1. **Access Your Account**: Go to [Google My Account](https://myaccount.google.com/) |  | ||||||
| 2. **Navigate to Security**: Select the **Security** section from the menu |  | ||||||
| 3. **Find App Passwords**: Scroll down to locate **App Passwords** (you may need to enable 2-factor authentication first) |  | ||||||
| 4. **Generate Password**: Create a new password specifically for Palmr |  | ||||||
| 5. **Save Securely**: Copy and store the generated password safely |  | ||||||
|  |  | ||||||
| ### Additional resources |  | ||||||
|  |  | ||||||
| For a complete guide with screenshots and detailed instructions, refer to: **[How to set up SMTP credentials with Gmail](https://medium.com/rails-to-rescue/how-to-set-up-smtp-credentials-with-gmail-for-your-app-send-email-cf236d11087d)**. |  | ||||||
|  |  | ||||||
| ### Gmail configuration summary |  | ||||||
|  |  | ||||||
| When using Gmail, your final settings should be: |  | ||||||
|  |  | ||||||
| - **SMTP Server**: `smtp.gmail.com` |  | ||||||
| - **SMTP Port**: `587` |  | ||||||
| - **SMTP Username**: Your Gmail address |  | ||||||
| - **SMTP Password**: Generated App Password (16 characters) |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## Testing your configuration |  | ||||||
|  |  | ||||||
| After completing the configuration, it's important to verify that everything works correctly. |  | ||||||
|  |  | ||||||
| ### Validation steps |  | ||||||
|  |  | ||||||
| 1. **Save Settings**: Apply your SMTP configuration in the Palmr interface |  | ||||||
| 2. **Test Password Reset**: Try the password reset feature with a test account to ensure emails are sent |  | ||||||
| 3. **Test Notifications**: Create a test share to verify that notification emails are delivered |  | ||||||
| 4. **Check Email Delivery**: Confirm that emails arrive in the recipient's inbox (not spam folder) |  | ||||||
|  |  | ||||||
| ### Troubleshooting common issues |  | ||||||
|  |  | ||||||
| If emails are not being sent: |  | ||||||
|  |  | ||||||
| - Verify that all fields are filled correctly |  | ||||||
| - For Gmail, ensure you're using the App Password, not your regular password |  | ||||||
| - Check that your email provider allows SMTP connections |  | ||||||
| - Confirm that port 587 is not blocked by your firewall |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## Finalizing SMTP configuration |  | ||||||
|  |  | ||||||
| After entering the correct information and testing the functionality, save the settings. |  | ||||||
|  |  | ||||||
| Your Palmr installation is now ready to: |  | ||||||
|  |  | ||||||
| - Send password reset emails to users who need account recovery |  | ||||||
| - Deliver share notifications to recipients automatically |  | ||||||
| - Provide a complete user experience with reliable email communication |  | ||||||
|  |  | ||||||
| With SMTP properly configured, users can take full advantage of Palmr's email-dependent features, ensuring a smooth and professional experience when sharing files and managing their accounts. |  | ||||||
| @@ -1,299 +0,0 @@ | |||||||
| --- |  | ||||||
| title: OIDC Authentication |  | ||||||
| icon: Key |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| Palmr supports OpenID Connect (OIDC) authentication, allowing users to sign in using external identity providers such as Google, Microsoft Azure AD, Keycloak, Auth0, and other OIDC-compliant services. This feature provides seamless single sign-on (SSO) capabilities and centralized user management. |  | ||||||
|  |  | ||||||
| OIDC authentication in Palmr is built using the industry-standard OpenID Connect protocol with PKCE (Proof Key for Code Exchange) for enhanced security. The implementation supports automatic user provisioning, role mapping, and flexible configuration options. |  | ||||||
|  |  | ||||||
| ## Why use OIDC authentication? |  | ||||||
|  |  | ||||||
| OIDC authentication provides several advantages for organizations and users: |  | ||||||
|  |  | ||||||
| **Centralized Authentication**: Users can authenticate using their existing organizational credentials without creating separate accounts for Palmr. |  | ||||||
|  |  | ||||||
| **Enhanced Security**: OIDC provides robust security features including token-based authentication, PKCE flow, and standardized protocols. |  | ||||||
|  |  | ||||||
| **Single Sign-On**: Users can access Palmr seamlessly if they're already authenticated with their identity provider. |  | ||||||
|  |  | ||||||
| **User Management**: Administrators can manage user access centrally through their existing identity provider. |  | ||||||
|  |  | ||||||
| **Compliance**: OIDC helps meet organizational security and compliance requirements by leveraging existing identity infrastructure. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## Prerequisites |  | ||||||
|  |  | ||||||
| Before configuring OIDC authentication, ensure you have: |  | ||||||
|  |  | ||||||
| - **Administrative Access**: ADMIN privileges in Palmr to configure OIDC settings |  | ||||||
| - **Identity Provider**: An OIDC-compliant identity provider (Google, Azure AD, Keycloak, etc.) |  | ||||||
| - **Application Registration**: Your Palmr application registered with your identity provider |  | ||||||
| - **OIDC Credentials**: Client ID, Client Secret, and Issuer URL from your identity provider |  | ||||||
|  |  | ||||||
| ### Supported identity providers |  | ||||||
|  |  | ||||||
| Palmr's OIDC implementation is compatible with any OpenID Connect 1.0 compliant provider, including: |  | ||||||
|  |  | ||||||
| - **Google Workspace / Google Cloud Identity** |  | ||||||
| - **Microsoft Azure Active Directory / Entra ID** |  | ||||||
| - **Keycloak** |  | ||||||
| - **Auth0** |  | ||||||
| - **Okta** |  | ||||||
| - **AWS Cognito** |  | ||||||
| - **Custom OIDC providers** |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## Configuring OIDC settings |  | ||||||
|  |  | ||||||
| OIDC configuration is managed through Palmr's administrative settings panel, accessible only to users with ADMIN privileges. |  | ||||||
|  |  | ||||||
| ### Accessing OIDC configuration |  | ||||||
|  |  | ||||||
| To configure OIDC authentication: |  | ||||||
|  |  | ||||||
| 1. **Access Settings**: Click on your profile picture in the header and select **Settings** |  | ||||||
| 2. **Navigate to Authentication**: Find the **Authentication** or **OIDC** configuration section |  | ||||||
| 3. **Enable OIDC**: Toggle the OIDC authentication option to enable it |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| ### Required configuration fields |  | ||||||
|  |  | ||||||
| Configure the following essential fields for OIDC authentication: |  | ||||||
|  |  | ||||||
| **OIDC Enabled**: Enable or disable OIDC authentication for your Palmr instance. |  | ||||||
|  |  | ||||||
| **Issuer URL**: The base URL of your OIDC identity provider. This is typically the discovery endpoint URL without the `/.well-known/openid-configuration` suffix. |  | ||||||
|  |  | ||||||
| - Example: `https://accounts.google.com` |  | ||||||
| - Example: `https://login.microsoftonline.com/{tenant-id}/v2.0` |  | ||||||
|  |  | ||||||
| **Client ID**: The unique identifier for your Palmr application as registered with your identity provider. |  | ||||||
|  |  | ||||||
| **Client Secret**: The secret key provided by your identity provider for your Palmr application. Store this securely and never share it. |  | ||||||
|  |  | ||||||
| **Redirect URI**: The callback URL where users will be redirected after authentication. This is typically auto-detected but can be manually configured if needed. |  | ||||||
|  |  | ||||||
| - Format: `https://your-palmr-domain.com/api/auth/oidc/callback` |  | ||||||
|  |  | ||||||
| **Scope**: The OpenID Connect scopes to request from the identity provider. Default is `openid profile email`. |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| ### Advanced configuration options |  | ||||||
|  |  | ||||||
| **Auto-Registration**: Configure whether new users can be automatically created when they authenticate via OIDC for the first time. |  | ||||||
|  |  | ||||||
| **Admin Email Domains**: Specify email domains that should automatically receive admin privileges when registering via OIDC. |  | ||||||
|  |  | ||||||
| **User Attribute Mapping**: Configure how user attributes from the OIDC provider map to Palmr user fields. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## Setting up identity providers |  | ||||||
|  |  | ||||||
| The setup process varies depending on your chosen identity provider. Here are examples for common providers: |  | ||||||
|  |  | ||||||
| ### Google Workspace / Google Cloud |  | ||||||
|  |  | ||||||
| 1. **Create Project**: Go to the [Google Cloud Console](https://console.cloud.google.com/) and create a new project |  | ||||||
| 2. **Enable APIs**: Enable the Google+ API and OpenID Connect API |  | ||||||
| 3. **Create Credentials**: Create OAuth 2.0 credentials for a web application |  | ||||||
| 4. **Configure Redirect URI**: Add your Palmr callback URL to authorized redirect URIs |  | ||||||
| 5. **Note Credentials**: Copy the Client ID and Client Secret for Palmr configuration |  | ||||||
|  |  | ||||||
| **Configuration values:** |  | ||||||
|  |  | ||||||
| - **Issuer URL**: `https://accounts.google.com` |  | ||||||
| - **Scope**: `openid profile email` |  | ||||||
|  |  | ||||||
| ### Microsoft Azure AD / Entra ID |  | ||||||
|  |  | ||||||
| 1. **Register Application**: Go to Azure Portal > Azure Active Directory > App registrations |  | ||||||
| 2. **Create Registration**: Register a new application with web platform |  | ||||||
| 3. **Configure Authentication**: Add your Palmr callback URL to redirect URIs |  | ||||||
| 4. **Create Secret**: Generate a client secret in Certificates & secrets |  | ||||||
| 5. **Note Configuration**: Copy Application (client) ID and Directory (tenant) ID |  | ||||||
|  |  | ||||||
| **Configuration values:** |  | ||||||
|  |  | ||||||
| - **Issuer URL**: `https://login.microsoftonline.com/{tenant-id}/v2.0` |  | ||||||
| - **Scope**: `openid profile email` |  | ||||||
|  |  | ||||||
| ### Keycloak |  | ||||||
|  |  | ||||||
| 1. **Create Client**: In your Keycloak realm, create a new OpenID Connect client |  | ||||||
| 2. **Configure Client**: Set access type to confidential and enable standard flow |  | ||||||
| 3. **Set Redirect URI**: Add your Palmr callback URL to valid redirect URIs |  | ||||||
| 4. **Generate Secret**: Note the client secret from the Credentials tab |  | ||||||
|  |  | ||||||
| **Configuration values:** |  | ||||||
|  |  | ||||||
| - **Issuer URL**: `https://your-keycloak-domain.com/realms/{realm-name}` |  | ||||||
| - **Scope**: `openid profile email` |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## Testing OIDC configuration |  | ||||||
|  |  | ||||||
| After configuring OIDC settings, it's important to test the authentication flow to ensure everything works correctly. |  | ||||||
|  |  | ||||||
| ### Validation steps |  | ||||||
|  |  | ||||||
| 1. **Save Configuration**: Apply your OIDC settings in the Palmr admin panel |  | ||||||
| 2. **Check Status**: Verify that OIDC is enabled and properly configured |  | ||||||
| 3. **Test Login Flow**: Attempt to log in using the OIDC provider |  | ||||||
| 4. **Verify User Creation**: Confirm that user accounts are created or updated correctly |  | ||||||
|  |  | ||||||
| ### Testing the authentication flow |  | ||||||
|  |  | ||||||
| 1. **Access Login Page**: Navigate to your Palmr login page |  | ||||||
| 2. **OIDC Login Option**: Look for the OIDC/SSO login button or option |  | ||||||
| 3. **Provider Redirect**: Click the OIDC login option to redirect to your identity provider |  | ||||||
| 4. **Authenticate**: Complete authentication with your identity provider |  | ||||||
| 5. **Return to Palmr**: Verify successful redirect back to Palmr with authentication |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| ### Troubleshooting common issues |  | ||||||
|  |  | ||||||
| **Configuration Errors**: |  | ||||||
|  |  | ||||||
| - Verify that all required fields are filled correctly |  | ||||||
| - Check that the Issuer URL is accessible and returns valid OIDC metadata |  | ||||||
| - Ensure Client ID and Client Secret match your identity provider configuration |  | ||||||
|  |  | ||||||
| **Redirect URI Mismatches**: |  | ||||||
|  |  | ||||||
| - Confirm that the redirect URI in Palmr matches what's configured in your identity provider |  | ||||||
| - Check for protocol mismatches (HTTP vs HTTPS) |  | ||||||
| - Verify that the domain and path are exactly correct |  | ||||||
|  |  | ||||||
| **Authentication Failures**: |  | ||||||
|  |  | ||||||
| - Check that the user exists in your identity provider |  | ||||||
| - Verify that required scopes are granted |  | ||||||
| - Ensure the user has necessary permissions in the identity provider |  | ||||||
|  |  | ||||||
| **User Creation Issues**: |  | ||||||
|  |  | ||||||
| - Confirm that auto-registration is enabled if you want new users to be created automatically |  | ||||||
| - Check that email addresses are provided by the identity provider |  | ||||||
| - Verify admin domain configuration if users should receive admin privileges |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## User experience |  | ||||||
|  |  | ||||||
| Once OIDC is properly configured, users will have a seamless authentication experience integrated into Palmr's login flow. |  | ||||||
|  |  | ||||||
| ### Login process |  | ||||||
|  |  | ||||||
| 1. **Access Palmr**: Users navigate to the Palmr login page |  | ||||||
| 2. **Choose OIDC**: Users select the OIDC/SSO login option |  | ||||||
| 3. **Provider Authentication**: Users are redirected to authenticate with their identity provider |  | ||||||
| 4. **Automatic Return**: After successful authentication, users are automatically redirected back to Palmr |  | ||||||
| 5. **Dashboard Access**: Users gain immediate access to their Palmr dashboard |  | ||||||
|  |  | ||||||
| ### User account management |  | ||||||
|  |  | ||||||
| **Automatic Provisioning**: New users are automatically created when they first authenticate via OIDC (if auto-registration is enabled). |  | ||||||
|  |  | ||||||
| **Profile Synchronization**: User profile information (name, email) is synchronized from the identity provider during each login. |  | ||||||
|  |  | ||||||
| **Role Assignment**: User roles and permissions can be automatically assigned based on identity provider attributes or configured rules. |  | ||||||
|  |  | ||||||
| ### Account unification |  | ||||||
|  |  | ||||||
| **Email-Based Matching**: If a user authenticates via OIDC using the same email address as an existing credential-based account, both authentication methods will be linked to the same user account. |  | ||||||
|  |  | ||||||
| **Dual Authentication Options**: Users who have both credential-based and OIDC authentication set up can choose either method to log in: |  | ||||||
|  |  | ||||||
| - Traditional email/password authentication |  | ||||||
| - OIDC/SSO authentication through their identity provider |  | ||||||
|  |  | ||||||
| **Seamless Experience**: Regardless of which authentication method is used, users will access the same account with all their files, shares, and settings preserved. |  | ||||||
|  |  | ||||||
| **Account Consolidation**: This feature ensures that users don't accidentally create duplicate accounts and can transition smoothly between authentication methods as organizational requirements change. |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## Security considerations |  | ||||||
|  |  | ||||||
| OIDC authentication in Palmr implements several security best practices to ensure safe and secure authentication. |  | ||||||
|  |  | ||||||
| ### Security features |  | ||||||
|  |  | ||||||
| **PKCE Flow**: Palmr uses Proof Key for Code Exchange (PKCE) to prevent authorization code interception attacks. |  | ||||||
|  |  | ||||||
| **State Parameter**: Random state parameters are used to prevent CSRF attacks during the authentication flow. |  | ||||||
|  |  | ||||||
| **Token Validation**: All tokens are properly validated according to OIDC specifications. |  | ||||||
|  |  | ||||||
| **Secure Storage**: Sensitive configuration data is securely stored and never exposed to client-side code. |  | ||||||
|  |  | ||||||
| ### Best practices |  | ||||||
|  |  | ||||||
| **Use HTTPS**: Always configure Palmr and your identity provider to use HTTPS in production environments. |  | ||||||
|  |  | ||||||
| **Rotate Secrets**: Regularly rotate client secrets and update them in both your identity provider and Palmr configuration. |  | ||||||
|  |  | ||||||
| **Monitor Access**: Regularly review user access and authentication logs to detect any suspicious activity. |  | ||||||
|  |  | ||||||
| **Limit Scopes**: Only request the minimum necessary scopes from your identity provider. |  | ||||||
|  |  | ||||||
| **Validate Domains**: Configure admin email domains carefully to prevent unauthorized privilege escalation. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## API endpoints |  | ||||||
|  |  | ||||||
| Palmr provides several API endpoints for OIDC authentication that can be used for integration or troubleshooting. |  | ||||||
|  |  | ||||||
| ### Available endpoints |  | ||||||
|  |  | ||||||
| **GET /api/auth/oidc/config**: Retrieve OIDC configuration and status information. |  | ||||||
|  |  | ||||||
| **GET /api/auth/oidc/authorize**: Initiate the OIDC authorization flow. |  | ||||||
|  |  | ||||||
| **GET /api/auth/oidc/callback**: Handle the callback from the identity provider after authentication. |  | ||||||
|  |  | ||||||
| ## Finalizing OIDC configuration |  | ||||||
|  |  | ||||||
| After completing the configuration and testing process, your Palmr installation will be ready to handle OIDC authentication seamlessly. |  | ||||||
|  |  | ||||||
| ### Configuration completion |  | ||||||
|  |  | ||||||
| Once OIDC is properly configured: |  | ||||||
|  |  | ||||||
| 1. **Verify Settings**: Confirm all configuration fields are correct and saved |  | ||||||
| 2. **Test Authentication**: Perform end-to-end testing of the authentication flow |  | ||||||
| 3. **Document Configuration**: Keep a record of your OIDC settings for future reference |  | ||||||
| 4. **Inform Users**: Notify users about the new OIDC authentication option |  | ||||||
|  |  | ||||||
| ### Ongoing maintenance |  | ||||||
|  |  | ||||||
| To maintain reliable OIDC authentication: |  | ||||||
|  |  | ||||||
| - **Monitor Authentication**: Regularly check that OIDC authentication is working correctly |  | ||||||
| - **Update Credentials**: Rotate client secrets periodically for security |  | ||||||
| - **Review User Access**: Audit user accounts and permissions regularly |  | ||||||
| - **Stay Updated**: Keep informed about changes to your identity provider's configuration |  | ||||||
|  |  | ||||||
| ### Next steps |  | ||||||
|  |  | ||||||
| With OIDC properly configured, your Palmr installation now provides: |  | ||||||
|  |  | ||||||
| - Seamless single sign-on authentication for users |  | ||||||
| - Centralized user management through your identity provider |  | ||||||
| - Enhanced security through industry-standard protocols |  | ||||||
| - Improved user experience with reduced password management |  | ||||||
|  |  | ||||||
| Users can now authenticate using their existing organizational credentials, providing a more streamlined and secure access experience to Palmr's file sharing capabilities. |  | ||||||
| @@ -1,258 +0,0 @@ | |||||||
| --- |  | ||||||
| title: Quick Start (Docker) |  | ||||||
| icon: "Rocket" |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| Welcome to the fastest way to deploy <span className="font-bold">Palmr.</span> - your secure, self-hosted file sharing solution. This guide will have you up and running in minutes, whether you're new to self-hosting or an experienced developer. |  | ||||||
|  |  | ||||||
| Palmr. offers flexible deployment options to match your infrastructure needs. This guide focuses on Docker deployment with our recommended filesystem storage, perfect for most use cases. |  | ||||||
|  |  | ||||||
| ## Prerequisites |  | ||||||
|  |  | ||||||
| Ensure you have the following installed on your system: |  | ||||||
|  |  | ||||||
| - **Docker** - Container runtime ([installation guide](https://docs.docker.com/get-docker/)) |  | ||||||
| - **Docker Compose** - Multi-container orchestration ([installation guide](https://docs.docker.com/compose/install/)) |  | ||||||
|  |  | ||||||
| > **Platform Support**: Palmr. is developed on macOS and extensively tested on Linux servers. While we haven't formally tested other platforms, Docker's cross-platform nature should ensure compatibility. Report any issues on our [GitHub repository](https://github.com/kyantech/Palmr/issues). |  | ||||||
|  |  | ||||||
| ## Storage Options |  | ||||||
|  |  | ||||||
| Palmr. supports two storage approaches for persistent data: |  | ||||||
|  |  | ||||||
| ### Named Volumes (Recommended) |  | ||||||
|  |  | ||||||
| **Best for**: Production environments, automated deployments |  | ||||||
|  |  | ||||||
| - ✅ **Managed by Docker**: No permission issues or manual path management |  | ||||||
| - ✅ **Optimized Performance**: Docker-native storage optimization |  | ||||||
| - ✅ **Cross-platform**: Consistent behavior across operating systems |  | ||||||
| - ✅ **Simplified Backups**: Docker volume commands for backup/restore |  | ||||||
|  |  | ||||||
| ### Bind Mounts |  | ||||||
|  |  | ||||||
| **Best for**: Development, direct file access requirements |  | ||||||
|  |  | ||||||
| - ✅ **Direct Access**: Files stored in local directory you specify |  | ||||||
| - ✅ **Transparent Storage**: Direct filesystem access from host |  | ||||||
| - ✅ **Custom Backup**: Use existing file system backup solutions |  | ||||||
| - ⚠️ **Permission Considerations**: May require user/group configuration |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## Option 1: Named Volumes (Recommended) |  | ||||||
|  |  | ||||||
| Named volumes provide the best performance and are managed entirely by Docker. |  | ||||||
|  |  | ||||||
| ### Configuration |  | ||||||
|  |  | ||||||
| Use the provided `docker-compose.yaml` for named volumes: |  | ||||||
|  |  | ||||||
| ```yaml |  | ||||||
| services: |  | ||||||
|   palmr: |  | ||||||
|     image: kyantech/palmr:latest |  | ||||||
|     container_name: palmr |  | ||||||
|     environment: |  | ||||||
|       - ENABLE_S3=false |  | ||||||
|       - ENCRYPTION_KEY=change-this-key-in-production-min-32-chars # CHANGE THIS KEY FOR SECURITY |  | ||||||
|       # - SECURE_SITE=false # Set to true if you are using a reverse proxy |  | ||||||
|     ports: |  | ||||||
|       - "5487:5487" # Web interface |  | ||||||
|       - "3333:3333" # API port (OPTIONAL EXPOSED - ONLY IF YOU WANT TO ACCESS THE API DIRECTLY) |  | ||||||
|     volumes: |  | ||||||
|       - palmr_data:/app/server # Named volume for the application data |  | ||||||
|     restart: unless-stopped # Restart the container unless it is stopped |  | ||||||
|  |  | ||||||
| volumes: |  | ||||||
|   palmr_data: |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| ### Deployment |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| docker-compose up -d |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## Option 2: Bind Mounts |  | ||||||
|  |  | ||||||
| Bind mounts store data in a local directory, providing direct file system access. |  | ||||||
|  |  | ||||||
| ### Configuration |  | ||||||
|  |  | ||||||
| To use bind mounts, **replace the content** of your `docker-compose.yaml` with the following configuration (you can also reference `docker-compose-bind-mount-example.yaml` as a template): |  | ||||||
|  |  | ||||||
| ```yaml |  | ||||||
| services: |  | ||||||
|   palmr: |  | ||||||
|     image: kyantech/palmr:latest |  | ||||||
|     container_name: palmr |  | ||||||
|     environment: |  | ||||||
|       - ENABLE_S3=false |  | ||||||
|       - ENCRYPTION_KEY=change-this-key-in-production-min-32-chars # CHANGE THIS KEY FOR SECURITY |  | ||||||
|       # - SECURE_SITE=false # Set to true if you are using a reverse proxy |  | ||||||
|       # Optional: Set custom UID/GID for file permissions |  | ||||||
|       # - PALMR_UID=1000 |  | ||||||
|       # - PALMR_GID=1000 |  | ||||||
|     ports: |  | ||||||
|       - "5487:5487" # Web port |  | ||||||
|       - "3333:3333" # API port (OPTIONAL EXPOSED - ONLY IF YOU WANT TO ACCESS THE API DIRECTLY) |  | ||||||
|     volumes: |  | ||||||
|       # Bind mount for persistent data (uploads, database, temp files) |  | ||||||
|       - ./data:/app/server # Local directory for the application data |  | ||||||
|     restart: unless-stopped # Restart the container unless it is stopped |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| ### Deployment |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| docker-compose up -d |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| > **Permission Configuration**: If you encounter permission issues with bind mounts (common on NAS systems), see our [UID/GID Configuration](/docs/3.0-beta/uid-gid-configuration) guide for automatic permission handling. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## Environment Variables |  | ||||||
|  |  | ||||||
| Configure Palmr. behavior through environment variables: |  | ||||||
|  |  | ||||||
| | Variable         | Default | Description                                             | |  | ||||||
| | ---------------- | ------- | ------------------------------------------------------- | |  | ||||||
| | `ENABLE_S3`      | `false` | Enable S3-compatible storage                            | |  | ||||||
| | `ENCRYPTION_KEY` | -       | **Required**: Minimum 32 characters for file encryption | |  | ||||||
| | `SECURE_SITE`    | `false` | Enable secure cookies for HTTPS/reverse proxy setups    | |  | ||||||
|  |  | ||||||
| > **⚠️ Security Warning**: Always change the `ENCRYPTION_KEY` in production. This key encrypts your files - losing it makes files permanently inaccessible. |  | ||||||
|  |  | ||||||
| > **🔗 Reverse Proxy**: If deploying behind a reverse proxy (Traefik, Nginx, etc.), set `SECURE_SITE=true` and review our [Reverse Proxy Configuration](/docs/3.0-beta/reverse-proxy-configuration) guide for proper setup. |  | ||||||
|  |  | ||||||
| ### Generate Secure Encryption Keys |  | ||||||
|  |  | ||||||
| Need a strong key for `ENCRYPTION_KEY`? Use our built-in generator to create cryptographically secure keys: |  | ||||||
|  |  | ||||||
| <KeyGenerator /> |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## Accessing Palmr. |  | ||||||
|  |  | ||||||
| Once deployed, access Palmr. through your web browser: |  | ||||||
|  |  | ||||||
| - **Local**: `http://localhost:5487` |  | ||||||
| - **Server**: `http://YOUR_SERVER_IP:5487` |  | ||||||
|  |  | ||||||
| ### API Access (Optional) |  | ||||||
|  |  | ||||||
| If you exposed port 3333 in your configuration, you can also access: |  | ||||||
|  |  | ||||||
| - **API Documentation**: `http://localhost:3333/docs` (local) or `http://YOUR_SERVER_IP:3333/docs` (server) |  | ||||||
| - **API Endpoints**: Available at `http://localhost:3333` (local) or `http://YOUR_SERVER_IP:3333` (server) |  | ||||||
|  |  | ||||||
| > **📚 Learn More**: For complete API documentation, authentication, and integration examples, see our [API Reference](/docs/3.0-beta/api) guide. |  | ||||||
|  |  | ||||||
| > **💡 Production Tip**: For production deployments, configure HTTPS with a valid SSL certificate for enhanced security. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## Docker CLI Alternative |  | ||||||
|  |  | ||||||
| Prefer using Docker directly? Both storage options are supported: |  | ||||||
|  |  | ||||||
| **Named Volume:** |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| docker run -d \ |  | ||||||
|   --name palmr \ |  | ||||||
|   -e ENABLE_S3=false \ |  | ||||||
|   -e ENCRYPTION_KEY=your-secure-key-min-32-chars \ |  | ||||||
|   -p 5487:5487 \ |  | ||||||
|   -p 3333:3333 \ |  | ||||||
|   -v palmr_data:/app/server \ |  | ||||||
|   --restart unless-stopped \ |  | ||||||
|   kyantech/palmr:latest |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| **Bind Mount:** |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| docker run -d \ |  | ||||||
|   --name palmr \ |  | ||||||
|   -e ENABLE_S3=false \ |  | ||||||
|   -e ENCRYPTION_KEY=your-secure-key-min-32-chars \ |  | ||||||
|   -p 5487:5487 \ |  | ||||||
|   -p 3333:3333 \ |  | ||||||
|   -v $(pwd)/data:/app/server \ |  | ||||||
|   --restart unless-stopped \ |  | ||||||
|   kyantech/palmr:latest |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## Maintenance |  | ||||||
|  |  | ||||||
| ### Updates |  | ||||||
|  |  | ||||||
| Keep Palmr. current with the latest features and security fixes: |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| docker-compose pull |  | ||||||
| docker-compose up -d |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| ### Backup & Restore |  | ||||||
|  |  | ||||||
| The backup method depends on which storage option you're using: |  | ||||||
|  |  | ||||||
| **Named Volume Backup:** |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| docker run --rm \ |  | ||||||
|   -v palmr_data:/data \ |  | ||||||
|   -v $(pwd):/backup \ |  | ||||||
|   alpine tar czf /backup/palmr-backup.tar.gz -C /data . |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| **Named Volume Restore:** |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| docker run --rm \ |  | ||||||
|   -v palmr_data:/data \ |  | ||||||
|   -v $(pwd):/backup \ |  | ||||||
|   alpine tar xzf /backup/palmr-backup.tar.gz -C /data |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| **Bind Mount Backup:** |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| tar czf palmr-backup.tar.gz ./data |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| **Bind Mount Restore:** |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| tar xzf palmr-backup.tar.gz |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## Next Steps |  | ||||||
|  |  | ||||||
| Your Palmr. instance is now ready! Explore additional configuration options: |  | ||||||
|  |  | ||||||
| ### Advanced Configuration |  | ||||||
|  |  | ||||||
| - **[UID/GID Configuration](/docs/3.0-beta/uid-gid-configuration)** - Configure user permissions for NAS systems and custom environments |  | ||||||
| - **[S3 Storage](/docs/3.0-beta/s3-configuration)** - Scale with Amazon S3 or compatible storage providers |  | ||||||
| - **[Manual Installation](/docs/3.0-beta/manual-installation)** - Manual installation and custom configurations |  | ||||||
|  |  | ||||||
| ### Integration & Development |  | ||||||
|  |  | ||||||
| - **[API Reference](/docs/3.0-beta/api)** - Integrate Palmr. with your applications |  | ||||||
| - **[Architecture Guide](/docs/3.0-beta/architecture)** - Understanding Palmr. components and design |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| Need help? Visit our [GitHub Issues](https://github.com/kyantech/Palmr/issues) or community discussions. |  | ||||||
| @@ -1,222 +0,0 @@ | |||||||
| --- |  | ||||||
| title: UID/GID Configuration |  | ||||||
| icon: "Users" |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| Configure user and group permissions for seamless bind mount compatibility across different host systems, particularly NAS environments. |  | ||||||
|  |  | ||||||
| ## Overview |  | ||||||
|  |  | ||||||
| Palmr. supports runtime UID/GID configuration to resolve permission conflicts when using bind mounts. This eliminates the need for manual permission management on your host system. |  | ||||||
|  |  | ||||||
| **Default Configuration**: UID 1001, GID 1001 |  | ||||||
|  |  | ||||||
| ## When to Configure |  | ||||||
|  |  | ||||||
| UID/GID configuration is recommended when: |  | ||||||
|  |  | ||||||
| - Using bind mounts with different host user permissions |  | ||||||
| - Deploying on NAS systems (Synology, QNAP, etc.) |  | ||||||
| - Encountering "permission denied" errors |  | ||||||
| - Host system uses different default UID/GID values |  | ||||||
|  |  | ||||||
| ## Environment Variables |  | ||||||
|  |  | ||||||
| Configure permissions using these optional environment variables: |  | ||||||
|  |  | ||||||
| | Variable    | Description                      | Default | Example | |  | ||||||
| | ----------- | -------------------------------- | ------- | ------- | |  | ||||||
| | `PALMR_UID` | User ID for container processes  | `1001`  | `1000`  | |  | ||||||
| | `PALMR_GID` | Group ID for container processes | `1001`  | `1000`  | |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## Finding Host UID/GID |  | ||||||
|  |  | ||||||
| Determine your host system's user and group IDs: |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| # Check current user |  | ||||||
| id |  | ||||||
|  |  | ||||||
| # Output example |  | ||||||
| uid=1000(user) gid=1000(group) groups=1000(group),27(sudo) |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| Use the `uid` and `gid` values for your configuration. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## Configuration Examples |  | ||||||
|  |  | ||||||
| ### Standard Linux System |  | ||||||
|  |  | ||||||
| ```yaml |  | ||||||
| services: |  | ||||||
|   palmr: |  | ||||||
|     image: kyantech/palmr:latest |  | ||||||
|     container_name: palmr |  | ||||||
|     environment: |  | ||||||
|       - ENABLE_S3=false |  | ||||||
|       - ENCRYPTION_KEY=your-secure-key-min-32-chars |  | ||||||
|       - PALMR_UID=1000 |  | ||||||
|       - PALMR_GID=1000 |  | ||||||
|     ports: |  | ||||||
|       - "5487:5487" |  | ||||||
|     volumes: |  | ||||||
|       - ./data:/app/server |  | ||||||
|     restart: unless-stopped |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| ### Synology NAS |  | ||||||
|  |  | ||||||
| ```yaml |  | ||||||
| services: |  | ||||||
|   palmr: |  | ||||||
|     image: kyantech/palmr:latest |  | ||||||
|     container_name: palmr |  | ||||||
|     environment: |  | ||||||
|       - ENABLE_S3=false |  | ||||||
|       - ENCRYPTION_KEY=your-secure-key-min-32-chars |  | ||||||
|       - PALMR_UID=1026 |  | ||||||
|       - PALMR_GID=100 |  | ||||||
|     ports: |  | ||||||
|       - "5487:5487" |  | ||||||
|     volumes: |  | ||||||
|       - /volume1/docker/palmr:/app/server |  | ||||||
|     restart: unless-stopped |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| ### QNAP NAS |  | ||||||
|  |  | ||||||
| ```yaml |  | ||||||
| services: |  | ||||||
|   palmr: |  | ||||||
|     image: kyantech/palmr:latest |  | ||||||
|     container_name: palmr |  | ||||||
|     environment: |  | ||||||
|       - ENABLE_S3=false |  | ||||||
|       - ENCRYPTION_KEY=your-secure-key-min-32-chars |  | ||||||
|       - PALMR_UID=1000 |  | ||||||
|       - PALMR_GID=100 |  | ||||||
|     ports: |  | ||||||
|       - "5487:5487" |  | ||||||
|     volumes: |  | ||||||
|       - /share/Container/palmr:/app/server |  | ||||||
|     restart: unless-stopped |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## Migration Guide |  | ||||||
|  |  | ||||||
| ### Existing Installations |  | ||||||
|  |  | ||||||
| To add UID/GID configuration to running installations: |  | ||||||
|  |  | ||||||
| 1. **Stop the container** |  | ||||||
|  |  | ||||||
|    ```bash |  | ||||||
|    docker-compose down |  | ||||||
|    ``` |  | ||||||
|  |  | ||||||
| 2. **Backup your data** |  | ||||||
|  |  | ||||||
|    ```bash |  | ||||||
|    cp -r ./data ./data-backup |  | ||||||
|    ``` |  | ||||||
|  |  | ||||||
| 3. **Update configuration** |  | ||||||
|    Add UID/GID variables to your `docker-compose.yaml` |  | ||||||
|  |  | ||||||
| 4. **Restart with new configuration** |  | ||||||
|    ```bash |  | ||||||
|    docker-compose up -d |  | ||||||
|    ``` |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## Verification |  | ||||||
|  |  | ||||||
| ### Check Configuration |  | ||||||
|  |  | ||||||
| Verify UID/GID settings are applied correctly: |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| # View startup logs |  | ||||||
| docker-compose logs palmr | head -20 |  | ||||||
|  |  | ||||||
| # Check file ownership |  | ||||||
| docker exec palmr ls -la /app/server/ |  | ||||||
|  |  | ||||||
| # Verify process UID/GID |  | ||||||
| docker exec palmr ps aux | grep node |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| ### Troubleshooting |  | ||||||
|  |  | ||||||
| **Permission issues persist:** |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| # Check environment variables |  | ||||||
| docker exec palmr env | grep PALMR |  | ||||||
|  |  | ||||||
| # Verify file ownership |  | ||||||
| docker exec palmr stat /app/server/prisma/palmr.db |  | ||||||
|  |  | ||||||
| # Review configuration logs |  | ||||||
| docker-compose logs palmr | grep -E "🔧|🔐|🔽" |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| **NAS-specific debugging:** |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| # Synology - Check mount point ownership |  | ||||||
| ls -la /volume1/docker/palmr/ |  | ||||||
|  |  | ||||||
| # QNAP - Check mount point ownership |  | ||||||
| ls -la /share/Container/palmr/ |  | ||||||
|  |  | ||||||
| # Check NAS user configuration |  | ||||||
| cat /etc/passwd | grep -v nobody |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## Implementation Details |  | ||||||
|  |  | ||||||
| The UID/GID configuration process: |  | ||||||
|  |  | ||||||
| 1. **Detection** - Environment variables are read during container startup |  | ||||||
| 2. **Ownership Update** - File permissions are adjusted to match target UID/GID |  | ||||||
| 3. **Privilege Drop** - Application runs with specified user permissions via `su-exec` |  | ||||||
| 4. **Logging** - Configuration changes are logged for verification |  | ||||||
|  |  | ||||||
| This approach provides automatic permission management without user creation or system modification. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## Build-Time Configuration |  | ||||||
|  |  | ||||||
| For custom base images with different default values: |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| docker build \ |  | ||||||
|   --build-arg PALMR_UID=2000 \ |  | ||||||
|   --build-arg PALMR_GID=2000 \ |  | ||||||
|   -t palmr:custom . |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| Runtime environment variables override build-time defaults. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## Benefits |  | ||||||
|  |  | ||||||
| - **Zero Configuration** - Works automatically when environment variables are set |  | ||||||
| - **Universal Compatibility** - Supports any valid UID/GID combination |  | ||||||
| - **NAS Optimized** - Tested with major NAS platforms |  | ||||||
| - **Backward Compatible** - Existing deployments continue without modification |  | ||||||
| - **Performance Optimized** - Lightweight implementation using `su-exec` |  | ||||||
|  |  | ||||||
| For permission issues with bind mounts, add the appropriate `PALMR_UID` and `PALMR_GID` environment variables to resolve conflicts automatically. |  | ||||||
| @@ -30,8 +30,6 @@ services: | |||||||
| ```bash | ```bash | ||||||
| docker run -d \ | docker run -d \ | ||||||
|   --name palmr \ |   --name palmr \ | ||||||
|   -e ENABLE_S3=false \ |  | ||||||
|   -e ENCRYPTION_KEY=change-this-key-in-production-min-32-chars \ |  | ||||||
|   -p 5487:5487 \ |   -p 5487:5487 \ | ||||||
|   -p 3333:3333 \ |   -p 3333:3333 \ | ||||||
|   -v palmr_data:/app/server \ |   -v palmr_data:/app/server \ | ||||||
| @@ -107,6 +105,12 @@ The Palmr. API provides comprehensive access to all platform features: | |||||||
| - **File management** - Rename, delete, and organize files | - **File management** - Rename, delete, and organize files | ||||||
| - **Metadata access** - Retrieve file information and properties | - **Metadata access** - Retrieve file information and properties | ||||||
| 
 | 
 | ||||||
|  | ### Folder operations | ||||||
|  | 
 | ||||||
|  | - **Create folders** - Build folder structures for organization | ||||||
|  | - **Folder management** - Rename, move, delete folders | ||||||
|  | - **Folder sharing** - Share folders with same controls as files | ||||||
|  | 
 | ||||||
| ### Share management | ### Share management | ||||||
| 
 | 
 | ||||||
| - **Create shares** - Generate public links for file sharing | - **Create shares** - Generate public links for file sharing | ||||||
| @@ -9,10 +9,7 @@ import { ZoomableImage } from "@/components/ui/zoomable-image"; | |||||||
| 
 | 
 | ||||||
| Understanding the architecture of Palmr. is crucial for both deploying and scaling the application. The platform is designed with simplicity and flexibility in mind, offering a streamlined setup that can grow with your needs. | Understanding the architecture of Palmr. is crucial for both deploying and scaling the application. The platform is designed with simplicity and flexibility in mind, offering a streamlined setup that can grow with your needs. | ||||||
| 
 | 
 | ||||||
| <ZoomableImage | <ZoomableImage src="/assets/v3/architecture/architecture.png" alt="Palmr. Architecture" /> | ||||||
|   src="/assets/v3/architecture/architecture.png" |  | ||||||
|   alt="Palmr. Architecture" |  | ||||||
| /> |  | ||||||
| 
 | 
 | ||||||
| ## Technologies used | ## Technologies used | ||||||
| 
 | 
 | ||||||
| @@ -46,6 +43,16 @@ Palmr. uses **filesystem storage** as the default storage solution, keeping thin | |||||||
| - Excellent performance for local file operations | - Excellent performance for local file operations | ||||||
| - Optional S3-compatible storage support for cloud deployments and scalability | - Optional S3-compatible storage support for cloud deployments and scalability | ||||||
| 
 | 
 | ||||||
|  | #### Performance Considerations with Encryption | ||||||
|  | 
 | ||||||
|  | By default, filesystem storage operates without encryption for optimal performance, providing fast uploads and downloads with minimal CPU overhead. This approach is ideal for most use cases where performance is prioritized. | ||||||
|  | 
 | ||||||
|  | If you need to protect sensitive files at rest, you can enable encryption by setting `DISABLE_FILESYSTEM_ENCRYPTION=false` and providing an `ENCRYPTION_KEY` in your configuration. When enabled, Palmr uses AES-256-CBC encryption, which adds CPU overhead during uploads (encryption) and downloads (decryption), particularly for large files or in resource-constrained environments like containers or low-end VMs. | ||||||
|  | 
 | ||||||
|  | For optimal performance with encryption enabled, ensure your hardware supports AES-NI acceleration (check with `cat /proc/cpuinfo | grep aes` on Linux). | ||||||
|  | 
 | ||||||
|  | As an alternative, consider using S3-compatible object storage (e.g., AWS S3 or MinIO), which can offload file storage from the local filesystem and potentially reduce local CPU overhead for encryption/decryption. See [S3 Providers](/docs/3.2-beta/s3-providers) for setup instructions. | ||||||
|  | 
 | ||||||
| ### Fastify + Zod + TypeScript | ### Fastify + Zod + TypeScript | ||||||
| 
 | 
 | ||||||
| The backend of Palmr. is powered by **Fastify**, **Zod**, and **TypeScript**, creating a robust and type-safe API layer. Fastify is a super-fast Node.js web framework optimized for performance and low overhead, designed to handle lots of concurrent requests with minimal resource usage. Zod provides runtime type validation and schema definition, ensuring all incoming data is properly validated before reaching business logic. TypeScript adds compile-time type safety throughout the entire backend codebase. This combination creates a highly reliable and maintainable backend that prevents bugs and security issues while maintaining excellent performance. | The backend of Palmr. is powered by **Fastify**, **Zod**, and **TypeScript**, creating a robust and type-safe API layer. Fastify is a super-fast Node.js web framework optimized for performance and low overhead, designed to handle lots of concurrent requests with minimal resource usage. Zod provides runtime type validation and schema definition, ensuring all incoming data is properly validated before reaching business logic. TypeScript adds compile-time type safety throughout the entire backend codebase. This combination creates a highly reliable and maintainable backend that prevents bugs and security issues while maintaining excellent performance. | ||||||
| @@ -120,7 +127,7 @@ Palmr. is designed to be flexible in how you handle file storage: | |||||||
| 
 | 
 | ||||||
| **Optional S3-compatible storage:** | **Optional S3-compatible storage:** | ||||||
| 
 | 
 | ||||||
| - Enable S3 storage by setting `ENABLE_S3=true`, look at [S3 Providers](/docs/3.0-beta/s3-providers) for more information. | - Enable S3 storage by setting `ENABLE_S3=true`, look at [S3 Providers](/docs/3.2-beta/s3-providers) for more information. | ||||||
| - Compatible with AWS S3, MinIO, and other S3-compatible services | - Compatible with AWS S3, MinIO, and other S3-compatible services | ||||||
| - Ideal for cloud deployments and distributed setups | - Ideal for cloud deployments and distributed setups | ||||||
| - Provides additional scalability and redundancy options | - Provides additional scalability and redundancy options | ||||||
							
								
								
									
										374
									
								
								apps/docs/content/docs/3.2-beta/cleanup-orphan-files.mdx
									
									
									
									
									
										Normal file
									
								
							
							
						
						| @@ -0,0 +1,374 @@ | |||||||
|  | --- | ||||||
|  | title: Cleanup Orphan Files | ||||||
|  | icon: Trash2 | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | This guide provides detailed instructions on how to identify and remove orphan file records from your Palmr database. Orphan files are database entries that reference files that no longer exist in the storage system, typically resulting from failed uploads or interrupted transfers. | ||||||
|  |  | ||||||
|  | ## When and why to use this tool | ||||||
|  |  | ||||||
|  | The orphan file cleanup script is designed to maintain database integrity by removing stale file records. Consider using this tool if: | ||||||
|  |  | ||||||
|  | - Users are experiencing "File not found" errors when attempting to download files that appear in the UI | ||||||
|  | - You've identified failed uploads that left incomplete database records | ||||||
|  | - You're performing routine database maintenance | ||||||
|  | - You've migrated storage systems and need to verify file consistency | ||||||
|  | - You need to free up quota space occupied by phantom file records | ||||||
|  |  | ||||||
|  | > **Note:** This script only removes **database records** for files that don't exist in storage. It does not delete physical files. Files that exist in storage will remain untouched. | ||||||
|  |  | ||||||
|  | ## How the cleanup works | ||||||
|  |  | ||||||
|  | Palmr provides a maintenance script that scans all file records in the database and verifies their existence in the storage system (either filesystem or S3). The script operates in two modes: | ||||||
|  |  | ||||||
|  | - **Dry-run mode (default):** Identifies orphan files and displays what would be deleted without making any changes | ||||||
|  | - **Confirmation mode:** Actually removes the orphan database records after explicit confirmation | ||||||
|  |  | ||||||
|  | The script maintains safety by: | ||||||
|  | - Checking file existence before marking as orphan | ||||||
|  | - Providing detailed statistics and file listings | ||||||
|  | - Requiring explicit `--confirm` flag to delete records | ||||||
|  | - Working with both filesystem and S3 storage providers | ||||||
|  | - Preserving all files that exist in storage | ||||||
|  |  | ||||||
|  | ## Understanding orphan files | ||||||
|  |  | ||||||
|  | ### What are orphan files? | ||||||
|  |  | ||||||
|  | Orphan files occur when: | ||||||
|  |  | ||||||
|  | 1. **Failed chunked uploads:** A large file upload starts, creates a database record, but the upload fails before completion | ||||||
|  | 2. **Interrupted transfers:** Network issues or server restarts interrupt file transfers mid-process | ||||||
|  | 3. **Manual deletions:** Files are manually deleted from storage without removing the database record | ||||||
|  | 4. **Storage migrations:** Files are moved or lost during storage system changes | ||||||
|  |  | ||||||
|  | ### Why they cause problems | ||||||
|  |  | ||||||
|  | When orphan records exist in the database: | ||||||
|  | - Users see files in the UI that cannot be downloaded | ||||||
|  | - Download attempts result in "ENOENT: no such file or directory" errors | ||||||
|  | - Storage quota calculations become inaccurate | ||||||
|  | - The system returns 500 errors instead of proper 404 responses (in older versions) | ||||||
|  |  | ||||||
|  | ### Renamed files with suffixes | ||||||
|  |  | ||||||
|  | Files with duplicate names are automatically renamed with suffixes (e.g., `file (1).png`, `file (2).png`). Sometimes the upload fails after the database record is created but before the physical file is saved, creating an orphan record with a suffix. | ||||||
|  |  | ||||||
|  | **Example:** | ||||||
|  | ``` | ||||||
|  | Database record: photo (1).png → objectName: user123/1758805195682-Rjn9at692HdR.png | ||||||
|  | Physical file: Does not exist ❌ | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ## Step-by-step instructions | ||||||
|  |  | ||||||
|  | ### 1. Access the server environment | ||||||
|  |  | ||||||
|  | **For Docker installations:** | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | docker exec -it <container_name> /bin/sh | ||||||
|  | cd /app/palmr-app | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | **For bare-metal installations:** | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | cd /path/to/palmr/apps/server | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### 2. Run the cleanup script in dry-run mode | ||||||
|  |  | ||||||
|  | First, run the script without the `--confirm` flag to see what would be deleted: | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | pnpm cleanup:orphan-files | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | This will: | ||||||
|  | - Scan all file records in the database | ||||||
|  | - Check if each file exists in storage | ||||||
|  | - Display a summary of orphan files | ||||||
|  | - Show what would be deleted (without actually deleting) | ||||||
|  |  | ||||||
|  | ### 3. Review the output | ||||||
|  |  | ||||||
|  | The script will provide detailed information about orphan files: | ||||||
|  |  | ||||||
|  | ```text | ||||||
|  | Starting orphan file cleanup... | ||||||
|  | Storage mode: Filesystem | ||||||
|  | Found 7 files in database | ||||||
|  | ❌ Orphan: photo(1).png (cmddjchw80000gmiimqnxga2g/1758805195682-Rjn9at692HdR.png) | ||||||
|  | ❌ Orphan: document.pdf (cmddjchw80000gmiimqnxga2g/1758803757558-JQxlvF816UVo.pdf) | ||||||
|  |  | ||||||
|  | 📊 Summary: | ||||||
|  |   Total files in DB: 7 | ||||||
|  |   ✅ Files with storage: 5 | ||||||
|  |   ❌ Orphan files: 2 | ||||||
|  |  | ||||||
|  | 🗑️  Orphan files to be deleted: | ||||||
|  |   - photo(1).png (0.76 MB) - cmddjchw80000gmiimqnxga2g/1758805195682-Rjn9at692HdR.png | ||||||
|  |   - document.pdf (2.45 MB) - cmddjchw80000gmiimqnxga2g/1758803757558-JQxlvF816UVo.pdf | ||||||
|  |  | ||||||
|  | ⚠️  Dry run mode. To actually delete orphan records, run with --confirm flag: | ||||||
|  |    pnpm cleanup:orphan-files:confirm | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### 4. Confirm and execute the cleanup | ||||||
|  |  | ||||||
|  | If you're satisfied with the results and want to proceed with the deletion: | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | pnpm cleanup:orphan-files:confirm | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | This will remove the orphan database records and display a confirmation: | ||||||
|  |  | ||||||
|  | ```text | ||||||
|  | 🗑️  Deleting orphan file records... | ||||||
|  |   ✓ Deleted: photo(1).png | ||||||
|  |   ✓ Deleted: document.pdf | ||||||
|  |  | ||||||
|  | ✅ Cleanup complete! | ||||||
|  |    Deleted 2 orphan file records | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ## Example session | ||||||
|  |  | ||||||
|  | Below is a complete example of running the cleanup script: | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | $ pnpm cleanup:orphan-files | ||||||
|  |  | ||||||
|  | > palmr-api@3.2.3-beta cleanup:orphan-files | ||||||
|  | > tsx src/scripts/cleanup-orphan-files.ts | ||||||
|  |  | ||||||
|  | Starting orphan file cleanup... | ||||||
|  | Storage mode: Filesystem | ||||||
|  | Found 15 files in database | ||||||
|  | ❌ Orphan: video.mp4 (user123/1758803869037-1WhtnrQioeFQ.mp4) | ||||||
|  | ❌ Orphan: image(1).png (user123/1758805195682-Rjn9at692HdR.png) | ||||||
|  | ❌ Orphan: image(2).png (user123/1758803757558-JQxlvF816UVo.png) | ||||||
|  |  | ||||||
|  | 📊 Summary: | ||||||
|  |   Total files in DB: 15 | ||||||
|  |   ✅ Files with storage: 12 | ||||||
|  |   ❌ Orphan files: 3 | ||||||
|  |  | ||||||
|  | 🗑️  Orphan files to be deleted: | ||||||
|  |   - video.mp4 (97.09 MB) - user123/1758803869037-1WhtnrQioeFQ.mp4 | ||||||
|  |   - image(1).png (0.01 MB) - user123/1758805195682-Rjn9at692HdR.png | ||||||
|  |   - image(2).png (0.76 MB) - user123/1758803757558-JQxlvF816UVo.png | ||||||
|  |  | ||||||
|  | ⚠️  Dry run mode. To actually delete orphan records, run with --confirm flag: | ||||||
|  |    pnpm cleanup:orphan-files:confirm | ||||||
|  |  | ||||||
|  | $ pnpm cleanup:orphan-files:confirm | ||||||
|  |  | ||||||
|  | > palmr-api@3.2.3-beta cleanup:orphan-files:confirm | ||||||
|  | > tsx src/scripts/cleanup-orphan-files.ts --confirm | ||||||
|  |  | ||||||
|  | Starting orphan file cleanup... | ||||||
|  | Storage mode: Filesystem | ||||||
|  | Found 15 files in database | ||||||
|  | ❌ Orphan: video.mp4 (user123/1758803869037-1WhtnrQioeFQ.mp4) | ||||||
|  | ❌ Orphan: image(1).png (user123/1758805195682-Rjn9at692HdR.png) | ||||||
|  | ❌ Orphan: image(2).png (user123/1758803757558-JQxlvF816UVo.png) | ||||||
|  |  | ||||||
|  | 📊 Summary: | ||||||
|  |   Total files in DB: 15 | ||||||
|  |   ✅ Files with storage: 12 | ||||||
|  |   ❌ Orphan files: 3 | ||||||
|  |  | ||||||
|  | 🗑️  Orphan files to be deleted: | ||||||
|  |   - video.mp4 (97.09 MB) - user123/1758803869037-1WhtnrQioeFQ.mp4 | ||||||
|  |   - image(1).png (0.01 MB) - user123/1758805195682-Rjn9at692HdR.png | ||||||
|  |   - image(2).png (0.76 MB) - user123/1758803757558-JQxlvF816UVo.png | ||||||
|  |  | ||||||
|  | 🗑️  Deleting orphan file records... | ||||||
|  |   ✓ Deleted: video.mp4 | ||||||
|  |   ✓ Deleted: image(1).png | ||||||
|  |   ✓ Deleted: image(2).png | ||||||
|  |  | ||||||
|  | ✅ Cleanup complete! | ||||||
|  |    Deleted 3 orphan file records | ||||||
|  |  | ||||||
|  | Script completed successfully | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ## Troubleshooting common issues | ||||||
|  |  | ||||||
|  | ### No orphan files found | ||||||
|  |  | ||||||
|  | ```text | ||||||
|  | 📊 Summary: | ||||||
|  |   Total files in DB: 10 | ||||||
|  |   ✅ Files with storage: 10 | ||||||
|  |   ❌ Orphan files: 0 | ||||||
|  |  | ||||||
|  | ✨ No orphan files found! | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | **This is good!** It means your database is in sync with your storage system. | ||||||
|  |  | ||||||
|  | ### Script cannot connect to database | ||||||
|  |  | ||||||
|  | If you see database connection errors: | ||||||
|  |  | ||||||
|  | 1. Verify the database file exists: | ||||||
|  |    ```bash | ||||||
|  |    ls -la prisma/palmr.db | ||||||
|  |    ``` | ||||||
|  |  | ||||||
|  | 2. Check database permissions: | ||||||
|  |    ```bash | ||||||
|  |    chmod 644 prisma/palmr.db | ||||||
|  |    ``` | ||||||
|  |  | ||||||
|  | 3. Ensure you're in the correct directory: | ||||||
|  |    ```bash | ||||||
|  |    pwd  # Should show .../palmr/apps/server | ||||||
|  |    ``` | ||||||
|  |  | ||||||
|  | ### Storage provider errors | ||||||
|  |  | ||||||
|  | For **S3 storage:** | ||||||
|  | - Verify your S3 credentials are configured correctly | ||||||
|  | - Check that the bucket is accessible | ||||||
|  | - Ensure network connectivity to S3 | ||||||
|  |  | ||||||
|  | For **Filesystem storage:** | ||||||
|  | - Verify the uploads directory exists and is readable | ||||||
|  | - Check file system permissions | ||||||
|  | - Ensure sufficient disk space | ||||||
|  |  | ||||||
|  | ### Script fails to delete records | ||||||
|  |  | ||||||
|  | If deletion fails for specific files: | ||||||
|  | - Check database locks (close other connections) | ||||||
|  | - Verify you have write permissions to the database | ||||||
|  | - Review the error message for specific details | ||||||
|  |  | ||||||
|  | ## Understanding the output | ||||||
|  |  | ||||||
|  | ### File statistics | ||||||
|  |  | ||||||
|  | The script provides several key metrics: | ||||||
|  |  | ||||||
|  | - **Total files in DB:** All file records in your database | ||||||
|  | - **Files with storage:** Records where the physical file exists | ||||||
|  | - **Orphan files:** Records where the physical file is missing | ||||||
|  |  | ||||||
|  | ### File information | ||||||
|  |  | ||||||
|  | For each orphan file, you'll see: | ||||||
|  |  | ||||||
|  | - **Name:** Display name in the UI | ||||||
|  | - **Size:** File size as recorded in the database | ||||||
|  | - **Object name:** Internal storage path | ||||||
|  |  | ||||||
|  | Example: `photo(1).png (0.76 MB) - user123/1758805195682-Rjn9at692HdR.png` | ||||||
|  |  | ||||||
|  | ## Prevention and best practices | ||||||
|  |  | ||||||
|  | ### Prevent orphan files from occurring | ||||||
|  |  | ||||||
|  | 1. **Monitor upload failures:** Check server logs for upload errors | ||||||
|  | 2. **Stable network:** Ensure reliable network connectivity for large uploads | ||||||
|  | 3. **Adequate resources:** Provide sufficient disk space and memory | ||||||
|  | 4. **Regular maintenance:** Run this script periodically as part of maintenance | ||||||
|  |  | ||||||
|  | ### When to run cleanup | ||||||
|  |  | ||||||
|  | Consider running the cleanup script: | ||||||
|  |  | ||||||
|  | - **Monthly:** As part of routine database maintenance | ||||||
|  | - **After incidents:** Following server crashes or storage issues | ||||||
|  | - **Before migrations:** Before moving to new storage systems | ||||||
|  | - **When users report errors:** If download failures are reported | ||||||
|  |  | ||||||
|  | ### Safe cleanup practices | ||||||
|  |  | ||||||
|  | 1. **Always run dry-run first:** Review what will be deleted before confirming | ||||||
|  | 2. **Backup your database:** Create a backup before running with `--confirm` | ||||||
|  | 3. **Check during low usage:** Run during off-peak hours to minimize disruption | ||||||
|  | 4. **Document the cleanup:** Keep records of when and why cleanup was performed | ||||||
|  | 5. **Verify after cleanup:** Check that file counts match expectations | ||||||
|  |  | ||||||
|  | ## Technical details | ||||||
|  |  | ||||||
|  | ### How files are stored | ||||||
|  |  | ||||||
|  | When files are uploaded to Palmr: | ||||||
|  |  | ||||||
|  | 1. Frontend generates a safe object name using random identifiers | ||||||
|  | 2. Backend creates the final `objectName` as: `${userId}/${timestamp}-${randomId}.${extension}` | ||||||
|  | 3. If a duplicate name exists, the **display name** gets a suffix, but `objectName` remains unique | ||||||
|  | 4. Physical file is stored using `objectName`, display name is stored separately in database | ||||||
|  |  | ||||||
|  | ### Storage providers | ||||||
|  |  | ||||||
|  | The script works with both storage providers: | ||||||
|  |  | ||||||
|  | - **FilesystemStorageProvider:** Uses `fs.promises.access()` to check file existence | ||||||
|  | - **S3StorageProvider:** Uses `HeadObjectCommand` to verify objects in S3 bucket | ||||||
|  |  | ||||||
|  | ### Database schema | ||||||
|  |  | ||||||
|  | Files table structure: | ||||||
|  | ```typescript | ||||||
|  | { | ||||||
|  |   name: string           // Display name (can have suffixes like "file (1).png") | ||||||
|  |   objectName: string     // Physical storage path (always unique) | ||||||
|  |   size: bigint          // File size in bytes | ||||||
|  |   extension: string     // File extension | ||||||
|  |   userId: string        // Owner of the file | ||||||
|  |   folderId: string?     // Parent folder (null for root) | ||||||
|  | } | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ## Related improvements | ||||||
|  |  | ||||||
|  | ### Download validation (v3.2.3-beta+) | ||||||
|  |  | ||||||
|  | Starting from version 3.2.3-beta, Palmr includes enhanced download validation: | ||||||
|  |  | ||||||
|  | - Files are checked for existence **before** attempting download | ||||||
|  | - Returns proper 404 error if file is missing (instead of 500) | ||||||
|  | - Provides helpful error message to users | ||||||
|  |  | ||||||
|  | This prevents errors when trying to download orphan files that haven't been cleaned up yet. | ||||||
|  |  | ||||||
|  | ## Security considerations | ||||||
|  |  | ||||||
|  | - **Read-only by default:** Dry-run mode is safe and doesn't modify data | ||||||
|  | - **Explicit confirmation:** Requires `--confirm` flag to delete records | ||||||
|  | - **No file deletion:** Only removes database records, never deletes physical files | ||||||
|  | - **Audit trail:** All actions are logged to console | ||||||
|  | - **Permission-based:** Only users with server access can run the script | ||||||
|  |  | ||||||
|  | > **Important:** This script does not delete physical files from storage. It only removes database records for files that don't exist. This is intentional to prevent accidental data loss. | ||||||
|  |  | ||||||
|  | ## FAQ | ||||||
|  |  | ||||||
|  | **Q: Will this delete my files?**   | ||||||
|  | A: No. The script only removes database records for files that are already missing from storage. Physical files are never deleted. | ||||||
|  |  | ||||||
|  | **Q: Can I undo the cleanup?**   | ||||||
|  | A: No. Once orphan records are deleted, they cannot be recovered. Always run dry-run mode first and backup your database. | ||||||
|  |  | ||||||
|  | **Q: Why do orphan files have suffixes like (1), (2)?**   | ||||||
|  | A: When duplicate files are uploaded, Palmr renames them with suffixes. If the upload fails after creating the database record, an orphan with a suffix remains. | ||||||
|  |  | ||||||
|  | **Q: How often should I run this script?**   | ||||||
|  | A: Monthly maintenance is usually sufficient. Run more frequently if you experience many upload failures. | ||||||
|  |  | ||||||
|  | **Q: Does this work with S3 storage?**   | ||||||
|  | A: Yes! The script automatically detects your storage provider (filesystem or S3) and works with both. | ||||||
|  |  | ||||||
|  | **Q: What if I have thousands of orphan files?**   | ||||||
|  | A: The script handles large numbers efficiently. Consider running during off-peak hours for very large cleanups. | ||||||
|  |  | ||||||
|  | **Q: Can this fix "File not found" errors?**   | ||||||
|  | A: Yes, if the errors are caused by orphan database records. The script removes those records, preventing future errors. | ||||||
							
								
								
									
										273
									
								
								apps/docs/content/docs/3.2-beta/configuring-smtp.mdx
									
									
									
									
									
										Normal file
									
								
							
							
						
						| @@ -0,0 +1,273 @@ | |||||||
|  | --- | ||||||
|  | title: Configuring SMTP | ||||||
|  | icon: Mail | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | For Palmr to function with all its best features, you need to configure an email server. To make this process easier, there's a built-in configuration panel inside **Settings** in Palmr. However, only users with an **ADMIN** profile can access and configure these settings. | ||||||
|  |  | ||||||
|  | This guide walks you through the complete process of setting up SMTP for your Palmr installation, ensuring that email-dependent features work seamlessly. | ||||||
|  |  | ||||||
|  | ## Why configure SMTP? | ||||||
|  |  | ||||||
|  | Configuring SMTP is essential for enabling key email functionalities that enhance the user experience and ensure proper system operation. | ||||||
|  |  | ||||||
|  | The main functionalities that depend on SMTP configuration are: | ||||||
|  |  | ||||||
|  | - **Password Reset** – Users who forget their password and cannot access the **Settings** panel need this feature to regain access to their accounts. | ||||||
|  | - **Email Notifications** – Recipients will receive email notifications when new shares are sent to them, keeping them informed about shared content. | ||||||
|  |  | ||||||
|  | Without proper SMTP configuration, these features will not work, potentially leaving users unable to recover their accounts or stay informed about shared files. | ||||||
|  |  | ||||||
|  | Now, let's go through the step-by-step process to configure the **SMTP Server**. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Accessing SMTP settings | ||||||
|  |  | ||||||
|  | To configure SMTP settings, you'll need administrative access to the Palmr settings panel. | ||||||
|  |  | ||||||
|  | ### Prerequisites | ||||||
|  |  | ||||||
|  | Before beginning the configuration process: | ||||||
|  |  | ||||||
|  | - Ensure you have **ADMIN** user privileges in Palmr | ||||||
|  | - Have your SMTP server credentials ready | ||||||
|  | - For Gmail users, prepare to generate an App Password | ||||||
|  |  | ||||||
|  | ### Navigating to settings | ||||||
|  |  | ||||||
|  | To access **Settings**, an **ADMIN** user must click on the profile picture in the **header** and select **Settings** from the dropdown menu. | ||||||
|  |  | ||||||
|  | Once inside the **Settings** panel, click on the **Email** card to expand the SMTP configuration options. | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  | After expanding the card, the following SMTP configuration fields will appear: | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Configuring SMTP server | ||||||
|  |  | ||||||
|  | The SMTP configuration process involves enabling the service and configuring the necessary connection details. | ||||||
|  |  | ||||||
|  | ### Enabling SMTP | ||||||
|  |  | ||||||
|  | The first step is to **enable SMTP** by selecting "Yes" in the **SMTP Enabled** field. | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  | ### Configuration fields | ||||||
|  |  | ||||||
|  | Once SMTP is enabled, you can configure the following fields: | ||||||
|  |  | ||||||
|  | #### Basic SMTP Configuration | ||||||
|  |  | ||||||
|  | **SMTP Server** – The SMTP server address provided by your email service. For Gmail, use `smtp.gmail.com` (this is the recommended option and set as default). | ||||||
|  |  | ||||||
|  | **SMTP Port** – The server port used for connections. For Gmail, the standard port is **587** (TLS encryption). | ||||||
|  |  | ||||||
|  | **SMTP Username** – The username for authenticating with your SMTP server. For Gmail, enter your complete email address. | ||||||
|  |  | ||||||
|  | **SMTP Password** – The password for SMTP authentication. For Gmail, you must use an **App Password** (not your regular email password). | ||||||
|  |  | ||||||
|  | #### Email Sender Configuration | ||||||
|  |  | ||||||
|  | **Sender Name** – This will appear as the sender's name in all outgoing emails. Use a recognizable name like "Palmr" or your organization name. | ||||||
|  |  | ||||||
|  | **Sender Email** – The email address from which notifications will be sent. Use a professional address like "noreply@palmr.app" or "notifications@yourdomain.com". | ||||||
|  |  | ||||||
|  | #### Advanced Configuration Options | ||||||
|  |  | ||||||
|  | **Connection Security** – Choose the appropriate security method for your SMTP server: | ||||||
|  |  | ||||||
|  | - **Auto (Recommended)** – Automatically selects the best security method based on the port | ||||||
|  | - **SSL (Port 465)** – Uses SSL encryption for the entire connection | ||||||
|  | - **STARTTLS (Port 587)** – Uses STARTTLS to upgrade a plain connection to TLS | ||||||
|  | - **None (Insecure)** – Uses plain SMTP without encryption (only for development/testing) | ||||||
|  |  | ||||||
|  | **No Authentication** – Enable this option for internal SMTP servers that don't require username/password authentication. When enabled, the username and password fields will be hidden. | ||||||
|  |  | ||||||
|  | **Trust Self-Signed Certificates** – Enable this option to trust self-signed SSL/TLS certificates. This is particularly useful for development environments or internal SMTP servers with self-signed certificates. | ||||||
|  |  | ||||||
|  | #### Field Behavior and Dependencies | ||||||
|  |  | ||||||
|  | **Conditional Field Display**: The SMTP configuration uses intelligent field display: | ||||||
|  |  | ||||||
|  | - **All SMTP fields** are hidden when SMTP is disabled | ||||||
|  | - **Username and Password fields** are automatically hidden when "No Authentication" is enabled | ||||||
|  | - **Test Connection button** only appears when SMTP is enabled | ||||||
|  |  | ||||||
|  | **Field Validation**: The system provides real-time validation: | ||||||
|  |  | ||||||
|  | - **Required fields** are checked before testing connections | ||||||
|  | - **Authentication fields** are validated unless "No Authentication" is enabled | ||||||
|  | - **Connection testing** validates all settings before saving | ||||||
|  |  | ||||||
|  | #### Testing Configuration | ||||||
|  |  | ||||||
|  | **Test SMTP Connection** – Use this button to test your SMTP configuration before saving. This will verify that all settings are correct and the connection works properly. | ||||||
|  |  | ||||||
|  | **Test Button Features**: | ||||||
|  |  | ||||||
|  | - **Real-time validation** of all required fields | ||||||
|  | - **Informational tooltip** explaining the test process | ||||||
|  | - **Loading state** with spinner during connection test | ||||||
|  | - **Success/Error messages** with detailed feedback | ||||||
|  | - **Uses form values** (not saved settings) for testing | ||||||
|  |  | ||||||
|  | ### Important security note | ||||||
|  |  | ||||||
|  | **Important:** If using **Gmail**, you need to generate an **App Password** instead of using your standard email password. This provides better security and is required for applications like Palmr. | ||||||
|  |  | ||||||
|  | For other email services, consult the official documentation of the service provider you are using. We recommend using Gmail for its simplicity, reliability, and reasonable email sending limits. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Generating a Gmail App Password | ||||||
|  |  | ||||||
|  | Gmail requires App Passwords for third-party applications to ensure account security while maintaining functionality. | ||||||
|  |  | ||||||
|  | ### Step-by-step process | ||||||
|  |  | ||||||
|  | To generate an App Password for Gmail: | ||||||
|  |  | ||||||
|  | 1. **Access Your Account**: Go to [Google My Account](https://myaccount.google.com/) | ||||||
|  | 2. **Navigate to Security**: Select the **Security** section from the menu | ||||||
|  | 3. **Find App Passwords**: Scroll down to locate **App Passwords** (you may need to enable 2-factor authentication first) | ||||||
|  | 4. **Generate Password**: Create a new password specifically for Palmr | ||||||
|  | 5. **Save Securely**: Copy and store the generated password safely | ||||||
|  |  | ||||||
|  | ### Additional resources | ||||||
|  |  | ||||||
|  | For a complete guide with screenshots and detailed instructions, refer to: **[How to set up SMTP credentials with Gmail](https://medium.com/rails-to-rescue/how-to-set-up-smtp-credentials-with-gmail-for-your-app-send-email-cf236d11087d)**. | ||||||
|  |  | ||||||
|  | ### Gmail configuration summary | ||||||
|  |  | ||||||
|  | When using Gmail, your final settings should be: | ||||||
|  |  | ||||||
|  | - **SMTP Server**: `smtp.gmail.com` | ||||||
|  | - **SMTP Port**: `587` | ||||||
|  | - **SMTP Username**: Your Gmail address | ||||||
|  | - **SMTP Password**: Generated App Password (16 characters) | ||||||
|  | - **Connection Security**: Auto (Recommended) or STARTTLS (Port 587) | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Other email provider configurations | ||||||
|  |  | ||||||
|  | While Gmail is recommended for its simplicity, Palmr supports various email providers. Here are common configurations: | ||||||
|  |  | ||||||
|  | ### Outlook/Hotmail | ||||||
|  |  | ||||||
|  | - **SMTP Server**: `smtp-mail.outlook.com` | ||||||
|  | - **SMTP Port**: `587` | ||||||
|  | - **Connection Security**: STARTTLS (Port 587) | ||||||
|  | - **Authentication**: Username and password required | ||||||
|  |  | ||||||
|  | ### Yahoo Mail | ||||||
|  |  | ||||||
|  | - **SMTP Server**: `smtp.mail.yahoo.com` | ||||||
|  | - **SMTP Port**: `587` or `465` | ||||||
|  | - **Connection Security**: STARTTLS (Port 587) or SSL (Port 465) | ||||||
|  | - **Authentication**: App-specific password required | ||||||
|  |  | ||||||
|  | ### Custom SMTP Server | ||||||
|  |  | ||||||
|  | - **SMTP Server**: Your server's hostname or IP address | ||||||
|  | - **SMTP Port**: Usually `25`, `587`, or `465` | ||||||
|  | - **Connection Security**: Choose based on your server's capabilities | ||||||
|  | - **Authentication**: Configure according to your server's requirements | ||||||
|  | - **Trust Self-Signed Certificates**: Enable if using self-signed certificates | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Testing your configuration | ||||||
|  |  | ||||||
|  | After completing the configuration, it's important to verify that everything works correctly. | ||||||
|  |  | ||||||
|  | ### Using the Test Connection feature | ||||||
|  |  | ||||||
|  | Palmr provides a built-in **Test SMTP Connection** button that allows you to verify your configuration before saving: | ||||||
|  |  | ||||||
|  | 1. **Fill in your SMTP settings** – Complete all required fields in the SMTP configuration | ||||||
|  | 2. **Click "Test Connection"** – This will attempt to connect to your SMTP server with the current settings | ||||||
|  | 3. **Review the results** – You'll see a success message if the connection works, or an error message with details if it fails | ||||||
|  | 4. **Save your settings** – Once the test is successful, save your configuration to make it permanent | ||||||
|  |  | ||||||
|  | **Note:** The test connection uses the values currently entered in the form, not the saved settings. Make sure to save your configuration after a successful test. | ||||||
|  |  | ||||||
|  | ### Validation steps | ||||||
|  |  | ||||||
|  | 1. **Save Settings**: Apply your SMTP configuration in the Palmr interface | ||||||
|  | 2. **Test Password Reset**: Try the password reset feature with a test account to ensure emails are sent | ||||||
|  | 3. **Test Notifications**: Create a test share to verify that notification emails are delivered | ||||||
|  | 4. **Check Email Delivery**: Confirm that emails arrive in the recipient's inbox (not spam folder) | ||||||
|  |  | ||||||
|  | ### Troubleshooting common issues | ||||||
|  |  | ||||||
|  | If emails are not being sent: | ||||||
|  |  | ||||||
|  | - **Verify all fields are filled correctly** – Ensure all required fields have valid values | ||||||
|  | - **For Gmail, ensure you're using the App Password** – Not your regular email password | ||||||
|  | - **Check that your email provider allows SMTP connections** – Some providers require specific settings | ||||||
|  | - **Confirm that port 587 is not blocked by your firewall** – Check both local and network firewall settings | ||||||
|  | - **Verify the SMTP server address** – Double-check the hostname for typos | ||||||
|  | - **Test with different security settings** – Try different Connection Security options if one fails | ||||||
|  |  | ||||||
|  | ### Troubleshooting self-signed certificate issues | ||||||
|  |  | ||||||
|  | If you're using an SMTP server with self-signed certificates and encountering connection errors: | ||||||
|  |  | ||||||
|  | 1. **Enable Trust Self-Signed Certificates** – In the SMTP settings, enable the "Trust Self-Signed Certificates" option | ||||||
|  | 2. **Use Appropriate Security Method** – Choose the correct security method for your server: | ||||||
|  |    - For servers requiring TLS: Use "STARTTLS (Port 587)" or "SSL (Port 465)" | ||||||
|  |    - For development servers without encryption: Use "None (Insecure)" | ||||||
|  | 3. **Verify Server Configuration** – Ensure your SMTP server is properly configured to accept connections on the specified port | ||||||
|  | 4. **Test Connection** – Use the "Test Connection" button to verify your configuration before saving | ||||||
|  |  | ||||||
|  | **Note:** The "None (Insecure)" option should only be used in development environments or with trusted internal servers, as it transmits data without encryption. | ||||||
|  |  | ||||||
|  | ### Troubleshooting authentication issues | ||||||
|  |  | ||||||
|  | If you're experiencing authentication problems: | ||||||
|  |  | ||||||
|  | - **Check username and password** – Ensure they are correct and match your email provider's requirements | ||||||
|  | - **For Gmail users** – Make sure you're using an App Password, not your regular password | ||||||
|  | - **Enable "No Authentication" if applicable** – For internal servers that don't require authentication | ||||||
|  | - **Verify account settings** – Some providers require enabling "Less secure app access" or similar settings | ||||||
|  |  | ||||||
|  | ### Common error messages and solutions | ||||||
|  |  | ||||||
|  | The SMTP configuration system provides specific error messages to help you troubleshoot issues: | ||||||
|  |  | ||||||
|  | **"SMTP is not enabled. Please enable SMTP first."** | ||||||
|  |  | ||||||
|  | - **Solution**: Enable the "SMTP Enabled" toggle before testing | ||||||
|  |  | ||||||
|  | **"Please fill in SMTP Host and Port before testing."** | ||||||
|  |  | ||||||
|  | - **Solution**: Ensure both SMTP Server and SMTP Port fields are filled | ||||||
|  |  | ||||||
|  | **"Please fill in SMTP Username and Password, or enable 'No Authentication' option."** | ||||||
|  |  | ||||||
|  | - **Solution**: Either provide authentication credentials or enable "No Authentication" | ||||||
|  |  | ||||||
|  | **"SMTP connection failed: [specific error]"** | ||||||
|  |  | ||||||
|  | - **Solution**: Check the specific error message for details about the connection issue | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Finalizing SMTP configuration | ||||||
|  |  | ||||||
|  | After entering the correct information and testing the functionality, save the settings. | ||||||
|  |  | ||||||
|  | Your Palmr installation is now ready to: | ||||||
|  |  | ||||||
|  | - Send password reset emails to users who need account recovery | ||||||
|  | - Deliver share notifications to recipients automatically | ||||||
|  | - Provide a complete user experience with reliable email communication | ||||||
|  |  | ||||||
|  | With SMTP properly configured, users can take full advantage of Palmr's email-dependent features, ensuring a smooth and professional experience when sharing files and managing their accounts. | ||||||
							
								
								
									
										391
									
								
								apps/docs/content/docs/3.2-beta/download-memory-management.mdx
									
									
									
									
									
										Normal file
									
								
							
							
						
						| @@ -0,0 +1,391 @@ | |||||||
|  | --- | ||||||
|  | title: Memory Management | ||||||
|  | icon: Download | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | import { Callout } from "fumadocs-ui/components/callout"; | ||||||
|  | import { Tab, Tabs } from "fumadocs-ui/components/tabs"; | ||||||
|  |  | ||||||
|  | Palmr implements an intelligent memory management system that prevents crashes during large file downloads (3GB+ by default), maintaining unlimited download capacity through adaptive resource control and an automatic queue system. | ||||||
|  |  | ||||||
|  | ## How It Works | ||||||
|  |  | ||||||
|  | ### Automatic Resource Detection | ||||||
|  |  | ||||||
|  | The system automatically detects available container/system memory and configures appropriate limits based on available infrastructure: | ||||||
|  |  | ||||||
|  | ```typescript | ||||||
|  | const totalMemoryGB = require("os").totalmem() / 1024 ** 3; | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### System Configuration | ||||||
|  |  | ||||||
|  | The system supports two configuration approaches that you can choose based on your needs: | ||||||
|  |  | ||||||
|  | <Tabs items={["Manual Configuration", "Auto-scaling (Default)"]}> | ||||||
|  |   <Tab value="Manual Configuration"> | ||||||
|  |     Manually configure all parameters for total control over the system: | ||||||
|  |  | ||||||
|  |     ```bash | ||||||
|  |     # Custom configuration (overrides auto-scaling) | ||||||
|  |     DOWNLOAD_MAX_CONCURRENT=8              # Maximum simultaneous downloads | ||||||
|  |     DOWNLOAD_MEMORY_THRESHOLD_MB=1536      # Memory threshold in MB | ||||||
|  |     DOWNLOAD_QUEUE_SIZE=40                 # Maximum queue size | ||||||
|  |     DOWNLOAD_AUTO_SCALE=false              # Disable auto-scaling | ||||||
|  |     ``` | ||||||
|  |  | ||||||
|  |     <Callout> | ||||||
|  |       Manual configuration offers total control and predictability for specific environments where you know exactly the available resources. | ||||||
|  |     </Callout> | ||||||
|  |  | ||||||
|  |   </Tab> | ||||||
|  |   <Tab value="Auto-scaling (Default)"> | ||||||
|  |     Automatic configuration based on detected system memory: | ||||||
|  |  | ||||||
|  |     | Available Memory | Concurrent Downloads | Memory Threshold | Queue Size | Recommended Use    | | ||||||
|  |     |------------------|----------------------|-------------------|------------|--------------------| | ||||||
|  |     | ≤ 2GB            | 1                    | 256MB            | 5          | Development        | | ||||||
|  |     | 2GB - 4GB        | 2                    | 512MB            | 10         | Small Environment  | | ||||||
|  |     | 4GB - 8GB        | 3                    | 1GB              | 15         | Standard Production| | ||||||
|  |     | 8GB - 16GB       | 5                    | 2GB              | 25         | High Performance   | | ||||||
|  |     | > 16GB           | 10                   | 4GB              | 50         | Enterprise         | | ||||||
|  |  | ||||||
|  |     <Callout> | ||||||
|  |       Auto-scaling automatically adapts to different environments without manual configuration, perfect for flexible deployment. | ||||||
|  |     </Callout> | ||||||
|  |  | ||||||
|  |   </Tab> | ||||||
|  | </Tabs> | ||||||
|  |  | ||||||
|  | <Callout type="info">If environment variables are configured, they take **priority** over auto-scaling.</Callout> | ||||||
|  |  | ||||||
|  | ## Download Queue System | ||||||
|  |  | ||||||
|  | ### How It Works | ||||||
|  |  | ||||||
|  | The memory management system only activates for files larger than the configured minimum size (3GB by default). Smaller files bypass the queue system entirely and download immediately without memory management. | ||||||
|  |  | ||||||
|  | When a user requests a download for a large file but all slots are occupied, the system automatically queues the download instead of returning a 429 error. The queue processes downloads in FIFO order (first in, first out). | ||||||
|  |  | ||||||
|  | ### Practical Example | ||||||
|  |  | ||||||
|  | Consider a system with 8GB RAM (5 concurrent downloads, queue of 25, 3GB minimum) where users want to download files of various sizes: | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | # Small files (< 3GB): Bypass queue entirely | ||||||
|  | [DOWNLOAD MANAGER] File document.pdf (0.05GB) below threshold (3.0GB), bypassing queue | ||||||
|  |  | ||||||
|  | # Large files 1-5: Start immediately | ||||||
|  | [DOWNLOAD MANAGER] Immediate start: 1734567890-abc123def | ||||||
|  | [DOWNLOAD MANAGER] Starting video1.mp4 (5.2GB) | ||||||
|  |  | ||||||
|  | # Large files 6-10: Automatically queued | ||||||
|  | [DOWNLOAD MANAGER] Queued: 1734567891-def456ghi (Position: 1/25) | ||||||
|  | [DOWNLOAD MANAGER] Queued file: video2.mp4 (8.1GB) | ||||||
|  |  | ||||||
|  | # When download 1 finishes: download 6 starts automatically | ||||||
|  | [DOWNLOAD MANAGER] Processing queue: 1734567891-def456ghi (4 remaining) | ||||||
|  | [DOWNLOAD MANAGER] Starting queued file: video2.mp4 (8.1GB) | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### System Benefits | ||||||
|  |  | ||||||
|  | **User Experience** | ||||||
|  |  | ||||||
|  | - Users don't receive errors, they simply wait in queue | ||||||
|  | - Downloads start automatically when slots become available | ||||||
|  | - Transparent operation without client changes | ||||||
|  | - Fair processing order with FIFO queue | ||||||
|  |  | ||||||
|  | **Technical Features** | ||||||
|  |  | ||||||
|  | - Limited buffers (64KB per stream) for controlled memory usage | ||||||
|  | - Automatic backpressure control with pipeline streams | ||||||
|  | - Adaptive memory throttling based on usage patterns | ||||||
|  | - Forced garbage collection after large downloads | ||||||
|  | - Smart timeout handling (30 minutes for queued downloads) | ||||||
|  | - Automatic cleanup of orphaned downloads every 30 seconds | ||||||
|  |  | ||||||
|  | ## Container Compatibility | ||||||
|  |  | ||||||
|  | The system works with Docker, Kubernetes, and any containerized environment: | ||||||
|  |  | ||||||
|  | <Tabs items={["Docker", "Kubernetes", "Docker Compose"]}> | ||||||
|  |   <Tab value="Docker"> | ||||||
|  |  | ||||||
|  |     ```bash | ||||||
|  |     # Example: Container with 8GB | ||||||
|  |     docker run -m 8g palmr/server | ||||||
|  |     # Result: 5 concurrent downloads, queue of 25, threshold 2GB | ||||||
|  |     ``` | ||||||
|  |  | ||||||
|  |   </Tab> | ||||||
|  |   <Tab value="Kubernetes"> | ||||||
|  |  | ||||||
|  |     ```yaml | ||||||
|  |     apiVersion: apps/v1 | ||||||
|  |     kind: Deployment | ||||||
|  |     spec: | ||||||
|  |       template: | ||||||
|  |         spec: | ||||||
|  |           containers: | ||||||
|  |           - name: palmr-server | ||||||
|  |             resources: | ||||||
|  |               limits: | ||||||
|  |                 memory: "4Gi"     # Detects 4GB | ||||||
|  |                 cpu: "2" | ||||||
|  |               requests: | ||||||
|  |                 memory: "2Gi" | ||||||
|  |                 cpu: "1" | ||||||
|  |     # Result: 3 concurrent downloads, queue of 15, threshold 1GB | ||||||
|  |     ``` | ||||||
|  |  | ||||||
|  |   </Tab> | ||||||
|  |   <Tab value="Docker Compose"> | ||||||
|  |  | ||||||
|  |     ```yaml | ||||||
|  |     services: | ||||||
|  |       palmr-server: | ||||||
|  |         image: palmr/server | ||||||
|  |         deploy: | ||||||
|  |           resources: | ||||||
|  |             limits: | ||||||
|  |               memory: 16G       # Detects 16GB | ||||||
|  |     # Result: 10 concurrent downloads, queue of 50, threshold 4GB | ||||||
|  |     ``` | ||||||
|  |  | ||||||
|  |   </Tab> | ||||||
|  | </Tabs> | ||||||
|  |  | ||||||
|  | ## Configuration | ||||||
|  |  | ||||||
|  | ### Environment Variables | ||||||
|  |  | ||||||
|  | Configure the download memory management system using these environment variables: | ||||||
|  |  | ||||||
|  | | Variable                       | Default    | Description                                           | | ||||||
|  | | ------------------------------ | ---------- | ----------------------------------------------------- | | ||||||
|  | | `DOWNLOAD_MAX_CONCURRENT`      | auto-scale | Maximum number of simultaneous downloads              | | ||||||
|  | | `DOWNLOAD_MEMORY_THRESHOLD_MB` | auto-scale | Memory limit in MB before throttling                  | | ||||||
|  | | `DOWNLOAD_QUEUE_SIZE`          | auto-scale | Maximum download queue size                           | | ||||||
|  | | `DOWNLOAD_AUTO_SCALE`          | `true`     | Enable/disable auto-scaling based on system memory    | | ||||||
|  | | `DOWNLOAD_MIN_FILE_SIZE_GB`    | `3.0`      | Minimum file size in GB to activate memory management | | ||||||
|  |  | ||||||
|  | ### Configuration Examples by Scenario | ||||||
|  |  | ||||||
|  | <Tabs items={["Home Server", "Enterprise", "High Performance", "Conservative"]}> | ||||||
|  |   <Tab value="Home Server"> | ||||||
|  |     Configuration optimized for personal use or small groups (4GB RAM): | ||||||
|  |  | ||||||
|  |     ```bash | ||||||
|  |     DOWNLOAD_MAX_CONCURRENT=2 | ||||||
|  |     DOWNLOAD_MEMORY_THRESHOLD_MB=1024 | ||||||
|  |     DOWNLOAD_QUEUE_SIZE=8 | ||||||
|  |     DOWNLOAD_MIN_FILE_SIZE_GB=2.0 | ||||||
|  |     DOWNLOAD_AUTO_SCALE=false | ||||||
|  |     ``` | ||||||
|  |  | ||||||
|  |   </Tab> | ||||||
|  |   <Tab value="Enterprise"> | ||||||
|  |     Configuration for corporate environments with multiple users (16GB RAM): | ||||||
|  |  | ||||||
|  |     ```bash | ||||||
|  |     DOWNLOAD_MAX_CONCURRENT=12 | ||||||
|  |     DOWNLOAD_MEMORY_THRESHOLD_MB=4096 | ||||||
|  |     DOWNLOAD_QUEUE_SIZE=60 | ||||||
|  |     DOWNLOAD_MIN_FILE_SIZE_GB=5.0 | ||||||
|  |     DOWNLOAD_AUTO_SCALE=false | ||||||
|  |     ``` | ||||||
|  |  | ||||||
|  |   </Tab> | ||||||
|  |   <Tab value="High Performance"> | ||||||
|  |     Configuration for maximum performance and throughput (32GB RAM): | ||||||
|  |  | ||||||
|  |     ```bash | ||||||
|  |     DOWNLOAD_MAX_CONCURRENT=20 | ||||||
|  |     DOWNLOAD_MEMORY_THRESHOLD_MB=8192 | ||||||
|  |     DOWNLOAD_QUEUE_SIZE=100 | ||||||
|  |     DOWNLOAD_MIN_FILE_SIZE_GB=10.0 | ||||||
|  |     DOWNLOAD_AUTO_SCALE=false | ||||||
|  |     ``` | ||||||
|  |  | ||||||
|  |   </Tab> | ||||||
|  |   <Tab value="Conservative"> | ||||||
|  |     For environments with limited or shared resources: | ||||||
|  |  | ||||||
|  |     ```bash | ||||||
|  |     DOWNLOAD_MAX_CONCURRENT=3 | ||||||
|  |     DOWNLOAD_MEMORY_THRESHOLD_MB=1024 | ||||||
|  |     DOWNLOAD_QUEUE_SIZE=15 | ||||||
|  |     DOWNLOAD_MIN_FILE_SIZE_GB=1.0 | ||||||
|  |     DOWNLOAD_AUTO_SCALE=false | ||||||
|  |     ``` | ||||||
|  |  | ||||||
|  |   </Tab> | ||||||
|  | </Tabs> | ||||||
|  |  | ||||||
|  | ### Additional Configuration | ||||||
|  |  | ||||||
|  | For optimal performance with large downloads, consider these additional settings: | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | # Force garbage collection (recommended for large downloads) | ||||||
|  | NODE_OPTIONS="--expose-gc" | ||||||
|  |  | ||||||
|  | # Adjust timeout for very large downloads | ||||||
|  | KEEP_ALIVE_TIMEOUT=300000 | ||||||
|  | REQUEST_TIMEOUT=0 | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ## Monitoring and Logs | ||||||
|  |  | ||||||
|  | ### System Logs | ||||||
|  |  | ||||||
|  | The system provides detailed logs to track operation: | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | [DOWNLOAD MANAGER] System Memory: 8.0GB, Max Concurrent: 5, Memory Threshold: 2048MB, Queue Size: 25 | ||||||
|  | [DOWNLOAD] Requesting slot for 1734567890-abc123def: video.mp4 (15.2GB) | ||||||
|  | [DOWNLOAD MANAGER] Queued: 1734567890-abc123def (Position: 3/25) | ||||||
|  | [DOWNLOAD MANAGER] Processing queue: 1734567890-abc123def (2 remaining) | ||||||
|  | [DOWNLOAD] Starting 1734567890-abc123def: video.mp4 (15.2GB) | ||||||
|  | [MEMORY THROTTLE] video.mp4 - Pausing stream due to high memory usage: 1843MB | ||||||
|  | [DOWNLOAD] Applying throttling: 100ms delay for 1734567890-abc123def | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### Configuration Validation | ||||||
|  |  | ||||||
|  | The system automatically validates configurations at startup and provides warnings or errors: | ||||||
|  |  | ||||||
|  | **Warnings** | ||||||
|  |  | ||||||
|  | - `DOWNLOAD_MAX_CONCURRENT > 50`: May cause performance issues | ||||||
|  | - `DOWNLOAD_MEMORY_THRESHOLD_MB < 128MB`: Downloads may be throttled frequently | ||||||
|  | - `DOWNLOAD_MEMORY_THRESHOLD_MB > 16GB`: System may run out of memory | ||||||
|  | - `DOWNLOAD_QUEUE_SIZE > 1000`: May consume significant memory | ||||||
|  | - `DOWNLOAD_QUEUE_SIZE < DOWNLOAD_MAX_CONCURRENT`: Queue smaller than concurrent downloads | ||||||
|  |  | ||||||
|  | **Errors** | ||||||
|  |  | ||||||
|  | - `DOWNLOAD_MAX_CONCURRENT < 1`: Invalid value | ||||||
|  | - `DOWNLOAD_QUEUE_SIZE < 1`: Invalid value | ||||||
|  |  | ||||||
|  | ## Queue Management APIs | ||||||
|  |  | ||||||
|  | The system provides REST APIs to monitor and manage the download queue: | ||||||
|  |  | ||||||
|  | ### Get Queue Status | ||||||
|  |  | ||||||
|  | ```http | ||||||
|  | GET /api/filesystem/download-queue/status | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | **Response:** | ||||||
|  |  | ||||||
|  | ```json | ||||||
|  | { | ||||||
|  |   "data": { | ||||||
|  |     "queueLength": 3, | ||||||
|  |     "maxQueueSize": 25, | ||||||
|  |     "activeDownloads": 5, | ||||||
|  |     "maxConcurrent": 5, | ||||||
|  |     "queuedDownloads": [ | ||||||
|  |       { | ||||||
|  |         "downloadId": "1734567890-abc123def", | ||||||
|  |         "position": 1, | ||||||
|  |         "waitTime": 45000, | ||||||
|  |         "fileName": "video.mp4", | ||||||
|  |         "fileSize": 16106127360 | ||||||
|  |       } | ||||||
|  |     ] | ||||||
|  |   }, | ||||||
|  |   "status": "success" | ||||||
|  | } | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### Cancel Download | ||||||
|  |  | ||||||
|  | ```http | ||||||
|  | DELETE /api/filesystem/download-queue/{downloadId} | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | **Response:** | ||||||
|  |  | ||||||
|  | ```json | ||||||
|  | { | ||||||
|  |   "downloadId": "1734567890-abc123def", | ||||||
|  |   "message": "Download cancelled successfully" | ||||||
|  | } | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### Clear Queue (Admin) | ||||||
|  |  | ||||||
|  | ```http | ||||||
|  | DELETE /api/filesystem/download-queue | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | **Response:** | ||||||
|  |  | ||||||
|  | ```json | ||||||
|  | { | ||||||
|  |   "clearedCount": 8, | ||||||
|  |   "message": "Download queue cleared successfully" | ||||||
|  | } | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ## Troubleshooting | ||||||
|  |  | ||||||
|  | ### Common Issues | ||||||
|  |  | ||||||
|  | **Downloads failing with "Download queue is full"** | ||||||
|  |  | ||||||
|  | _Cause:_ Too many simultaneous downloads with a full queue | ||||||
|  |  | ||||||
|  | _Solutions:_ | ||||||
|  |  | ||||||
|  | - Wait for some downloads to finish | ||||||
|  | - Check for orphaned downloads in queue | ||||||
|  | - Consider increasing container resources | ||||||
|  | - Use API to clear queue if necessary | ||||||
|  |  | ||||||
|  | **Downloads stay too long in queue** | ||||||
|  |  | ||||||
|  | _Cause:_ Active downloads are slow or stuck | ||||||
|  |  | ||||||
|  | _Solutions:_ | ||||||
|  |  | ||||||
|  | - Check logs for orphaned downloads | ||||||
|  | - Use API to cancel specific downloads | ||||||
|  | - Check client network connections | ||||||
|  | - Monitor memory throttling | ||||||
|  |  | ||||||
|  | **Very slow downloads** | ||||||
|  |  | ||||||
|  | _Cause:_ Active throttling due to high memory usage | ||||||
|  |  | ||||||
|  | _Solutions:_ | ||||||
|  |  | ||||||
|  | - Check other processes consuming memory | ||||||
|  | - Consider increasing container resources | ||||||
|  | - Monitor throttling logs | ||||||
|  | - Check number of simultaneous downloads | ||||||
|  |  | ||||||
|  | ## Summary | ||||||
|  |  | ||||||
|  | This system enables unlimited downloads (including 50TB+ files) without compromising system stability through: | ||||||
|  |  | ||||||
|  | **Key Features** | ||||||
|  |  | ||||||
|  | - Auto-configuration based on available resources | ||||||
|  | - Automatic FIFO queue system for pending downloads | ||||||
|  | - Adaptive control of simultaneous downloads | ||||||
|  | - Intelligent throttling when needed | ||||||
|  |  | ||||||
|  | **System Benefits** | ||||||
|  |  | ||||||
|  | - Management APIs to monitor and control queue | ||||||
|  | - Automatic cleanup of resources and orphaned downloads | ||||||
|  | - Full compatibility with Docker/Kubernetes | ||||||
|  | - Perfect user experience with no 429 errors | ||||||
|  |  | ||||||
|  | The system maintains high performance for small/medium files while preventing crashes with gigantic files, offering a seamless experience where users never see 429 errors, they simply wait in queue until their download starts automatically. | ||||||
| @@ -3,7 +3,7 @@ title: GitHub Architecture | |||||||
| icon: Github | icon: Github | ||||||
| --- | --- | ||||||
| 
 | 
 | ||||||
| import { File, Folder, Files } from "fumadocs-ui/components/files"; | import { File, Files, Folder } from "fumadocs-ui/components/files"; | ||||||
| 
 | 
 | ||||||
| This guide provides a comprehensive overview of Palmr.'s GitHub repository structure, explaining how the different components are organized in the codebase. Understanding this architecture will help you navigate the repository, contribute effectively, and understand how the project is structured. | This guide provides a comprehensive overview of Palmr.'s GitHub repository structure, explaining how the different components are organized in the codebase. Understanding this architecture will help you navigate the repository, contribute effectively, and understand how the project is structured. | ||||||
| 
 | 
 | ||||||
| @@ -49,6 +49,7 @@ The frontend is organized with: | |||||||
| - **Custom hooks** to isolate logic and side effects | - **Custom hooks** to isolate logic and side effects | ||||||
| - A **route protection system** using session cookies and middleware | - A **route protection system** using session cookies and middleware | ||||||
| - A **file management interface** integrated with the backend | - A **file management interface** integrated with the backend | ||||||
|  | - **Folder support** for organizing files hierarchically | ||||||
| - A **reusable modal system** used for file actions, confirmations, and more | - A **reusable modal system** used for file actions, confirmations, and more | ||||||
| - **Dynamic, locale-aware routing** using next-intl | - **Dynamic, locale-aware routing** using next-intl | ||||||
| 
 | 
 | ||||||
| @@ -68,7 +69,7 @@ Data is stored in **SQLite**, which handles user info, file metadata, session to | |||||||
| Key features include: | Key features include: | ||||||
| 
 | 
 | ||||||
| - **Authentication/authorization** with JWT + cookie sessions | - **Authentication/authorization** with JWT + cookie sessions | ||||||
| - **File management logic** including uploads, deletes, and renames | - **File management logic** including uploads, deletes, renames, and folders | ||||||
| - **Storage operations** to handle file organization, usage tracking, and cleanup | - **Storage operations** to handle file organization, usage tracking, and cleanup | ||||||
| - A **share system** that generates tokenized public file links | - A **share system** that generates tokenized public file links | ||||||
| - Schema-based request validation for all endpoints | - Schema-based request validation for all endpoints | ||||||
| @@ -106,9 +107,10 @@ Volumes are used to persist data locally, and containers are networked together | |||||||
| 
 | 
 | ||||||
| ### File management | ### File management | ||||||
| 
 | 
 | ||||||
| Files are at the heart of Palmr. Users can upload files via the frontend, and they're stored directly in the filesystem. The backend handles metadata (name, size, type, ownership), and also handles deletion, renaming, and public sharing. Every file operation is tracked, and all actions can be scoped per user. | Files are at the heart of Palmr. Users can upload files via the frontend, and they're stored directly in the filesystem. Users can also create folders to organize files. The backend handles metadata (name, size, type, ownership), and also handles deletion, renaming, and public sharing. Every file operation is tracked, and all actions can be scoped per user. | ||||||
| 
 | 
 | ||||||
| - Upload/download with instant feedback | - Upload/download with instant feedback | ||||||
|  | - Create and organize files in folders | ||||||
| - File previews, type validation, and size limits | - File previews, type validation, and size limits | ||||||
| - Token-based sharing system | - Token-based sharing system | ||||||
| - Disk usage tracking by user | - Disk usage tracking by user | ||||||
| @@ -3,7 +3,7 @@ title: Welcome to Palmr. | |||||||
| icon: TreePalm | icon: TreePalm | ||||||
| --- | --- | ||||||
| 
 | 
 | ||||||
| import { Ban, Star, Shield, Palette, Users, Zap } from "lucide-react"; | import { Ban, Palette, Shield, Star, Users, Zap } from "lucide-react"; | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
| 
 | 
 | ||||||
| @@ -5,7 +5,7 @@ icon: Cog | |||||||
| 
 | 
 | ||||||
| Hey there! Looking to run **Palmr.** your way, with complete control over every piece of the stack? This manual installation guide is for you. No Docker, no pre-built containers just the raw source code to tweak, customize, and deploy as you see fit. | Hey there! Looking to run **Palmr.** your way, with complete control over every piece of the stack? This manual installation guide is for you. No Docker, no pre-built containers just the raw source code to tweak, customize, and deploy as you see fit. | ||||||
| 
 | 
 | ||||||
| > **Prefer a quicker setup?** If this hands-on approach feels like overkill, check out our [**Quick Start (Docker)**](/docs/3.0-beta/quick-start) guide for a fast, containerized deployment. This manual path is tailored for developers who want to dive deep, modify the codebase, or integrate custom services. | > **Prefer a quicker setup?** If this hands-on approach feels like overkill, check out our [**Quick Start (Docker)**](/docs/3.2-beta/quick-start) guide for a fast, containerized deployment. This manual path is tailored for developers who want to dive deep, modify the codebase, or integrate custom services. | ||||||
| 
 | 
 | ||||||
| Here's what you'll do at a glance: | Here's what you'll do at a glance: | ||||||
| 
 | 
 | ||||||
| @@ -23,8 +23,7 @@ We've broken down each step below feel free to jump to the section you're workin | |||||||
| 
 | 
 | ||||||
| Let's make sure your environment is ready to roll. Check that you've got these tools installed and set up on your system: | Let's make sure your environment is ready to roll. Check that you've got these tools installed and set up on your system: | ||||||
| 
 | 
 | ||||||
| - <span style={{ color: "#16a34a" }}>Node.js</span> *(Powers our JavaScript/TypeScript | - <span style={{ color: "#16a34a" }}>Node.js</span> *(Powers our JavaScript/TypeScript apps)* | ||||||
|   apps)* |  | ||||||
| - <span style={{ color: "#16a34a" }}>pnpm</span> *(Our go-to package manager)* | - <span style={{ color: "#16a34a" }}>pnpm</span> *(Our go-to package manager)* | ||||||
| - <span style={{ color: "#16a34a" }}>Git</span> *(For cloning and managing the repo)* | - <span style={{ color: "#16a34a" }}>Git</span> *(For cloning and managing the repo)* | ||||||
| 
 | 
 | ||||||
| @@ -166,6 +165,27 @@ cp .env.example .env | |||||||
| 
 | 
 | ||||||
| This creates a `.env` file with the necessary configurations for the frontend. | This creates a `.env` file with the necessary configurations for the frontend. | ||||||
| 
 | 
 | ||||||
|  | ##### Upload Configuration | ||||||
|  | 
 | ||||||
|  | Palmr. supports configurable chunked uploading for large files. You can customize the chunk size by setting the following environment variable in your `.env` file: | ||||||
|  | 
 | ||||||
|  | ```bash | ||||||
|  | NEXT_PUBLIC_UPLOAD_CHUNK_SIZE_MB=100 | ||||||
|  | ``` | ||||||
|  | 
 | ||||||
|  | **How it works:** | ||||||
|  | 
 | ||||||
|  | - If `NEXT_PUBLIC_UPLOAD_CHUNK_SIZE_MB` is set, Palmr. will use this value (in megabytes) as the chunk size for all file uploads that exceed this threshold. | ||||||
|  | - If not set or left empty, Palmr. automatically calculates optimal chunk sizes based on file size: | ||||||
|  |   - Files ≤ 100MB: uploaded without chunking | ||||||
|  |   - Files > 100MB and ≤ 1GB: 75MB chunks | ||||||
|  |   - Files > 1GB: 150MB chunks | ||||||
|  | 
 | ||||||
|  | **When to configure:** | ||||||
|  | 
 | ||||||
|  | - **Default (not set):** Recommended for most use cases. Palmr. will intelligently determine the best chunk size. | ||||||
|  | - **Custom value:** Set this if you have specific network conditions or want to optimize for your infrastructure (e.g., slower connections may benefit from smaller chunks like 50MB, while fast networks can handle larger chunks like 200MB, or the upload size per payload may be limited by a proxy like Cloudflare) | ||||||
|  | 
 | ||||||
| #### Install dependencies | #### Install dependencies | ||||||
| 
 | 
 | ||||||
| Install all the frontend dependencies: | Install all the frontend dependencies: | ||||||
| @@ -202,6 +222,17 @@ You should see the full Palmr. application ready to go! | |||||||
| 
 | 
 | ||||||
| This guide sets up Palmr. using the local file system for storage. Want to use an S3-compatible object storage instead? You can configure that in the `.env` file. Check the Palmr. documentation for details on setting up S3 storage just update the environment variables, then build and run as shown here. | This guide sets up Palmr. using the local file system for storage. Want to use an S3-compatible object storage instead? You can configure that in the `.env` file. Check the Palmr. documentation for details on setting up S3 storage just update the environment variables, then build and run as shown here. | ||||||
| 
 | 
 | ||||||
|  | ### Custom Installation Paths and Symlinks | ||||||
|  | 
 | ||||||
|  | If you're using a custom installation setup with symlinks (for example, `/opt/palmr_data/uploads -> /mnt/data/uploads`), you might encounter issues with disk space detection. Palmr. includes a `CUSTOM_PATH` environment variable to handle these scenarios: | ||||||
|  | 
 | ||||||
|  | ```bash | ||||||
|  | # In your .env file (apps/server/.env) | ||||||
|  | CUSTOM_PATH=/opt/palmr_data | ||||||
|  | ``` | ||||||
|  | 
 | ||||||
|  | This tells Palmr. to check your custom path first when determining available disk space, ensuring proper detection even when using symlinks or non-standard directory structures. | ||||||
|  | 
 | ||||||
| --- | --- | ||||||
| 
 | 
 | ||||||
| ## Command cheat sheet | ## Command cheat sheet | ||||||
| @@ -233,10 +264,10 @@ pnpm serve | |||||||
| 
 | 
 | ||||||
| Palmr. is now up and running locally . Here are some suggested next steps: | Palmr. is now up and running locally . Here are some suggested next steps: | ||||||
| 
 | 
 | ||||||
| - **Manage Users**: Dive into the [Users Management](/docs/3.0-beta/manage-users) guide. | - **Manage Users**: Dive into the [Users Management](/docs/3.2-beta/manage-users) guide. | ||||||
| - **Switch to Object Storage**: Update `.env` variables to use an S3-compatible bucket (see Quick Notes above). | - **Switch to Object Storage**: Update `.env` variables to use an S3-compatible bucket (see Quick Notes above). | ||||||
| - **Secure Your Instance**: Put Palmr. behind a reverse proxy like **Nginx** or **Caddy** and enable HTTPS. | - **Secure Your Instance**: Put Palmr. behind a reverse proxy like **Nginx** or **Caddy** and enable HTTPS. | ||||||
| - **Learn the Internals**: Explore how everything connects in the [Architecture](/docs/3.0-beta/architecture) overview. | - **Learn the Internals**: Explore how everything connects in the [Architecture](/docs/3.2-beta/architecture) overview. | ||||||
| 
 | 
 | ||||||
| Jump into whichever area fits your needs our docs are designed for exploration in any order. | Jump into whichever area fits your needs our docs are designed for exploration in any order. | ||||||
| 
 | 
 | ||||||
| @@ -1,7 +1,5 @@ | |||||||
| { | { | ||||||
|   "title": "v3.0-beta", |  | ||||||
|   "description": "Latest version", |   "description": "Latest version", | ||||||
|   "root": true, |  | ||||||
|   "icon": "Sparkles", |   "icon": "Sparkles", | ||||||
|   "pages": [ |   "pages": [ | ||||||
|     "---Introduction---", |     "---Introduction---", | ||||||
| @@ -16,16 +14,22 @@ | |||||||
|     "available-languages", |     "available-languages", | ||||||
|     "uid-gid-configuration", |     "uid-gid-configuration", | ||||||
|     "reverse-proxy-configuration", |     "reverse-proxy-configuration", | ||||||
|  |     "download-memory-management", | ||||||
|     "password-reset-without-smtp", |     "password-reset-without-smtp", | ||||||
|  |     "cleanup-orphan-files", | ||||||
|     "oidc-authentication", |     "oidc-authentication", | ||||||
|  |     "troubleshooting", | ||||||
|     "---Developers---", |     "---Developers---", | ||||||
|     "architecture", |     "architecture", | ||||||
|     "github-architecture", |     "github-architecture", | ||||||
|     "api", |     "api", | ||||||
|  |     "translation-management", | ||||||
|     "contribute", |     "contribute", | ||||||
|     "open-an-issue", |     "open-an-issue", | ||||||
|     "---Sponsor this project---", |     "---Sponsor this project---", | ||||||
|     "gh-star", |     "gh-star", | ||||||
|     "gh-sponsor" |     "gh-sponsor" | ||||||
|   ] |   ], | ||||||
|  |   "root": true, | ||||||
|  |   "title": "v3.2-beta" | ||||||
| } | } | ||||||
							
								
								
									
										370
									
								
								apps/docs/content/docs/3.2-beta/oidc-authentication/auth0.mdx
									
									
									
									
									
										Normal file
									
								
							
							
						
						| @@ -0,0 +1,370 @@ | |||||||
|  | --- | ||||||
|  | title: Auth0 | ||||||
|  | icon: Lock | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | import { ZoomableImage } from "@/components/ui/zoomable-image"; | ||||||
|  |  | ||||||
|  | Auth0 is one of Palmr's officially supported OIDC providers, offering enterprise-grade authentication through Auth0's identity platform. This integration allows users to sign in to Palmr using Auth0's comprehensive authentication system, making it perfect for enterprise organizations, applications requiring advanced security features, and teams that need centralized identity management. | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/auth0/sign-in-with-auth0.png" alt="Sign in with Auth0" /> | ||||||
|  |  | ||||||
|  | ## Why use Auth0 authentication? | ||||||
|  |  | ||||||
|  | Auth0 authentication provides several advantages for enterprise and security-focused organizations: | ||||||
|  |  | ||||||
|  | - **Enterprise-grade security** - Advanced security features like MFA, adaptive authentication, and threat detection | ||||||
|  | - **Centralized identity management** - Single platform to manage users across multiple applications | ||||||
|  | - **Flexible authentication options** - Support for social logins, enterprise SSO, and custom databases | ||||||
|  | - **Compliance ready** - Built-in compliance with SOC 2, GDPR, HIPAA, and other standards | ||||||
|  | - **Advanced customization** - Rules, hooks, and custom branding capabilities | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Prerequisites | ||||||
|  |  | ||||||
|  | Before configuring Auth0 authentication, ensure you have: | ||||||
|  |  | ||||||
|  | - **Auth0 account** - Ability to create applications and manage tenants | ||||||
|  | - **Admin privileges in Palmr** - Required to configure OIDC settings | ||||||
|  | - **Domain configuration** - For production deployments with custom domains | ||||||
|  |  | ||||||
|  | > **Note:** Auth0 is pre-configured as an official provider in Palmr, which means the technical configuration is handled automatically. You only need to provide your OAuth credentials. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Setting up Auth0 Application | ||||||
|  |  | ||||||
|  | ### Creating an Auth0 application | ||||||
|  |  | ||||||
|  | To get started with Auth0 authentication, you'll need to create an application in your Auth0 Dashboard. | ||||||
|  |  | ||||||
|  | 1. **Navigate to Auth0 Dashboard**: Go to [manage.auth0.com](https://manage.auth0.com) | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/auth0/auth0-dashboard.png" alt="Auth0 Dashboard" /> | ||||||
|  |  | ||||||
|  | 2. **Create new application**: Click **"Applications"** in the left sidebar, then click **"+ Create Application"** | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/auth0/create-application.png" alt="Auth0 Create Application" /> | ||||||
|  |  | ||||||
|  | 3. **Select application type**: Choose **"Single Page Application"** for web-based Palmr instances | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/auth0/application-type.png" | ||||||
|  |   alt="Auth0 Application Type Selection" | ||||||
|  |   legend="This is a fake application, you have to use your own." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | 4. **Enter application details**: | ||||||
|  |    - **Name**: Enter a descriptive name like "Palmr File Sharing" | ||||||
|  |  | ||||||
|  | 5. **Create application**: Click **"Create"** to generate your Auth0 application | ||||||
|  |  | ||||||
|  | ### Configuring application settings | ||||||
|  |  | ||||||
|  | After creating your application, you'll need to configure the settings that Palmr will use. Navigate to the application page and click on the **"Settings"** tab. | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/auth0/application-settings.png" | ||||||
|  |   alt="Auth0 Application Settings" | ||||||
|  |   legend="This is a fake application, you have to use your own." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | 1. **Configure application URLs**: | ||||||
|  |  | ||||||
|  | You'll need to configure several URLs in your Auth0 application settings. Here's what to add for each environment: | ||||||
|  |  | ||||||
|  | ### Application Login URIs | ||||||
|  |  | ||||||
|  | | Environment | URL                                 | | ||||||
|  | | ----------- | ----------------------------------- | | ||||||
|  | | Production  | `https://yourdomain.com/login`      | | ||||||
|  | | Development | Don't add anything here             | | ||||||
|  | | Custom Port | `https://yourdomain.com:5487/login` | | ||||||
|  |  | ||||||
|  | ### Allowed Logout URLs | ||||||
|  |  | ||||||
|  | | Environment | URL                           | | ||||||
|  | | ----------- | ----------------------------- | | ||||||
|  | | Production  | `https://yourdomain.com`      | | ||||||
|  | | Development | `http://localhost:3000`       | | ||||||
|  | | Custom Port | `https://yourdomain.com:5487` | | ||||||
|  |  | ||||||
|  | ### Allowed Web Origins | ||||||
|  |  | ||||||
|  | | Environment | URL                           | | ||||||
|  | | ----------- | ----------------------------- | | ||||||
|  | | Production  | `https://yourdomain.com`      | | ||||||
|  | | Development | `http://localhost:3000`       | | ||||||
|  | | Custom Port | `https://yourdomain.com:5487` | | ||||||
|  |  | ||||||
|  | ### Allowed Callback URLs | ||||||
|  |  | ||||||
|  | | Environment | URL                                                             | | ||||||
|  | | ----------- | --------------------------------------------------------------- | | ||||||
|  | | Production  | `https://yourdomain.com/api/auth/providers/auth0/callback`      | | ||||||
|  | | Development | `http://localhost:3000/api/auth/providers/auth0/callback`       | | ||||||
|  | | Custom Port | `https://yourdomain.com:5487/api/auth/providers/auth0/callback` | | ||||||
|  |  | ||||||
|  | > **Note:** Replace `yourdomain.com` with your actual domain name in all production and custom port URLs. | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/auth0/config-urls.png" | ||||||
|  |   alt="Auth0 Application URLs Configuration" | ||||||
|  |   legend="This is a fake application, you have to use your own." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | 2. **Save changes**: Click **"Save"** to apply your configuration | ||||||
|  |  | ||||||
|  | ### Getting OAuth credentials | ||||||
|  |  | ||||||
|  | Now you'll get the credentials that Palmr will use to authenticate with Auth0. | ||||||
|  |  | ||||||
|  | 1. **Copy Domain**: Note your Auth0 domain (e.g., `your-tenant.auth0.com`) add `https://` at the beginning | ||||||
|  |  | ||||||
|  | 2. **Copy Client ID**: The Client ID is displayed in the **"Client ID"** field | ||||||
|  |  | ||||||
|  | 3. **Generate Client Secret**: Click **"Show"** next to Client Secret to reveal it | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/auth0/oauth-credentials.png" | ||||||
|  |   alt="Auth0 OAuth Credentials" | ||||||
|  |   legend="The client ID and client secret shown in the image are examples only (fake credentials). You must use your own credentials from Auth0." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | 4. **Save credentials**: Copy the **Domain**, **Client ID**, and **Client Secret** for later use | ||||||
|  |  | ||||||
|  | > **Important:** Replace `yourdomain.com` with your actual domain. You can add multiple callback URLs for different environments (development, staging, production). | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Configuring Palmr | ||||||
|  |  | ||||||
|  | ### Accessing OIDC settings | ||||||
|  |  | ||||||
|  | To configure Auth0 authentication in Palmr, you need administrator access to the settings panel. | ||||||
|  |  | ||||||
|  | 1. **Login as administrator**: Sign in to Palmr with an admin account | ||||||
|  |  | ||||||
|  | 2. **Access settings**: Click your profile picture in the header and select **Settings** | ||||||
|  |  | ||||||
|  | 3. **Navigate to authentication**: Find and click on the **Authentication Providers** configuration section | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/auth-providers.png" alt="Palmr Authentication Providers" /> | ||||||
|  |  | ||||||
|  | ### Enabling Auth0 provider | ||||||
|  |  | ||||||
|  | Auth0 comes pre-configured as an official provider, so the setup process is streamlined. | ||||||
|  |  | ||||||
|  | 1. **Locate Auth0 provider**: Find Auth0 in the list of available providers | ||||||
|  |  | ||||||
|  | 2. **Enable the provider**: Toggle the status to **Enabled** | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/auth0/enabled-auth0.png" alt="Palmr Auth0 Provider Enabled" /> | ||||||
|  |  | ||||||
|  | After enabling the provider, click on the pen icon to configure the provider. | ||||||
|  |  | ||||||
|  | 3. **Configure credentials**: | ||||||
|  |    - **Provider URL**: Paste your Auth0 domain (e.g., `https://your-tenant.auth0.com`) remember to add the `https://` at the beginning | ||||||
|  |    - **Client ID**: Paste the Client ID from Auth0 application | ||||||
|  |    - **Client Secret**: Paste the Client Secret from Auth0 application | ||||||
|  |    - **Scopes**: Add the scopes you want to use. The default scopes are `openid`, `profile`, and `email`. | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/auth0/edit-auth0.png" | ||||||
|  |   alt="Edit Auth0 Provider" | ||||||
|  |   legend="This is a fake application, you have to use your own." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | ### Advanced configuration options | ||||||
|  |  | ||||||
|  | Configure additional settings to customize the authentication behavior: | ||||||
|  |  | ||||||
|  | **Auto Registration**: Enable this to automatically create user accounts when someone authenticates for the first time. | ||||||
|  |  | ||||||
|  | **Sort Order**: Control where the Auth0 login button appears relative to other authentication providers. | ||||||
|  |  | ||||||
|  | **Icon**: you can choose the icon you want to use for the Auth0 login button (default is `SiAuth0`). | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/auth0/auth0-icon.png" alt="Auth0 Icon" /> | ||||||
|  |  | ||||||
|  | > **Enterprise tip:** Auth0 authentication works great for enterprise organizations requiring advanced security features and centralized identity management. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Account linking | ||||||
|  |  | ||||||
|  | By default, if a user is already registered in Palmr with their Auth0 email, they will be automatically linked to their Palmr account. | ||||||
|  |  | ||||||
|  | > **Note:** You can't disable account linking. If you want to unlink a user from their Auth0 account, you need to delete the user from Palmr. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Technical configuration | ||||||
|  |  | ||||||
|  | Auth0's technical configuration is handled automatically, but understanding the setup can help with troubleshooting: | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | Provider Type: OAuth 2.0 with OIDC Discovery | ||||||
|  | Issuer URL: https://your-tenant.auth0.com | ||||||
|  | Authorization Endpoint: /authorize | ||||||
|  | Token Endpoint: /oauth/token | ||||||
|  | UserInfo Endpoint: /userinfo | ||||||
|  | Scopes: openid profile email | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### Field mappings | ||||||
|  |  | ||||||
|  | Palmr automatically maps Auth0 user information to local user accounts: | ||||||
|  |  | ||||||
|  | - **User ID**: Maps from Auth0's `sub` field | ||||||
|  | - **Email**: Maps from Auth0's `email` field | ||||||
|  | - **Full Name**: Maps from Auth0's `name` field | ||||||
|  | - **First Name**: Maps from Auth0's `given_name` field | ||||||
|  | - **Last Name**: Maps from Auth0's `family_name` field | ||||||
|  | - **Avatar**: Maps from Auth0's `picture` field | ||||||
|  | - **Username**: Maps from Auth0's `nickname` field | ||||||
|  |  | ||||||
|  | ### Auth0-specific features | ||||||
|  |  | ||||||
|  | - **Custom Claims**: Can include custom user metadata and app metadata | ||||||
|  | - **Connection Support**: Works with database, social, and enterprise connections | ||||||
|  | - **Rules and Hooks**: Can customize authentication flow with custom logic | ||||||
|  | - **Multi-factor Authentication**: Supports Auth0's MFA features | ||||||
|  | - **Enterprise SSO**: Integrates with SAML, LDAP, and other enterprise systems | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Testing the configuration | ||||||
|  |  | ||||||
|  | ### Verifying the setup | ||||||
|  |  | ||||||
|  | After configuring Auth0 authentication, test the integration to ensure everything works correctly. | ||||||
|  |  | ||||||
|  | 1. **Check login page**: Navigate to your Palmr login page and verify the "Sign in with Auth0" button appears | ||||||
|  |  | ||||||
|  | 2. **Test authentication flow**: Click the Auth0 sign-in button and complete the authentication process | ||||||
|  |  | ||||||
|  | 3. **Verify user creation**: Confirm that a new user account is created (if auto-registration is enabled) | ||||||
|  |  | ||||||
|  | ### Login flow verification | ||||||
|  |  | ||||||
|  | The complete authentication process should work as follows: | ||||||
|  |  | ||||||
|  | 1. **User clicks "Sign in with Auth0"**: The browser redirects to Auth0's authorization page | ||||||
|  | 2. **User authenticates**: User completes authentication through Auth0 (login, MFA, etc.) | ||||||
|  | 3. **Auth0 redirects back to Palmr**: User returns to Palmr with authentication tokens | ||||||
|  | 4. **Palmr creates or updates user**: User account is automatically managed with Auth0 information | ||||||
|  | 5. **User accesses Palmr**: User is logged in with their Auth0 identity | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Troubleshooting common issues | ||||||
|  |  | ||||||
|  | ### Redirect URI mismatch error | ||||||
|  |  | ||||||
|  | **Error message**: `invalid_redirect_uri` | ||||||
|  |  | ||||||
|  | **Cause**: The redirect URI in your request doesn't match what's configured in Auth0 application. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Check the exact URL in the error message | ||||||
|  | 2. Add this exact URL to your Auth0 application's callback URLs | ||||||
|  | 3. Ensure you include the correct protocol (http/https) and port | ||||||
|  | 4. Remove any trailing slashes unless they're in the callback URL | ||||||
|  |  | ||||||
|  | ### Access denied error | ||||||
|  |  | ||||||
|  | **Error message**: `access_denied` | ||||||
|  |  | ||||||
|  | **Cause**: User denied permissions or the application isn't properly configured. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Verify that your Auth0 application requests the correct scopes | ||||||
|  | 2. Check that users are granting permissions during the authorization flow | ||||||
|  | 3. Ensure your application is not restricted or disabled | ||||||
|  | 4. Verify the application has proper permissions set up | ||||||
|  |  | ||||||
|  | ### Invalid client error | ||||||
|  |  | ||||||
|  | **Error message**: `invalid_client` | ||||||
|  |  | ||||||
|  | **Cause**: Incorrect Client ID, Client Secret, or Domain. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Double-check that you've copied the credentials correctly from Auth0 | ||||||
|  | 2. Ensure there are no extra spaces or characters in the credentials | ||||||
|  | 3. Verify you're using the correct domain format (e.g., `your-tenant.auth0.com`) | ||||||
|  | 4. Generate a new Client Secret if necessary | ||||||
|  |  | ||||||
|  | ### Domain configuration issues | ||||||
|  |  | ||||||
|  | **Error message**: Domain not found or invalid | ||||||
|  |  | ||||||
|  | **Cause**: Incorrect Auth0 domain or tenant configuration. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Verify your Auth0 domain is correct (e.g., `your-tenant.auth0.com`) | ||||||
|  | 2. Check that your Auth0 tenant is active and not suspended | ||||||
|  | 3. Ensure you're using the correct region for your tenant | ||||||
|  | 4. Verify DNS resolution for your Auth0 domain | ||||||
|  |  | ||||||
|  | ### Custom claims not available | ||||||
|  |  | ||||||
|  | **Cause**: Custom claims not properly configured in Auth0 rules or actions. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Check Auth0 rules and actions for custom claim configuration | ||||||
|  | 2. Verify that custom claims are included in the ID token | ||||||
|  | 3. Ensure the claims are properly formatted and accessible | ||||||
|  | 4. Test with a user that has the expected custom claims | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Security best practices | ||||||
|  |  | ||||||
|  | ### Credential management | ||||||
|  |  | ||||||
|  | - **Never expose secrets**: Keep your Client Secret secure and never commit it to version control | ||||||
|  | - **Rotate credentials regularly**: Generate new Client Secrets periodically for enhanced security | ||||||
|  | - **Use environment variables**: Store sensitive configuration in environment variables, not config files | ||||||
|  | - **Monitor access logs**: Regularly review authentication logs for suspicious activity | ||||||
|  |  | ||||||
|  | ### Scope and permission management | ||||||
|  |  | ||||||
|  | - **Minimal scopes**: Only request `openid`, `profile`, and `email` scopes as required by Palmr | ||||||
|  | - **User consent**: Ensure users understand what permissions they're granting | ||||||
|  | - **Regular audits**: Review which users have connected their Auth0 accounts | ||||||
|  | - **Access reviews**: Periodically check user access and remove inactive accounts | ||||||
|  |  | ||||||
|  | ### Production considerations | ||||||
|  |  | ||||||
|  | - **Use HTTPS**: Always use HTTPS in production environments | ||||||
|  | - **Configure proper domains**: Use production domains in Auth0 application settings | ||||||
|  | - **Test thoroughly**: Verify the complete authentication flow before going live | ||||||
|  | - **Plan for failures**: Have fallback authentication methods available | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Next steps | ||||||
|  |  | ||||||
|  | With Auth0 authentication configured, you might want to: | ||||||
|  |  | ||||||
|  | - **Configure additional providers**: Set up other OIDC providers for more authentication options | ||||||
|  | - **Customize user management**: Fine-tune auto-registration and admin assignment rules | ||||||
|  | - **Review security settings**: Ensure your authentication setup meets your security requirements | ||||||
|  | - **Monitor usage**: Keep track of authentication patterns and user activity | ||||||
|  |  | ||||||
|  | For more information about OIDC authentication in Palmr, see the [OIDC Authentication overview](/docs/3.2-beta/oidc-authentication). | ||||||
|  |  | ||||||
|  | ## Useful resources | ||||||
|  |  | ||||||
|  | - [Auth0 Documentation](https://auth0.com/docs) | ||||||
|  | - [Auth0 OAuth 2.0 Guide](https://auth0.com/docs/protocols/oauth2) | ||||||
|  | - [Auth0 OpenID Connect](https://auth0.com/docs/protocols/openid-connect) | ||||||
|  | - [Auth0 Dashboard](https://manage.auth0.com) | ||||||
| @@ -0,0 +1,384 @@ | |||||||
|  | --- | ||||||
|  | title: Authentik | ||||||
|  | icon: Key | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | import { ZoomableImage } from "@/components/ui/zoomable-image"; | ||||||
|  |  | ||||||
|  | Authentik is one of Palmr's officially supported OIDC providers, offering enterprise-grade authentication through Authentik's identity platform. This integration allows users to sign in to Palmr using Authentik's comprehensive authentication system, making it perfect for enterprise organizations, applications requiring advanced security features, and teams that need centralized identity management with complete control over their authentication infrastructure. | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/authentik/sign-in-with-authentik.png" alt="Sign in with Authentik" /> | ||||||
|  |  | ||||||
|  | ## Why use Authentik authentication? | ||||||
|  |  | ||||||
|  | Authentik authentication provides several advantages for enterprise and security-focused organizations: | ||||||
|  |  | ||||||
|  | - **Complete self-hosted control** - Full control over your authentication infrastructure and data | ||||||
|  | - **Enterprise-grade security** - Advanced security features like MFA, adaptive authentication, and threat detection | ||||||
|  | - **Centralized identity management** - Single platform to manage users across multiple applications | ||||||
|  | - **Compliance ready** - Built-in compliance with GDPR, SOC 2, and other enterprise standards | ||||||
|  | - **Advanced customization** - Policies, flows, and custom branding capabilities | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Prerequisites | ||||||
|  |  | ||||||
|  | Before configuring Authentik authentication, ensure you have: | ||||||
|  |  | ||||||
|  | - **Authentik instance** - Self-hosted Authentik installation running and accessible | ||||||
|  | - **Admin privileges in Palmr** - Required to configure OIDC settings | ||||||
|  | - **Domain configuration** - For production deployments with custom domains | ||||||
|  |  | ||||||
|  | > **Note:** Authentik is pre-configured as an official provider in Palmr, which means the technical configuration is handled automatically. You only need to provide your OAuth credentials. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Setting up Authentik OAuth2/OpenID Provider | ||||||
|  |  | ||||||
|  | ### Creating an Authentik OAuth2/OpenID Provider | ||||||
|  |  | ||||||
|  | To get started with Authentik authentication, you'll need to create an OAuth2/OpenID Provider in your Authentik Admin Interface. | ||||||
|  |  | ||||||
|  | 1. **Navigate to Authentik Admin Interface**: Go to your Authentik instance URL (e.g., `https://your-authentik-domain.com`) | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/authentik/authentik-admin.png" alt="Authentik Admin Interface" /> | ||||||
|  |  | ||||||
|  | 2. **Create new OAuth2/OpenID Provider**: Click **"Applications"** in the left sidebar, then click **"Providers"** and click **"+ Create"** | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/authentik/create-provider.png" alt="Authentik Create Provider" /> | ||||||
|  |  | ||||||
|  | 3. **Select provider type**: Choose **"OAuth2/OpenID Provider"** for OIDC authentication and click on **"Next"** button. | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/authentik/provider-type.png" | ||||||
|  |   alt="Authentik Provider Type Selection" | ||||||
|  |   legend="This is a fake application, you have to use your own." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | ### Configuring provider settings | ||||||
|  |  | ||||||
|  | 1. **Enter provider details**: | ||||||
|  |    - **Name**: Enter a descriptive name like "Palmr File Sharing" | ||||||
|  |    - **Authorization Flow**: select **default-provider-authorization-explicit-consent (Authorize Application)** | ||||||
|  |    - **Protocol Settings (Client type)**: select **Confidential** | ||||||
|  |    - **Protocol Settings (Client ID)**: Copy the Client ID from Authentik field (You can edit it if you want) - `(Copy this value and save it for later use)` | ||||||
|  |    - **Protocol Settings (Client Secret)**: Copy the Client Secret from Authentik field (You can edit it if you want) - `(Copy this value and save it for later use)` | ||||||
|  |    - **Protocol Settings (Redirect URIs/Origins (RegEx))**: Select 'Strict' and add the redirect URI for your application (e.g. `https://your-palmr-domain.com/api/auth/providers/authentik/callback`) you can see below the field the example of the redirect URI. | ||||||
|  |    - **Protocol Settings (Signing key)**: select **"authentik Self-signed Certificate"** | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/authentik/provider-settings-1.png" | ||||||
|  |   alt="Authentik Provider Settings" | ||||||
|  |   legend="This is a fake application, you have to use your own." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/authentik/provider-settings-2.png" | ||||||
|  |   alt="Authentik Provider Settings" | ||||||
|  |   legend="This is a fake application, you have to use your own." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | 2. **Configure provider URLs**: | ||||||
|  |  | ||||||
|  | You'll need to configure several URLs in your Authentik provider settings. Here's what to add for each environment: | ||||||
|  |  | ||||||
|  | ### Redirect URIs | ||||||
|  |  | ||||||
|  | | Environment | URL                                                                 | | ||||||
|  | | ----------- | ------------------------------------------------------------------- | | ||||||
|  | | Production  | `https://yourdomain.com/api/auth/providers/authentik/callback`      | | ||||||
|  | | Development | `http://localhost:3000/api/auth/providers/authentik/callback`       | | ||||||
|  | | Custom Port | `https://yourdomain.com:5487/api/auth/providers/authentik/callback` | | ||||||
|  |  | ||||||
|  | > **Note:** Replace `yourdomain.com` with your actual domain name in all production and custom port URLs. | ||||||
|  | > **Note:** You can add multiple redirect URIs for different environments (development, staging, production). | ||||||
|  |  | ||||||
|  | **Save changes**: Click **"Finish"** to apply your configuration. | ||||||
|  |  | ||||||
|  | > **Note:** You can configure other settings for provider if you want, but the necessary settings are already configured in this step. | ||||||
|  |  | ||||||
|  | After clicking on **"Finish"** you will see your provider listed in the provider list, but with an warning message like this: ' Warning: Provider not assigned to any application.'. | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/authentik/warning-message.png" | ||||||
|  |   alt="Authentik Provider Warning Message" | ||||||
|  |   legend="This is a fake application, you have to use your own." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | ### Creating application with created provider | ||||||
|  |  | ||||||
|  | After creating your provider, you need to create an application with the created provider. To do this, you need to click on the **"Applications"** in the left sidebar, then click on **"+ Create"**. | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/authentik/applications-page.png" | ||||||
|  |   alt="Authentik Applications Page" | ||||||
|  |   legend="This is a fake application, you have to use your own." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | 1. **Configure application**: | ||||||
|  |  | ||||||
|  | - **Name**: Enter a descriptive name like "Palmr File Sharing" | ||||||
|  | - **Slug**: Enter a unique identifier (e.g., `palmr-file-sharing`) | ||||||
|  | - **Provider**: Select the provider you just created from the list of providers. | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/authentik/application-modal.png" | ||||||
|  |   alt="Authentik Application Modal" | ||||||
|  |   legend="This is a fake application, you have to use your own." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | The other fields are not important for now, you can leave them as they are. But if you want to change something, you can change them. | ||||||
|  |  | ||||||
|  | 2. **Save application**: Click on **"Create"** to save the application. | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/authentik/application-modal.png" | ||||||
|  |   alt="Authentik Application Modal" | ||||||
|  |   legend="This is a fake application, you have to use your own." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | ### Final Authentik step | ||||||
|  |  | ||||||
|  | The last step in Authentik is grab your instance URL. You can find it clicking on the **"providers"** in the side menu on tab **"overview"**. | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/authentik/provider-overview.png" | ||||||
|  |   alt="Authentik Instance URL" | ||||||
|  |   legend="This is a fake application, you have to use your own." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | You don't need copy the complete URL, just the domain name and protocol and port if you are using a custom port. | ||||||
|  | For example: `https://your-authentik-domain.com`. | ||||||
|  |  | ||||||
|  | > **Note:** In Authentik we finish the configuration. Let's go to Palmr to configure the provider. Remember you need `Client ID`, `Client Secret` and `Instance URL` to configure the provider in Palmr. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Configuring Palmr | ||||||
|  |  | ||||||
|  | ### Accessing OIDC settings | ||||||
|  |  | ||||||
|  | To configure Authentik authentication in Palmr, you need administrator access to the settings panel. | ||||||
|  |  | ||||||
|  | 1. **Login as administrator**: Sign in to Palmr with an admin account | ||||||
|  |  | ||||||
|  | 2. **Access settings**: Click your profile picture in the header and select **Settings** | ||||||
|  |  | ||||||
|  | 3. **Navigate to authentication**: Find and click on the **Authentication Providers** configuration section | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/auth-providers.png" alt="Palmr Authentication Providers" /> | ||||||
|  |  | ||||||
|  | ### Enabling Authentik provider | ||||||
|  |  | ||||||
|  | Authentik comes pre-configured as an official provider, so the setup process is streamlined. | ||||||
|  |  | ||||||
|  | 1. **Locate Authentik provider**: Find Authentik in the list of available providers | ||||||
|  |  | ||||||
|  | 2. **Enable the provider**: Toggle the status to **Enabled** | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/authentik/enabled-authentik.png" alt="Palmr Authentik Provider Enabled" /> | ||||||
|  |  | ||||||
|  | After enabling the provider, click on the pen icon to configure the provider. | ||||||
|  |  | ||||||
|  | 3. **Configure credentials**: | ||||||
|  |    - **Provider URL**: Paste your Authentik instance URL (e.g., `https://your-authentik-domain.com`) | ||||||
|  |    - **Client ID**: Paste the Client ID from Authentik provider | ||||||
|  |    - **Client Secret**: Paste the Client Secret from Authentik provider | ||||||
|  |    - **Scopes**: Add the scopes you want to use. The default scopes are `openid`, `profile`, and `email`. You don't need change this if you are not sure. | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/authentik/edit-authentik.png" | ||||||
|  |   alt="Edit Authentik Provider" | ||||||
|  |   legend="This is a fake application, you have to use your own." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | ### Advanced configuration options | ||||||
|  |  | ||||||
|  | Configure additional settings to customize the authentication behavior: | ||||||
|  |  | ||||||
|  | **Auto Registration**: Enable this to automatically create user accounts when someone authenticates for the first time. | ||||||
|  |  | ||||||
|  | **Sort Order**: Control where the Authentik login button appears relative to other authentication providers. | ||||||
|  |  | ||||||
|  | **Icon**: you can choose the icon you want to use for the Authentik login button (default is `FaShieldAlt`). | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/authentik/authentik-icon.png" alt="Authentik Icon" /> | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Account linking | ||||||
|  |  | ||||||
|  | By default, if a user is already registered in Palmr with their Authentik email, they will be automatically linked to their Palmr account. | ||||||
|  |  | ||||||
|  | > **Note:** You can't disable account linking. If you want to unlink a user from their Authentik account, you need to delete the user from Palmr. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Technical configuration | ||||||
|  |  | ||||||
|  | Authentik's technical configuration is handled automatically, but understanding the setup can help with troubleshooting: | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | Provider Type: OAuth 2.0 with OIDC Discovery | ||||||
|  | Issuer URL: https://your-authentik-domain.com | ||||||
|  | Authorization Endpoint: /application/o/authorize | ||||||
|  | Token Endpoint: /application/o/token | ||||||
|  | UserInfo Endpoint: /application/o/userinfo | ||||||
|  | Scopes: openid profile email | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### Field mappings | ||||||
|  |  | ||||||
|  | Palmr automatically maps Authentik user information to local user accounts: | ||||||
|  |  | ||||||
|  | - **User ID**: Maps from Authentik's `sub` field | ||||||
|  | - **Email**: Maps from Authentik's `email` field | ||||||
|  | - **Full Name**: Maps from Authentik's `name` field | ||||||
|  | - **First Name**: Maps from Authentik's `given_name` field | ||||||
|  | - **Last Name**: Maps from Authentik's `family_name` field | ||||||
|  | - **Avatar**: Maps from Authentik's `picture` field | ||||||
|  | - **Username**: Maps from Authentik's `preferred_username` field | ||||||
|  |  | ||||||
|  | ### Authentik-specific features | ||||||
|  |  | ||||||
|  | - **Custom Claims**: Can include custom user metadata and app metadata | ||||||
|  | - **Policies Support**: Can customize authentication flow with custom policies | ||||||
|  | - **Multi-factor Authentication**: Supports Authentik's MFA features | ||||||
|  | - **Enterprise SSO**: Integrates with SAML, LDAP, and other enterprise systems | ||||||
|  | - **Self-hosted Only**: Complete control over your authentication infrastructure | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Testing the configuration | ||||||
|  |  | ||||||
|  | ### Verifying the setup | ||||||
|  |  | ||||||
|  | After configuring Authentik authentication, test the integration to ensure everything works correctly. | ||||||
|  |  | ||||||
|  | 1. **Check login page**: Navigate to your Palmr login page and verify the "Sign in with Authentik" button appears | ||||||
|  |  | ||||||
|  | 2. **Test authentication flow**: Click the Authentik sign-in button and complete the authentication process | ||||||
|  |  | ||||||
|  | 3. **Verify user creation**: Confirm that a new user account is created (if auto-registration is enabled) | ||||||
|  |  | ||||||
|  | ### Login flow verification | ||||||
|  |  | ||||||
|  | The complete authentication process should work as follows: | ||||||
|  |  | ||||||
|  | 1. **User clicks "Sign in with Authentik"**: The browser redirects to Authentik's authorization page | ||||||
|  | 2. **User authenticates**: User completes authentication through Authentik (login, MFA, etc.) | ||||||
|  | 3. **Authentik redirects back to Palmr**: User returns to Palmr with authentication tokens | ||||||
|  | 4. **Palmr creates or updates user**: User account is automatically managed with Authentik information | ||||||
|  | 5. **User accesses Palmr**: User is logged in with their Authentik identity | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Troubleshooting common issues | ||||||
|  |  | ||||||
|  | ### Redirect URI mismatch error | ||||||
|  |  | ||||||
|  | **Error message**: `invalid_redirect_uri` | ||||||
|  |  | ||||||
|  | **Cause**: The redirect URI in your request doesn't match what's configured in Authentik provider. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Check the exact URL in the error message | ||||||
|  | 2. Add this exact URL to your Authentik provider's redirect URIs | ||||||
|  | 3. Ensure you include the correct protocol (http/https) and port | ||||||
|  | 4. Remove any trailing slashes unless they're in the callback URL | ||||||
|  |  | ||||||
|  | ### Access denied error | ||||||
|  |  | ||||||
|  | **Error message**: `access_denied` | ||||||
|  |  | ||||||
|  | **Cause**: User denied permissions or the provider isn't properly configured. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Verify that your Authentik provider requests the correct scopes | ||||||
|  | 2. Check that users are granting permissions during the authorization flow | ||||||
|  | 3. Ensure your provider is not restricted or disabled | ||||||
|  | 4. Verify the provider has proper permissions set up | ||||||
|  |  | ||||||
|  | ### Invalid client error | ||||||
|  |  | ||||||
|  | **Error message**: `invalid_client` | ||||||
|  |  | ||||||
|  | **Cause**: Incorrect Client ID, Client Secret, or Instance URL. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Double-check that you've copied the credentials correctly from Authentik | ||||||
|  | 2. Ensure there are no extra spaces or characters in the credentials | ||||||
|  | 3. Verify you're using the correct instance URL format | ||||||
|  | 4. Generate a new Client Secret if necessary | ||||||
|  |  | ||||||
|  | ### Instance URL configuration issues | ||||||
|  |  | ||||||
|  | **Error message**: Instance not found or invalid | ||||||
|  |  | ||||||
|  | **Cause**: Incorrect Authentik instance URL or instance configuration. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Verify your Authentik instance URL is correct | ||||||
|  | 2. Check that your Authentik instance is active and accessible | ||||||
|  | 3. Ensure you're using the correct protocol (https://) | ||||||
|  | 4. Verify DNS resolution for your Authentik instance | ||||||
|  |  | ||||||
|  | ### Self-hosted connectivity issues | ||||||
|  |  | ||||||
|  | **Cause**: Network connectivity problems with self-hosted Authentik instance. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Check server firewall and network connectivity | ||||||
|  | 2. Verify DNS resolution from your server to the Authentik instance | ||||||
|  | 3. Ensure the Authentik instance is properly configured and running | ||||||
|  | 4. Check SSL certificate validity for the Authentik instance | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Security best practices | ||||||
|  |  | ||||||
|  | ### Credential management | ||||||
|  |  | ||||||
|  | - **Never expose secrets**: Keep your Client Secret secure and never commit it to version control | ||||||
|  | - **Rotate credentials regularly**: Generate new Client Secrets periodically for enhanced security | ||||||
|  | - **Use environment variables**: Store sensitive configuration in environment variables, not config files | ||||||
|  | - **Monitor access logs**: Regularly review authentication logs for suspicious activity | ||||||
|  |  | ||||||
|  | ### Scope and permission management | ||||||
|  |  | ||||||
|  | - **Minimal scopes**: Only request `openid`, `profile`, and `email` scopes as required by Palmr | ||||||
|  | - **User consent**: Ensure users understand what permissions they're granting | ||||||
|  | - **Regular audits**: Review which users have connected their Authentik accounts | ||||||
|  | - **Access reviews**: Periodically check user access and remove inactive accounts | ||||||
|  |  | ||||||
|  | ### Production considerations | ||||||
|  |  | ||||||
|  | - **Use HTTPS**: Always use HTTPS in production environments | ||||||
|  | - **Configure proper domains**: Use production domains in Authentik provider settings | ||||||
|  | - **Test thoroughly**: Verify the complete authentication flow before going live | ||||||
|  | - **Plan for failures**: Have fallback authentication methods available | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Next steps | ||||||
|  |  | ||||||
|  | With Authentik authentication configured, you might want to: | ||||||
|  |  | ||||||
|  | - **Configure additional providers**: Set up other OIDC providers for more authentication options | ||||||
|  | - **Customize user management**: Fine-tune auto-registration and admin assignment rules | ||||||
|  | - **Review security settings**: Ensure your authentication setup meets your security requirements | ||||||
|  | - **Monitor usage**: Keep track of authentication patterns and user activity | ||||||
|  |  | ||||||
|  | For more information about OIDC authentication in Palmr, see the [OIDC Authentication overview](/docs/3.2-beta/oidc-authentication). | ||||||
|  |  | ||||||
|  | ## Useful resources | ||||||
|  |  | ||||||
|  | - [Authentik Documentation](https://goauthentik.io/docs) | ||||||
|  | - [Authentik OAuth2/OpenID Provider](https://goauthentik.io/docs/providers/oauth2) | ||||||
|  | - [Authentik Installation Guide](https://goauthentik.io/docs/installation) | ||||||
|  | - [Authentik Admin Interface](https://goauthentik.io/docs/administration) | ||||||
							
								
								
									
										342
									
								
								apps/docs/content/docs/3.2-beta/oidc-authentication/discord.mdx
									
									
									
									
									
										Normal file
									
								
							
							
						
						| @@ -0,0 +1,342 @@ | |||||||
|  | --- | ||||||
|  | title: Discord | ||||||
|  | icon: MessageSquare | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | import { ZoomableImage } from "@/components/ui/zoomable-image"; | ||||||
|  |  | ||||||
|  | Discord is one of Palmr's officially supported OIDC providers, offering secure authentication through Discord OAuth 2.0. This integration allows users to sign in to Palmr using their existing Discord accounts, making it perfect for gaming communities, developer teams, and organizations already using Discord. | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/discord/sign-in-with-discord.png" alt="Sign in with Discord" /> | ||||||
|  |  | ||||||
|  | ## Why use Discord authentication? | ||||||
|  |  | ||||||
|  | Discord authentication provides several advantages for community-focused organizations and teams: | ||||||
|  |  | ||||||
|  | - **Community integration** - Perfect for gaming communities and Discord-centric organizations | ||||||
|  | - **Familiar experience** - Users already trust and use Discord daily | ||||||
|  | - **Rich user profiles** - Access to Discord usernames, avatars, and global names | ||||||
|  | - **Developer-friendly** - Great for technical teams and open-source projects | ||||||
|  | - **No additional accounts** - Users can access Palmr without creating new credentials | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Prerequisites | ||||||
|  |  | ||||||
|  | Before configuring Discord authentication, ensure you have: | ||||||
|  |  | ||||||
|  | - **Discord Developer Portal access** - Ability to create applications on Discord | ||||||
|  | - **Admin privileges in Palmr** - Required to configure OIDC settings | ||||||
|  | - **Server ownership or permissions** - If integrating with a Discord server | ||||||
|  |  | ||||||
|  | > **Note:** Discord is pre-configured as an official provider in Palmr, which means the technical configuration is handled automatically. You only need to provide your OAuth credentials. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Setting up Discord Developer Portal | ||||||
|  |  | ||||||
|  | ### Creating a Discord application | ||||||
|  |  | ||||||
|  | To get started with Discord authentication, you'll need to create an application in Discord Developer Portal. | ||||||
|  |  | ||||||
|  | 1. **Navigate to Discord Developer Portal**: Go to [discord.com/developers/applications](https://discord.com/developers/applications) | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/discord/developer-portal-home.png" alt="Discord Developer Portal Home" /> | ||||||
|  |  | ||||||
|  | 2. **Create new application**: Click **"New Application"** button | ||||||
|  | 3. **Enter application details**: | ||||||
|  |    - **Name**: Enter a descriptive name like "Palmr File Sharing" | ||||||
|  |    - **Accept Terms of Service and Developer Policy**: Check the box | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/discord/create-application-modal.png" alt="Discord Create Application Modal" /> | ||||||
|  |  | ||||||
|  | 4. **Create application**: Click **"Create"** to generate your application | ||||||
|  |  | ||||||
|  | ### Configuring application settings | ||||||
|  |  | ||||||
|  | After creating your application, you'll need to configure basic settings and branding. | ||||||
|  |  | ||||||
|  | 1. **Update application information**: | ||||||
|  |    - **Description**: Add a clear description of your Palmr instance | ||||||
|  |    - **Icon**: Upload your organization's logo or Palmr-related icon | ||||||
|  |    - **Cover Image**: Optional banner image for better branding | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/discord/application-settings.png" | ||||||
|  |   alt="Discord Application Settings" | ||||||
|  |   legend="This is a fake application, you have to use your own." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | 2. **Configure application details**: | ||||||
|  |    - **Tags**: Add relevant tags (optional) | ||||||
|  |    - **Privacy Policy URL**: Add your privacy policy URL if required | ||||||
|  |    - **Terms of Service URL**: Add your terms of service URL if required | ||||||
|  |  | ||||||
|  | ### Setting up OAuth2 configuration | ||||||
|  |  | ||||||
|  | Now you'll configure the OAuth2 settings that Palmr will use to authenticate users. | ||||||
|  |  | ||||||
|  | 1. **Navigate to OAuth2**: In the left sidebar, click **"OAuth2"** | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/discord/oauth2-general.png" alt="Discord OAuth2 General Settings" /> | ||||||
|  |  | ||||||
|  | 2. **Configure OAuth2 settings**: | ||||||
|  |    - **Client Secret**: Click **"Reset Secret"** to generate a new client secret | ||||||
|  |    - **Copy credentials**: Save both **Client ID** and **Client Secret** for later use | ||||||
|  |  | ||||||
|  | 3. **Add redirect URIs**: In the **"Redirects"** section, add your Palmr callback URLs: | ||||||
|  |  | ||||||
|  | You'll need to configure several URLs in your Discord application settings. Here's what to add for each environment: | ||||||
|  |  | ||||||
|  | ### Redirect URIs | ||||||
|  |  | ||||||
|  | | Environment | URL                                                               | | ||||||
|  | | ----------- | ----------------------------------------------------------------- | | ||||||
|  | | Production  | `https://yourdomain.com/api/auth/providers/discord/callback`      | | ||||||
|  | | Development | `http://localhost:3000/api/auth/providers/discord/callback`       | | ||||||
|  | | Custom Port | `https://yourdomain.com:5487/api/auth/providers/discord/callback` | | ||||||
|  |  | ||||||
|  | > **Note:** Replace `yourdomain.com` with your actual domain name in all production and custom port URLs. | ||||||
|  | > **Note:** You can add multiple redirect URIs for different environments (development, staging, production). | ||||||
|  |  | ||||||
|  | 4. **Select required scopes**: | ||||||
|  |    - **`identify`** - Access to user's basic account information (required) | ||||||
|  |    - **`email`** - Access to user's email address (required for Palmr) | ||||||
|  |  | ||||||
|  | 5. **Save changes**: Click **"Save Changes"** to apply your configuration | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/discord/required-scopes.png" | ||||||
|  |   alt="Discord Required Scopes" | ||||||
|  |   legend="This is a fake application, you have to use your own." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Configuring Palmr | ||||||
|  |  | ||||||
|  | ### Accessing OIDC settings | ||||||
|  |  | ||||||
|  | To configure Discord authentication in Palmr, you need administrator access to the settings panel. | ||||||
|  |  | ||||||
|  | 1. **Login as administrator**: Sign in to Palmr with an admin account | ||||||
|  |  | ||||||
|  | 2. **Access settings**: Click your profile picture in the header and select **Settings** | ||||||
|  |  | ||||||
|  | 3. **Navigate to authentication**: Find and click on the **Authentication Providers** configuration section | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/auth-providers.png" alt="Palmr Authentication Providers" /> | ||||||
|  |  | ||||||
|  | ### Enabling Discord provider | ||||||
|  |  | ||||||
|  | Discord comes pre-configured as an official provider, so the setup process is streamlined. | ||||||
|  |  | ||||||
|  | 1. **Locate Discord provider**: Find Discord in the list of available providers | ||||||
|  |  | ||||||
|  | 2. **Enable the provider**: Toggle the status to **Enabled** | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/discord/palmr-enabled-discord.png" alt="Palmr Discord Provider Enabled" /> | ||||||
|  |  | ||||||
|  | After enabling the provider, click on the pen icon to configure the provider. | ||||||
|  |  | ||||||
|  | 3. **Configure credentials**: | ||||||
|  |    - **Client ID**: Paste the Client ID from Discord Developer Portal | ||||||
|  |    - **Client Secret**: Paste the Client Secret from Discord Developer Portal | ||||||
|  |    - **Scopes**: Add the scopes you want to use. The default scopes are `identify` and `email`. | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/discord/edit-discord.png" | ||||||
|  |   alt="Edit Discord Provider" | ||||||
|  |   legend="This is a fake application, you have to use your own." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | ### Advanced configuration options | ||||||
|  |  | ||||||
|  | Configure additional settings to customize the authentication behavior: | ||||||
|  |  | ||||||
|  | **Auto Registration**: Enable this to automatically create user accounts when someone authenticates for the first time. | ||||||
|  |  | ||||||
|  | **Admin Email Domains**: Specify domains that should automatically receive admin privileges. This is less common with Discord since users often use personal emails. | ||||||
|  |  | ||||||
|  | **Sort Order**: Control where the Discord login button appears relative to other authentication providers. | ||||||
|  |  | ||||||
|  | **Icon**: you can choose the icon you want to use for the Discord login button (default is `FaDiscord`). | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/discord/discord-icon.png" alt="Discord Icon" /> | ||||||
|  |  | ||||||
|  | > **Community tip:** Discord authentication works great for gaming communities and development teams. Consider enabling auto-registration for trusted Discord communities. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Account linking | ||||||
|  |  | ||||||
|  | By default, if a user is already registered in Palmr with their Discord email, they will be automatically linked to their Palmr account. | ||||||
|  |  | ||||||
|  | > **Note:** You can't disable account linking. If you want to unlink a user from their Discord account, you need to delete the user from Palmr. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Technical configuration | ||||||
|  |  | ||||||
|  | Discord's technical configuration is handled automatically, but understanding the setup can help with troubleshooting: | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | Provider Type: OAuth 2.0 (No OIDC Discovery) | ||||||
|  | Issuer URL: https://discord.com | ||||||
|  | Authorization Endpoint: /oauth2/authorize | ||||||
|  | Token Endpoint: /api/oauth2/token | ||||||
|  | UserInfo Endpoint: /api/users/@me | ||||||
|  | Scopes: identify email | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### Field mappings | ||||||
|  |  | ||||||
|  | Palmr automatically maps Discord user information to local user accounts: | ||||||
|  |  | ||||||
|  | - **User ID**: Maps from Discord's `id` field | ||||||
|  | - **Email**: Maps from Discord's `email` field | ||||||
|  | - **Display Name**: Maps from Discord's `global_name` or falls back to `username` | ||||||
|  | - **Username**: Maps from Discord's `username` field | ||||||
|  | - **Avatar**: Maps from Discord's `avatar` field (processed as Discord CDN URL) | ||||||
|  |  | ||||||
|  | ### Discord-specific features | ||||||
|  |  | ||||||
|  | - **Global Names**: Supports Discord's new global name system while maintaining compatibility with legacy usernames | ||||||
|  | - **Avatar Processing**: Automatically constructs Discord CDN URLs for user avatars | ||||||
|  | - **No Discovery**: Uses manually configured endpoints for better reliability | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Testing the configuration | ||||||
|  |  | ||||||
|  | ### Verifying the setup | ||||||
|  |  | ||||||
|  | After configuring Discord authentication, test the integration to ensure everything works correctly. | ||||||
|  |  | ||||||
|  | 1. **Check login page**: Navigate to your Palmr login page and verify the "Sign in with Discord" button appears | ||||||
|  |  | ||||||
|  | 2. **Test authentication flow**: Click the Discord sign-in button and complete the authentication process | ||||||
|  |  | ||||||
|  | 3. **Verify user creation**: Confirm that a new user account is created (if auto-registration is enabled) | ||||||
|  |  | ||||||
|  | ### Login flow verification | ||||||
|  |  | ||||||
|  | The complete authentication process should work as follows: | ||||||
|  |  | ||||||
|  | 1. **User clicks "Sign in with Discord"**: The browser redirects to Discord's authorization page | ||||||
|  | 2. **User authorizes application**: User grants permissions for `identify` and `email` scopes | ||||||
|  | 3. **Discord redirects back to Palmr**: User returns to Palmr with authentication tokens | ||||||
|  | 4. **Palmr creates or updates user**: User account is automatically managed with Discord information | ||||||
|  | 5. **User accesses Palmr**: User is logged in with their Discord identity | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Troubleshooting common issues | ||||||
|  |  | ||||||
|  | ### Invalid redirect URI error | ||||||
|  |  | ||||||
|  | **Error message**: `invalid_redirect_uri` | ||||||
|  |  | ||||||
|  | **Cause**: The redirect URI in your request doesn't match what's configured in Discord Developer Portal. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Check the exact URL in the error message | ||||||
|  | 2. Add this exact URL to your Discord application's redirect URIs | ||||||
|  | 3. Ensure you include the correct protocol (http/https) and port | ||||||
|  | 4. Remove any trailing slashes unless they're in the callback URL | ||||||
|  |  | ||||||
|  | ### Access denied error | ||||||
|  |  | ||||||
|  | **Error message**: `access_denied` | ||||||
|  |  | ||||||
|  | **Cause**: User denied permissions or the application doesn't have required scopes. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Verify that your Discord application requests `identify` and `email` scopes | ||||||
|  | 2. Check that users are granting permissions during the authorization flow | ||||||
|  | 3. Ensure your application is not restricted or disabled in Discord Developer Portal | ||||||
|  | 4. Verify the application has proper permissions set up | ||||||
|  |  | ||||||
|  | ### Invalid client error | ||||||
|  |  | ||||||
|  | **Error message**: `invalid_client` | ||||||
|  |  | ||||||
|  | **Cause**: Incorrect Client ID or Client Secret. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Double-check that you've copied the credentials correctly from Discord Developer Portal | ||||||
|  | 2. Ensure there are no extra spaces or characters in the credentials | ||||||
|  | 3. Generate a new Client Secret if necessary | ||||||
|  | 4. Verify you're using the correct application in Discord Developer Portal | ||||||
|  |  | ||||||
|  | ### Missing email scope error | ||||||
|  |  | ||||||
|  | **Error message**: Email not provided or scope missing | ||||||
|  |  | ||||||
|  | **Cause**: Discord application not configured with email scope or user's email is not verified. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Verify that your Discord application requests the `email` scope | ||||||
|  | 2. Check that users have verified their email addresses on Discord | ||||||
|  | 3. Ensure the scope configuration matches what Palmr expects | ||||||
|  | 4. Test with a Discord account that has a verified email | ||||||
|  |  | ||||||
|  | ### User information not displaying correctly | ||||||
|  |  | ||||||
|  | **Cause**: Discord username/global name mapping issues. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Check that the user has set a global name in Discord (new feature) | ||||||
|  | 2. Verify field mappings are working correctly in Palmr logs | ||||||
|  | 3. Test with different Discord accounts (some may have legacy usernames) | ||||||
|  | 4. Update user information manually through Palmr admin interface if needed | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Security best practices | ||||||
|  |  | ||||||
|  | ### Credential management | ||||||
|  |  | ||||||
|  | - **Never expose secrets**: Keep your Client Secret secure and never commit it to version control | ||||||
|  | - **Rotate credentials regularly**: Generate new Client Secrets periodically for enhanced security | ||||||
|  | - **Use environment variables**: Store sensitive configuration in environment variables, not config files | ||||||
|  | - **Monitor access logs**: Regularly review authentication logs for suspicious activity | ||||||
|  |  | ||||||
|  | ### Scope and permission management | ||||||
|  |  | ||||||
|  | - **Minimal scopes**: Only request `identify` and `email` scopes as required by Palmr | ||||||
|  | - **User consent**: Ensure users understand what permissions they're granting | ||||||
|  | - **Regular audits**: Review which users have connected their Discord accounts | ||||||
|  | - **Access reviews**: Periodically check user access and remove inactive accounts | ||||||
|  |  | ||||||
|  | ### Production considerations | ||||||
|  |  | ||||||
|  | - **Use HTTPS**: Always use HTTPS in production environments | ||||||
|  | - **Configure proper domains**: Use production domains in Discord redirect URIs | ||||||
|  | - **Test thoroughly**: Verify the complete authentication flow before going live | ||||||
|  | - **Plan for failures**: Have fallback authentication methods available | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Next steps | ||||||
|  |  | ||||||
|  | With Discord authentication configured, you might want to: | ||||||
|  |  | ||||||
|  | - **Configure additional providers**: Set up other OIDC providers for more authentication options | ||||||
|  | - **Customize user management**: Fine-tune auto-registration and admin assignment rules | ||||||
|  | - **Review security settings**: Ensure your authentication setup meets your security requirements | ||||||
|  | - **Monitor usage**: Keep track of authentication patterns and user activity | ||||||
|  |  | ||||||
|  | For more information about OIDC authentication in Palmr, see the [OIDC Authentication overview](/docs/3.2-beta/oidc-authentication). | ||||||
|  |  | ||||||
|  | ## Useful resources | ||||||
|  |  | ||||||
|  | - [Discord Developer Documentation](https://discord.com/developers/docs) | ||||||
|  | - [Discord OAuth2 Guide](https://discord.com/developers/docs/topics/oauth2) | ||||||
|  | - [Discord Applications](https://discord.com/developers/applications) | ||||||
|  | - [Discord API Reference](https://discord.com/developers/docs/reference) | ||||||
							
								
								
									
										324
									
								
								apps/docs/content/docs/3.2-beta/oidc-authentication/frontegg.mdx
									
									
									
									
									
										Normal file
									
								
							
							
						
						| @@ -0,0 +1,324 @@ | |||||||
|  | --- | ||||||
|  | title: Frontegg | ||||||
|  | icon: Egg | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | import { ZoomableImage } from "@/components/ui/zoomable-image"; | ||||||
|  |  | ||||||
|  | Frontegg is one of Palmr's officially supported OIDC providers, offering enterprise-grade authentication through Frontegg's identity platform. This integration allows users to sign in to Palmr using Frontegg's comprehensive authentication system, making it perfect for enterprise organizations, applications requiring advanced security features, and teams that need centralized identity management with modern developer experience. | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/frontegg/sign-in-with-frontegg.png" alt="Sign in with Frontegg" /> | ||||||
|  |  | ||||||
|  | ## Why use Frontegg authentication? | ||||||
|  |  | ||||||
|  | Frontegg authentication provides several advantages for enterprise and developer-focused organizations: | ||||||
|  |  | ||||||
|  | - **Modern developer experience** - Clean APIs, comprehensive SDKs, and developer-friendly tools | ||||||
|  | - **Enterprise-grade security** - Advanced security features like MFA, adaptive authentication, and threat detection | ||||||
|  | - **Centralized identity management** - Single platform to manage users across multiple applications | ||||||
|  | - **Compliance ready** - Built-in compliance with GDPR, SOC 2, and other enterprise standards | ||||||
|  | - **Advanced customization** - Themes, flows, and custom branding capabilities | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Prerequisites | ||||||
|  |  | ||||||
|  | Before configuring Frontegg authentication, ensure you have: | ||||||
|  |  | ||||||
|  | - **Frontegg account** - Ability to create applications and manage tenants | ||||||
|  | - **Admin privileges in Palmr** - Required to configure OIDC settings | ||||||
|  | - **Domain configuration** - For production deployments with custom domains | ||||||
|  |  | ||||||
|  | > **Note:** Frontegg is pre-configured as an official provider in Palmr, which means the technical configuration is handled automatically. You only need to provide your OAuth credentials. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Setting up Frontegg Application | ||||||
|  |  | ||||||
|  | ### Creating a Frontegg application | ||||||
|  |  | ||||||
|  | To get started with Frontegg authentication, you'll need to create an application in your Frontegg Admin Portal. | ||||||
|  |  | ||||||
|  | 1. **Navigate to Frontegg Admin Portal**: Go to [https://portal.frontegg.com/development/applications](https://portal.frontegg.com/development/applications) for example. (Development environment) for production environment you need to go to [https://portal.frontegg.com/production/applications](https://portal.frontegg.com/production/applications) - This can change depending on your environment. | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/frontegg/frontegg-admin.png" alt="Frontegg Admin Portal" /> | ||||||
|  |  | ||||||
|  | 2. **Create new application**: Click **"Create new"** | ||||||
|  |  | ||||||
|  | 3. **Fill application details**: | ||||||
|  |    - **Name**: Enter a descriptive name like "Palmr File Sharing" | ||||||
|  |    - **Description**: Add a clear description of your Palmr instance | ||||||
|  |    - **Type**: Choose **"Web"** for web-based Palmr instances | ||||||
|  |    - **Frontend stack**: Choose **"React"** for web-based Palmr instances | ||||||
|  |    - **App URL**: Add the URL of your Palmr instance, see table below for the example of the URL. | ||||||
|  |  | ||||||
|  |    | Environment | URL                                                                | | ||||||
|  |    | ----------- | ------------------------------------------------------------------ | | ||||||
|  |    | Production  | `https://yourdomain.com/api/auth/providers/frontegg/callback`      | | ||||||
|  |    | Development | `http://localhost:3000/api/auth/providers/frontegg/callback`       | | ||||||
|  |    | Custom Port | `https://yourdomain.com:5487/api/auth/providers/frontegg/callback` | | ||||||
|  |  | ||||||
|  |    > **Note:** Replace `yourdomain.com` with your actual domain name in all production and custom port URLs. | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/frontegg/application-details.png" | ||||||
|  |   alt="Frontegg Application Details" | ||||||
|  |   legend="This is a fake application, you have to use your own." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | 5. **Create application**: Click **"Create"** to generate your Frontegg application | ||||||
|  |  | ||||||
|  | ### Configuring application settings | ||||||
|  |  | ||||||
|  | After creating your application, you'll need to get the settings that Palmr will use. You gonna be redirected to the application page, where you can see the application details. | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/frontegg/application-page.png" | ||||||
|  |   alt="Frontegg Application Page" | ||||||
|  |   legend="This is a fake application, you have to use your own." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | ### Getting OAuth credentials | ||||||
|  |  | ||||||
|  | Now you'll get the credentials that Palmr will use to authenticate with Frontegg. | ||||||
|  |  | ||||||
|  | 1. **Copy Domain**: Note your Frontegg domain (e.g., `your-tenant.frontegg.com`) - You can find it in the application page at field **"Login URL"**. But copy just the domain, without the path. | ||||||
|  |  | ||||||
|  | 2. **Copy Client ID**: You can find it in the application page at field **"ID"** in the application page. | ||||||
|  |  | ||||||
|  | 3. **Copy Client Secret**: You can find it in the application page at field **"API key"** in the application page. | ||||||
|  |  | ||||||
|  | In Frontegg we finished the configuration, but we need to configure Palmr to use it. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Configuring Palmr | ||||||
|  |  | ||||||
|  | ### Accessing OIDC settings | ||||||
|  |  | ||||||
|  | To configure Frontegg authentication in Palmr, you need administrator access to the settings panel. | ||||||
|  |  | ||||||
|  | 1. **Login as administrator**: Sign in to Palmr with an admin account | ||||||
|  |  | ||||||
|  | 2. **Access settings**: Click your profile picture in the header and select **Settings** | ||||||
|  |  | ||||||
|  | 3. **Navigate to authentication**: Find and click on the **Authentication Providers** configuration section | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/auth-providers.png" alt="Palmr Authentication Providers" /> | ||||||
|  |  | ||||||
|  | ### Enabling Frontegg provider | ||||||
|  |  | ||||||
|  | Frontegg comes pre-configured as an official provider, so the setup process is streamlined. | ||||||
|  |  | ||||||
|  | 1. **Locate Frontegg provider**: Find Frontegg in the list of available providers | ||||||
|  |  | ||||||
|  | 2. **Enable the provider**: Toggle the status to **Enabled** | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/frontegg/enabled-frontegg.png" alt="Palmr Frontegg Provider Enabled" /> | ||||||
|  |  | ||||||
|  | After enabling the provider, click on the pen icon to configure the provider. | ||||||
|  |  | ||||||
|  | 3. **Configure credentials**: | ||||||
|  |    - **Provider URL**: Paste your Frontegg domain (e.g., `https://your-tenant.frontegg.com`) - It's the same **"Login URL"** you copied in the previous step. | ||||||
|  |    - **Client ID**: Paste the Client ID from Frontegg application - It's the same **"ID"** you copied in the previous step. | ||||||
|  |    - **Client Secret**: Paste the Client Secret from Frontegg application - It's the same **"API key"** you copied in the previous step. | ||||||
|  |    - **Scopes**: Add the scopes you want to use. The default scopes are `openid`, `profile`, and `email`. You don't need to change this, but you can if you want. | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/frontegg/edit-frontegg.png" | ||||||
|  |   alt="Edit Frontegg Provider" | ||||||
|  |   legend="This is a fake application, you have to use your own." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | ### Advanced configuration options | ||||||
|  |  | ||||||
|  | Configure additional settings to customize the authentication behavior: | ||||||
|  |  | ||||||
|  | **Auto Registration**: Enable this to automatically create user accounts when someone authenticates for the first time. | ||||||
|  |  | ||||||
|  | **Sort Order**: Control where the Frontegg login button appears relative to other authentication providers. | ||||||
|  |  | ||||||
|  | **Icon**: you can choose the icon you want to use for the Frontegg login button (default is `TbEggs`). | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/frontegg/frontegg-icon.png" alt="Frontegg Icon" /> | ||||||
|  |  | ||||||
|  | > **Developer tip:** Frontegg authentication works great for organizations requiring modern developer experience and enterprise-grade security features. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Account linking | ||||||
|  |  | ||||||
|  | By default, if a user is already registered in Palmr with their Frontegg email, they will be automatically linked to their Palmr account. | ||||||
|  |  | ||||||
|  | > **Note:** You can't disable account linking. If you want to unlink a user from their Frontegg account, you need to delete the user from Palmr. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Technical configuration | ||||||
|  |  | ||||||
|  | Frontegg's technical configuration is handled automatically, but understanding the setup can help with troubleshooting: | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | Provider Type: OAuth 2.0 with OIDC Discovery | ||||||
|  | Issuer URL: https://your-tenant.frontegg.com | ||||||
|  | Authorization Endpoint: /oauth/authorize | ||||||
|  | Token Endpoint: /oauth/token | ||||||
|  | UserInfo Endpoint: /oauth/userinfo | ||||||
|  | Scopes: openid profile email | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### Field mappings | ||||||
|  |  | ||||||
|  | Palmr automatically maps Frontegg user information to local user accounts: | ||||||
|  |  | ||||||
|  | - **User ID**: Maps from Frontegg's `sub` field | ||||||
|  | - **Email**: Maps from Frontegg's `email` field | ||||||
|  | - **Full Name**: Maps from Frontegg's `name` field | ||||||
|  | - **First Name**: Maps from Frontegg's `given_name` field | ||||||
|  | - **Last Name**: Maps from Frontegg's `family_name` field | ||||||
|  | - **Avatar**: Maps from Frontegg's `picture` field | ||||||
|  | - **Username**: Maps from Frontegg's `preferred_username` field | ||||||
|  |  | ||||||
|  | ### Frontegg-specific features | ||||||
|  |  | ||||||
|  | - **Custom Claims**: Can include custom user metadata and app metadata | ||||||
|  | - **Themes Support**: Can customize authentication UI with custom themes | ||||||
|  | - **Multi-factor Authentication**: Supports Frontegg's MFA features | ||||||
|  | - **Enterprise SSO**: Integrates with SAML, LDAP, and other enterprise systems | ||||||
|  | - **Modern APIs**: Clean REST APIs and comprehensive SDKs | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Testing the configuration | ||||||
|  |  | ||||||
|  | ### Verifying the setup | ||||||
|  |  | ||||||
|  | After configuring Frontegg authentication, test the integration to ensure everything works correctly. | ||||||
|  |  | ||||||
|  | 1. **Check login page**: Navigate to your Palmr login page and verify the "Sign in with Frontegg" button appears | ||||||
|  |  | ||||||
|  | 2. **Test authentication flow**: Click the Frontegg sign-in button and complete the authentication process | ||||||
|  |  | ||||||
|  | 3. **Verify user creation**: Confirm that a new user account is created (if auto-registration is enabled) | ||||||
|  |  | ||||||
|  | ### Login flow verification | ||||||
|  |  | ||||||
|  | The complete authentication process should work as follows: | ||||||
|  |  | ||||||
|  | 1. **User clicks "Sign in with Frontegg"**: The browser redirects to Frontegg's authorization page | ||||||
|  | 2. **User authenticates**: User completes authentication through Frontegg (login, MFA, etc.) | ||||||
|  | 3. **Frontegg redirects back to Palmr**: User returns to Palmr with authentication tokens | ||||||
|  | 4. **Palmr creates or updates user**: User account is automatically managed with Frontegg information | ||||||
|  | 5. **User accesses Palmr**: User is logged in with their Frontegg identity | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Troubleshooting common issues | ||||||
|  |  | ||||||
|  | ### Redirect URI mismatch error | ||||||
|  |  | ||||||
|  | **Error message**: `invalid_redirect_uri` | ||||||
|  |  | ||||||
|  | **Cause**: The redirect URI in your request doesn't match what's configured in Frontegg application. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Check the exact URL in the error message | ||||||
|  | 2. Add this exact URL to your Frontegg application's redirect URIs | ||||||
|  | 3. Ensure you include the correct protocol (http/https) and port | ||||||
|  | 4. Remove any trailing slashes unless they're in the callback URL | ||||||
|  |  | ||||||
|  | ### Access denied error | ||||||
|  |  | ||||||
|  | **Error message**: `access_denied` | ||||||
|  |  | ||||||
|  | **Cause**: User denied permissions or the application isn't properly configured. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Verify that your Frontegg application requests the correct scopes | ||||||
|  | 2. Check that users are granting permissions during the authorization flow | ||||||
|  | 3. Ensure your application is not restricted or disabled | ||||||
|  | 4. Verify the application has proper permissions set up | ||||||
|  |  | ||||||
|  | ### Invalid client error | ||||||
|  |  | ||||||
|  | **Error message**: `invalid_client` | ||||||
|  |  | ||||||
|  | **Cause**: Incorrect Client ID, Client Secret, or Domain. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Double-check that you've copied the credentials correctly from Frontegg | ||||||
|  | 2. Ensure there are no extra spaces or characters in the credentials | ||||||
|  | 3. Verify you're using the correct domain format (e.g., `your-tenant.frontegg.com`) | ||||||
|  | 4. Generate a new Client Secret if necessary | ||||||
|  |  | ||||||
|  | ### Domain configuration issues | ||||||
|  |  | ||||||
|  | **Error message**: Domain not found or invalid | ||||||
|  |  | ||||||
|  | **Cause**: Incorrect Frontegg domain or tenant configuration. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Verify your Frontegg domain is correct (e.g., `your-tenant.frontegg.com`) | ||||||
|  | 2. Check that your Frontegg tenant is active and not suspended | ||||||
|  | 3. Ensure you're using the correct region for your tenant | ||||||
|  | 4. Verify DNS resolution for your Frontegg domain | ||||||
|  |  | ||||||
|  | ### Custom claims not available | ||||||
|  |  | ||||||
|  | **Cause**: Custom claims not properly configured in Frontegg. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Check Frontegg custom claims configuration | ||||||
|  | 2. Verify that custom claims are included in the ID token | ||||||
|  | 3. Ensure the claims are properly formatted and accessible | ||||||
|  | 4. Test with a user that has the expected custom claims | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Security best practices | ||||||
|  |  | ||||||
|  | ### Credential management | ||||||
|  |  | ||||||
|  | - **Never expose secrets**: Keep your Client Secret secure and never commit it to version control | ||||||
|  | - **Rotate credentials regularly**: Generate new Client Secrets periodically for enhanced security | ||||||
|  | - **Use environment variables**: Store sensitive configuration in environment variables, not config files | ||||||
|  | - **Monitor access logs**: Regularly review authentication logs for suspicious activity | ||||||
|  |  | ||||||
|  | ### Scope and permission management | ||||||
|  |  | ||||||
|  | - **Minimal scopes**: Only request `openid`, `profile`, and `email` scopes as required by Palmr | ||||||
|  | - **User consent**: Ensure users understand what permissions they're granting | ||||||
|  | - **Regular audits**: Review which users have connected their Frontegg accounts | ||||||
|  | - **Access reviews**: Periodically check user access and remove inactive accounts | ||||||
|  |  | ||||||
|  | ### Production considerations | ||||||
|  |  | ||||||
|  | - **Use HTTPS**: Always use HTTPS in production environments | ||||||
|  | - **Configure proper domains**: Use production domains in Frontegg application settings | ||||||
|  | - **Test thoroughly**: Verify the complete authentication flow before going live | ||||||
|  | - **Plan for failures**: Have fallback authentication methods available | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Next steps | ||||||
|  |  | ||||||
|  | With Frontegg authentication configured, you might want to: | ||||||
|  |  | ||||||
|  | - **Configure additional providers**: Set up other OIDC providers for more authentication options | ||||||
|  | - **Customize user management**: Fine-tune auto-registration and admin assignment rules | ||||||
|  | - **Review security settings**: Ensure your authentication setup meets your security requirements | ||||||
|  | - **Monitor usage**: Keep track of authentication patterns and user activity | ||||||
|  |  | ||||||
|  | For more information about OIDC authentication in Palmr, see the [OIDC Authentication overview](/docs/3.2-beta/oidc-authentication). | ||||||
|  |  | ||||||
|  | ## Useful resources | ||||||
|  |  | ||||||
|  | - [Frontegg Documentation](https://docs.frontegg.com) | ||||||
|  | - [Frontegg OAuth 2.0 Guide](https://docs.frontegg.com/oauth2) | ||||||
|  | - [Frontegg OpenID Connect](https://docs.frontegg.com/openid-connect) | ||||||
|  | - [Frontegg Admin Portal](https://admin.frontegg.com) | ||||||
							
								
								
									
										305
									
								
								apps/docs/content/docs/3.2-beta/oidc-authentication/github.mdx
									
									
									
									
									
										Normal file
									
								
							
							
						
						| @@ -0,0 +1,305 @@ | |||||||
|  | --- | ||||||
|  | title: GitHub | ||||||
|  | icon: Github | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | import { ZoomableImage } from "@/components/ui/zoomable-image"; | ||||||
|  |  | ||||||
|  | GitHub is one of Palmr's officially supported OIDC providers, offering secure authentication through GitHub OAuth 2.0. This integration allows users to sign in to Palmr using their existing GitHub accounts, making it perfect for developer teams, open-source projects, and organizations already using GitHub for version control and collaboration. | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/github/sign-in-with-github.png" alt="Sign in with GitHub" /> | ||||||
|  |  | ||||||
|  | ## Why use GitHub authentication? | ||||||
|  |  | ||||||
|  | GitHub authentication provides several advantages for developer-focused organizations and teams: | ||||||
|  |  | ||||||
|  | - **Developer-friendly** - Perfect for teams already using GitHub for development | ||||||
|  | - **Open-source integration** - Ideal for open-source projects and communities | ||||||
|  | - **Rich developer profiles** - Access to GitHub usernames, avatars, and organization memberships | ||||||
|  | - **Repository access** - Can leverage GitHub's permission system for additional features | ||||||
|  | - **No additional accounts** - Developers can access Palmr with their existing GitHub credentials | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Prerequisites | ||||||
|  |  | ||||||
|  | Before configuring GitHub authentication, ensure you have: | ||||||
|  |  | ||||||
|  | - **GitHub account** - Ability to create OAuth Apps on GitHub | ||||||
|  | - **Admin privileges in Palmr** - Required to configure OIDC settings | ||||||
|  |  | ||||||
|  | > **Note:** GitHub is pre-configured as an official provider in Palmr, which means the technical configuration is handled automatically. You only need to provide your OAuth credentials. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Setting up GitHub OAuth App | ||||||
|  |  | ||||||
|  | ### Creating a GitHub OAuth App | ||||||
|  |  | ||||||
|  | To get started with GitHub authentication, you'll need to create an OAuth App in your GitHub Developer Settings. | ||||||
|  |  | ||||||
|  | 1. **Navigate to GitHub Developer Settings**: Go to [github.com/settings/developers](https://github.com/settings/developers) | ||||||
|  |  | ||||||
|  | 2. **Create new OAuth App**: Click **"New OAuth App"** button | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/github/developer-settings.png" alt="GitHub Developer Settings" /> | ||||||
|  |  | ||||||
|  | 3. **Enter application details**: | ||||||
|  |    - **Application name**: Enter a descriptive name like "Palmr File Sharing" | ||||||
|  |    - **Homepage URL**: Enter your Palmr instance URL (e.g., `https://yourdomain.com`) | ||||||
|  |    - **Application description**: Add a clear description of your Palmr instance | ||||||
|  |    - **Authorization callback URL**: Enter your callback URL (see below) | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/github/oauth-app-details.png" | ||||||
|  |   alt="GitHub OAuth App Details" | ||||||
|  |   legend="This is a fake application, you have to use your own." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | **Set up callback URLs**: In the **"Authorization callback URL"** field, add your Palmr callback URL: | ||||||
|  |  | ||||||
|  | You'll need to configure several URLs in your GitHub OAuth App settings. Here's what to add for each environment: | ||||||
|  |  | ||||||
|  | ### Authorization Callback URLs | ||||||
|  |  | ||||||
|  | | Environment | URL                                                              | | ||||||
|  | | ----------- | ---------------------------------------------------------------- | | ||||||
|  | | Production  | `https://yourdomain.com/api/auth/providers/github/callback`      | | ||||||
|  | | Development | `http://localhost:3000/api/auth/providers/github/callback`       | | ||||||
|  | | Custom Port | `https://yourdomain.com:5487/api/auth/providers/github/callback` | | ||||||
|  |  | ||||||
|  | > **Note:** Replace `yourdomain.com` with your actual domain name in all production and custom port URLs. | ||||||
|  | > **Note:** You can add multiple callback URLs for different environments (development, staging, production). | ||||||
|  |  | ||||||
|  | 4. **Create application**: Click **"Register application"** to generate your OAuth App | ||||||
|  |  | ||||||
|  | ### Getting OAuth credentials | ||||||
|  |  | ||||||
|  | Now you'll get the credentials that Palmr will use to authenticate with GitHub. | ||||||
|  |  | ||||||
|  | 1. **Copy Client ID**: The Client ID is displayed on your OAuth App page | ||||||
|  |  | ||||||
|  | 2. **Generate Client Secret**: Click **"Generate a new client secret"** to create a new secret | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/github/oauth-credentials.png" | ||||||
|  |   alt="GitHub OAuth Credentials" | ||||||
|  |   legend="The client ID and client secret shown in the image are examples only (fake credentials). You must use your own credentials from GitHub." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | 3. **Save credentials**: Copy both the **Client ID** and **Client Secret** for later use | ||||||
|  |  | ||||||
|  | > **Important:** Replace `yourdomain.com` with your actual domain. You can add multiple callback URLs for different environments (development, staging, production) by creating separate OAuth Apps. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Configuring Palmr | ||||||
|  |  | ||||||
|  | ### Accessing OIDC settings | ||||||
|  |  | ||||||
|  | To configure GitHub authentication in Palmr, you need administrator access to the settings panel. | ||||||
|  |  | ||||||
|  | 1. **Login as administrator**: Sign in to Palmr with an admin account | ||||||
|  |  | ||||||
|  | 2. **Access settings**: Click your profile picture in the header and select **Settings** | ||||||
|  |  | ||||||
|  | 3. **Navigate to authentication**: Find and click on the **Authentication Providers** configuration section | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/auth-providers.png" alt="Palmr Authentication Providers" /> | ||||||
|  |  | ||||||
|  | ### Enabling GitHub provider | ||||||
|  |  | ||||||
|  | GitHub comes pre-configured as an official provider, so the setup process is streamlined. | ||||||
|  |  | ||||||
|  | 1. **Locate GitHub provider**: Find GitHub in the list of available providers | ||||||
|  |  | ||||||
|  | 2. **Enable the provider**: Toggle the status to **Enabled** | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/github/enabled-github.png" alt="Palmr GitHub Provider Enabled" /> | ||||||
|  |  | ||||||
|  | After enabling the provider, click on the pen icon to configure the provider. | ||||||
|  |  | ||||||
|  | 3. **Configure credentials**: | ||||||
|  |    - **Client ID**: Paste the Client ID from GitHub OAuth App | ||||||
|  |    - **Client Secret**: Paste the Client Secret from GitHub OAuth App | ||||||
|  |    - **Scopes**: Add the scopes you want to use. The default scopes are `user:email`. | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/github/edit-github.png" | ||||||
|  |   alt="Edit GitHub Provider" | ||||||
|  |   legend="This is a fake application, you have to use your own." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | ### Advanced configuration options | ||||||
|  |  | ||||||
|  | Configure additional settings to customize the authentication behavior: | ||||||
|  |  | ||||||
|  | **Auto Registration**: Enable this to automatically create user accounts when someone authenticates for the first time. | ||||||
|  |  | ||||||
|  | **Admin Email Domains**: Specify domains that should automatically receive admin privileges. For example, entering `yourcompany.com` will grant admin access to anyone with an email from that domain. | ||||||
|  |  | ||||||
|  | **Sort Order**: Control where the GitHub login button appears relative to other authentication providers. | ||||||
|  |  | ||||||
|  | **Icon**: you can choose the icon you want to use for the GitHub login button (default is `SiGithub`). | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/github/github-icon.png" alt="GitHub Icon" /> | ||||||
|  |  | ||||||
|  | > **Developer tip:** GitHub authentication works great for development teams and open-source projects. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Account linking | ||||||
|  |  | ||||||
|  | By default, if a user is already registered in Palmr with their GitHub email, they will be automatically linked to their Palmr account. | ||||||
|  |  | ||||||
|  | > **Note:** You can't disable account linking. If you want to unlink a user from their GitHub account, you need to delete the user from Palmr. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Technical configuration | ||||||
|  |  | ||||||
|  | GitHub's technical configuration is handled automatically, but understanding the setup can help with troubleshooting: | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | Provider Type: OAuth 2.0 with OIDC Discovery | ||||||
|  | Issuer URL: https://github.com | ||||||
|  | Authorization Endpoint: /login/oauth/authorize | ||||||
|  | Token Endpoint: /login/oauth/access_token | ||||||
|  | UserInfo Endpoint: https://api.github.com/user | ||||||
|  | Scopes: user:email | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### Field mappings | ||||||
|  |  | ||||||
|  | Palmr automatically maps GitHub user information to local user accounts: | ||||||
|  |  | ||||||
|  | - **User ID**: Maps from GitHub's `id` field | ||||||
|  | - **Email**: Maps from GitHub's `email` field (from user:email scope) | ||||||
|  | - **Full Name**: Maps from GitHub's `name` field | ||||||
|  | - **Username**: Maps from GitHub's `login` field | ||||||
|  | - **Avatar**: Maps from GitHub's `avatar_url` field | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Testing the configuration | ||||||
|  |  | ||||||
|  | ### Verifying the setup | ||||||
|  |  | ||||||
|  | After configuring GitHub authentication, test the integration to ensure everything works correctly. | ||||||
|  |  | ||||||
|  | 1. **Check login page**: Navigate to your Palmr login page and verify the "Sign in with GitHub" button appears | ||||||
|  |  | ||||||
|  | 2. **Test authentication flow**: Click the GitHub sign-in button and complete the authentication process | ||||||
|  |  | ||||||
|  | 3. **Verify user creation**: Confirm that a new user account is created (if auto-registration is enabled) | ||||||
|  |  | ||||||
|  | ### Login flow verification | ||||||
|  |  | ||||||
|  | The complete authentication process should work as follows: | ||||||
|  |  | ||||||
|  | 1. **User clicks "Sign in with GitHub"**: The browser redirects to GitHub's authorization page | ||||||
|  | 2. **User authorizes application**: User grants permissions for the requested scopes | ||||||
|  | 3. **GitHub redirects back to Palmr**: User returns to Palmr with authentication tokens | ||||||
|  | 4. **Palmr creates or updates user**: User account is automatically managed with GitHub information | ||||||
|  | 5. **User accesses Palmr**: User is logged in with their GitHub identity | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Troubleshooting common issues | ||||||
|  |  | ||||||
|  | ### Redirect URI mismatch error | ||||||
|  |  | ||||||
|  | **Error message**: `The redirect_uri MUST match the registered callback URL for this application` | ||||||
|  |  | ||||||
|  | **Cause**: The redirect URI in your request doesn't match what's configured in GitHub OAuth App. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Check the exact URL in the error message | ||||||
|  | 2. Add this exact URL to your GitHub OAuth App's callback URL | ||||||
|  | 3. Ensure you include the correct protocol (http/https) and port | ||||||
|  | 4. Remove any trailing slashes unless they're in the callback URL | ||||||
|  |  | ||||||
|  | ### Access denied error | ||||||
|  |  | ||||||
|  | **Error message**: `access_denied` | ||||||
|  |  | ||||||
|  | **Cause**: User denied permissions or the OAuth App isn't properly configured. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Verify that your GitHub OAuth App requests the correct scopes | ||||||
|  | 2. Check that users are granting permissions during the authorization flow | ||||||
|  | 3. Ensure your OAuth App is not restricted or disabled | ||||||
|  | 4. Verify the application has proper permissions set up | ||||||
|  |  | ||||||
|  | ### Invalid client error | ||||||
|  |  | ||||||
|  | **Error message**: `invalid_client` | ||||||
|  |  | ||||||
|  | **Cause**: Incorrect Client ID or Client Secret. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Double-check that you've copied the credentials correctly from GitHub | ||||||
|  | 2. Ensure there are no extra spaces or characters in the credentials | ||||||
|  | 3. Generate a new Client Secret if necessary | ||||||
|  | 4. Verify you're using the correct OAuth App in GitHub | ||||||
|  |  | ||||||
|  | ### Email not available error | ||||||
|  |  | ||||||
|  | **Error message**: Email not provided or scope missing | ||||||
|  |  | ||||||
|  | **Cause**: GitHub OAuth App not configured with `user:email` scope or user's email is private. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Verify that your GitHub OAuth App requests the `user:email` scope | ||||||
|  | 2. Check that users have public email addresses or have granted email access | ||||||
|  | 3. Ensure the scope configuration matches what Palmr expects | ||||||
|  | 4. Test with a GitHub account that has a public email address | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Security best practices | ||||||
|  |  | ||||||
|  | ### Credential management | ||||||
|  |  | ||||||
|  | - **Never expose secrets**: Keep your Client Secret secure and never commit it to version control | ||||||
|  | - **Rotate credentials regularly**: Generate new Client Secrets periodically for enhanced security | ||||||
|  | - **Use environment variables**: Store sensitive configuration in environment variables, not config files | ||||||
|  | - **Monitor access logs**: Regularly review authentication logs for suspicious activity | ||||||
|  |  | ||||||
|  | ### Scope and permission management | ||||||
|  |  | ||||||
|  | - **Minimal scopes**: Only request `user:email` scopes as required by Palmr | ||||||
|  | - **User consent**: Ensure users understand what permissions they're granting | ||||||
|  | - **Regular audits**: Review which users have connected their GitHub accounts | ||||||
|  | - **Access reviews**: Periodically check user access and remove inactive accounts | ||||||
|  |  | ||||||
|  | ### Production considerations | ||||||
|  |  | ||||||
|  | - **Use HTTPS**: Always use HTTPS in production environments | ||||||
|  | - **Configure proper domains**: Use production domains in GitHub OAuth App | ||||||
|  | - **Test thoroughly**: Verify the complete authentication flow before going live | ||||||
|  | - **Plan for failures**: Have fallback authentication methods available | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Next steps | ||||||
|  |  | ||||||
|  | With GitHub authentication configured, you might want to: | ||||||
|  |  | ||||||
|  | - **Configure additional providers**: Set up other OIDC providers for more authentication options | ||||||
|  | - **Customize user management**: Fine-tune auto-registration and admin assignment rules | ||||||
|  | - **Review security settings**: Ensure your authentication setup meets your security requirements | ||||||
|  | - **Monitor usage**: Keep track of authentication patterns and user activity | ||||||
|  |  | ||||||
|  | For more information about OIDC authentication in Palmr, see the [OIDC Authentication overview](/docs/3.2-beta/oidc-authentication). | ||||||
|  |  | ||||||
|  | ## Useful resources | ||||||
|  |  | ||||||
|  | - [GitHub OAuth Apps Documentation](https://docs.github.com/en/apps/oauth-apps) | ||||||
|  | - [GitHub OAuth Scopes](https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps) | ||||||
|  | - [GitHub Developer Settings](https://github.com/settings/developers) | ||||||
|  | - [GitHub API Documentation](https://docs.github.com/en/rest) | ||||||
							
								
								
									
										335
									
								
								apps/docs/content/docs/3.2-beta/oidc-authentication/google.mdx
									
									
									
									
									
										Normal file
									
								
							
							
						
						| @@ -0,0 +1,335 @@ | |||||||
|  | --- | ||||||
|  | title: Google | ||||||
|  | icon: Chrome | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | import { ZoomableImage } from "@/components/ui/zoomable-image"; | ||||||
|  |  | ||||||
|  | Google is one of Palmr's officially supported OIDC providers, offering secure and reliable authentication through Google OAuth 2.0. This integration allows users to sign in to Palmr using their existing Google accounts, providing a seamless single sign-on experience. | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/google/sign-in-with-google.png" alt="Sign in with Google" /> | ||||||
|  |  | ||||||
|  | ## Why use Google authentication? | ||||||
|  |  | ||||||
|  | Google authentication provides several advantages for both administrators and users: | ||||||
|  |  | ||||||
|  | - **Seamless login experience** - Users can access Palmr with their existing Google accounts | ||||||
|  | - **Enhanced security** - Leverage Google's robust security infrastructure and two-factor authentication | ||||||
|  | - **Reduced password fatigue** - No need to create and remember additional passwords | ||||||
|  | - **Enterprise integration** - Perfect for organizations already using Google Workspace | ||||||
|  | - **Automatic user provisioning** - New users are created automatically upon first login | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Prerequisites | ||||||
|  |  | ||||||
|  | Before configuring Google authentication, ensure you have: | ||||||
|  |  | ||||||
|  | - **Google Cloud Console access** - Ability to create and manage projects | ||||||
|  | - **Admin privileges in Palmr** - Required to configure OIDC settings | ||||||
|  | - **Domain ownership** - For production deployments with custom domains | ||||||
|  |  | ||||||
|  | > **Note:** Google is pre-configured as an official provider in Palmr, which means the technical configuration is handled automatically. You only need to provide your OAuth credentials. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Setting up Google Cloud Console | ||||||
|  |  | ||||||
|  | ### Creating a Google Cloud project | ||||||
|  |  | ||||||
|  | To get started with Google authentication, you'll need to set up a project in Google Cloud Console. | ||||||
|  |  | ||||||
|  | 1. **Navigate to Google Cloud Console**: Go to [console.cloud.google.com](https://console.cloud.google.com/) | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/google/cloud-console-home.png" alt="Google Cloud Console Home" /> | ||||||
|  |  | ||||||
|  | 2. **Create or select a project**: Choose an existing project or create a new one for your Palmr installation | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/google/select-project-modal.png" alt="Google Cloud Console Select Project Modal" /> | ||||||
|  |  | ||||||
|  | 3. **Enable the project**: Ensure the project is active and selected | ||||||
|  |  | ||||||
|  | ### Configuring OAuth consent screen | ||||||
|  |  | ||||||
|  | The OAuth consent screen is what users see when they authenticate with Google. | ||||||
|  |  | ||||||
|  | 1. **Access OAuth consent screen**: Navigate to **APIs & Services** > **OAuth consent screen** | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/google/oauth-consent-dropdown.png" | ||||||
|  |   alt="Google Cloud Console OAuth Consent Dropdown" | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | 2. **Choose user type**: | ||||||
|  |    - **Internal** - For Google Workspace organizations (users within your domain only) | ||||||
|  |    - **External** - For public use (any Google user can authenticate) | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/google/user-type-select.png" alt="Google Cloud Console User Type Select" /> | ||||||
|  |  | ||||||
|  | 3. **Fill required information**: | ||||||
|  |    - **Application name**: Enter a descriptive name like "Palmr File Sharing" | ||||||
|  |    - **User support email**: Provide a valid support email address | ||||||
|  |    - **Developer contact information**: Add your contact email for Google communications | ||||||
|  |  | ||||||
|  | > **Tip:** For business use, choose "Internal" if you have Google Workspace. This restricts access to your organization's users and simplifies the approval process. | ||||||
|  |  | ||||||
|  | ### Creating OAuth 2.0 credentials | ||||||
|  |  | ||||||
|  | Now you'll create the actual credentials that Palmr will use to authenticate with Google. | ||||||
|  |  | ||||||
|  | 1. **Navigate to Credentials**: Go to **APIs & Services** > **Credentials** | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/google/credentials-select.png" alt="Google Cloud Console Credentials select" /> | ||||||
|  |  | ||||||
|  | 2. **Create OAuth client**: Click **+ CREATE CREDENTIALS** > **OAuth client ID** | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/google/create-oauth-client-id.png" | ||||||
|  |   alt="Google Cloud Console Create OAuth Client ID" | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | 3. **Select application type**: Choose **Web application** | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/google/web-app-select.png" alt="Google Cloud Console Web App Select" /> | ||||||
|  |  | ||||||
|  | 4. **Configure authorized URIs and authorized redirect URIs**: | ||||||
|  |  | ||||||
|  | You'll need to configure several URLs in your Google Cloud Console credentials. Here's what to add for each environment: | ||||||
|  |  | ||||||
|  | ### Authorized URIs | ||||||
|  |  | ||||||
|  | | Environment | URL                           | | ||||||
|  | | ----------- | ----------------------------- | | ||||||
|  | | Production  | `https://yourdomain.com`      | | ||||||
|  | | Development | `http://localhost:3000`       | | ||||||
|  | | Custom Port | `https://yourdomain.com:5487` | | ||||||
|  |  | ||||||
|  | ### Authorized Redirect URIs | ||||||
|  |  | ||||||
|  | | Environment | URL                                                              | | ||||||
|  | | ----------- | ---------------------------------------------------------------- | | ||||||
|  | | Production  | `https://yourdomain.com/api/auth/providers/google/callback`      | | ||||||
|  | | Development | `http://localhost:3000/api/auth/providers/google/callback`       | | ||||||
|  | | Custom Port | `https://yourdomain.com:5487/api/auth/providers/google/callback` | | ||||||
|  |  | ||||||
|  | > **Note:** Replace `yourdomain.com` with your actual domain name in all production and custom port URLs. | ||||||
|  | > **Note:** You can add multiple redirect URIs for different environments (development, staging, production). | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/google/allowed-urls.png" alt="Google Cloud Console Allowed URLs" /> | ||||||
|  |  | ||||||
|  | 5. **Create and save credentials**: Click **Create** and copy both the **Client ID** and **Client Secret** | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/google/oauth-client-created.png" | ||||||
|  |   alt="Google Cloud Console Client ID and Client Secret" | ||||||
|  |   legend="The client ID and client secret shown in the image are examples only (fake credentials). You must use your own credentials from Google Cloud Console." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | > **Important:** Replace `yourdomain.com` with your actual domain. You can add multiple URIs for different environments (development, staging, production). | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Configuring Palmr | ||||||
|  |  | ||||||
|  | ### Accessing OIDC settings | ||||||
|  |  | ||||||
|  | To configure Google authentication in Palmr, you need administrator access to the settings panel. | ||||||
|  |  | ||||||
|  | 1. **Login as administrator**: Sign in to Palmr with an admin account | ||||||
|  |  | ||||||
|  | 2. **Access settings**: Click your profile picture in the header and select **Settings** | ||||||
|  |  | ||||||
|  | 3. **Navigate to authentication**: Find and click on the **Authentication Providers** configuration section | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/auth-providers.png" alt="Palmr Authentication Providers" /> | ||||||
|  |  | ||||||
|  | ### Enabling Google provider | ||||||
|  |  | ||||||
|  | Google comes pre-configured as an official provider, so the setup process is streamlined. | ||||||
|  |  | ||||||
|  | 1. **Locate Google provider**: Find Google in the list of available providers | ||||||
|  |  | ||||||
|  | 2. **Enable the provider**: Toggle the status to **Enabled** | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/google/palmr-enabled-google.png" alt="Palmr Authentication Providers" /> | ||||||
|  |  | ||||||
|  | After enabling the provider, click on the pen icon to configure the provider. | ||||||
|  |  | ||||||
|  | 3. **Configure credentials**: | ||||||
|  |    - **Client ID**: Paste the Client ID from Google Cloud Console | ||||||
|  |    - **Client Secret**: Paste the Client Secret from Google Cloud Console | ||||||
|  |    - **Scopes**: Add the scopes you want to use. The default scopes are `openid`, `profile`, and `email`. | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/google/edit-google.png" alt="Edit Google Provider" /> | ||||||
|  |  | ||||||
|  | ### Advanced configuration options | ||||||
|  |  | ||||||
|  | Configure additional settings to customize the authentication behavior: | ||||||
|  |  | ||||||
|  | **Auto Registration**: Enable this to automatically create user accounts when someone authenticates for the first time. | ||||||
|  |  | ||||||
|  | **Admin Email Domains**: Specify domains that should automatically receive admin privileges. For example, entering `yourcompany.com` will grant admin access to anyone with an email from that domain. | ||||||
|  |  | ||||||
|  | **Sort Order**: Control where the Google login button appears relative to other authentication providers. | ||||||
|  |  | ||||||
|  | **Icon**: you can choose the icon you want to use for the Google login button (default is `FcGoogle`). | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/google/google-icon.png" alt="Google Icon" /> | ||||||
|  |  | ||||||
|  | > **Security consideration:** Be cautious with auto-registration and admin domains. Only enable these if you trust the user base or have domain restrictions in place. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Account linking | ||||||
|  |  | ||||||
|  | By default, if a user is already registered in Palmr with their Google email, they will be automatically linked to their Palmr account. | ||||||
|  |  | ||||||
|  | > **Note:** You can't disable account linking. If you want to unlink a user from their Google account, you need to delete the user from Palmr. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Technical configuration | ||||||
|  |  | ||||||
|  | Google's technical configuration is handled automatically, but understanding the setup can help with troubleshooting: | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | Provider Type: OAuth 2.0 with OIDC Discovery | ||||||
|  | Issuer URL: https://accounts.google.com | ||||||
|  | Authorization Endpoint: /o/oauth2/v2/auth | ||||||
|  | Token Endpoint: /o/oauth2/token | ||||||
|  | UserInfo Endpoint: https://www.googleapis.com/oauth2/v3/userinfo | ||||||
|  | Scopes: openid profile email | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### Field mappings | ||||||
|  |  | ||||||
|  | Palmr automatically maps Google user information to local user accounts: | ||||||
|  |  | ||||||
|  | - **User ID**: Maps from Google's `sub` field | ||||||
|  | - **Email**: Maps from Google's `email` field | ||||||
|  | - **Full Name**: Maps from Google's `name` field | ||||||
|  | - **First Name**: Maps from Google's `given_name` field | ||||||
|  | - **Last Name**: Maps from Google's `family_name` field | ||||||
|  | - **Avatar**: Maps from Google's `picture` field | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Testing the configuration | ||||||
|  |  | ||||||
|  | ### Verifying the setup | ||||||
|  |  | ||||||
|  | After configuring Google authentication, test the integration to ensure everything works correctly. | ||||||
|  |  | ||||||
|  | 1. **Check login page**: Navigate to your Palmr login page and verify the "Sign in with Google" button appears | ||||||
|  |  | ||||||
|  | 2. **Test authentication flow**: Click the Google sign-in button and complete the authentication process | ||||||
|  |  | ||||||
|  | 3. **Verify user creation**: Confirm that a new user account is created (if auto-registration is enabled) | ||||||
|  |  | ||||||
|  | ### Login flow verification | ||||||
|  |  | ||||||
|  | The complete authentication process should work as follows: | ||||||
|  |  | ||||||
|  | 1. **User clicks "Sign in with Google"**: The browser redirects to Google's authentication page | ||||||
|  | 2. **User authenticates with Google**: User enters their Google credentials or confirms existing session | ||||||
|  | 3. **Google redirects back to Palmr**: User returns to Palmr with authentication tokens | ||||||
|  | 4. **Palmr creates or updates user**: User account is automatically managed based on your configuration | ||||||
|  | 5. **User accesses Palmr**: User is logged in and can use all features according to their permissions | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Troubleshooting common issues | ||||||
|  |  | ||||||
|  | ### Redirect URI mismatch error | ||||||
|  |  | ||||||
|  | **Error message**: `Error 400: redirect_uri_mismatch` | ||||||
|  |  | ||||||
|  | **Cause**: The redirect URI in your request doesn't match what's configured in Google Cloud Console. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Check the exact URL in the error message | ||||||
|  | 2. Add this exact URL to your Google Cloud Console credentials | ||||||
|  | 3. Ensure you include the correct protocol (http/https) and port | ||||||
|  | 4. Remove any trailing slashes unless they're in the error message | ||||||
|  |  | ||||||
|  | ### Access denied error | ||||||
|  |  | ||||||
|  | **Error message**: `Error 403: access_denied` | ||||||
|  |  | ||||||
|  | **Cause**: User denied permissions or the OAuth consent screen isn't properly configured. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Verify the OAuth consent screen is published (for External user type) | ||||||
|  | 2. Check that required scopes are correctly configured | ||||||
|  | 3. For Internal applications, ensure the user belongs to your Google Workspace organization | ||||||
|  | 4. Review and simplify the permissions you're requesting | ||||||
|  |  | ||||||
|  | ### Invalid client error | ||||||
|  |  | ||||||
|  | **Error message**: `Error 401: invalid_client` | ||||||
|  |  | ||||||
|  | **Cause**: Incorrect Client ID or Client Secret. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Double-check that you've copied the credentials correctly from Google Cloud Console | ||||||
|  | 2. Ensure there are no extra spaces or characters in the credentials | ||||||
|  | 3. Regenerate credentials if necessary | ||||||
|  | 4. Verify you're using the correct project in Google Cloud Console | ||||||
|  |  | ||||||
|  | ### Discovery endpoint issues | ||||||
|  |  | ||||||
|  | **Cause**: Network connectivity problems or DNS resolution issues. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Check server firewall and network connectivity | ||||||
|  | 2. Verify DNS resolution from your server | ||||||
|  | 3. Consider proxy or CDN configurations that might block the request | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Security best practices | ||||||
|  |  | ||||||
|  | ### Credential management | ||||||
|  |  | ||||||
|  | - **Never expose secrets**: Keep your Client Secret secure and never commit it to version control | ||||||
|  | - **Rotate credentials regularly**: Generate new credentials periodically for enhanced security | ||||||
|  | - **Use environment variables**: Store sensitive configuration in environment variables, not config files | ||||||
|  | - **Monitor access logs**: Regularly review authentication logs for suspicious activity | ||||||
|  |  | ||||||
|  | ### Domain and user restrictions | ||||||
|  |  | ||||||
|  | - **Limit admin domains**: Only add trusted domains to the admin list | ||||||
|  | - **Review auto-registration**: Consider disabling auto-registration if you need manual user approval | ||||||
|  | - **Use Internal OAuth**: For organizations with Google Workspace, use Internal OAuth consent screen | ||||||
|  | - **Regular access reviews**: Periodically review user access and remove inactive accounts | ||||||
|  |  | ||||||
|  | ### Production considerations | ||||||
|  |  | ||||||
|  | - **Use HTTPS**: Always use HTTPS in production environments | ||||||
|  | - **Configure proper domains**: Use production domains in Google Cloud Console | ||||||
|  | - **Test thoroughly**: Verify the complete authentication flow before going live | ||||||
|  | - **Plan for failures**: Have fallback authentication methods available | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Next steps | ||||||
|  |  | ||||||
|  | With Google authentication configured, you might want to: | ||||||
|  |  | ||||||
|  | - **Configure additional providers**: Set up other OIDC providers for more authentication options | ||||||
|  | - **Customize user management**: Fine-tune auto-registration and admin assignment rules | ||||||
|  | - **Review security settings**: Ensure your authentication setup meets your security requirements | ||||||
|  | - **Monitor usage**: Keep track of authentication patterns and user activity | ||||||
|  |  | ||||||
|  | For more information about OIDC authentication in Palmr, see the [OIDC Authentication overview](/docs/3.2-beta/oidc-authentication). | ||||||
|  |  | ||||||
|  | ## Useful resources | ||||||
|  |  | ||||||
|  | - [Google Identity Platform Documentation](https://developers.google.com/identity) | ||||||
|  | - [OAuth 2.0 for Web Server Applications](https://developers.google.com/identity/protocols/oauth2/web-server) | ||||||
|  | - [OpenID Connect](https://developers.google.com/identity/protocols/oauth2/openid-connect) | ||||||
|  | - [Google Cloud Console](https://console.cloud.google.com/apis/credentials) | ||||||
| @@ -0,0 +1,86 @@ | |||||||
|  | --- | ||||||
|  | title: Introduction | ||||||
|  | icon: IdCard | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | import { ZoomableImage } from "@/components/ui/zoomable-image"; | ||||||
|  |  | ||||||
|  | Palmr supports OpenID Connect (OIDC) authentication, allowing users to sign in using external identity providers such as Google, Zitadel, Auth0, and other OIDC-compliant services. This feature provides seamless single sign-on (SSO) capabilities and centralized user management. | ||||||
|  |  | ||||||
|  | OIDC authentication in Palmr is built using the industry-standard OpenID Connect protocol. The implementation supports automatic user provisioning, and flexible configuration options. | ||||||
|  |  | ||||||
|  | ## Why use OIDC authentication? | ||||||
|  |  | ||||||
|  | OIDC authentication provides several advantages for organizations and users: | ||||||
|  |  | ||||||
|  | **Centralized Authentication**: Users can authenticate using their existing organizational credentials without creating separate accounts for Palmr. | ||||||
|  |  | ||||||
|  | **Enhanced Security**: OIDC provides robust security features including token-based authentication, PKCE flow, and standardized protocols. | ||||||
|  |  | ||||||
|  | **Single Sign-On**: Users can access Palmr. seamlessly if they're already authenticated with their identity provider. | ||||||
|  |  | ||||||
|  | **User Management**: Administrators can manage user access centrally through their existing identity provider. | ||||||
|  |  | ||||||
|  | **Compliance**: OIDC helps meet organizational security and compliance requirements by leveraging existing identity infrastructure. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Prerequisites | ||||||
|  |  | ||||||
|  | Before configuring OIDC authentication, ensure you have: | ||||||
|  |  | ||||||
|  | - **Administrative Access**: ADMIN privileges in Palmr. to configure OIDC settings | ||||||
|  | - **Identity Provider**: An OIDC-compliant identity provider (Google, Zitadel, Auth0, etc.) | ||||||
|  | - **Application Registration**: Your Palmr. application registered with your identity provider | ||||||
|  | - **OIDC Credentials**: Client ID, Client Secret, and Issuer URL from your identity provider | ||||||
|  |  | ||||||
|  | ### Supported identity providers | ||||||
|  |  | ||||||
|  | Palmr's OIDC implementation is compatible with any OpenID Connect compliant provider, including as official providers: | ||||||
|  |  | ||||||
|  | - **[Google](/docs/3.2-beta/oidc-authentication/google)** | ||||||
|  | - **[Discord](/docs/3.2-beta/oidc-authentication/discord)** | ||||||
|  | - **[Github](/docs/3.2-beta/oidc-authentication/github)** | ||||||
|  | - **[Zitadel](/docs/3.2-beta/oidc-authentication/zitadel)** | ||||||
|  | - **[Auth0](/docs/3.2-beta/oidc-authentication/auth0)** | ||||||
|  | - **[Authentik](/docs/3.2-beta/oidc-authentication/authentik)** | ||||||
|  | - **[Frontegg](/docs/3.2-beta/oidc-authentication/frontegg)** | ||||||
|  | - **[Kinde Auth](/docs/3.2-beta/oidc-authentication/kinde-auth)** | ||||||
|  |  | ||||||
|  | Although these are the official providers (internally tested with 100% success), you can connect any OIDC provider by providing your credentials and connection URL. We've developed a practical way to integrate virtually all OIDC providers available in the market. In this documentation, you can consult how to configure each of the official providers, as well as include other providers not listed as official. Just below, you will find instructions on how to access the OIDC provider configuration. For specific details about configuring each provider, select the desired option in the sidebar, in the "OIDC Authentication" section. | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/all-providers.png" | ||||||
|  |   alt="All OIDC Providers" | ||||||
|  |   legend="You can use how many providers you want, but we recommend using at least 2 providers to ensure the best user experience." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Configuring OIDC settings | ||||||
|  |  | ||||||
|  | OIDC configuration is managed through Palmr's administrative settings panel, accessible only to users with ADMIN privileges. | ||||||
|  |  | ||||||
|  | ### Accessing OIDC configuration | ||||||
|  |  | ||||||
|  | To configure OIDC authentication: | ||||||
|  |  | ||||||
|  | 1. **Access Settings**: Click on your profile picture in the header and select **Settings** | ||||||
|  | 2. **Navigate to Authentication**: Find the **Authentication Providers** configuration section | ||||||
|  | 3. **Enable OIDC**: Toggle the OIDC authentication option to enable it | ||||||
|  |  | ||||||
|  | > **Note:** Consult the documentation of each provider to configure it. | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/auth-providers.png" | ||||||
|  |   alt="OIDC Settings" | ||||||
|  |   legend="Consult the documentation of each provider to configure it." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Next steps | ||||||
|  |  | ||||||
|  | Select one of the cards below to continue configuring your authentication provider. | ||||||
|  |  | ||||||
|  | <OIDCProviderCards /> | ||||||
| @@ -0,0 +1,369 @@ | |||||||
|  | --- | ||||||
|  | title: Kinde Auth | ||||||
|  | icon: Users | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | import { ZoomableImage } from "@/components/ui/zoomable-image"; | ||||||
|  |  | ||||||
|  | Kinde Auth is one of Palmr's officially supported OIDC providers, offering modern authentication through Kinde's developer-friendly identity platform. This integration allows users to sign in to Palmr using Kinde's comprehensive authentication system, making it perfect for developers, startups, and organizations that need a modern, scalable authentication solution with excellent developer experience. | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/kinde/sign-in-with-kinde.png" alt="Sign in with Kinde" /> | ||||||
|  |  | ||||||
|  | ## Why use Kinde Auth authentication? | ||||||
|  |  | ||||||
|  | Kinde Auth authentication provides several advantages for modern applications and development teams: | ||||||
|  |  | ||||||
|  | - **Developer-first experience** - Clean APIs, comprehensive SDKs, and excellent documentation | ||||||
|  | - **Modern authentication** - Built with modern web standards and best practices | ||||||
|  | - **Scalable infrastructure** - Enterprise-grade reliability with startup-friendly pricing | ||||||
|  | - **Compliance ready** - Built-in compliance with GDPR, SOC 2, and other standards | ||||||
|  | - **Advanced features** - Multi-factor authentication, social logins, and custom branding | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Prerequisites | ||||||
|  |  | ||||||
|  | Before configuring Kinde Auth authentication, ensure you have: | ||||||
|  |  | ||||||
|  | - **Kinde account** - Ability to create applications and manage tenants | ||||||
|  | - **Admin privileges in Palmr** - Required to configure OIDC settings | ||||||
|  | - **Domain configuration** - For production deployments with custom domains | ||||||
|  |  | ||||||
|  | > **Note:** Kinde Auth is pre-configured as an official provider in Palmr, which means the technical configuration is handled automatically. You only need to provide your OAuth credentials. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Setting up Kinde Auth Application | ||||||
|  |  | ||||||
|  | ### Creating a Kinde application | ||||||
|  |  | ||||||
|  | To get started with Kinde Auth authentication, you'll need to create an application in your Kinde Dashboard. | ||||||
|  |  | ||||||
|  | 1. **Navigate to Kinde Dashboard**: Go to [your-tenant.kinde.com/admin](https://your-tenant.kinde.com/admin) | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/kinde/kinde-dashboard.png" alt="Kinde Dashboard" /> | ||||||
|  |  | ||||||
|  | 2. **Create new application**: Click **"Add application"** button in the center of the page. | ||||||
|  |  | ||||||
|  | 3. **Select application type**: Choose **"Back-end web"** for web-based Palmr instances | ||||||
|  |  | ||||||
|  | 4. **Enter application details**: | ||||||
|  |    - **Name**: Enter a descriptive name like "Palmr File Sharing" | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/kinde/application-type.png" alt="Kinde Application Type Selection" /> | ||||||
|  |  | ||||||
|  | 5. **Create application**: Click **"Save"** to generate your Kinde application | ||||||
|  |  | ||||||
|  | ### Configuring application settings | ||||||
|  |  | ||||||
|  | After creating your application, you'll be redirected to the application page. | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/kinde/application-page.png" alt="Kinde Application Page" /> | ||||||
|  |  | ||||||
|  | Click on the **"Details"** tab on the sidebar to configure the application settings and get the OAuth credentials. | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/kinde/application-details.png" | ||||||
|  |   alt="Kinde Application Details" | ||||||
|  |   legend="This is a fake application, you have to use your own." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | ### Getting OAuth credentials | ||||||
|  |  | ||||||
|  | Now you'll get the credentials that Palmr will use to authenticate with Kinde. | ||||||
|  |  | ||||||
|  | 1. **Copy Domain**: Note your Kinde domain (e.g., `your-tenant.kinde.com`) | ||||||
|  |  | ||||||
|  | 2. **Copy Client ID**: The Client ID is displayed in the **"Client ID"** field | ||||||
|  |  | ||||||
|  | 3. **Copy Client Secret**: The Client Secret is displayed in the **"Client secret"** field | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/kinde/oauth-credentials.png" | ||||||
|  |   alt="Kinde OAuth Credentials" | ||||||
|  |   legend="The client ID and client secret shown in the image are examples only (fake credentials). You must use your own credentials from Kinde." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | 4. **Save credentials**: Copy the **Domain**, **Client ID**, and **Client Secret** for later use | ||||||
|  |  | ||||||
|  | > **Note:** For now you only need this configuration, you can come back here later to configure the application as you want. | ||||||
|  |  | ||||||
|  | ###**Configure application URLs**: | ||||||
|  |  | ||||||
|  | You'll need to configure several URLs in your Kinde application settings. Here's what to add for each environment: | ||||||
|  |  | ||||||
|  | #### Allowed callback URLs | ||||||
|  |  | ||||||
|  | | Environment | URL                                                             | | ||||||
|  | | ----------- | --------------------------------------------------------------- | | ||||||
|  | | Production  | `https://yourdomain.com/api/auth/providers/kinde/callback`      | | ||||||
|  | | Development | `http://localhost:3000/api/auth/providers/kinde/callback`       | | ||||||
|  | | Custom Port | `https://yourdomain.com:5487/api/auth/providers/kinde/callback` | | ||||||
|  |  | ||||||
|  | #### Application homepage URI | ||||||
|  |  | ||||||
|  | | Environment | URL                           | | ||||||
|  | | ----------- | ----------------------------- | | ||||||
|  | | Production  | `https://yourdomain.com`      | | ||||||
|  | | Development | `http://localhost:3000`       | | ||||||
|  | | Custom Port | `https://yourdomain.com:5487` | | ||||||
|  |  | ||||||
|  | #### Application login URI | ||||||
|  |  | ||||||
|  | | Environment | URL                                 | | ||||||
|  | | ----------- | ----------------------------------- | | ||||||
|  | | Production  | `https://yourdomain.com/login`      | | ||||||
|  | | Development | `http://localhost:3000/login`       | | ||||||
|  | | Custom Port | `https://yourdomain.com:5487/login` | | ||||||
|  |  | ||||||
|  | #### Allowed logout redirect URLs | ||||||
|  |  | ||||||
|  | | Environment | URL                           | | ||||||
|  | | ----------- | ----------------------------- | | ||||||
|  | | Production  | `https://yourdomain.com`      | | ||||||
|  | | Development | `http://localhost:3000`       | | ||||||
|  | | Custom Port | `https://yourdomain.com:5487` | | ||||||
|  |  | ||||||
|  | > **Note:** Replace `yourdomain.com` with your actual domain name in all production and custom port URLs. | ||||||
|  | > **Note:** You can add multiple redirect URIs for different environments (development, staging, production). | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/kinde/config-urls.png" | ||||||
|  |   alt="Kinde Application URLs Configuration" | ||||||
|  |   legend="This is a fake application, you have to use your own." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | 2. **Save changes**: Click **"Save"** on the top right corner to apply your configuration | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Configuring Palmr | ||||||
|  |  | ||||||
|  | ### Accessing OIDC settings | ||||||
|  |  | ||||||
|  | To configure Kinde Auth authentication in Palmr, you need administrator access to the settings panel. | ||||||
|  |  | ||||||
|  | 1. **Login as administrator**: Sign in to Palmr with an admin account | ||||||
|  |  | ||||||
|  | 2. **Access settings**: Click your profile picture in the header and select **Settings** | ||||||
|  |  | ||||||
|  | 3. **Navigate to authentication**: Find and click on the **Authentication Providers** configuration section | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/auth-providers.png" alt="Palmr Authentication Providers" /> | ||||||
|  |  | ||||||
|  | ### Enabling Kinde Auth provider | ||||||
|  |  | ||||||
|  | Kinde Auth comes pre-configured as an official provider, so the setup process is streamlined. | ||||||
|  |  | ||||||
|  | 1. **Locate Kinde Auth provider**: Find Kinde Auth in the list of available providers | ||||||
|  |  | ||||||
|  | 2. **Enable the provider**: Toggle the status to **Enabled** | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/kinde/enabled-kinde.png" alt="Palmr Kinde Auth Provider Enabled" /> | ||||||
|  |  | ||||||
|  | After enabling the provider, click on the pen icon to configure the provider. | ||||||
|  |  | ||||||
|  | 3. **Configure credentials**: | ||||||
|  |    - **Provider URL**: Paste your Kinde domain (e.g., `https://your-tenant.kinde.com`) | ||||||
|  |    - **Client ID**: Paste the Client ID from Kinde application | ||||||
|  |    - **Client Secret**: Paste the Client Secret from Kinde application | ||||||
|  |    - **Scopes**: Add the scopes you want to use. The default scopes are `openid`, `profile`, and `email`. You don't need change this if you are not sure. | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/kinde/edit-kinde.png" | ||||||
|  |   alt="Edit Kinde Auth Provider" | ||||||
|  |   legend="This is a fake application, you have to use your own." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | ### Advanced configuration options | ||||||
|  |  | ||||||
|  | Configure additional settings to customize the authentication behavior: | ||||||
|  |  | ||||||
|  | **Auto Registration**: Enable this to automatically create user accounts when someone authenticates for the first time. | ||||||
|  |  | ||||||
|  | **Sort Order**: Control where the Kinde Auth login button appears relative to other authentication providers. | ||||||
|  |  | ||||||
|  | **Icon**: you can choose the icon you want to use for the Kinde Auth login button (default is `FaKey`). | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/kinde/kinde-icon.png" alt="Kinde Auth Icon" /> | ||||||
|  |  | ||||||
|  | > **Developer tip:** Kinde Auth authentication works great for modern applications requiring excellent developer experience and scalable authentication infrastructure. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Account linking | ||||||
|  |  | ||||||
|  | By default, if a user is already registered in Palmr with their Kinde Auth email, they will be automatically linked to their Palmr account. | ||||||
|  |  | ||||||
|  | > **Note:** You can't disable account linking. If you want to unlink a user from their Kinde Auth account, you need to delete the user from Palmr. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Technical configuration | ||||||
|  |  | ||||||
|  | Kinde Auth's technical configuration is handled automatically, but understanding the setup can help with troubleshooting: | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | Provider Type: OAuth 2.0 with OIDC Discovery | ||||||
|  | Issuer URL: https://your-tenant.kinde.com | ||||||
|  | Authorization Endpoint: /oauth2/auth | ||||||
|  | Token Endpoint: /oauth2/token | ||||||
|  | UserInfo Endpoint: /oauth2/user_profile | ||||||
|  | Scopes: openid profile email | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### Field mappings | ||||||
|  |  | ||||||
|  | Palmr automatically maps Kinde Auth user information to local user accounts: | ||||||
|  |  | ||||||
|  | - **User ID**: Maps from Kinde's `id` field | ||||||
|  | - **Email**: Maps from Kinde's `preferred_email` field | ||||||
|  | - **Full Name**: Maps from Kinde's `first_name` and `last_name` fields | ||||||
|  | - **First Name**: Maps from Kinde's `first_name` field | ||||||
|  | - **Last Name**: Maps from Kinde's `last_name` field | ||||||
|  | - **Avatar**: Maps from Kinde's `picture` field | ||||||
|  | - **Username**: Maps from Kinde's `preferred_username` field | ||||||
|  |  | ||||||
|  | ### Kinde Auth-specific features | ||||||
|  |  | ||||||
|  | - **Custom Claims**: Can include custom user metadata and app metadata | ||||||
|  | - **Social Logins**: Supports integration with various social providers | ||||||
|  | - **Multi-factor Authentication**: Supports Kinde's MFA features | ||||||
|  | - **Modern APIs**: Clean REST APIs and comprehensive SDKs | ||||||
|  | - **Developer Tools**: Excellent documentation and developer experience | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Testing the configuration | ||||||
|  |  | ||||||
|  | ### Verifying the setup | ||||||
|  |  | ||||||
|  | After configuring Kinde Auth authentication, test the integration to ensure everything works correctly. | ||||||
|  |  | ||||||
|  | 1. **Check login page**: Navigate to your Palmr login page and verify the "Sign in with Kinde" button appears | ||||||
|  |  | ||||||
|  | 2. **Test authentication flow**: Click the Kinde Auth sign-in button and complete the authentication process | ||||||
|  |  | ||||||
|  | 3. **Verify user creation**: Confirm that a new user account is created (if auto-registration is enabled) | ||||||
|  |  | ||||||
|  | ### Login flow verification | ||||||
|  |  | ||||||
|  | The complete authentication process should work as follows: | ||||||
|  |  | ||||||
|  | 1. **User clicks "Sign in with Kinde"**: The browser redirects to Kinde's authorization page | ||||||
|  | 2. **User authenticates**: User completes authentication through Kinde (login, MFA, etc.) | ||||||
|  | 3. **Kinde redirects back to Palmr**: User returns to Palmr with authentication tokens | ||||||
|  | 4. **Palmr creates or updates user**: User account is automatically managed with Kinde information | ||||||
|  | 5. **User accesses Palmr**: User is logged in with their Kinde identity | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Troubleshooting common issues | ||||||
|  |  | ||||||
|  | ### Redirect URI mismatch error | ||||||
|  |  | ||||||
|  | **Error message**: `invalid_redirect_uri` | ||||||
|  |  | ||||||
|  | **Cause**: The redirect URI in your request doesn't match what's configured in Kinde application. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Check the exact URL in the error message | ||||||
|  | 2. Add this exact URL to your Kinde application's redirect URIs | ||||||
|  | 3. Ensure you include the correct protocol (http/https) and port | ||||||
|  | 4. Remove any trailing slashes unless they're in the callback URL | ||||||
|  |  | ||||||
|  | ### Access denied error | ||||||
|  |  | ||||||
|  | **Error message**: `access_denied` | ||||||
|  |  | ||||||
|  | **Cause**: User denied permissions or the application isn't properly configured. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Verify that your Kinde application requests the correct scopes | ||||||
|  | 2. Check that users are granting permissions during the authorization flow | ||||||
|  | 3. Ensure your application is not restricted or disabled | ||||||
|  | 4. Verify the application has proper permissions set up | ||||||
|  |  | ||||||
|  | ### Invalid client error | ||||||
|  |  | ||||||
|  | **Error message**: `invalid_client` | ||||||
|  |  | ||||||
|  | **Cause**: Incorrect Client ID, Client Secret, or Domain. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Double-check that you've copied the credentials correctly from Kinde | ||||||
|  | 2. Ensure there are no extra spaces or characters in the credentials | ||||||
|  | 3. Verify you're using the correct domain format (e.g., `your-tenant.kinde.com`) | ||||||
|  | 4. Generate a new Client Secret if necessary | ||||||
|  |  | ||||||
|  | ### Domain configuration issues | ||||||
|  |  | ||||||
|  | **Error message**: Domain not found or invalid | ||||||
|  |  | ||||||
|  | **Cause**: Incorrect Kinde domain or tenant configuration. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Verify your Kinde domain is correct (e.g., `your-tenant.kinde.com`) | ||||||
|  | 2. Check that your Kinde tenant is active and not suspended | ||||||
|  | 3. Ensure you're using the correct region for your tenant | ||||||
|  | 4. Verify DNS resolution for your Kinde domain | ||||||
|  |  | ||||||
|  | ### Custom claims not available | ||||||
|  |  | ||||||
|  | **Cause**: Custom claims not properly configured in Kinde. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Check Kinde custom claims configuration | ||||||
|  | 2. Verify that custom claims are included in the ID token | ||||||
|  | 3. Ensure the claims are properly formatted and accessible | ||||||
|  | 4. Test with a user that has the expected custom claims | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Security best practices | ||||||
|  |  | ||||||
|  | ### Credential management | ||||||
|  |  | ||||||
|  | - **Never expose secrets**: Keep your Client Secret secure and never commit it to version control | ||||||
|  | - **Rotate credentials regularly**: Generate new Client Secrets periodically for enhanced security | ||||||
|  | - **Use environment variables**: Store sensitive configuration in environment variables, not config files | ||||||
|  | - **Monitor access logs**: Regularly review authentication logs for suspicious activity | ||||||
|  |  | ||||||
|  | ### Scope and permission management | ||||||
|  |  | ||||||
|  | - **Minimal scopes**: Only request `openid`, `profile`, and `email` scopes as required by Palmr | ||||||
|  | - **User consent**: Ensure users understand what permissions they're granting | ||||||
|  | - **Regular audits**: Review which users have connected their Kinde Auth accounts | ||||||
|  | - **Access reviews**: Periodically check user access and remove inactive accounts | ||||||
|  |  | ||||||
|  | ### Production considerations | ||||||
|  |  | ||||||
|  | - **Use HTTPS**: Always use HTTPS in production environments | ||||||
|  | - **Configure proper domains**: Use production domains in Kinde application settings | ||||||
|  | - **Test thoroughly**: Verify the complete authentication flow before going live | ||||||
|  | - **Plan for failures**: Have fallback authentication methods available | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Next steps | ||||||
|  |  | ||||||
|  | With Kinde Auth authentication configured, you might want to: | ||||||
|  |  | ||||||
|  | - **Configure additional providers**: Set up other OIDC providers for more authentication options | ||||||
|  | - **Customize user management**: Fine-tune auto-registration and admin assignment rules | ||||||
|  | - **Review security settings**: Ensure your authentication setup meets your security requirements | ||||||
|  | - **Monitor usage**: Keep track of authentication patterns and user activity | ||||||
|  |  | ||||||
|  | For more information about OIDC authentication in Palmr, see the [OIDC Authentication overview](/docs/3.2-beta/oidc-authentication). | ||||||
|  |  | ||||||
|  | ## Useful resources | ||||||
|  |  | ||||||
|  | - [Kinde Documentation](https://kinde.com/docs) | ||||||
|  | - [Kinde OAuth 2.0 Guide](https://kinde.com/docs/developer-tools/oauth2) | ||||||
|  | - [Kinde OpenID Connect](https://kinde.com/docs/developer-tools/openid-connect) | ||||||
|  | - [Kinde Dashboard](https://app.kinde.com) | ||||||
| @@ -0,0 +1,18 @@ | |||||||
|  | { | ||||||
|  |   "defaultOpen": false, | ||||||
|  |   "icon": "Key", | ||||||
|  |   "pages": [ | ||||||
|  |     "index", | ||||||
|  |     "google", | ||||||
|  |     "discord", | ||||||
|  |     "github", | ||||||
|  |     "zitadel", | ||||||
|  |     "auth0", | ||||||
|  |     "authentik", | ||||||
|  |     "frontegg", | ||||||
|  |     "kinde-auth", | ||||||
|  |     "pocket-id", | ||||||
|  |     "other" | ||||||
|  |   ], | ||||||
|  |   "title": "OIDC Authentication" | ||||||
|  | } | ||||||
							
								
								
									
										467
									
								
								apps/docs/content/docs/3.2-beta/oidc-authentication/other.mdx
									
									
									
									
									
										Normal file
									
								
							
							
						
						| @@ -0,0 +1,467 @@ | |||||||
|  | --- | ||||||
|  | title: Other Providers | ||||||
|  | icon: Settings | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | import { ZoomableImage } from "@/components/ui/zoomable-image"; | ||||||
|  |  | ||||||
|  | Palmr supports custom OIDC (OpenID Connect) and OAuth 2.0 providers, allowing you to integrate with any identity provider that follows these standards. This flexibility enables organizations to use their existing identity infrastructure, whether it's a custom authentication system, enterprise SSO solution, or any other OIDC-compliant provider. | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/custom/custom-provider-login.png" alt="Custom OIDC Providers" /> | ||||||
|  |  | ||||||
|  | ## Why use custom OIDC providers? | ||||||
|  |  | ||||||
|  | Custom OIDC providers offer several advantages for organizations with specific authentication requirements: | ||||||
|  |  | ||||||
|  | - **Flexibility** - Integrate with any OIDC-compliant identity provider | ||||||
|  | - **Enterprise integration** - Connect with existing enterprise SSO systems | ||||||
|  | - **Custom authentication flows** - Support for specialized authentication requirements | ||||||
|  | - **No vendor lock-in** - Use your preferred identity provider | ||||||
|  | - **Compliance** - Meet specific security and compliance requirements | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Prerequisites | ||||||
|  |  | ||||||
|  | Before configuring a custom OIDC provider, ensure you have: | ||||||
|  |  | ||||||
|  | - **OIDC/OAuth 2.0 provider** - A working identity provider that supports OIDC or OAuth 2.0 | ||||||
|  | - **Admin privileges in Palmr** - Required to configure authentication settings | ||||||
|  | - **Provider documentation** - Access to your provider's OIDC configuration details | ||||||
|  |  | ||||||
|  | > **Note:** The configuration process requires technical knowledge of OIDC/OAuth 2.0 standards. You'll need to obtain the necessary credentials and endpoints from your identity provider. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Understanding OIDC Configuration | ||||||
|  |  | ||||||
|  | ### Configuration Methods | ||||||
|  |  | ||||||
|  | Palmr supports two methods for configuring custom providers: | ||||||
|  |  | ||||||
|  | #### 1. Auto Discovery | ||||||
|  |  | ||||||
|  | For providers that support OIDC Discovery, Palmr can automatically discover the required endpoints using the issuer URL. | ||||||
|  |  | ||||||
|  | **Requirements:** | ||||||
|  |  | ||||||
|  | - Provider must support OIDC Discovery | ||||||
|  | - Issuer URL must be accessible | ||||||
|  | - Provider must expose a `.well-known/openid_configuration` endpoint | ||||||
|  |  | ||||||
|  | #### 2. Manual Endpoint Configuration (Recommended) | ||||||
|  |  | ||||||
|  | For providers that don't support OIDC Discovery or require custom endpoints. | ||||||
|  |  | ||||||
|  | **Required endpoints:** | ||||||
|  |  | ||||||
|  | - Authorization endpoint | ||||||
|  | - Token endpoint | ||||||
|  | - User info endpoint | ||||||
|  |  | ||||||
|  | ### Required Information | ||||||
|  |  | ||||||
|  | You'll need the following information from your identity provider: | ||||||
|  |  | ||||||
|  | - **Provider URL/Issuer URL** - The base URL of your identity provider | ||||||
|  | - **Client ID** - The OAuth client identifier | ||||||
|  | - **Client Secret** - The OAuth client secret | ||||||
|  | - **Scopes** - The OAuth scopes required for authentication | ||||||
|  | - **Endpoints** (if using manual configuration): | ||||||
|  |   - Authorization endpoint | ||||||
|  |   - Token endpoint | ||||||
|  |   - User info endpoint | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Configuring Palmr | ||||||
|  |  | ||||||
|  | ### Accessing Authentication Settings | ||||||
|  |  | ||||||
|  | To configure a custom OIDC provider in Palmr, you need administrator access to the settings panel. | ||||||
|  |  | ||||||
|  | 1. **Login as administrator**: Sign in to Palmr with an admin account | ||||||
|  |  | ||||||
|  | 2. **Access settings**: Click your profile picture in the header and select **Settings** | ||||||
|  |  | ||||||
|  | 3. **Navigate to authentication**: Find and click on the **Authentication Providers** configuration section | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/auth-providers.png" alt="Palmr Authentication Providers" /> | ||||||
|  |  | ||||||
|  | ### Adding a Custom Provider | ||||||
|  |  | ||||||
|  | 1. **Add new provider**: Click the **"Add Provider"** button in the Authentication Providers section | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/custom/add-provider.png" alt="Add Provider" /> | ||||||
|  |  | ||||||
|  | 2. **Configure basic information**: | ||||||
|  |    - **Provider Name**: Enter a unique identifier (e.g., `custom-provider`) | ||||||
|  |    - **Display Name**: Enter the name users will see (e.g., `Custom SSO`) | ||||||
|  |    - **Type**: Select `OIDC` for OpenID Connect or `OAuth2` for OAuth 2.0 | ||||||
|  |    - **Icon**: Choose an appropriate icon for the login button | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/custom/provider-basic-info.png" alt="Provider Basic Info" /> | ||||||
|  |  | ||||||
|  | ### Configuration Method Selection | ||||||
|  |  | ||||||
|  | Choose between auto discovery and manual endpoint configuration: | ||||||
|  |  | ||||||
|  | #### Auto Discovery Configuration | ||||||
|  |  | ||||||
|  | 1. **Select Auto Discovery**: Choose the "Auto Discovery" option | ||||||
|  | 2. **Provider URL**: Enter your identity provider's issuer URL (e.g., `https://your-provider.com`) | ||||||
|  | 3. **Palmr will try to automatically discover**: | ||||||
|  |    - Authorization endpoint | ||||||
|  |    - Token endpoint | ||||||
|  |    - User info endpoint | ||||||
|  |    - Supported scopes | ||||||
|  |  | ||||||
|  | > **Note:** If the auto discovery fails, you can switch to manual endpoint configuration and fill the endpoints manually (recommended). | ||||||
|  |  | ||||||
|  | #### Manual Endpoint Configuration | ||||||
|  |  | ||||||
|  | 1. **Select Manual Endpoints**: Choose the "Manual Endpoints" option | ||||||
|  | 2. **Provider URL**: Enter your identity provider's base URL | ||||||
|  | 3. **Configure endpoints**: | ||||||
|  |    - **Authorization Endpoint**: The OAuth authorization endpoint | ||||||
|  |    - **Token Endpoint**: The OAuth token endpoint | ||||||
|  |    - **User Info Endpoint**: The user information endpoint | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/custom/manual-endpoints.png" alt="Manual Endpoints" /> | ||||||
|  |  | ||||||
|  | > **Note:** `User info endpoint` can be a full URL or a relative path. (e.g. `/userinfo` or `https://other-any-url.com/userinfo`) | ||||||
|  | > **Note:** `Token endpoint` and `Authorization endpoint` must be just the path. (e.g. `/oauth/token` or `/oauth/authorize`), Palmr will automatically add the base URL to the endpoints based on the `Provider URL` you provided. | ||||||
|  |  | ||||||
|  | ### OAuth Credentials | ||||||
|  |  | ||||||
|  | Configure the OAuth credentials obtained from your identity provider: | ||||||
|  |  | ||||||
|  | 1. **Client ID**: Enter the OAuth client identifier | ||||||
|  | 2. **Client Secret**: Enter the OAuth client secret | ||||||
|  | 3. **Scopes**: Configure the required OAuth scopes | ||||||
|  |  | ||||||
|  | **Common OIDC scopes:** | ||||||
|  |  | ||||||
|  | - `openid` - Required for OIDC | ||||||
|  | - `profile` - Access to user profile information | ||||||
|  | - `email` - Access to user email address | ||||||
|  |  | ||||||
|  | **Common OAuth 2.0 scopes:** | ||||||
|  |  | ||||||
|  | - `profile` - Access to user profile information | ||||||
|  | - `email` - Access to user email address | ||||||
|  |  | ||||||
|  | ### Advanced Configuration | ||||||
|  |  | ||||||
|  | Configure additional settings to customize the authentication behavior: | ||||||
|  |  | ||||||
|  | **Auto Registration**: Enable this to automatically create user accounts when someone authenticates for the first time. | ||||||
|  |  | ||||||
|  | **Admin Email Domains**: Specify domains that should automatically receive admin privileges. For example, entering `yourcompany.com` will grant admin access to anyone with an email from that domain. | ||||||
|  |  | ||||||
|  | **Sort Order**: Control where the custom provider login button appears relative to other authentication providers. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Callback URL Configuration | ||||||
|  |  | ||||||
|  | Palmr will display the required callback URL that you need to configure in your identity provider: | ||||||
|  |  | ||||||
|  | ### Callback URL Format | ||||||
|  |  | ||||||
|  | ``` | ||||||
|  | https://yourdomain.com/api/auth/providers/{provider-name}/callback | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### Environment-specific URLs | ||||||
|  |  | ||||||
|  | | Environment | Callback URL                                                              | | ||||||
|  | | ----------- | ------------------------------------------------------------------------- | | ||||||
|  | | Production  | `https://yourdomain.com/api/auth/providers/custom-provider/callback`      | | ||||||
|  | | Development | `http://localhost:3000/api/auth/providers/custom-provider/callback`       | | ||||||
|  | | Custom Port | `https://yourdomain.com:5487/api/auth/providers/custom-provider/callback` | | ||||||
|  |  | ||||||
|  | > **Important:** Replace `yourdomain.com` with your actual domain and `custom-provider` with your actual provider name. | ||||||
|  |  | ||||||
|  | ### Final Considerations | ||||||
|  |  | ||||||
|  | > **Note:** Don't forget enable your provider in the `Authentication Providers` section after add it. | ||||||
|  |  | ||||||
|  | After configuring your custom provider, it will be available in the `Authentication Providers` section. | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/custom/enabled-provider.png" alt="Enabled Provider" /> | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Testing the Configuration | ||||||
|  |  | ||||||
|  | ### Verifying the Setup | ||||||
|  |  | ||||||
|  | After configuring your custom provider, test the integration to ensure everything works correctly. | ||||||
|  |  | ||||||
|  | 1. **Check login page**: Navigate to your Palmr login page and verify your custom provider button appears | ||||||
|  |  | ||||||
|  | 2. **Test authentication flow**: Click the custom provider sign-in button and complete the authentication process | ||||||
|  |  | ||||||
|  | 3. **Verify user creation**: Confirm that a new user account is created (if auto-registration is enabled) | ||||||
|  |  | ||||||
|  | ### Troubleshooting | ||||||
|  |  | ||||||
|  | Common issues and solutions: | ||||||
|  |  | ||||||
|  | **"Invalid redirect URI" error:** | ||||||
|  |  | ||||||
|  | - Verify the callback URL is correctly configured in your identity provider | ||||||
|  | - Ensure the provider name in the callback URL matches your configured provider name | ||||||
|  |  | ||||||
|  | **"Invalid client credentials" error:** | ||||||
|  |  | ||||||
|  | - Verify the Client ID and Client Secret are correct | ||||||
|  | - Ensure the credentials are for the correct application/environment | ||||||
|  |  | ||||||
|  | **"Invalid scope" error:** | ||||||
|  |  | ||||||
|  | - Verify the configured scopes are supported by your identity provider | ||||||
|  | - Check that required scopes (like `openid` for OIDC) are included | ||||||
|  |  | ||||||
|  | **"User info endpoint error":** | ||||||
|  |  | ||||||
|  | - Verify the user info endpoint URL is correct | ||||||
|  | - Ensure the endpoint returns the expected user information format | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Security Considerations | ||||||
|  |  | ||||||
|  | When configuring custom OIDC providers, consider the following security best practices: | ||||||
|  |  | ||||||
|  | ### Credential Security | ||||||
|  |  | ||||||
|  | - **Secure storage**: Ensure Client Secrets are stored securely | ||||||
|  | - **Regular rotation**: Rotate Client Secrets periodically | ||||||
|  | - **Environment separation**: Use different credentials for development and production | ||||||
|  |  | ||||||
|  | ### Provider Security | ||||||
|  |  | ||||||
|  | - **HTTPS only**: Ensure all endpoints use HTTPS in production | ||||||
|  | - **Valid certificates**: Verify SSL certificates are valid and trusted | ||||||
|  | - **Access controls**: Implement appropriate access controls on your identity provider | ||||||
|  |  | ||||||
|  | ### Palmr Configuration | ||||||
|  |  | ||||||
|  | - **Admin access**: Restrict access to authentication settings to authorized administrators | ||||||
|  | - **Audit logging**: Monitor authentication events and user access | ||||||
|  | - **Regular testing**: Periodically test the authentication flow | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Account Linking | ||||||
|  |  | ||||||
|  | By default, if a user is already registered in Palmr with their email address, they will be automatically linked to their account when they authenticate through your custom provider. | ||||||
|  |  | ||||||
|  | > **Note:** You can't disable account linking. If you want to unlink a user from their custom provider account, you need to delete the user from Palmr. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Technical Configuration | ||||||
|  |  | ||||||
|  | ### OIDC Discovery | ||||||
|  |  | ||||||
|  | If your provider supports OIDC Discovery, Palmr will automatically fetch the configuration from: | ||||||
|  |  | ||||||
|  | ``` | ||||||
|  | {issuer-url}/.well-known/openid_configuration | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | This endpoint should return a JSON document containing: | ||||||
|  |  | ||||||
|  | ```json | ||||||
|  | { | ||||||
|  |   "authorization_endpoint": "https://your-provider.com/oauth/authorize", | ||||||
|  |   "grant_types_supported": ["authorization_code"], | ||||||
|  |   "issuer": "https://your-provider.com", | ||||||
|  |   "response_types_supported": ["code"], | ||||||
|  |   "scopes_supported": ["openid", "profile", "email"], | ||||||
|  |   "token_endpoint": "https://your-provider.com/oauth/token", | ||||||
|  |   "userinfo_endpoint": "https://your-provider.com/oauth/userinfo" | ||||||
|  | } | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### Manual Configuration | ||||||
|  |  | ||||||
|  | For manual endpoint configuration, ensure your endpoints follow OAuth 2.0/OIDC standards: | ||||||
|  |  | ||||||
|  | - **Authorization Endpoint**: Handles user authentication and authorization | ||||||
|  | - **Token Endpoint**: Exchanges authorization codes for access tokens | ||||||
|  | - **User Info Endpoint**: Returns user information using the access token | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Support and Troubleshooting | ||||||
|  |  | ||||||
|  | If you encounter issues with your custom OIDC provider configuration: | ||||||
|  |  | ||||||
|  | 1. **Check provider documentation**: Verify your configuration against your provider's documentation | ||||||
|  | 2. **Review logs**: Check Palmr server logs for detailed error messages | ||||||
|  | 3. **Test endpoints**: Verify all endpoints are accessible and return expected responses | ||||||
|  | 4. **Community support**: Seek help from the Palmr community or your provider's support team | ||||||
|  |  | ||||||
|  | > **Note:** Custom provider configurations require technical expertise in OIDC/OAuth 2.0. Ensure you have access to your provider's technical documentation and support resources. | ||||||
|  |  | ||||||
|  | ## Requesting Provider Support | ||||||
|  |  | ||||||
|  | If you've successfully configured a custom OIDC provider and would like to request it to be added as an officially supported provider in Palmr, you can open a detailed issue with all the necessary configuration information. | ||||||
|  |  | ||||||
|  | ### Why Request Official Support? | ||||||
|  |  | ||||||
|  | Having your provider officially supported offers several benefits: | ||||||
|  |  | ||||||
|  | - **Easier setup** - Pre-configured providers require minimal configuration | ||||||
|  | - **Better documentation** - Official setup guides and troubleshooting | ||||||
|  | - **Community support** - Others can benefit from your configuration | ||||||
|  | - **Maintenance** - The Palmr team maintains and updates the provider | ||||||
|  |  | ||||||
|  | ### Before Opening an Issue | ||||||
|  |  | ||||||
|  | Ensure you have: | ||||||
|  |  | ||||||
|  | - **Working configuration** - Your provider must be fully functional and tested | ||||||
|  | - **Complete documentation** - All setup steps and requirements documented | ||||||
|  | - **Provider information** - All necessary URLs, endpoints, and configuration details | ||||||
|  | - **Testing completed** - Thoroughly tested authentication flow and user management | ||||||
|  |  | ||||||
|  | ### Issue Template | ||||||
|  |  | ||||||
|  | Use the following template when opening your issue. Copy and paste it, then fill in all the required information: | ||||||
|  |  | ||||||
|  | ```markdown | ||||||
|  | ## Provider Support Request: [Provider Name] | ||||||
|  |  | ||||||
|  | ### Provider Information | ||||||
|  |  | ||||||
|  | **Provider Name:** [e.g., CustomOIDC, EnterpriseSSO, CompanyAuth] | ||||||
|  | **Provider Type:** [OIDC / OAuth 2.0] | ||||||
|  | **Provider Website:** [URL to provider's website] | ||||||
|  | **Provider Documentation:** [URL to OIDC/OAuth documentation] | ||||||
|  |  | ||||||
|  | ### Configuration Details | ||||||
|  |  | ||||||
|  | #### Basic Information | ||||||
|  |  | ||||||
|  | - **Provider URL/Issuer:** `https://your-provider.com` | ||||||
|  | - **Client ID:** [Your OAuth client ID] | ||||||
|  | - **Client Secret:** [Your OAuth client secret] | ||||||
|  | - **Scopes:** `openid profile email` [List all required scopes] | ||||||
|  |  | ||||||
|  | #### Endpoints | ||||||
|  |  | ||||||
|  | - **Authorization Endpoint:** `/oauth/authorize` [or full URL if different] | ||||||
|  | - **Token Endpoint:** `/oauth/token` [or full URL if different] | ||||||
|  | - **User Info Endpoint:** `/oauth/userinfo` [or full URL if different] | ||||||
|  | - **Discovery Endpoint:** `/.well-known/openid_configuration` [if supported] | ||||||
|  |  | ||||||
|  | #### OIDC Discovery Information | ||||||
|  |  | ||||||
|  | **Does your provider support OIDC Discovery?** [Yes/No] | ||||||
|  | **Discovery URL:** `https://your-provider.com/.well-known/openid_configuration` [if yes] | ||||||
|  |  | ||||||
|  | ### Setup Instructions | ||||||
|  |  | ||||||
|  | #### Prerequisites | ||||||
|  |  | ||||||
|  | - [List any required software, accounts, or permissions] | ||||||
|  | - [Any specific requirements for the provider] | ||||||
|  |  | ||||||
|  | #### Step-by-Step Configuration | ||||||
|  |  | ||||||
|  | 1. [Detailed step 1] | ||||||
|  | 2. [Detailed step 2] | ||||||
|  | 3. [Detailed step 3] | ||||||
|  | 4. [Continue with all necessary steps] | ||||||
|  |  | ||||||
|  | #### Palmr Configuration | ||||||
|  |  | ||||||
|  | **Provider Name:** `custom-provider` [suggested internal name] | ||||||
|  | **Display Name:** `Custom SSO` [name users will see] | ||||||
|  | **Icon:** [suggested icon or describe what icon to use] | ||||||
|  |  | ||||||
|  | ### Testing Information | ||||||
|  |  | ||||||
|  | #### Tested Environments | ||||||
|  |  | ||||||
|  | - **Operating Systems:** [Windows, macOS, Linux, etc.] | ||||||
|  | - **Browsers:** [Chrome, Firefox, Safari, Edge, etc.] | ||||||
|  | - **Palmr Version:** [Version you tested with] | ||||||
|  |  | ||||||
|  | #### Authentication Flow | ||||||
|  |  | ||||||
|  | - [ ] User can successfully authenticate | ||||||
|  | - [ ] User account is created automatically (if enabled) | ||||||
|  | - [ ] Admin domain restrictions work correctly | ||||||
|  | - [ ] User profile information is retrieved correctly | ||||||
|  | - [ ] Account linking works with existing users | ||||||
|  |  | ||||||
|  | #### Known Issues | ||||||
|  |  | ||||||
|  | [List any known limitations, restrictions, or special considerations] | ||||||
|  |  | ||||||
|  | ### Screenshots | ||||||
|  |  | ||||||
|  | **Provider Login Page:** [Screenshot of the provider's login page] | ||||||
|  | **Palmr Configuration:** [Screenshot of your Palmr provider configuration] | ||||||
|  | **Authentication Flow:** [Screenshots of the authentication process] | ||||||
|  |  | ||||||
|  | ### Additional Information | ||||||
|  |  | ||||||
|  | #### Special Requirements | ||||||
|  |  | ||||||
|  | [Any special configuration requirements, custom headers, or unique settings] | ||||||
|  |  | ||||||
|  | #### Security Considerations | ||||||
|  |  | ||||||
|  | [Any security-specific requirements or recommendations] | ||||||
|  |  | ||||||
|  | #### Performance Notes | ||||||
|  |  | ||||||
|  | [Any performance implications or recommendations] | ||||||
|  |  | ||||||
|  | ### Contact Information | ||||||
|  |  | ||||||
|  | **Your Name:** [Optional - for follow-up questions] | ||||||
|  | **Email:** [Optional - for follow-up questions] | ||||||
|  | **GitHub Username:** [Your GitHub username] | ||||||
|  |  | ||||||
|  | ### Checklist | ||||||
|  |  | ||||||
|  | Before submitting this issue, please ensure: | ||||||
|  |  | ||||||
|  | - [ ] All required information is provided | ||||||
|  | - [ ] Configuration has been tested and works | ||||||
|  | - [ ] Screenshots are included (if applicable) | ||||||
|  | - [ ] Setup instructions are complete and accurate | ||||||
|  | - [ ] No sensitive information (like actual client secrets) is included | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### What Happens Next? | ||||||
|  |  | ||||||
|  | 1. **Issue Review** - The Palmr team will review your request | ||||||
|  | 2. **Additional Questions** - You may be asked for more information | ||||||
|  | 3. **Implementation** - If approved, the provider will be added to Palmr | ||||||
|  | 4. **Documentation** - Official documentation will be created | ||||||
|  | 5. **Release** - The provider will be available in the next release | ||||||
|  |  | ||||||
|  | ### Tips for a Successful Request | ||||||
|  |  | ||||||
|  | - **Be thorough** - Include all necessary information | ||||||
|  | - **Test everything** - Ensure your configuration works completely | ||||||
|  | - **Provide screenshots** - Visual aids help with implementation | ||||||
|  | - **Document clearly** - Write clear, step-by-step instructions | ||||||
|  | - **Check existing providers** - Make sure your provider isn't already supported | ||||||
|  |  | ||||||
|  | ### Need Help? | ||||||
|  |  | ||||||
|  | If you need assistance with your request: | ||||||
|  |  | ||||||
|  | - **Check existing issues** - Review other provider requests for examples | ||||||
|  | - **Join the community** - Participate in discussions and ask questions | ||||||
|  | - **Read the documentation** - Ensure you understand the OIDC/OAuth requirements | ||||||
| @@ -0,0 +1,279 @@ | |||||||
|  | --- | ||||||
|  | title: Pocket ID | ||||||
|  | icon: IdCardLanyard | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | import { ZoomableImage } from "@/components/ui/zoomable-image"; | ||||||
|  |  | ||||||
|  | Pocket ID is one of Palmr's officially supported OIDC providers, offering a robust and flexible identity management solution. This integration allows users to sign in to Palmr using Pocket ID's authentication system, making it perfect for organizations that need a self-hosted identity provider with OIDC support. | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/pocket-id/sign-in-with-pocket-id.png" alt="Sign in with Pocket ID" /> | ||||||
|  |  | ||||||
|  | ## Why use Pocket ID authentication? | ||||||
|  |  | ||||||
|  | Pocket ID authentication provides several advantages for organizations seeking a self-hosted identity solution: | ||||||
|  |  | ||||||
|  | - **Self-hosted control** - Full control over your authentication infrastructure and data | ||||||
|  | - **OIDC compliance** - Standard OpenID Connect implementation for seamless integration | ||||||
|  | - **Flexible deployment** - Deploy on any infrastructure that suits your needs | ||||||
|  | - **Automatic discovery** - Supports OIDC discovery for streamlined configuration | ||||||
|  | - **Simple configuration** - Intuitive setup process with minimal complexity | ||||||
|  | - **Data sovereignty** - Keep all authentication data within your infrastructure | ||||||
|  | - **Cost-effective** - No per-user pricing, perfect for growing organizations | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Prerequisites | ||||||
|  |  | ||||||
|  | Before configuring Pocket ID authentication, ensure you have: | ||||||
|  |  | ||||||
|  | - **Pocket ID instance** - A running Pocket ID server accessible via HTTPS | ||||||
|  | - **Admin privileges in Palmr** - Required to configure OIDC settings | ||||||
|  | - **Domain configuration** - For production deployments with custom domains | ||||||
|  |  | ||||||
|  | > **Note:** Pocket ID is pre-configured as an official provider in Palmr, which means the technical configuration is handled automatically. You only need to provide your OAuth credentials. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Setting up Pocket ID Application | ||||||
|  |  | ||||||
|  | ### Creating a Pocket ID application | ||||||
|  |  | ||||||
|  | To get started with Pocket ID authentication, you'll need to create an application in your Pocket ID admin interface. | ||||||
|  |  | ||||||
|  | 1. **Navigate to Pocket ID Admin**: Go to your Pocket ID instance URL (e.g., `https://your-pocket-id.domain.com`) | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/pocket-id/pocket-id-console.png" alt="Pocket ID Console" /> | ||||||
|  |  | ||||||
|  | 2. **Navigate to OIDC Clients**: Click **"OIDC Clients"** in the applications in the left sidebar, you will be redirected to the OIDC Clients page | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/pocket-id/oidc-clients.png" alt="OIDC Clients" /> | ||||||
|  |  | ||||||
|  | 3. **Create a new OIDC Client**: Click **"Add OIDC Client"** button in the OIDC Clients page | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/pocket-id/create-oidc-client-button.png" alt="Create OIDC Client Button" /> | ||||||
|  |  | ||||||
|  | Configure the following settings: | ||||||
|  |  | ||||||
|  | - **Name**: "Palmr File Sharing" (or your preferred name) | ||||||
|  | - **Public Client**: "Diasabled" | ||||||
|  | - **PKCE**: "Disabled" | ||||||
|  | - **Logo**: "Upload a logo image" | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/pocket-id/create-oidc-client.png" alt="Create OIDC Client" /> | ||||||
|  |  | ||||||
|  | ### Configuring application URLs | ||||||
|  |  | ||||||
|  | You'll need to configure several URLs in your Pocket ID application settings. Here's what to add for each environment: | ||||||
|  |  | ||||||
|  | ### Redirect URIs | ||||||
|  |  | ||||||
|  | | Environment | URL                                                                | | ||||||
|  | | ----------- | ------------------------------------------------------------------ | | ||||||
|  | | Production  | `https://yourdomain.com/api/auth/providers/pocketid/callback`      | | ||||||
|  | | Development | `http://localhost:3000/api/auth/providers/pocketid/callback`       | | ||||||
|  | | Custom Port | `https://yourdomain.com:5487/api/auth/providers/pocketid/callback` | | ||||||
|  |  | ||||||
|  | ### Post Logout Redirect URIs | ||||||
|  |  | ||||||
|  | | Environment | URL                           | | ||||||
|  | | ----------- | ----------------------------- | | ||||||
|  | | Production  | `https://yourdomain.com`      | | ||||||
|  | | Development | `http://localhost:3000`       | | ||||||
|  | | Custom Port | `https://yourdomain.com:5487` | | ||||||
|  |  | ||||||
|  | > **Note:** Replace `yourdomain.com` with your actual domain name in all production and custom port URLs. | ||||||
|  | > **Note:** You can add multiple redirect URIs for different environments (development, staging, production). | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/pocket-id/config-urls.png" alt="Pocket ID Application URLs Configuration" /> | ||||||
|  |  | ||||||
|  | ### Getting OAuth credentials | ||||||
|  |  | ||||||
|  | After creating your application, you'll receive your OAuth credentials: | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/pocket-id/credentials.png" | ||||||
|  |   alt="Pocket ID OAuth Credentials" | ||||||
|  |   legend="The client ID and client secret shown in the image are examples only (fake credentials). You must use your own credentials from Pocket ID." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | Save these credentials securely - you'll need them to configure Palmr: | ||||||
|  |  | ||||||
|  | - Client ID | ||||||
|  | - Client Secret | ||||||
|  | - Provider URL (your Pocket ID instance URL) | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Configuring Palmr | ||||||
|  |  | ||||||
|  | ### Accessing OIDC settings | ||||||
|  |  | ||||||
|  | To configure Pocket ID authentication in Palmr: | ||||||
|  |  | ||||||
|  | 1. **Login as administrator**: Sign in to Palmr with an admin account | ||||||
|  | 2. **Access settings**: Click your profile picture in the header and select **Settings** | ||||||
|  | 3. **Navigate to authentication**: Find and click on the **Authentication Providers** section | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/auth-providers.png" alt="Palmr Authentication Providers" /> | ||||||
|  |  | ||||||
|  | ### Enabling Pocket ID provider | ||||||
|  |  | ||||||
|  | 1. **Locate Pocket ID**: Find Pocket ID in the list of available providers | ||||||
|  | 2. **Enable the provider**: Toggle the status to **Enabled** | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/pocket-id/enabled-pocket-id.png" alt="Palmr Pocket ID Provider Enabled" /> | ||||||
|  |  | ||||||
|  | 3. **Configure credentials**: | ||||||
|  |    - **Provider URL**: Your Pocket ID server URL (e.g., `https://auth.yourdomain.com`) | ||||||
|  |    - **Client ID**: Paste the Client ID from your Pocket ID application | ||||||
|  |    - **Client Secret**: Paste the Client Secret from your Pocket ID application | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/pocket-id/edit-pocket-id.png" | ||||||
|  |   alt="Edit Pocket ID Provider" | ||||||
|  |   legend="This is a fake application, you have to use your own credentials." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | ### Advanced configuration options | ||||||
|  |  | ||||||
|  | Configure additional settings to customize the authentication behavior: | ||||||
|  |  | ||||||
|  | **Auto Registration**: Enable to automatically create user accounts when someone authenticates for the first time. | ||||||
|  |  | ||||||
|  | **Sort Order**: Control where the Pocket ID login button appears relative to other authentication providers. | ||||||
|  |  | ||||||
|  | **Icon**: Choose a custom icon for the Pocket ID login button (default is `Key`). | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/pocket-id/pocket-id-icon.png" alt="Pocket ID Icon" /> | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Account linking | ||||||
|  |  | ||||||
|  | By default, if a user is already registered in Palmr with their Pocket ID email, they will be automatically linked to their Palmr account. | ||||||
|  |  | ||||||
|  | > **Note:** You can't disable account linking. If you want to unlink a user from their Pocket ID account, you need to delete the user from Palmr. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Technical configuration | ||||||
|  |  | ||||||
|  | Pocket ID's technical configuration is handled automatically through OIDC discovery, but understanding the setup can help with troubleshooting: | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | Provider Type: OAuth 2.0 with OIDC Discovery | ||||||
|  | Issuer URL: https://your-pocket-id.domain.com | ||||||
|  | Authorization Endpoint: /authorize | ||||||
|  | Token Endpoint: /api/oidc/token | ||||||
|  | UserInfo Endpoint: /api/oidc/userinfo | ||||||
|  | Scopes: openid profile email | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### Field mappings | ||||||
|  |  | ||||||
|  | Palmr automatically maps Pocket ID user information to local user accounts: | ||||||
|  |  | ||||||
|  | - **User ID**: Maps from Pocket ID's `sub` field | ||||||
|  | - **Email**: Maps from Pocket ID's `email` field | ||||||
|  | - **Name**: Maps from Pocket ID's `name` field, falls back to `preferred_username` | ||||||
|  | - **First Name**: Maps from Pocket ID's `given_name` field | ||||||
|  | - **Last Name**: Maps from Pocket ID's `family_name` field | ||||||
|  | - **Avatar**: Maps from Pocket ID's `picture` field | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Testing the configuration | ||||||
|  |  | ||||||
|  | ### Verifying the setup | ||||||
|  |  | ||||||
|  | After configuring Pocket ID authentication, test the integration: | ||||||
|  |  | ||||||
|  | 1. **Check login page**: Verify the "Sign in with Pocket ID" button appears | ||||||
|  | 2. **Test authentication flow**: Click the button and complete authentication | ||||||
|  | 3. **Verify user creation**: Confirm new user account creation (if auto-registration is enabled) | ||||||
|  |  | ||||||
|  | ### Login flow verification | ||||||
|  |  | ||||||
|  | The complete authentication process should work as follows: | ||||||
|  |  | ||||||
|  | 1. User clicks "Sign in with Pocket ID" | ||||||
|  | 2. User is redirected to Pocket ID login page | ||||||
|  | 3. User authenticates with their credentials | ||||||
|  | 4. Pocket ID redirects back to Palmr | ||||||
|  | 5. Palmr creates or updates the user account | ||||||
|  | 6. User gains access to Palmr | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Troubleshooting common issues | ||||||
|  |  | ||||||
|  | ### Redirect URI mismatch | ||||||
|  |  | ||||||
|  | **Error**: `invalid_redirect_uri` | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Verify the exact callback URL in your Pocket ID application | ||||||
|  | 2. Check for protocol mismatches (http vs https) | ||||||
|  | 3. Ensure no trailing slashes unless specified | ||||||
|  | 4. Add development URLs if testing locally | ||||||
|  |  | ||||||
|  | ### Authentication failures | ||||||
|  |  | ||||||
|  | **Error**: `access_denied` or `unauthorized_client` | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Verify Client ID and Secret are correct | ||||||
|  | 2. Check if the application is enabled in Pocket ID | ||||||
|  | 3. Ensure required scopes are configured | ||||||
|  | 4. Verify the user has necessary permissions | ||||||
|  |  | ||||||
|  | ### Discovery endpoint issues | ||||||
|  |  | ||||||
|  | **Error**: Cannot fetch OIDC configuration | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Verify your Pocket ID server is accessible | ||||||
|  | 2. Check if the discovery endpoint (`/.well-known/openid-configuration`) is available | ||||||
|  | 3. Ensure SSL certificates are valid | ||||||
|  | 4. Check network connectivity and firewall rules | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Security best practices | ||||||
|  |  | ||||||
|  | ### Credential management | ||||||
|  |  | ||||||
|  | - **Secure storage**: Keep Client Secret secure and never commit to version control | ||||||
|  | - **Regular rotation**: Periodically rotate Client Secret | ||||||
|  | - **Environment variables**: Store credentials in environment variables | ||||||
|  | - **Access monitoring**: Regular review of authentication logs | ||||||
|  |  | ||||||
|  | ### Production considerations | ||||||
|  |  | ||||||
|  | - **HTTPS required**: Always use HTTPS in production | ||||||
|  | - **Valid certificates**: Ensure SSL certificates are valid | ||||||
|  | - **Regular updates**: Keep Pocket ID server updated | ||||||
|  | - **Backup strategy**: Regular backups of Pocket ID configuration | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Next steps | ||||||
|  |  | ||||||
|  | After configuring Pocket ID authentication: | ||||||
|  |  | ||||||
|  | - **Monitor usage**: Track authentication patterns | ||||||
|  | - **Configure MFA**: Set up multi-factor authentication if needed | ||||||
|  | - **User management**: Review auto-registration settings | ||||||
|  | - **Backup verification**: Test backup and restore procedures | ||||||
|  |  | ||||||
|  | For more information about OIDC authentication in Palmr, see the [OIDC Authentication overview](/docs/3.2-beta/oidc-authentication). | ||||||
|  |  | ||||||
|  | ## Useful resources | ||||||
|  |  | ||||||
|  | - [Pocket ID Documentation](https://docs.pocket-id.org) | ||||||
|  | - [OIDC Specification](https://openid.net/specs/openid-connect-core-1_0.html) | ||||||
|  | - [Palmr OIDC Overview](/docs/3.2-beta/oidc-authentication) | ||||||
							
								
								
									
										423
									
								
								apps/docs/content/docs/3.2-beta/oidc-authentication/zitadel.mdx
									
									
									
									
									
										Normal file
									
								
							
							
						
						| @@ -0,0 +1,423 @@ | |||||||
|  | --- | ||||||
|  | title: Zitadel | ||||||
|  | icon: Shield | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | import { ZoomableImage } from "@/components/ui/zoomable-image"; | ||||||
|  |  | ||||||
|  | Zitadel is one of Palmr's officially supported OIDC providers, offering enterprise-grade authentication through Zitadel's identity platform. This integration allows users to sign in to Palmr using Zitadel's comprehensive authentication system, making it perfect for enterprise organizations, applications requiring advanced security features, and teams that need centralized identity management with both cloud and self-hosted deployment options. | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/zitadel/sign-in-with-zitadel.png" alt="Sign in with Zitadel" /> | ||||||
|  |  | ||||||
|  | ## Why use Zitadel authentication? | ||||||
|  |  | ||||||
|  | Zitadel authentication provides several advantages for enterprise and security-focused organizations: | ||||||
|  |  | ||||||
|  | - **Enterprise-grade security** - Advanced security features like MFA, adaptive authentication, and threat detection | ||||||
|  | - **Flexible deployment** - Choose between cloud-hosted or self-hosted deployment options | ||||||
|  | - **Centralized identity management** - Single platform to manage users across multiple applications | ||||||
|  | - **Compliance ready** - Built-in compliance with GDPR, SOC 2, and other enterprise standards | ||||||
|  | - **Advanced customization** - Actions, flows, and custom branding capabilities | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Prerequisites | ||||||
|  |  | ||||||
|  | Before configuring Zitadel authentication, ensure you have: | ||||||
|  |  | ||||||
|  | - **Zitadel instance** - Either cloud-hosted or self-hosted Zitadel installation | ||||||
|  | - **Admin privileges in Palmr** - Required to configure OIDC settings | ||||||
|  | - **Domain configuration** - For production deployments with custom domains | ||||||
|  |  | ||||||
|  | > **Note:** Zitadel is pre-configured as an official provider in Palmr, which means the technical configuration is handled automatically. You only need to provide your OAuth credentials. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Setting up Zitadel Application | ||||||
|  |  | ||||||
|  | ### Creating a Zitadel application | ||||||
|  |  | ||||||
|  | To get started with Zitadel authentication, you'll need to create an application in your Zitadel Console. | ||||||
|  |  | ||||||
|  | 1. **Navigate to Zitadel Console**: Go to your Zitadel instance URL (e.g., `your-instance.zitadel.cloud` for cloud or `your self-hosted URL`) | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/zitadel/zitadel-console.png" alt="Zitadel Console" /> | ||||||
|  |  | ||||||
|  | 2. **Create new application**: Click **"Create Application"** button in the home screen. | ||||||
|  | 3. **Enter application details**: | ||||||
|  |  | ||||||
|  | - Enter a descriptive name like "Palmr File Sharing" for your project, ou select an existing project. | ||||||
|  | - Select Framework: Select "`Other (OIDC, SAML, API)`" | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/zitadel/create-application.png" alt="Zitadel Create Application" /> | ||||||
|  |  | ||||||
|  | 4. **Create application**: Click **"Create"** to generate your Zitadel application | ||||||
|  |  | ||||||
|  | After creating your application, you'll be redirected to the application configuration page step-by-step. in this page you can configure your application. | ||||||
|  |  | ||||||
|  | ### Configuring application settings | ||||||
|  |  | ||||||
|  | 5. **Select application type**: in the first step: | ||||||
|  |  | ||||||
|  | - Choose **"Web"** for web-based Palmr instances | ||||||
|  | - Add a descriptive name for your application (e.g. "Palmr File Sharing") | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/zitadel/step-1.png" | ||||||
|  |   alt="Zitadel Application Type Selection" | ||||||
|  |   legend="This is a fake application, you have to use your own." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | click on **"Continue"** to advance to the next step. | ||||||
|  |  | ||||||
|  | 6. **Select application type**: in the second step: | ||||||
|  |  | ||||||
|  | - Choose **"CODE"** for authentication method and click on **"Continue"** to advance to the next step. | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/zitadel/step-2.png" | ||||||
|  |   alt="Zitadel Application Authentication Method Selection" | ||||||
|  |   legend="This is a fake application, you have to use your own." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | 7. **Configure application URLs**: | ||||||
|  |  | ||||||
|  | You'll need to configure several URLs in your Zitadel application settings. Here's what to add for each environment: | ||||||
|  |  | ||||||
|  | ### Redirect URIs | ||||||
|  |  | ||||||
|  | | Environment | URL                                                               | | ||||||
|  | | ----------- | ----------------------------------------------------------------- | | ||||||
|  | | Production  | `https://yourdomain.com/api/auth/providers/zitadel/callback`      | | ||||||
|  | | Development | `http://localhost:3000/api/auth/providers/zitadel/callback`       | | ||||||
|  | | Custom Port | `https://yourdomain.com:5487/api/auth/providers/zitadel/callback` | | ||||||
|  |  | ||||||
|  | ### Post Logout Redirect URIs | ||||||
|  |  | ||||||
|  | | Environment | URL                           | | ||||||
|  | | ----------- | ----------------------------- | | ||||||
|  | | Production  | `https://yourdomain.com`      | | ||||||
|  | | Development | `http://localhost:3000`       | | ||||||
|  | | Custom Port | `https://yourdomain.com:5487` | | ||||||
|  |  | ||||||
|  | > **Note:** Replace `yourdomain.com` with your actual domain name in all production and custom port URLs. | ||||||
|  | > **Note:** If you using http:// (not https://) in your redirect URIs, you need to enable `Development mode` switch. | ||||||
|  | > **Note:** You can add multiple redirect URIs for different environments (development, staging, production). | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/zitadel/config-urls.png" | ||||||
|  |   alt="Zitadel Application URLs Configuration" | ||||||
|  |   legend="This is a fake application, you have to use your own." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | Click on **"Continue"** to advance to the last step. That is just a summary of the configuration you have done. | ||||||
|  |  | ||||||
|  | 8. **Save changes**: Click **"Save"** to apply your configuration | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/zitadel/config-overview.png" | ||||||
|  |   alt="Zitadel Application Summary" | ||||||
|  |   legend="This is a fake application, you have to use your own." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | You can click on **"Create"** to create your application. | ||||||
|  |  | ||||||
|  | ### Getting OAuth credentials | ||||||
|  |  | ||||||
|  | After creating your application, a modal will appear with the credentials that Palmr will use to authenticate with Zitadel. | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/zitadel/credentials-modal.png" | ||||||
|  |   alt="Zitadel OAuth Credentials" | ||||||
|  |   legend="The client ID and client secret shown in the image are examples only (fake credentials). You must use your own credentials from Zitadel." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | you can copy the credentials and save them in a safe place for later use. | ||||||
|  |  | ||||||
|  | ### Final Zitadel configuration | ||||||
|  |  | ||||||
|  | **Confirm the Zitadel application configuration**: | ||||||
|  |  | ||||||
|  | After closing the modal, you'll be redirected to the Zitadel application page. | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/zitadel/application-page.png" | ||||||
|  |   alt="Zitadel Application Page" | ||||||
|  |   legend="This is a fake application, you have to use your own." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | Confirm the application configuration fields: | ||||||
|  |  | ||||||
|  | - **Application Type**: The Application Type has been set to **"Web"** | ||||||
|  | - **Response Type**: The Response Type has been set to **"Code"** | ||||||
|  | - **Authentication Method**: The Authentication Method has been set to **"Basic"** | ||||||
|  | - **Grant Types**: The Grant Types has been set to **"Authorization Code"** | ||||||
|  | - **Refresh Token**: The Refresh Token has been set to **"Disabled"** | ||||||
|  |  | ||||||
|  | You can edit the application configuration if you want to change something and click on **"Save"** to save the application configuration. | ||||||
|  |  | ||||||
|  | > **Note:** If you edit your client ID, you need to update the credentials that you saved in the previous step. | ||||||
|  |  | ||||||
|  | Select the **"Token Settings"** section in the side menu, you can configure the token settings for your application. | ||||||
|  |  | ||||||
|  | The default Auth Token Type is **"Bearer"** and you can change it to **"JWT"** and click on **"Save"** to save the token settings. | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/zitadel/token-settings.png" | ||||||
|  |   alt="Zitadel Auth Token Settings" | ||||||
|  |   legend="This is a fake application, you have to use your own." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | Click on **Redirect Settings** section in the side menu, you can configure the redirect settings for your application. Just confirm the previous URLs you have configured in the previous step. If you want to add more redirect URLs, you can add them by clicking on **"+"** button. If you need to edit the redirect URLs, you can edit them by clicking on the pen icon. | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/zitadel/redirect-settings-page.png" | ||||||
|  |   alt="Zitadel Redirect Settings" | ||||||
|  |   legend="This is a fake application, you have to use your own." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | The last step in Zitadel is grab your instance URL. You can find it clicking on the **"URLs"** in the side menu. | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/zitadel/urls-page.png" | ||||||
|  |   alt="Zitadel Instance URL" | ||||||
|  |   legend="This is a fake application, you have to use your own." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | You dont need copy the complete URL, just the domain name and protocol and port if you are using a custom port. | ||||||
|  | For example: `https://palmr-zaxijp.us1.zitadel.cloud` (image bellow case) or `https://zitadel.yourdomain.com` or `https://zitadel.yourdomain.com:5487` if you are using a custom port. | ||||||
|  |  | ||||||
|  | > **Note:** In Zitadel we finish the configuration. Let's go to Palmr to configure the provider. Remember you need `Client ID`, `Client Secret` and `Instance URL` to configure the provider in Palmr. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Configuring Palmr | ||||||
|  |  | ||||||
|  | ### Accessing OIDC settings | ||||||
|  |  | ||||||
|  | To configure Zitadel authentication in Palmr, you need administrator access to the settings panel. | ||||||
|  |  | ||||||
|  | 1. **Login as administrator**: Sign in to Palmr with an admin account | ||||||
|  |  | ||||||
|  | 2. **Access settings**: Click your profile picture in the header and select **Settings** | ||||||
|  |  | ||||||
|  | 3. **Navigate to authentication**: Find and click on the **Authentication Providers** configuration section | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/auth-providers.png" alt="Palmr Authentication Providers" /> | ||||||
|  |  | ||||||
|  | ### Enabling Zitadel provider | ||||||
|  |  | ||||||
|  | Zitadel comes pre-configured as an official provider, so the setup process is streamlined. | ||||||
|  |  | ||||||
|  | 1. **Locate Zitadel provider**: Find Zitadel in the list of available providers | ||||||
|  |  | ||||||
|  | 2. **Enable the provider**: Toggle the status to **Enabled** | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/zitadel/enabled-zitadel.png" alt="Palmr Zitadel Provider Enabled" /> | ||||||
|  |  | ||||||
|  | After enabling the provider, click on the pen icon to configure the provider. | ||||||
|  |  | ||||||
|  | 3. **Configure credentials**: | ||||||
|  |    - **Provider URL**: Paste your Zitadel instance URL (e.g., `https://your-instance.zitadel.cloud`) | ||||||
|  |    - **Client ID**: Paste the Client ID from Zitadel application | ||||||
|  |    - **Client Secret**: Paste the Client Secret from Zitadel application | ||||||
|  |    - **Scopes**: Add the scopes you want to use. The default scopes are `openid`, `profile`, and `email`. You don't need change this if you are not sure. | ||||||
|  |  | ||||||
|  | <ZoomableImage | ||||||
|  |   src="/assets/v3/oidc/zitadel/edit-zitadel.png" | ||||||
|  |   alt="Edit Zitadel Provider" | ||||||
|  |   legend="This is a fake application, you have to use your own." | ||||||
|  | /> | ||||||
|  |  | ||||||
|  | ### Advanced configuration options | ||||||
|  |  | ||||||
|  | Configure additional settings to customize the authentication behavior: | ||||||
|  |  | ||||||
|  | **Auto Registration**: Enable this to automatically create user accounts when someone authenticates for the first time. | ||||||
|  |  | ||||||
|  | **Sort Order**: Control where the Zitadel login button appears relative to other authentication providers. | ||||||
|  |  | ||||||
|  | **Icon**: you can choose the icon you want to use for the Zitadel login button (default is `FaShieldAlt`). | ||||||
|  |  | ||||||
|  | <ZoomableImage src="/assets/v3/oidc/zitadel/zitadel-icon.png" alt="Zitadel Icon" /> | ||||||
|  |  | ||||||
|  | > **Enterprise tip:** Zitadel authentication works great for enterprise organizations requiring advanced security features and centralized identity management with deployment flexibility. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Account linking | ||||||
|  |  | ||||||
|  | By default, if a user is already registered in Palmr with their Zitadel email, they will be automatically linked to their Palmr account. | ||||||
|  |  | ||||||
|  | > **Note:** You can't disable account linking. If you want to unlink a user from their Zitadel account, you need to delete the user from Palmr. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Technical configuration | ||||||
|  |  | ||||||
|  | Zitadel's technical configuration is handled automatically, but understanding the setup can help with troubleshooting: | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | Provider Type: OAuth 2.0 with OIDC Discovery | ||||||
|  | Issuer URL: https://your-instance.zitadel.cloud | ||||||
|  | Authorization Endpoint: /oauth/v2/authorize | ||||||
|  | Token Endpoint: /oauth/v2/token | ||||||
|  | UserInfo Endpoint: /oidc/v1/userinfo | ||||||
|  | Scopes: openid profile email | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### Field mappings | ||||||
|  |  | ||||||
|  | Palmr automatically maps Zitadel user information to local user accounts: | ||||||
|  |  | ||||||
|  | - **User ID**: Maps from Zitadel's `sub` field | ||||||
|  | - **Email**: Maps from Zitadel's `email` field | ||||||
|  | - **Full Name**: Maps from Zitadel's `name` field | ||||||
|  | - **First Name**: Maps from Zitadel's `given_name` field | ||||||
|  | - **Last Name**: Maps from Zitadel's `family_name` field | ||||||
|  | - **Avatar**: Maps from Zitadel's `picture` field | ||||||
|  | - **Username**: Maps from Zitadel's `preferred_username` field | ||||||
|  |  | ||||||
|  | ### Zitadel-specific features | ||||||
|  |  | ||||||
|  | - **Custom Claims**: Can include custom user metadata and app metadata | ||||||
|  | - **Actions Support**: Can customize authentication flow with custom actions | ||||||
|  | - **Multi-factor Authentication**: Supports Zitadel's MFA features | ||||||
|  | - **Enterprise SSO**: Integrates with SAML, LDAP, and other enterprise systems | ||||||
|  | - **Self-hosted Support**: Full functionality with self-hosted Zitadel instances | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Testing the configuration | ||||||
|  |  | ||||||
|  | ### Verifying the setup | ||||||
|  |  | ||||||
|  | After configuring Zitadel authentication, test the integration to ensure everything works correctly. | ||||||
|  |  | ||||||
|  | 1. **Check login page**: Navigate to your Palmr login page and verify the "Sign in with Zitadel" button appears | ||||||
|  |  | ||||||
|  | 2. **Test authentication flow**: Click the Zitadel sign-in button and complete the authentication process | ||||||
|  |  | ||||||
|  | 3. **Verify user creation**: Confirm that a new user account is created (if auto-registration is enabled) | ||||||
|  |  | ||||||
|  | ### Login flow verification | ||||||
|  |  | ||||||
|  | The complete authentication process should work as follows: | ||||||
|  |  | ||||||
|  | 1. **User clicks "Sign in with Zitadel"**: The browser redirects to Zitadel's authorization page | ||||||
|  | 2. **User authenticates**: User completes authentication through Zitadel (login, MFA, etc.) | ||||||
|  | 3. **Zitadel redirects back to Palmr**: User returns to Palmr with authentication tokens | ||||||
|  | 4. **Palmr creates or updates user**: User account is automatically managed with Zitadel information | ||||||
|  | 5. **User accesses Palmr**: User is logged in with their Zitadel identity | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Troubleshooting common issues | ||||||
|  |  | ||||||
|  | ### Redirect URI mismatch error | ||||||
|  |  | ||||||
|  | **Error message**: `invalid_redirect_uri` | ||||||
|  |  | ||||||
|  | **Cause**: The redirect URI in your request doesn't match what's configured in Zitadel application. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Check the exact URL in the error message | ||||||
|  | 2. Add this exact URL to your Zitadel application's redirect URIs | ||||||
|  | 3. Ensure you include the correct protocol (http/https) and port | ||||||
|  | 4. Remove any trailing slashes unless they're in the callback URL | ||||||
|  |  | ||||||
|  | ### Access denied error | ||||||
|  |  | ||||||
|  | **Error message**: `access_denied` | ||||||
|  |  | ||||||
|  | **Cause**: User denied permissions or the application isn't properly configured. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Verify that your Zitadel application requests the correct scopes | ||||||
|  | 2. Check that users are granting permissions during the authorization flow | ||||||
|  | 3. Ensure your application is not restricted or disabled | ||||||
|  | 4. Verify the application has proper permissions set up | ||||||
|  |  | ||||||
|  | ### Invalid client error | ||||||
|  |  | ||||||
|  | **Error message**: `invalid_client` | ||||||
|  |  | ||||||
|  | **Cause**: Incorrect Client ID, Client Secret, or Instance URL. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Double-check that you've copied the credentials correctly from Zitadel | ||||||
|  | 2. Ensure there are no extra spaces or characters in the credentials | ||||||
|  | 3. Verify you're using the correct instance URL format | ||||||
|  | 4. Generate a new Client Secret if necessary | ||||||
|  |  | ||||||
|  | ### Instance URL configuration issues | ||||||
|  |  | ||||||
|  | **Error message**: Instance not found or invalid | ||||||
|  |  | ||||||
|  | **Cause**: Incorrect Zitadel instance URL or instance configuration. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Verify your Zitadel instance URL is correct | ||||||
|  | 2. Check that your Zitadel instance is active and accessible | ||||||
|  | 3. Ensure you're using the correct protocol (https://) | ||||||
|  | 4. Verify DNS resolution for your Zitadel instance | ||||||
|  |  | ||||||
|  | ### Self-hosted connectivity issues | ||||||
|  |  | ||||||
|  | **Cause**: Network connectivity problems with self-hosted Zitadel instance. | ||||||
|  |  | ||||||
|  | **Solution**: | ||||||
|  |  | ||||||
|  | 1. Check server firewall and network connectivity | ||||||
|  | 2. Verify DNS resolution from your server to the Zitadel instance | ||||||
|  | 3. Ensure the Zitadel instance is properly configured and running | ||||||
|  | 4. Check SSL certificate validity for the Zitadel instance | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Security best practices | ||||||
|  |  | ||||||
|  | ### Credential management | ||||||
|  |  | ||||||
|  | - **Never expose secrets**: Keep your Client Secret secure and never commit it to version control | ||||||
|  | - **Rotate credentials regularly**: Generate new Client Secrets periodically for enhanced security | ||||||
|  | - **Use environment variables**: Store sensitive configuration in environment variables, not config files | ||||||
|  | - **Monitor access logs**: Regularly review authentication logs for suspicious activity | ||||||
|  |  | ||||||
|  | ### Scope and permission management | ||||||
|  |  | ||||||
|  | - **Minimal scopes**: Only request `openid`, `profile`, and `email` scopes as required by Palmr | ||||||
|  | - **User consent**: Ensure users understand what permissions they're granting | ||||||
|  | - **Regular audits**: Review which users have connected their Zitadel accounts | ||||||
|  | - **Access reviews**: Periodically check user access and remove inactive accounts | ||||||
|  |  | ||||||
|  | ### Production considerations | ||||||
|  |  | ||||||
|  | - **Use HTTPS**: Always use HTTPS in production environments | ||||||
|  | - **Configure proper domains**: Use production domains in Zitadel application settings | ||||||
|  | - **Test thoroughly**: Verify the complete authentication flow before going live | ||||||
|  | - **Plan for failures**: Have fallback authentication methods available | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Next steps | ||||||
|  |  | ||||||
|  | With Zitadel authentication configured, you might want to: | ||||||
|  |  | ||||||
|  | - **Configure additional providers**: Set up other OIDC providers for more authentication options | ||||||
|  | - **Customize user management**: Fine-tune auto-registration and admin assignment rules | ||||||
|  | - **Review security settings**: Ensure your authentication setup meets your security requirements | ||||||
|  | - **Monitor usage**: Keep track of authentication patterns and user activity | ||||||
|  |  | ||||||
|  | For more information about OIDC authentication in Palmr, see the [OIDC Authentication overview](/docs/3.2-beta/oidc-authentication). | ||||||
|  |  | ||||||
|  | ## Useful resources | ||||||
|  |  | ||||||
|  | - [Zitadel Documentation](https://zitadel.com/docs) | ||||||
|  | - [Zitadel OAuth 2.0 Guide](https://zitadel.com/docs/apis/openidoauth) | ||||||
|  | - [Zitadel OpenID Connect](https://zitadel.com/docs/apis/openidoauth/oidc) | ||||||
|  | - [Zitadel Console](https://cloud.zitadel.com) | ||||||
| @@ -47,12 +47,12 @@ docker exec -it <container_name_or_id> /bin/sh | |||||||
| 
 | 
 | ||||||
| Replace `<container_name_or_id>` with the name or ID of your Palmr container. This command opens an interactive shell session inside the container, allowing you to execute commands directly. | Replace `<container_name_or_id>` with the name or ID of your Palmr container. This command opens an interactive shell session inside the container, allowing you to execute commands directly. | ||||||
| 
 | 
 | ||||||
| ### 3. Navigate to the server directory | ### 3. Navigate to the application directory | ||||||
| 
 | 
 | ||||||
| Once inside the container, navigate to the server directory where the reset script is located: | Once inside the container, navigate to the application directory where the reset script is located: | ||||||
| 
 | 
 | ||||||
| ```bash | ```bash | ||||||
| cd /app/server | cd /app/palmr-app | ||||||
| ``` | ``` | ||||||
| 
 | 
 | ||||||
| This directory contains the necessary scripts and configurations for managing Palmr's backend operations. | This directory contains the necessary scripts and configurations for managing Palmr's backend operations. | ||||||
| @@ -131,16 +131,15 @@ If you encounter issues while running the script, refer to the following solutio | |||||||
| 
 | 
 | ||||||
| - **Error: "Database connection failed"**   | - **Error: "Database connection failed"**   | ||||||
|   If the script cannot connect to the database, check the following: |   If the script cannot connect to the database, check the following: | ||||||
| 
 |  | ||||||
|   - Ensure the database service is running within the container. |   - Ensure the database service is running within the container. | ||||||
|   - Confirm that the `prisma/palmr.db` file exists and has the correct permissions. |   - Confirm that the `prisma/palmr.db` file exists and has the correct permissions. | ||||||
|   - Verify that the container has access to the database volume. |   - Verify that the container has access to the database volume. | ||||||
| 
 | 
 | ||||||
| - **Error: "Script must be run from server directory"**   | - **Error: "Script must be run from application directory"**   | ||||||
|   This error appears if you are not in the correct directory. Navigate to the server directory with: |   This error appears if you are not in the correct directory. Navigate to the application directory with: | ||||||
| 
 | 
 | ||||||
|   ```bash |   ```bash | ||||||
|   cd /app/server |   cd /app/palmr-app | ||||||
|   ``` |   ``` | ||||||
| 
 | 
 | ||||||
| - **Error: "User not found"**   | - **Error: "User not found"**   | ||||||
							
								
								
									
										409
									
								
								apps/docs/content/docs/3.2-beta/quick-start.mdx
									
									
									
									
									
										Normal file
									
								
							
							
						
						| @@ -0,0 +1,409 @@ | |||||||
|  | --- | ||||||
|  | title: Quick Start (Docker) | ||||||
|  | icon: "Rocket" | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | import { Callout } from "fumadocs-ui/components/callout"; | ||||||
|  | import { Tab, Tabs } from "fumadocs-ui/components/tabs"; | ||||||
|  |  | ||||||
|  | import { Card, CardGrid } from "@/components/ui/card"; | ||||||
|  |  | ||||||
|  | Welcome to the fastest way to deploy <span className="font-bold">Palmr.</span> - your secure, self-hosted file sharing solution. This guide will have you up and running in minutes, whether you're new to self-hosting or an experienced developer. | ||||||
|  |  | ||||||
|  | Palmr. offers flexible deployment options to match your infrastructure needs. This guide focuses on Docker deployment with our recommended filesystem storage, perfect for most use cases. | ||||||
|  |  | ||||||
|  | ## Prerequisites | ||||||
|  |  | ||||||
|  | Before you begin, make sure you have: | ||||||
|  |  | ||||||
|  | - **Docker** - Container runtime ([installation guide](https://docs.docker.com/get-docker/)) | ||||||
|  | - **Docker Compose** - Multi-container orchestration ([installation guide](https://docs.docker.com/compose/install/)) | ||||||
|  | - **2GB+ available disk space** for the application and your files | ||||||
|  | - **Port 5487** available for the web interface | ||||||
|  | - **Port 3333** available for API access (optional) | ||||||
|  |  | ||||||
|  | <Callout> | ||||||
|  |   **Platform Support**: Palmr. is developed on macOS and extensively tested on Linux servers. While we haven't formally | ||||||
|  |   tested other platforms, Docker's cross-platform nature should ensure compatibility. Report any issues on our [GitHub | ||||||
|  |   repository](https://github.com/kyantech/Palmr/issues). | ||||||
|  | </Callout> | ||||||
|  |  | ||||||
|  | ## Storage Options | ||||||
|  |  | ||||||
|  | Palmr. supports two storage approaches for persistent data: | ||||||
|  |  | ||||||
|  | - **Named Volumes (Recommended)** - Docker-managed storage with optimal performance and no permission issues | ||||||
|  | - **Bind Mounts** - Direct host filesystem access, ideal for development and direct file management | ||||||
|  |  | ||||||
|  | ## Deployment Options | ||||||
|  |  | ||||||
|  | Choose your storage method based on your needs: | ||||||
|  |  | ||||||
|  | <Tabs items={['Named Volumes (Recommended)', 'Bind Mounts']}> | ||||||
|  |   <Tab value="Named Volumes (Recommended)"> | ||||||
|  |     Docker-managed storage that provides the best balance of performance, security, and ease of use: | ||||||
|  |  | ||||||
|  |     - **No Permission Issues**: Docker handles all permission management automatically | ||||||
|  |     - **Performance**: Optimized for container workloads with better I/O performance | ||||||
|  |     - **Production Ready**: Recommended for production deployments | ||||||
|  |  | ||||||
|  |     ### Configuration | ||||||
|  |  | ||||||
|  |     Create a `docker-compose.yml` file: | ||||||
|  |  | ||||||
|  |     ```yaml | ||||||
|  |     services: | ||||||
|  |       palmr: | ||||||
|  |         image: kyantech/palmr:latest | ||||||
|  |         container_name: palmr | ||||||
|  |         restart: unless-stopped | ||||||
|  |         ports: | ||||||
|  |           - "5487:5487" # Web interface | ||||||
|  |           # - "3333:3333" # API (optional) | ||||||
|  |         environment: | ||||||
|  |           # Optional: Uncomment and configure as needed (if you don`t use, you can remove) | ||||||
|  |           # - ENABLE_S3=true # Set to true to enable S3-compatible storage | ||||||
|  |           # - DISABLE_FILESYSTEM_ENCRYPTION=true # Set to false to enable file encryption | ||||||
|  |           # - ENCRYPTION_KEY=your-secure-key-min-32-chars # Required only if encryption is enabled | ||||||
|  |           # - PALMR_UID=1000 # UID for the container processes (default is 1000) | ||||||
|  |           # - PALMR_GID=1000 # GID for the container processes (default is 1000) | ||||||
|  |           # - SECURE_SITE=false # Set to true if you are using a reverse proxy | ||||||
|  |           # - DEFAULT_LANGUAGE=en-US # Default language for the application (optional, defaults to en-US) | ||||||
|  |           # - PRESIGNED_URL_EXPIRATION=3600 # Duration in seconds for presigned URL expiration (optional, defaults to 3600 seconds / 1 hour) | ||||||
|  |           # - DOWNLOAD_MAX_CONCURRENT=5 # Maximum simultaneous downloads (auto-scales if not set) | ||||||
|  |           # - DOWNLOAD_MEMORY_THRESHOLD_MB=2048 # Memory threshold in MB before throttling (auto-scales if not set) | ||||||
|  |           # - DOWNLOAD_QUEUE_SIZE=25 # Maximum queue size for pending downloads (auto-scales if not set) | ||||||
|  |           # - DOWNLOAD_MIN_FILE_SIZE_GB=3.0 # Minimum file size in GB to activate memory management (default: 3.0) | ||||||
|  |           # - DOWNLOAD_AUTO_SCALE=true # Enable auto-scaling based on system memory (default: true) | ||||||
|  |           # - NODE_OPTIONS=--expose-gc # Enable garbage collection for large downloads (recommended for production) | ||||||
|  |           # - NEXT_PUBLIC_UPLOAD_CHUNK_SIZE_MB=100 # Chunk size in MB for large file uploads (OPTIONAL - auto-calculates if not set) | ||||||
|  |         volumes: | ||||||
|  |           - palmr_data:/app/server | ||||||
|  |  | ||||||
|  |     volumes: | ||||||
|  |       palmr_data: | ||||||
|  |     ``` | ||||||
|  |  | ||||||
|  |     <Callout type="info"> | ||||||
|  |       **Having upload or permission issues?** Add `PALMR_UID=1000` and `PALMR_GID=1000` to your environment variables. Check our [UID/GID Configuration](/docs/3.2-beta/uid-gid-configuration) guide for more details. | ||||||
|  |     </Callout> | ||||||
|  |  | ||||||
|  |     ### Deploy | ||||||
|  |  | ||||||
|  |     ```bash | ||||||
|  |     docker-compose up -d | ||||||
|  |     ``` | ||||||
|  |  | ||||||
|  |   </Tab> | ||||||
|  |   <Tab value="Bind Mounts"> | ||||||
|  |     Direct mapping to host filesystem directories, providing direct file access: | ||||||
|  |  | ||||||
|  |     - **Direct Access**: Files are directly accessible from your host system | ||||||
|  |     - **Development Friendly**: Easy to inspect, modify, or backup files manually | ||||||
|  |     - **Platform Dependent**: May require UID/GID configuration, especially on NAS systems | ||||||
|  |  | ||||||
|  |     ### Configuration | ||||||
|  |  | ||||||
|  |     Create a `docker-compose.yml` file: | ||||||
|  |  | ||||||
|  |     ```yaml | ||||||
|  |     services: | ||||||
|  |       palmr: | ||||||
|  |         image: kyantech/palmr:latest | ||||||
|  |         container_name: palmr | ||||||
|  |         restart: unless-stopped | ||||||
|  |         ports: | ||||||
|  |           - "5487:5487" # Web interface | ||||||
|  |           # - "3333:3333" # API (optional) | ||||||
|  |         environment: | ||||||
|  |           # Optional: Uncomment and configure as needed (if you don`t use, you can remove) | ||||||
|  |           # - ENABLE_S3=true # Set to true to enable S3-compatible storage | ||||||
|  |           # - DISABLE_FILESYSTEM_ENCRYPTION=false # Set to false to enable file encryption | ||||||
|  |           # - ENCRYPTION_KEY=your-secure-key-min-32-chars # Required only if encryption is enabled | ||||||
|  |           # - PALMR_UID=1000 # UID for the container processes (default is 1000) | ||||||
|  |           # - PALMR_GID=1000 # GID for the container processes (default is 1000) | ||||||
|  |           # - SECURE_SITE=false # Set to true if you are using a reverse proxy | ||||||
|  |           # - DEFAULT_LANGUAGE=en-US # Default language for the application (optional, defaults to en-US) | ||||||
|  |           # - PRESIGNED_URL_EXPIRATION=3600 # Duration in seconds for presigned URL expiration (optional, defaults to 3600 seconds / 1 hour) | ||||||
|  |           # - DOWNLOAD_MAX_CONCURRENT=5 # Maximum simultaneous downloads (auto-scales if not set) | ||||||
|  |           # - DOWNLOAD_MEMORY_THRESHOLD_MB=2048 # Memory threshold in MB before throttling (auto-scales if not set) | ||||||
|  |           # - DOWNLOAD_QUEUE_SIZE=25 # Maximum queue size for pending downloads (auto-scales if not set) | ||||||
|  |           # - DOWNLOAD_MIN_FILE_SIZE_GB=3.0 # Minimum file size in GB to activate memory management (default: 3.0) | ||||||
|  |           # - DOWNLOAD_AUTO_SCALE=true # Enable auto-scaling based on system memory (default: true) | ||||||
|  |           # - NODE_OPTIONS=--expose-gc # Enable garbage collection for large downloads (recommended for production) | ||||||
|  |         volumes: | ||||||
|  |           - ./data:/app/server | ||||||
|  |     ``` | ||||||
|  |  | ||||||
|  |     <Callout type="info"> | ||||||
|  |       **Having upload or permission issues?** Add `PALMR_UID=1000` and `PALMR_GID=1000` to your environment variables. Check our [UID/GID Configuration](/docs/3.2-beta/uid-gid-configuration) guide for more details. | ||||||
|  |     </Callout> | ||||||
|  |  | ||||||
|  |     ### Deploy | ||||||
|  |  | ||||||
|  |     ```bash | ||||||
|  |     docker-compose up -d | ||||||
|  |     ``` | ||||||
|  |  | ||||||
|  |   </Tab> | ||||||
|  | </Tabs> | ||||||
|  |  | ||||||
|  | ## Configuration | ||||||
|  |  | ||||||
|  | Customize Palmr's behavior with these environment variables: | ||||||
|  |  | ||||||
|  | | Variable                           | Default        | Description                                                                                                                           | | ||||||
|  | | ---------------------------------- | -------------- | ------------------------------------------------------------------------------------------------------------------------------------- | | ||||||
|  | | `ENABLE_S3`                        | `false`        | Enable S3-compatible storage backends                                                                                                 | | ||||||
|  | | `S3_ENDPOINT`                      | -              | S3 server endpoint URL (required when using S3)                                                                                       | | ||||||
|  | | `S3_PORT`                          | -              | S3 server port (optional when using S3)                                                                                               | | ||||||
|  | | `S3_USE_SSL`                       | -              | Enable SSL for S3 connections (optional when using S3)                                                                                | | ||||||
|  | | `S3_ACCESS_KEY`                    | -              | S3 access key for authentication (required when using S3)                                                                             | | ||||||
|  | | `S3_SECRET_KEY`                    | -              | S3 secret key for authentication (required when using S3)                                                                             | | ||||||
|  | | `S3_REGION`                        | -              | S3 region configuration (optional when using S3)                                                                                      | | ||||||
|  | | `S3_BUCKET_NAME`                   | -              | S3 bucket name for file storage (required when using S3)                                                                              | | ||||||
|  | | `S3_FORCE_PATH_STYLE`              | `false`        | Force path-style S3 URLs (optional when using S3)                                                                                     | | ||||||
|  | | `S3_REJECT_UNAUTHORIZED`           | `true`         | Enable strict SSL certificate validation for S3 (set to `false` for self-signed certificates)                                         | | ||||||
|  | | `ENCRYPTION_KEY`                   | -              | **Required when encryption is enabled**: 32+ character key for file encryption                                                        | | ||||||
|  | | `DISABLE_FILESYSTEM_ENCRYPTION`    | `true`         | Disable file encryption for better performance (set to `false` to enable encryption)                                                  | | ||||||
|  | | `PRESIGNED_URL_EXPIRATION`         | `3600`         | Duration in seconds for presigned URL expiration (applies to both filesystem and S3 storage)                                          | | ||||||
|  | | `CUSTOM_PATH`                      | -              | Custom base path for disk space detection in manual installations with symlinks                                                       | | ||||||
|  | | `SECURE_SITE`                      | `false`        | Enable secure cookies for HTTPS/reverse proxy deployments                                                                             | | ||||||
|  | | `DEFAULT_LANGUAGE`                 | `en-US`        | Default application language ([see available languages](/docs/3.2-beta/available-languages))                                          | | ||||||
|  | | `PALMR_UID`                        | `1000`         | User ID for container processes (helps with file permissions)                                                                         | | ||||||
|  | | `PALMR_GID`                        | `1000`         | Group ID for container processes (helps with file permissions)                                                                        | | ||||||
|  | | `NODE_OPTIONS`                     | -              | Node.js options (recommended: `--expose-gc` for garbage collection in production)                                                     | | ||||||
|  | | `DOWNLOAD_MAX_CONCURRENT`          | auto-scale     | Maximum number of simultaneous downloads (see [Download Memory Management](/docs/3.2-beta/download-memory-management))                | | ||||||
|  | | `DOWNLOAD_MEMORY_THRESHOLD_MB`     | auto-scale     | Memory threshold in MB before throttling                                                                                              | | ||||||
|  | | `DOWNLOAD_QUEUE_SIZE`              | auto-scale     | Maximum queue size for pending downloads                                                                                              | | ||||||
|  | | `DOWNLOAD_MIN_FILE_SIZE_GB`        | `3.0`          | Minimum file size in GB to activate memory management                                                                                 | | ||||||
|  | | `NEXT_PUBLIC_UPLOAD_CHUNK_SIZE_MB` | auto-calculate | Chunk size in MB for large file uploads (see [Chunked Upload Configuration](/docs/3.2-beta/quick-start#chunked-upload-configuration)) | | ||||||
|  | | `DOWNLOAD_AUTO_SCALE`              | `true`         | Enable auto-scaling based on system memory                                                                                            | | ||||||
|  |  | ||||||
|  | <Callout type="info"> | ||||||
|  |   **Performance First**: Palmr runs without encryption by default for optimal speed and lower resource usage—perfect for | ||||||
|  |   most use cases. | ||||||
|  | </Callout> | ||||||
|  |  | ||||||
|  | <Callout type="warn"> | ||||||
|  |   **Encryption Notice**: To enable encryption, set `DISABLE_FILESYSTEM_ENCRYPTION=false` and provide a 32+ character | ||||||
|  |   `ENCRYPTION_KEY`. **Important**: This choice is permanent—switching encryption modes after uploading files will break | ||||||
|  |   access to existing uploads. | ||||||
|  | </Callout> | ||||||
|  |  | ||||||
|  | <Callout> | ||||||
|  |   **Using a Reverse Proxy?** Set `SECURE_SITE=true` and check our [Reverse Proxy | ||||||
|  |   Configuration](/docs/3.2-beta/reverse-proxy-configuration) guide for proper HTTPS setup. | ||||||
|  | </Callout> | ||||||
|  |  | ||||||
|  | ### Generate Encryption Keys (Optional) | ||||||
|  |  | ||||||
|  | Need file encryption? Generate a secure key: | ||||||
|  |  | ||||||
|  | <KeyGenerator /> | ||||||
|  |  | ||||||
|  | > **Pro Tip**: Only enable encryption if you're handling sensitive data. For most users, the default unencrypted mode provides better performance. | ||||||
|  |  | ||||||
|  | ## Access Your Instance | ||||||
|  |  | ||||||
|  | Once deployed, open Palmr in your browser: | ||||||
|  |  | ||||||
|  | - **Web Interface**: `http://localhost:5487` (local) or `http://YOUR_SERVER_IP:5487` (remote) | ||||||
|  | - **API Documentation**: `http://localhost:3333/docs` (if port 3333 is exposed) | ||||||
|  |  | ||||||
|  | <Callout type="info"> | ||||||
|  |   **Learn More**: For complete API documentation, authentication, and integration examples, see our [API | ||||||
|  |   Reference](/docs/3.2-beta/api) guide | ||||||
|  | </Callout> | ||||||
|  |  | ||||||
|  | <Callout type="warn"> | ||||||
|  |   **Production Ready?** Configure HTTPS with a valid SSL certificate for secure production deployments. | ||||||
|  | </Callout> | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Docker CLI Alternative | ||||||
|  |  | ||||||
|  | Prefer Docker commands over Compose? Here are the equivalent commands: | ||||||
|  |  | ||||||
|  | <Tabs items={["Named Volume", "Bind Mount"]}> | ||||||
|  |   <Tab value="Named Volume"> | ||||||
|  |  | ||||||
|  |     ```bash | ||||||
|  |     docker run -d \ | ||||||
|  |       --name palmr \ | ||||||
|  |       # Optional: Uncomment and configure as needed (if you don`t use, you can remove) | ||||||
|  |       # -e ENABLE_S3=true \ # Set to true to enable S3-compatible storage (OPTIONAL - default is false) | ||||||
|  |       # -e DISABLE_FILESYSTEM_ENCRYPTION=false \ # Set to false to enable file encryption (ENCRYPTION_KEY becomes required) | (OPTIONAL - default is true) | ||||||
|  |       # -e ENCRYPTION_KEY=your-secure-key-min-32-chars # Required only if encryption is enabled | ||||||
|  |       # -e PALMR_UID=1000 # UID for the container processes (default is 1000) | ||||||
|  |       # -e PALMR_GID=1000 # GID for the container processes (default is 1000) | ||||||
|  |       # -e SECURE_SITE=false # Set to true if you are using a reverse proxy | ||||||
|  |       # -e DEFAULT_LANGUAGE=en-US # Default language for the application (optional, defaults to en-US) | ||||||
|  |       -p 5487:5487 \ | ||||||
|  |       -p 3333:3333 \ | ||||||
|  |       -v palmr_data:/app/server \ | ||||||
|  |       --restart unless-stopped \ | ||||||
|  |       kyantech/palmr:latest | ||||||
|  |     ``` | ||||||
|  |  | ||||||
|  |  | ||||||
|  |     <Callout type="info"> | ||||||
|  |       **Permission Issues?** Add `-e PALMR_UID=1000 -e PALMR_GID=1000` to the command above. See our [UID/GID Configuration](/docs/3.2-beta/uid-gid-configuration) guide for details. | ||||||
|  |     </Callout> | ||||||
|  |  | ||||||
|  |   </Tab> | ||||||
|  |  | ||||||
|  |   <Tab value="Bind Mount"> | ||||||
|  |  | ||||||
|  |     ```bash | ||||||
|  |     docker run -d \ | ||||||
|  |       --name palmr \ | ||||||
|  |       # Optional: Uncomment and configure as needed (if you don`t use, you can remove) | ||||||
|  |       # -e ENABLE_S3=true \ # Set to true to enable S3-compatible storage (OPTIONAL - default is false) | ||||||
|  |       # -e DISABLE_FILESYSTEM_ENCRYPTION=true \ # Set to false to enable file encryption (ENCRYPTION_KEY becomes required) | (OPTIONAL - default is true) | ||||||
|  |       # -e ENCRYPTION_KEY=your-secure-key-min-32-chars # Required only if encryption is enabled | ||||||
|  |       # -e PALMR_UID=1000 # UID for the container processes (default is 1000) | ||||||
|  |       # -e PALMR_GID=1000 # GID for the container processes (default is 1000) | ||||||
|  |       # -e SECURE_SITE=false # Set to true if you are using a reverse proxy | ||||||
|  |       # -e DEFAULT_LANGUAGE=en-US # Default language for the application (optional, defaults to en-US) | ||||||
|  |       -p 5487:5487 \ | ||||||
|  |       -p 3333:3333 \ | ||||||
|  |       -v $(pwd)/data:/app/server \ | ||||||
|  |       --restart unless-stopped \ | ||||||
|  |       kyantech/palmr:latest | ||||||
|  |     ``` | ||||||
|  |  | ||||||
|  |     <Callout type="info"> | ||||||
|  |       **Permission Issues?** Add `-e PALMR_UID=1000 -e PALMR_GID=1000` to the command above. See our [UID/GID Configuration](/docs/3.2-beta/uid-gid-configuration) guide for details. | ||||||
|  |     </Callout> | ||||||
|  |  | ||||||
|  |   </Tab> | ||||||
|  | </Tabs> | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Common Configuration Options | ||||||
|  |  | ||||||
|  | ### Presigned URL Expiration | ||||||
|  |  | ||||||
|  | Palmr. uses temporary URLs (presigned URLs) for secure file access. These URLs expire after a configurable time period to enhance security. | ||||||
|  |  | ||||||
|  | **Default:** 1 hour (3600 seconds) | ||||||
|  |  | ||||||
|  | You can customize this for all storage types (filesystem or S3) by adding: | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | environment: | ||||||
|  |   - PRESIGNED_URL_EXPIRATION=7200 # 2 hours | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | **When to adjust:** | ||||||
|  |  | ||||||
|  | - **Shorter time (1800 = 30 min):** Higher security, but users may need to refresh download links | ||||||
|  | - **Longer time (7200-21600 = 2-6 hours):** Better for large file transfers, but URLs stay valid longer | ||||||
|  | - **Default (3600 = 1 hour):** Good balance for most use cases | ||||||
|  |  | ||||||
|  | ### File Encryption | ||||||
|  |  | ||||||
|  | For filesystem storage, you can enable file encryption: | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | environment: | ||||||
|  |   - DISABLE_FILESYSTEM_ENCRYPTION=false | ||||||
|  |   - ENCRYPTION_KEY=your-secure-32-character-key-here | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | **Note:** S3 storage handles encryption through your S3 provider's encryption features. | ||||||
|  |  | ||||||
|  | ### Chunked Upload Configuration | ||||||
|  |  | ||||||
|  | Palmr supports configurable chunked uploading for large files. You can customize the chunk size by setting the following environment variable: | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | environment: | ||||||
|  |   - NEXT_PUBLIC_UPLOAD_CHUNK_SIZE_MB=100 # Chunk size in MB | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | **How it works:** | ||||||
|  |  | ||||||
|  | - If `NEXT_PUBLIC_UPLOAD_CHUNK_SIZE_MB` is set, Palmr will use this value (in megabytes) as the chunk size for all file uploads that exceed this threshold. | ||||||
|  | - If not set or left empty, Palmr automatically calculates optimal chunk sizes based on file size: | ||||||
|  |   - Files ≤ 100MB: uploaded without chunking | ||||||
|  |   - Files > 100MB and ≤ 1GB: 75MB chunks | ||||||
|  |   - Files > 1GB: 150MB chunks | ||||||
|  |  | ||||||
|  | **When to configure:** | ||||||
|  |  | ||||||
|  | - **Default (not set):** Recommended for most use cases. Palmr will intelligently determine the best chunk size. | ||||||
|  | - **Custom value:** Set this if you have specific network conditions or want to optimize for your infrastructure (e.g., slower connections may benefit from smaller chunks like 50MB, while fast networks can handle larger chunks like 200MB, or the upload size per payload may be limited by a proxy like Cloudflare) | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Maintenance | ||||||
|  |  | ||||||
|  | ### Updates | ||||||
|  |  | ||||||
|  | Keep Palmr up to date with the latest features and security patches: | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | docker-compose pull | ||||||
|  | docker-compose up -d | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### Backup Your Data | ||||||
|  |  | ||||||
|  | **Named Volumes:** | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | docker run --rm -v palmr_data:/data -v $(pwd):/backup alpine tar czf /backup/palmr-backup.tar.gz -C /data . | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | **Bind Mounts:** | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | tar czf palmr-backup.tar.gz ./data | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### Restore From Backup | ||||||
|  |  | ||||||
|  | **Named Volumes:** | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | docker-compose down | ||||||
|  | docker run --rm -v palmr_data:/data -v $(pwd):/backup alpine tar xzf /backup/palmr-backup.tar.gz -C /data | ||||||
|  | docker-compose up -d | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | **Bind Mounts:** | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | docker-compose down | ||||||
|  | tar xzf palmr-backup.tar.gz | ||||||
|  | docker-compose up -d | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## What's Next? | ||||||
|  |  | ||||||
|  | Your Palmr instance is ready! Here's what you can explore: | ||||||
|  |  | ||||||
|  | ### Advanced Configuration | ||||||
|  |  | ||||||
|  | - **[UID/GID Configuration](/docs/3.2-beta/uid-gid-configuration)** - Configure user permissions for NAS systems and custom environments | ||||||
|  | - **[Download Memory Management](/docs/3.2-beta/download-memory-management)** - Configure large file download handling and queue system | ||||||
|  | - **[S3 Storage](/docs/3.2-beta/s3-configuration)** - Scale with Amazon S3 or compatible storage providers | ||||||
|  | - **[Manual Installation](/docs/3.2-beta/manual-installation)** - Manual installation and custom configurations | ||||||
|  |  | ||||||
|  | ### Integration & Development | ||||||
|  |  | ||||||
|  | - **[API Reference](/docs/3.2-beta/api)** - Integrate Palmr. with your applications | ||||||
|  |  | ||||||
|  | <Callout type="info"> | ||||||
|  |   **Need help?** Check our [Troubleshooting Guide](/docs/3.2-beta/troubleshooting) for common issues and solutions. | ||||||
|  | </Callout> | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | **Questions?** Visit our [GitHub Issues](https://github.com/kyantech/Palmr/issues) or join the community discussions. | ||||||
| @@ -67,7 +67,6 @@ If you experience authentication issues behind a reverse proxy: | |||||||
| ### Diagnostic Steps | ### Diagnostic Steps | ||||||
| 
 | 
 | ||||||
| 1. **Check Browser Developer Tools**: | 1. **Check Browser Developer Tools**: | ||||||
| 
 |  | ||||||
|    - Look for cookies in Application/Storage tab |    - Look for cookies in Application/Storage tab | ||||||
|    - Verify cookie has `Secure` flag when using HTTPS |    - Verify cookie has `Secure` flag when using HTTPS | ||||||
|    - Check if `SameSite` attribute is appropriate |    - Check if `SameSite` attribute is appropriate | ||||||
| @@ -128,10 +127,11 @@ proxy_pass_header Set-Cookie; | |||||||
| environment: | environment: | ||||||
|   - PALMR_UID=1000 # Your host UID (check with: id) |   - PALMR_UID=1000 # Your host UID (check with: id) | ||||||
|   - PALMR_GID=1000 # Your host GID |   - PALMR_GID=1000 # Your host GID | ||||||
|   - ENCRYPTION_KEY=your-key-here |   - DISABLE_FILESYSTEM_ENCRYPTION=true # Set to false to enable file encryption | ||||||
|  |   # - ENCRYPTION_KEY=your-key-here # Required only if encryption is enabled | ||||||
| ``` | ``` | ||||||
| 
 | 
 | ||||||
| > **💡 Note**: Check your host UID/GID with `id` command and use those values. See [UID/GID Configuration](/docs/3.0-beta/uid-gid-configuration) for detailed setup. | > **💡 Note**: Check your host UID/GID with `id` command and use those values. See [UID/GID Configuration](/docs/3.2-beta/uid-gid-configuration) for detailed setup. | ||||||
| 
 | 
 | ||||||
| --- | --- | ||||||
| 
 | 
 | ||||||
| @@ -7,6 +7,8 @@ This guide provides comprehensive configuration instructions for integrating Pal | |||||||
| 
 | 
 | ||||||
| > **Overview:** Palmr. supports any S3-compatible storage provider, giving you flexibility to choose the solution that best fits your needs and budget. | > **Overview:** Palmr. supports any S3-compatible storage provider, giving you flexibility to choose the solution that best fits your needs and budget. | ||||||
| 
 | 
 | ||||||
|  | > **Note:** Some configuration options (like presigned URL expiration) apply to **all storage types**, including filesystem storage. These are marked accordingly in the documentation. | ||||||
|  | 
 | ||||||
| ## When to use S3-compatible storage | ## When to use S3-compatible storage | ||||||
| 
 | 
 | ||||||
| Consider using S3-compatible storage when you need: | Consider using S3-compatible storage when you need: | ||||||
| @@ -19,10 +21,18 @@ Consider using S3-compatible storage when you need: | |||||||
| 
 | 
 | ||||||
| ## Environment variables | ## Environment variables | ||||||
| 
 | 
 | ||||||
|  | ### General configuration (applies to all storage types) | ||||||
|  | 
 | ||||||
|  | | Variable                   | Description                                      | Required | Default         | | ||||||
|  | | -------------------------- | ------------------------------------------------ | -------- | --------------- | | ||||||
|  | | `PRESIGNED_URL_EXPIRATION` | Duration in seconds for presigned URL expiration | No       | `3600` (1 hour) | | ||||||
|  | 
 | ||||||
|  | ### S3-specific configuration | ||||||
|  | 
 | ||||||
| To enable S3-compatible storage, set `ENABLE_S3=true` and configure the following environment variables: | To enable S3-compatible storage, set `ENABLE_S3=true` and configure the following environment variables: | ||||||
| 
 | 
 | ||||||
| | Variable                 | Description                              | Required | Default           | | | Variable                 | Description                              | Required | Default           | | ||||||
| | --------------------- | ----------------------------- | -------- | ----------------- | | | ------------------------ | ---------------------------------------- | -------- | ----------------- | | ||||||
| | `S3_ENDPOINT`            | S3 provider endpoint URL                 | Yes      | -                 | | | `S3_ENDPOINT`            | S3 provider endpoint URL                 | Yes      | -                 | | ||||||
| | `S3_PORT`                | Connection port                          | No       | Based on protocol | | | `S3_PORT`                | Connection port                          | No       | Based on protocol | | ||||||
| | `S3_USE_SSL`             | Enable SSL/TLS encryption                | Yes      | `true`            | | | `S3_USE_SSL`             | Enable SSL/TLS encryption                | Yes      | `true`            | | ||||||
| @@ -31,6 +41,7 @@ To enable S3-compatible storage, set `ENABLE_S3=true` and configure the followin | |||||||
| | `S3_REGION`              | Storage region                           | Yes      | -                 | | | `S3_REGION`              | Storage region                           | Yes      | -                 | | ||||||
| | `S3_BUCKET_NAME`         | Bucket/container name                    | Yes      | -                 | | | `S3_BUCKET_NAME`         | Bucket/container name                    | Yes      | -                 | | ||||||
| | `S3_FORCE_PATH_STYLE`    | Use path-style URLs                      | No       | `false`           | | | `S3_FORCE_PATH_STYLE`    | Use path-style URLs                      | No       | `false`           | | ||||||
|  | | `S3_REJECT_UNAUTHORIZED` | Enable strict SSL certificate validation | No       | `true`            | | ||||||
| 
 | 
 | ||||||
| ## Provider configurations | ## Provider configurations | ||||||
| 
 | 
 | ||||||
| @@ -51,6 +62,7 @@ S3_SECRET_KEY=your-secret-access-key | |||||||
| S3_REGION=us-east-1 | S3_REGION=us-east-1 | ||||||
| S3_BUCKET_NAME=your-bucket-name | S3_BUCKET_NAME=your-bucket-name | ||||||
| S3_FORCE_PATH_STYLE=false | S3_FORCE_PATH_STYLE=false | ||||||
|  | # PRESIGNED_URL_EXPIRATION=3600  # Optional: 1 hour (default) | ||||||
| ``` | ``` | ||||||
| 
 | 
 | ||||||
| **Getting credentials:** | **Getting credentials:** | ||||||
| @@ -81,6 +93,21 @@ S3_FORCE_PATH_STYLE=true | |||||||
| - Default MinIO port is 9000 | - Default MinIO port is 9000 | ||||||
| - SSL can be disabled for local development | - SSL can be disabled for local development | ||||||
| 
 | 
 | ||||||
|  | **For MinIO with self-signed SSL certificates:** | ||||||
|  | 
 | ||||||
|  | ```bash | ||||||
|  | ENABLE_S3=true | ||||||
|  | S3_ENDPOINT=your-minio-domain.com | ||||||
|  | S3_PORT=9000 | ||||||
|  | S3_USE_SSL=true | ||||||
|  | S3_ACCESS_KEY=your-minio-access-key | ||||||
|  | S3_SECRET_KEY=your-minio-secret-key | ||||||
|  | S3_REGION=us-east-1 | ||||||
|  | S3_BUCKET_NAME=your-bucket-name | ||||||
|  | S3_FORCE_PATH_STYLE=true | ||||||
|  | S3_REJECT_UNAUTHORIZED=false  # Allows self-signed certificates | ||||||
|  | ``` | ||||||
|  | 
 | ||||||
| ### Google Cloud Storage | ### Google Cloud Storage | ||||||
| 
 | 
 | ||||||
| Google Cloud Storage offers competitive pricing and global infrastructure. | Google Cloud Storage offers competitive pricing and global infrastructure. | ||||||
| @@ -137,6 +164,7 @@ S3_SECRET_KEY=your-application-key | |||||||
| S3_REGION=us-west-002 | S3_REGION=us-west-002 | ||||||
| S3_BUCKET_NAME=your-bucket-name | S3_BUCKET_NAME=your-bucket-name | ||||||
| S3_FORCE_PATH_STYLE=false | S3_FORCE_PATH_STYLE=false | ||||||
|  | # PRESIGNED_URL_EXPIRATION=7200  # Optional: 2 hours for large files | ||||||
| ``` | ``` | ||||||
| 
 | 
 | ||||||
| **Cost advantage:** | **Cost advantage:** | ||||||
| @@ -187,6 +215,93 @@ S3_FORCE_PATH_STYLE=false | |||||||
| - Use container name as bucket name | - Use container name as bucket name | ||||||
| - Configure appropriate access policies | - Configure appropriate access policies | ||||||
| 
 | 
 | ||||||
|  | ## Presigned URL configuration | ||||||
|  | 
 | ||||||
|  | Palmr. uses presigned URLs to provide secure, temporary access to files stored in **both S3-compatible storage and filesystem storage**. These URLs have a configurable expiration time to balance security and usability. | ||||||
|  | 
 | ||||||
|  | > **Note:** This configuration applies to **all storage types** (S3, filesystem, etc.), not just S3-compatible storage. | ||||||
|  | 
 | ||||||
|  | ### Understanding presigned URLs | ||||||
|  | 
 | ||||||
|  | Presigned URLs are temporary URLs that allow direct access to files without exposing storage credentials or requiring authentication. They automatically expire after a specified time period, enhancing security by limiting access duration. | ||||||
|  | 
 | ||||||
|  | **How it works:** | ||||||
|  | 
 | ||||||
|  | - **S3 Storage:** URLs are signed by AWS/S3-compatible provider credentials | ||||||
|  | - **Filesystem Storage:** URLs use temporary tokens that are validated by Palmr server | ||||||
|  | 
 | ||||||
|  | **Default behavior:** | ||||||
|  | 
 | ||||||
|  | - Upload URLs: 1 hour (3600 seconds) | ||||||
|  | - Download URLs: 1 hour (3600 seconds) | ||||||
|  | 
 | ||||||
|  | ### Configuring expiration time | ||||||
|  | 
 | ||||||
|  | You can customize the expiration time using the `PRESIGNED_URL_EXPIRATION` environment variable: | ||||||
|  | 
 | ||||||
|  | ```bash | ||||||
|  | # Set URLs to expire after 2 hours (7200 seconds) | ||||||
|  | PRESIGNED_URL_EXPIRATION=7200 | ||||||
|  | 
 | ||||||
|  | # Set URLs to expire after 30 minutes (1800 seconds) | ||||||
|  | PRESIGNED_URL_EXPIRATION=1800 | ||||||
|  | 
 | ||||||
|  | # Set URLs to expire after 6 hours (21600 seconds) | ||||||
|  | PRESIGNED_URL_EXPIRATION=21600 | ||||||
|  | ``` | ||||||
|  | 
 | ||||||
|  | ### Choosing the right expiration time | ||||||
|  | 
 | ||||||
|  | **Shorter expiration (15-30 minutes):** | ||||||
|  | 
 | ||||||
|  | - [+] Higher security | ||||||
|  | - [+] Reduced risk of unauthorized access | ||||||
|  | - [-] May interrupt long uploads/downloads | ||||||
|  | - [-] Users may need to refresh links more often | ||||||
|  | 
 | ||||||
|  | **Longer expiration (2-6 hours):** | ||||||
|  | 
 | ||||||
|  | - [+] Better user experience for large files | ||||||
|  | - [+] Fewer interruptions during transfers | ||||||
|  | - [-] Longer exposure window if URLs are compromised | ||||||
|  | - [-] Potential for increased storage costs if users leave downloads incomplete | ||||||
|  | 
 | ||||||
|  | **Recommended settings:** | ||||||
|  | 
 | ||||||
|  | - **High security environments:** 1800 seconds (30 minutes) | ||||||
|  | - **Standard usage:** 3600 seconds (1 hour) - default | ||||||
|  | - **Large file transfers:** 7200-21600 seconds (2-6 hours) | ||||||
|  | 
 | ||||||
|  | ### Example configurations | ||||||
|  | 
 | ||||||
|  | **For Backblaze B2 with extended expiration:** | ||||||
|  | 
 | ||||||
|  | ```bash | ||||||
|  | ENABLE_S3=true | ||||||
|  | S3_ENDPOINT=s3.us-west-002.backblazeb2.com | ||||||
|  | S3_USE_SSL=true | ||||||
|  | S3_ACCESS_KEY=your-key-id | ||||||
|  | S3_SECRET_KEY=your-application-key | ||||||
|  | S3_REGION=us-west-002 | ||||||
|  | S3_BUCKET_NAME=your-bucket-name | ||||||
|  | S3_FORCE_PATH_STYLE=false | ||||||
|  | PRESIGNED_URL_EXPIRATION=7200  # 2 hours for large file transfers | ||||||
|  | ``` | ||||||
|  | 
 | ||||||
|  | **For high-security environments:** | ||||||
|  | 
 | ||||||
|  | ```bash | ||||||
|  | ENABLE_S3=true | ||||||
|  | S3_ENDPOINT=s3.amazonaws.com | ||||||
|  | S3_USE_SSL=true | ||||||
|  | S3_ACCESS_KEY=your-access-key-id | ||||||
|  | S3_SECRET_KEY=your-secret-access-key | ||||||
|  | S3_REGION=us-east-1 | ||||||
|  | S3_BUCKET_NAME=your-bucket-name | ||||||
|  | S3_FORCE_PATH_STYLE=false | ||||||
|  | PRESIGNED_URL_EXPIRATION=1800  # 30 minutes for enhanced security | ||||||
|  | ``` | ||||||
|  | 
 | ||||||
| ## Configuration best practices | ## Configuration best practices | ||||||
| 
 | 
 | ||||||
| ### Security considerations | ### Security considerations | ||||||
| @@ -212,6 +327,19 @@ S3_FORCE_PATH_STYLE=false | |||||||
| - Check firewall and network connectivity | - Check firewall and network connectivity | ||||||
| - Ensure SSL/TLS settings match provider requirements | - Ensure SSL/TLS settings match provider requirements | ||||||
| 
 | 
 | ||||||
|  | **SSL certificate errors (self-signed certificates):** | ||||||
|  | 
 | ||||||
|  | If you encounter errors like `unable to verify the first certificate` or `UNABLE_TO_VERIFY_LEAF_SIGNATURE`, you're likely using self-signed SSL certificates. This is common with self-hosted MinIO or other S3-compatible services. | ||||||
|  | 
 | ||||||
|  | **Solution:** | ||||||
|  | Set `S3_REJECT_UNAUTHORIZED=false` in your environment variables to allow self-signed certificates: | ||||||
|  | 
 | ||||||
|  | ```bash | ||||||
|  | S3_REJECT_UNAUTHORIZED=false | ||||||
|  | ``` | ||||||
|  | 
 | ||||||
|  | **Note:** SSL certificate validation is enabled by default (`true`) for security. Set it to `false` only when using self-hosted S3 services with self-signed certificates. | ||||||
|  | 
 | ||||||
| **Authentication failures:** | **Authentication failures:** | ||||||
| 
 | 
 | ||||||
| - Confirm access key and secret key are correct | - Confirm access key and secret key are correct | ||||||
| @@ -5,44 +5,33 @@ icon: Image | |||||||
| 
 | 
 | ||||||
| import { ZoomableImage } from "@/components/ui/zoomable-image"; | import { ZoomableImage } from "@/components/ui/zoomable-image"; | ||||||
| 
 | 
 | ||||||
| ## Screenshots |  | ||||||
| 
 |  | ||||||
| Here you can find a collection of screenshots showcasing various features and interfaces of the Palmr. web application. These images provide a visual overview of the user experience, highlighting key functionalities such as file sharing, user management, and settings configuration. Explore the screenshots below to get a better understanding of how Palmr works and what to expect from the platform. | Here you can find a collection of screenshots showcasing various features and interfaces of the Palmr. web application. These images provide a visual overview of the user experience, highlighting key functionalities such as file sharing, user management, and settings configuration. Explore the screenshots below to get a better understanding of how Palmr works and what to expect from the platform. | ||||||
| 
 | 
 | ||||||
| > **Note:** All screenshots shown are taken in dark mode, but Palmr. also offers a light mode theme for users who prefer brighter interfaces. | > **Note:** All screenshots shown are taken in dark mode, but Palmr. also offers a light mode theme for users who prefer brighter interfaces. | ||||||
| 
 | 
 | ||||||
| ### Authentication & Access | ## Authentication & Access | ||||||
| 
 | 
 | ||||||
| #### Home page | ### Home page | ||||||
| 
 | 
 | ||||||
| The main landing page where users can access the platform and learn about Palmr.'s features. | The main landing page where users can access the platform and learn about Palmr.'s features. | ||||||
| 
 | 
 | ||||||
| <ZoomableImage | <ZoomableImage src="/assets/v3/screenshots/home.png" alt="Home Page - Main landing page of Palmr" /> | ||||||
|   src="/assets/v3/screenshots/home.png" |  | ||||||
|   alt="Home Page - Main landing page of Palmr" |  | ||||||
| /> |  | ||||||
| 
 | 
 | ||||||
| #### Login page | ### Login page | ||||||
| 
 | 
 | ||||||
| Secure authentication interface where users enter their credentials to access their Palmr account. | Secure authentication interface where users enter their credentials to access their Palmr account. | ||||||
| 
 | 
 | ||||||
| <ZoomableImage | <ZoomableImage src="/assets/v3/screenshots/login.png" alt="Login Page - User authentication interface" /> | ||||||
|   src="/assets/v3/screenshots/login.png" |  | ||||||
|   alt="Login Page - User authentication interface" |  | ||||||
| /> |  | ||||||
| 
 | 
 | ||||||
| #### Forgot password | ### Forgot password | ||||||
| 
 | 
 | ||||||
| Password recovery interface that allows users to reset their passwords when they can't access their accounts. | Password recovery interface that allows users to reset their passwords when they can't access their accounts. | ||||||
| 
 | 
 | ||||||
| <ZoomableImage | <ZoomableImage src="/assets/v3/screenshots/forgot-password.png" alt="Forgot Password - Password recovery interface" /> | ||||||
|   src="/assets/v3/screenshots/forgot-password.png" |  | ||||||
|   alt="Forgot Password - Password recovery interface" |  | ||||||
| /> |  | ||||||
| 
 | 
 | ||||||
| ### Main Application Interface | ## Main Application Interface | ||||||
| 
 | 
 | ||||||
| #### Dashboard | ### Dashboard | ||||||
| 
 | 
 | ||||||
| The central hub after login, providing an overview of recent activity, quick actions, and system status. | The central hub after login, providing an overview of recent activity, quick actions, and system status. | ||||||
| 
 | 
 | ||||||
| @@ -51,27 +40,27 @@ The central hub after login, providing an overview of recent activity, quick act | |||||||
|   alt="Dashboard - Main application hub with overview and quick actions" |   alt="Dashboard - Main application hub with overview and quick actions" | ||||||
| /> | /> | ||||||
| 
 | 
 | ||||||
| ### File Management | ## File Management | ||||||
| 
 | 
 | ||||||
| #### Files list view | ### Files list view | ||||||
| 
 | 
 | ||||||
| Comprehensive file browser displaying all uploaded files in a detailed list format with metadata, actions, and sorting options. | Comprehensive file browser displaying all uploaded files in a detailed list format with metadata, actions, sorting options, and folder navigation. | ||||||
| 
 | 
 | ||||||
| <ZoomableImage | <ZoomableImage | ||||||
|   src="/assets/v3/screenshots/files-list.png" |   src="/assets/v3/screenshots/files-list.png" | ||||||
|   alt="Files List View - Detailed file browser with metadata and actions" |   alt="Files List View - Detailed file browser with metadata and actions" | ||||||
| /> | /> | ||||||
| 
 | 
 | ||||||
| #### Files card view | ### Files card view | ||||||
| 
 | 
 | ||||||
| Alternative file browser layout showing files as visual cards, perfect for quick browsing and visual file identification. | Alternative file browser layout showing files as visual cards, perfect for quick browsing, visual file identification, and folder navigation. | ||||||
| 
 | 
 | ||||||
| <ZoomableImage | <ZoomableImage | ||||||
|   src="/assets/v3/screenshots/files-card.png" |   src="/assets/v3/screenshots/files-card.png" | ||||||
|   alt="Files Card View - Visual card-based file browser layout" |   alt="Files Card View - Visual card-based file browser layout" | ||||||
| /> | /> | ||||||
| 
 | 
 | ||||||
| #### Receive files | ### Receive files | ||||||
| 
 | 
 | ||||||
| File upload interface where users can drag and drop or select files to upload to their Palmr storage. | File upload interface where users can drag and drop or select files to upload to their Palmr storage. | ||||||
| 
 | 
 | ||||||
| @@ -80,20 +69,20 @@ File upload interface where users can drag and drop or select files to upload to | |||||||
|   alt="Receive Files - File upload interface with drag and drop functionality" |   alt="Receive Files - File upload interface with drag and drop functionality" | ||||||
| /> | /> | ||||||
| 
 | 
 | ||||||
| ### Sharing & Collaboration | ## Sharing & Collaboration | ||||||
| 
 | 
 | ||||||
| #### Shares page | ### Shares page | ||||||
| 
 | 
 | ||||||
| Management interface for all shared files and folders, showing share status, permissions, and access controls. | Management interface for all shared files and folders, showing share status, permissions, and access controls for both individual files and folders. | ||||||
| 
 | 
 | ||||||
| <ZoomableImage | <ZoomableImage | ||||||
|   src="/assets/v3/screenshots/shares.png" |   src="/assets/v3/screenshots/shares.png" | ||||||
|   alt="Shares Page - Share management with permissions and access controls" |   alt="Shares Page - Share management with permissions and access controls" | ||||||
| /> | /> | ||||||
| 
 | 
 | ||||||
| ### User & System Management | ## User & System Management | ||||||
| 
 | 
 | ||||||
| #### User management | ### User management | ||||||
| 
 | 
 | ||||||
| Administrative interface for managing user accounts, permissions, roles, and system access controls. | Administrative interface for managing user accounts, permissions, roles, and system access controls. | ||||||
| 
 | 
 | ||||||
| @@ -102,7 +91,7 @@ Administrative interface for managing user accounts, permissions, roles, and sys | |||||||
|   alt="User Management - Administrative interface for user accounts and permissions" |   alt="User Management - Administrative interface for user accounts and permissions" | ||||||
| /> | /> | ||||||
| 
 | 
 | ||||||
| #### Profile settings | ### Profile settings | ||||||
| 
 | 
 | ||||||
| Personal account management where users can update their profile information, preferences, and account settings. | Personal account management where users can update their profile information, preferences, and account settings. | ||||||
| 
 | 
 | ||||||
| @@ -111,7 +100,7 @@ Personal account management where users can update their profile information, pr | |||||||
|   alt="Profile Settings - Personal account management and preferences" |   alt="Profile Settings - Personal account management and preferences" | ||||||
| /> | /> | ||||||
| 
 | 
 | ||||||
| #### System settings | ### System settings | ||||||
| 
 | 
 | ||||||
| Comprehensive system configuration interface for administrators to manage platform settings, integrations, and system behavior. | Comprehensive system configuration interface for administrators to manage platform settings, integrations, and system behavior. | ||||||
| 
 | 
 | ||||||
| @@ -120,9 +109,9 @@ Comprehensive system configuration interface for administrators to manage platfo | |||||||
|   alt="System Settings - Administrative configuration interface" |   alt="System Settings - Administrative configuration interface" | ||||||
| /> | /> | ||||||
| 
 | 
 | ||||||
| ### Reverse share page themes | ## Reverse share page themes | ||||||
| 
 | 
 | ||||||
| #### WeTransfer theme | ### WeTransfer theme | ||||||
| 
 | 
 | ||||||
| Special sharing interface with WeTransfer-inspired design, providing a familiar experience for file sharing with custom theming. | Special sharing interface with WeTransfer-inspired design, providing a familiar experience for file sharing with custom theming. | ||||||
| 
 | 
 | ||||||
| @@ -131,7 +120,7 @@ Special sharing interface with WeTransfer-inspired design, providing a familiar | |||||||
|   alt="WeTransfer Theme - WeTransfer-inspired sharing interface with custom theming" |   alt="WeTransfer Theme - WeTransfer-inspired sharing interface with custom theming" | ||||||
| /> | /> | ||||||
| 
 | 
 | ||||||
| #### Default reverse theme | ### Default reverse theme | ||||||
| 
 | 
 | ||||||
| Alternative dark theme interface showing Palmr's theming capabilities and customization options for different user preferences. | Alternative dark theme interface showing Palmr's theming capabilities and customization options for different user preferences. | ||||||
| 
 | 
 | ||||||
							
								
								
									
										438
									
								
								apps/docs/content/docs/3.2-beta/translation-management.mdx
									
									
									
									
									
										Normal file
									
								
							
							
						
						| @@ -0,0 +1,438 @@ | |||||||
|  | --- | ||||||
|  | title: Translation Management | ||||||
|  | icon: Languages | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | import { Callout } from "fumadocs-ui/components/callout"; | ||||||
|  | import { Tab, Tabs } from "fumadocs-ui/components/tabs"; | ||||||
|  |  | ||||||
|  | Palmr includes a comprehensive translation key management system that automates synchronization and validation of the application's internationalization files. | ||||||
|  |  | ||||||
|  | ## Overview | ||||||
|  |  | ||||||
|  | The translation management system consists of Python scripts that help maintain consistency across all supported languages: | ||||||
|  |  | ||||||
|  | - **Synchronization**: Automatically add missing translation keys | ||||||
|  | - **Validation**: Check translation status and completeness | ||||||
|  | - **Key Management**: Manage translation keys structure and consistency | ||||||
|  | - **Reporting**: Generate detailed translation reports | ||||||
|  |  | ||||||
|  | ## Quick Start | ||||||
|  |  | ||||||
|  | <Tabs items={['npm/pnpm', 'Python Direct']}> | ||||||
|  |   <Tab value="npm/pnpm"> | ||||||
|  |     ```bash | ||||||
|  |     # Complete workflow (recommended) | ||||||
|  |     pnpm run translations | ||||||
|  |  | ||||||
|  |     # Check translation status | ||||||
|  |     pnpm run translations:check | ||||||
|  |  | ||||||
|  |     # Synchronize missing keys | ||||||
|  |     pnpm run translations:sync | ||||||
|  |  | ||||||
|  |     # Test workflow without changes (dry run) | ||||||
|  |     pnpm run translations:dry-run | ||||||
|  |  | ||||||
|  |     # Show help | ||||||
|  |     pnpm run translations:help | ||||||
|  |     ``` | ||||||
|  |  | ||||||
|  |   </Tab> | ||||||
|  |   <Tab value="Python Direct"> | ||||||
|  |     ```bash | ||||||
|  |     cd apps/web/scripts | ||||||
|  |  | ||||||
|  |     # Complete workflow (recommended) | ||||||
|  |     python3 run_translations.py all | ||||||
|  |  | ||||||
|  |     # Individual commands | ||||||
|  |     python3 run_translations.py check | ||||||
|  |     python3 run_translations.py sync | ||||||
|  |     python3 run_translations.py all --dry-run | ||||||
|  |     python3 run_translations.py help | ||||||
|  |     ``` | ||||||
|  |  | ||||||
|  |   </Tab> | ||||||
|  | </Tabs> | ||||||
|  |  | ||||||
|  | ## Available Scripts | ||||||
|  |  | ||||||
|  | ### Main Commands (npm/pnpm) | ||||||
|  |  | ||||||
|  | | Command                         | Description                               | | ||||||
|  | | ------------------------------- | ----------------------------------------- | | ||||||
|  | | `pnpm run translations`         | Complete workflow: sync + check           | | ||||||
|  | | `pnpm run translations:check`   | Check translation status and completeness | | ||||||
|  | | `pnpm run translations:sync`    | Synchronize missing keys from en-US.json  | | ||||||
|  | | `pnpm run translations:dry-run` | Test workflow without making changes      | | ||||||
|  | | `pnpm run translations:help`    | Show detailed help and examples           | | ||||||
|  |  | ||||||
|  | ## Workflow | ||||||
|  |  | ||||||
|  | ### 1. Adding New Translation Keys | ||||||
|  |  | ||||||
|  | When you add new text to the application: | ||||||
|  |  | ||||||
|  | 1. **Add to English**: Update `apps/web/messages/en-US.json` with your new keys | ||||||
|  | 2. **Sync translations**: Run `pnpm run translations:sync` to add missing keys to all languages | ||||||
|  | 3. **Manual translation**: Translate strings marked with `[TO_TRANSLATE]` manually | ||||||
|  | 4. **Test in UI**: Verify translations work correctly in the application interface | ||||||
|  |  | ||||||
|  | <Callout type="important"> | ||||||
|  |   **Manual translation required**: All strings marked with `[TO_TRANSLATE]` must be manually translated by native | ||||||
|  |   speakers or professional translators for accuracy. | ||||||
|  | </Callout> | ||||||
|  |  | ||||||
|  | ### 2. Checking Translation Status | ||||||
|  |  | ||||||
|  | <Callout>Always run `pnpm run translations:check` before releases to ensure completeness.</Callout> | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | # Generate detailed translation report | ||||||
|  | pnpm run translations:check | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | The report shows: | ||||||
|  |  | ||||||
|  | - **Completeness percentage** for each language | ||||||
|  | - **Untranslated strings** marked with `[TO_TRANSLATE]` | ||||||
|  | - **Identical strings** that may need localization | ||||||
|  | - **Missing keys** compared to English reference | ||||||
|  |  | ||||||
|  | ### 3. Manual Translation Process | ||||||
|  |  | ||||||
|  | For all translation strings: | ||||||
|  |  | ||||||
|  | 1. **Find untranslated strings**: Look for `[TO_TRANSLATE] Original text` in language files | ||||||
|  | 2. **Replace with translation**: Remove the prefix and add proper translation | ||||||
|  | 3. **Validate**: Run `pnpm run translations:check` to verify completeness | ||||||
|  |  | ||||||
|  | ## File Structure | ||||||
|  |  | ||||||
|  | ``` | ||||||
|  | apps/web/ | ||||||
|  | ├── messages/           # Translation files | ||||||
|  | │   ├── en-US.json     # Reference language (English) | ||||||
|  | │   ├── pt-BR.json     # Portuguese (Brazil) | ||||||
|  | │   ├── es-ES.json     # Spanish | ||||||
|  | │   └── ...            # Other languages | ||||||
|  | │ | ||||||
|  | └── scripts/           # Management scripts | ||||||
|  |     ├── run_translations.py     # Main wrapper | ||||||
|  |     ├── sync_translations.py    # Synchronization | ||||||
|  |     ├── check_translations.py   # Status checking | ||||||
|  |     └── clean_translations.py   # Cleanup utilities | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ## Prerequisites | ||||||
|  |  | ||||||
|  | - **Python 3.6 or higher** - Required for running the translation scripts | ||||||
|  | - **No external dependencies** - Scripts use only Python standard libraries | ||||||
|  | - **UTF-8 support** - Ensure your terminal supports UTF-8 for proper display of translations | ||||||
|  |  | ||||||
|  | ## Script Details | ||||||
|  |  | ||||||
|  | ### Main Wrapper (`run_translations.py`) | ||||||
|  |  | ||||||
|  | The main script provides a unified interface for all translation operations: | ||||||
|  |  | ||||||
|  | #### Available Commands | ||||||
|  |  | ||||||
|  | - `check` - Check translation status and generate reports | ||||||
|  | - `sync` - Synchronize missing keys from reference language | ||||||
|  | - `all` - Run complete workflow (sync + check) | ||||||
|  | - `help` - Show detailed help with examples | ||||||
|  |  | ||||||
|  | #### How it Works | ||||||
|  |  | ||||||
|  | 1. Validates parameters and working directory | ||||||
|  | 2. Calls appropriate individual scripts with passed parameters | ||||||
|  | 3. Provides unified error handling and progress reporting | ||||||
|  | 4. Supports all parameters from individual scripts | ||||||
|  |  | ||||||
|  | ### Synchronization Script (`sync_translations.py`) | ||||||
|  |  | ||||||
|  | Maintains consistency across all language files: | ||||||
|  |  | ||||||
|  | #### Process | ||||||
|  |  | ||||||
|  | 1. **Load reference**: Reads `en-US.json` as source of truth | ||||||
|  | 2. **Scan languages**: Finds all `*.json` files in messages directory | ||||||
|  | 3. **Compare keys**: Identifies missing keys in each language file | ||||||
|  | 4. **Add missing keys**: Copies structure from reference with `[TO_TRANSLATE]` prefix | ||||||
|  | 5. **Save updates**: Maintains JSON formatting and UTF-8 encoding | ||||||
|  |  | ||||||
|  | #### Key Features | ||||||
|  |  | ||||||
|  | - **Recursive key detection**: Handles nested JSON objects | ||||||
|  | - **Safe updates**: Preserves existing translations | ||||||
|  | - **Consistent formatting**: Maintains proper JSON structure | ||||||
|  | - **Progress reporting**: Shows detailed sync results | ||||||
|  |  | ||||||
|  | ### Status Check Script (`check_translations.py`) | ||||||
|  |  | ||||||
|  | Provides comprehensive translation analysis: | ||||||
|  |  | ||||||
|  | #### Generated Reports | ||||||
|  |  | ||||||
|  | - **Completion percentage**: How much of each language is translated | ||||||
|  | - **Untranslated count**: Strings still marked with `[TO_TRANSLATE]` | ||||||
|  | - **Identical strings**: Text identical to English (may need localization) | ||||||
|  | - **Missing keys**: Keys present in reference but not in target language | ||||||
|  |  | ||||||
|  | #### Analysis Features | ||||||
|  |  | ||||||
|  | - **Visual indicators**: Icons show completion status (✅ 🟡 🔴) | ||||||
|  | - **Detailed breakdowns**: Per-language analysis with specific keys | ||||||
|  | - **Quality insights**: Identifies potential translation issues | ||||||
|  | - **Export friendly**: Output can be redirected to files for reports | ||||||
|  |  | ||||||
|  | ## Advanced Usage | ||||||
|  |  | ||||||
|  | ### Custom Parameters | ||||||
|  |  | ||||||
|  | You can pass additional parameters to the underlying Python scripts for more control: | ||||||
|  |  | ||||||
|  | #### Synchronization Parameters (`sync`) | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | # Sync without marking new keys as [TO_TRANSLATE] | ||||||
|  | python3 scripts/run_translations.py sync --no-mark-untranslated | ||||||
|  |  | ||||||
|  | # Use a different reference file (default: en-US.json) | ||||||
|  | python3 scripts/run_translations.py sync --reference pt-BR.json | ||||||
|  |  | ||||||
|  | # Specify custom messages directory | ||||||
|  | python3 scripts/run_translations.py sync --messages-dir /path/to/messages | ||||||
|  |  | ||||||
|  | # Dry run mode - see what would be changed | ||||||
|  | python3 scripts/run_translations.py sync --dry-run | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | #### Check Parameters (`check`) | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | # Use different reference file for comparison | ||||||
|  | python3 scripts/run_translations.py check --reference pt-BR.json | ||||||
|  |  | ||||||
|  | # Check translations in custom directory | ||||||
|  | python3 scripts/run_translations.py check --messages-dir /path/to/messages | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### Parameter Reference | ||||||
|  |  | ||||||
|  | | Parameter                | Commands        | Description                                   | | ||||||
|  | | ------------------------ | --------------- | --------------------------------------------- | | ||||||
|  | | `--dry-run`              | `sync`, `all`   | Preview changes without modifying files       | | ||||||
|  | | `--messages-dir`         | All             | Custom directory containing translation files | | ||||||
|  | | `--reference`            | `sync`, `check` | Reference file to use (default: en-US.json)   | | ||||||
|  | | `--no-mark-untranslated` | `sync`          | Don't add [TO_TRANSLATE] prefix to new keys   | | ||||||
|  |  | ||||||
|  | ### Dry Run Mode | ||||||
|  |  | ||||||
|  | Always test changes first: | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | # Test complete workflow (recommended) | ||||||
|  | pnpm run translations:dry-run | ||||||
|  |  | ||||||
|  | # Alternative: Direct Python commands | ||||||
|  | python3 scripts/run_translations.py all --dry-run | ||||||
|  | python3 scripts/run_translations.py sync --dry-run | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### Common Use Cases | ||||||
|  |  | ||||||
|  | #### Scenario 1: Adding Keys Without Marking for Translation | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | # Sync new keys without auto-marking for translation | ||||||
|  | python3 scripts/run_translations.py sync --no-mark-untranslated | ||||||
|  |  | ||||||
|  | # Manually mark specific keys that need translation | ||||||
|  | # Edit files to add [TO_TRANSLATE] prefix where needed | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | #### Scenario 2: Custom Project Structure | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | # Work with translations in different directory | ||||||
|  | python3 scripts/run_translations.py all --messages-dir ../custom-translations | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | #### Scenario 3: Quality Assurance | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | # Use different language as reference for comparison | ||||||
|  | python3 scripts/run_translations.py check --reference pt-BR.json | ||||||
|  |  | ||||||
|  | # This helps identify inconsistencies when you have high-quality translations | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ## Translation Keys Format | ||||||
|  |  | ||||||
|  | Translation files use nested JSON structure: | ||||||
|  |  | ||||||
|  | ```json | ||||||
|  | { | ||||||
|  |   "common": { | ||||||
|  |     "actions": { | ||||||
|  |       "save": "Save", | ||||||
|  |       "cancel": "Cancel", | ||||||
|  |       "delete": "Delete" | ||||||
|  |     }, | ||||||
|  |     "messages": { | ||||||
|  |       "success": "Operation completed successfully", | ||||||
|  |       "error": "An error occurred" | ||||||
|  |     } | ||||||
|  |   }, | ||||||
|  |   "dashboard": { | ||||||
|  |     "title": "Dashboard", | ||||||
|  |     "welcome": "Welcome to Palmr" | ||||||
|  |   } | ||||||
|  | } | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ## Manual Translation | ||||||
|  |  | ||||||
|  | <Callout type="warning"> | ||||||
|  |   **Professional translation recommended**: For production applications, consider using professional translation | ||||||
|  |   services or native speakers to ensure high-quality, culturally appropriate translations. | ||||||
|  | </Callout> | ||||||
|  |  | ||||||
|  | The system marks strings that need translation with the `[TO_TRANSLATE]` prefix: | ||||||
|  |  | ||||||
|  | ```json | ||||||
|  | { | ||||||
|  |   "key": "[TO_TRANSLATE] Original English text" | ||||||
|  | } | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | After manual translation: | ||||||
|  |  | ||||||
|  | ```json | ||||||
|  | { | ||||||
|  |   "key": "Texto original em inglês" | ||||||
|  | } | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### Translation Review Process | ||||||
|  |  | ||||||
|  | 1. **Identify**: Use `pnpm run translations:check` to find untranslated strings | ||||||
|  | 2. **Translate**: Replace `[TO_TRANSLATE]` strings with proper translations | ||||||
|  | 3. **Review**: Check each translation for: | ||||||
|  |    - **Context accuracy**: Does it make sense in the UI? | ||||||
|  |    - **Technical terms**: Are they correctly translated? | ||||||
|  |    - **Tone consistency**: Matches the application's voice? | ||||||
|  |    - **Cultural appropriateness**: Suitable for target audience? | ||||||
|  | 4. **Test**: Verify translations in the actual application interface | ||||||
|  | 5. **Document**: Note any translation decisions for future reference | ||||||
|  |  | ||||||
|  | ### Common Review Points | ||||||
|  |  | ||||||
|  | - **Button labels**: Ensure they fit within UI constraints | ||||||
|  | - **Error messages**: Must be clear and helpful to users | ||||||
|  | - **Navigation items**: Should be intuitive in target language | ||||||
|  | - **Technical terms**: Some may be better left in English | ||||||
|  | - **Placeholders**: Maintain formatting and variable names | ||||||
|  |  | ||||||
|  | ## Development Guidelines | ||||||
|  |  | ||||||
|  | <Callout type="important"> | ||||||
|  |   **Primary Language**: Always use `en-US.json` as the parent language for development. All new translation keys must be | ||||||
|  |   added to English first. | ||||||
|  | </Callout> | ||||||
|  |  | ||||||
|  | ### Translation Workflow for Development | ||||||
|  |  | ||||||
|  | 1. **English First**: Add all new text to `apps/web/messages/en-US.json` | ||||||
|  | 2. **Sync keys**: Use scripts to generate key structure for other languages | ||||||
|  | 3. **Manual translation**: All strings must be manually translated for accuracy | ||||||
|  | 4. **Quality Check**: Run translation validation before merging PRs | ||||||
|  |  | ||||||
|  | ### Why English as Parent Language? | ||||||
|  |  | ||||||
|  | - **Consistency**: Ensures all languages have the same keys structure | ||||||
|  | - **Reference**: English serves as the source of truth for meaning | ||||||
|  | - **Key management**: Scripts use English as source for key synchronization | ||||||
|  | - **Documentation**: Most technical documentation is in English | ||||||
|  |  | ||||||
|  | ## Best Practices | ||||||
|  |  | ||||||
|  | ### For Developers | ||||||
|  |  | ||||||
|  | 1. **Always use English as reference**: Add new keys to `en-US.json` first - never add keys directly to other languages | ||||||
|  | 2. **Use semantic key names**: `dashboard.welcome` instead of `text1` | ||||||
|  | 3. **Test key sync**: Run `pnpm run translations:dry-run` before committing | ||||||
|  | 4. **Coordinate with translators**: Ensure translation team is aware of new keys | ||||||
|  | 5. **Maintain consistency**: Use existing patterns for similar UI elements | ||||||
|  |  | ||||||
|  | ### For Translators | ||||||
|  |  | ||||||
|  | 1. **Focus on [TO_TRANSLATE] strings**: These need immediate attention | ||||||
|  | 2. **Check identical strings**: May need localization even if identical to English | ||||||
|  | 3. **Use proper formatting**: Maintain HTML tags and placeholders | ||||||
|  | 4. **Test in context**: Verify translations work in the actual UI | ||||||
|  | 5. **Maintain glossary**: Keep consistent terminology across translations | ||||||
|  |  | ||||||
|  | ## Troubleshooting | ||||||
|  |  | ||||||
|  | ### Common Issues | ||||||
|  |  | ||||||
|  | **Python not found**: Ensure Python 3.6+ is installed and in PATH | ||||||
|  |  | ||||||
|  | **Permission errors**: Ensure write permissions to message files | ||||||
|  |  | ||||||
|  | **Encoding issues**: Ensure your terminal supports UTF-8 | ||||||
|  |  | ||||||
|  | ### Getting Help | ||||||
|  |  | ||||||
|  | - Run `pnpm run translations:help` for detailed command examples | ||||||
|  | - Review generated translation reports for specific issues | ||||||
|  | - Check the official documentation for complete reference | ||||||
|  |  | ||||||
|  | ## Output Examples | ||||||
|  |  | ||||||
|  | ### Synchronization Output | ||||||
|  |  | ||||||
|  | ``` | ||||||
|  | Loading reference file: en-US.json | ||||||
|  | Reference file contains 980 keys | ||||||
|  | Processing 14 translation files... | ||||||
|  |  | ||||||
|  | Processing: pt-BR.json | ||||||
|  |   🔍 Found 12 missing keys | ||||||
|  |   ✅ Updated successfully (980/980 keys) | ||||||
|  |  | ||||||
|  | ============================================================ | ||||||
|  | SUMMARY | ||||||
|  | ============================================================ | ||||||
|  | ✅ ar-SA.json      - 980/980 keys | ||||||
|  | 🔄 pt-BR.json      - 980/980 keys (+12 added) | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### Translation Status Report | ||||||
|  |  | ||||||
|  | ``` | ||||||
|  | 📊 TRANSLATION REPORT | ||||||
|  | Reference: en-US.json (980 strings) | ||||||
|  | ================================================================================ | ||||||
|  | LANGUAGE        COMPLETENESS STRINGS         UNTRANSLATED    POSSIBLE MATCHES | ||||||
|  | -------------------------------------------------------------------------------- | ||||||
|  | ✅ pt-BR         100.0%       980/980         0 (0.0%)        5 | ||||||
|  | ⚠️  fr-FR         100.0%       980/980         12 (2.5%)       3 | ||||||
|  | 🟡 de-DE         95.2%        962/980         0 (0.0%)        8 | ||||||
|  | ================================================================================ | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ## Contributing | ||||||
|  |  | ||||||
|  | When contributing translations: | ||||||
|  |  | ||||||
|  | 1. **Follow the workflow**: Use the provided scripts for consistency | ||||||
|  | 2. **Test thoroughly**: Run complete checks before submitting | ||||||
|  | 3. **Document changes**: Note any significant translation decisions | ||||||
|  | 4. **Maintain quality**: Ensure manual translations are accurate and appropriate | ||||||
|  |  | ||||||
|  | The translation management system ensures consistency and makes it easy to maintain high-quality localization across all supported languages. | ||||||
							
								
								
									
										381
									
								
								apps/docs/content/docs/3.2-beta/troubleshooting.mdx
									
									
									
									
									
										Normal file
									
								
							
							
						
						| @@ -0,0 +1,381 @@ | |||||||
|  | --- | ||||||
|  | title: Troubleshooting | ||||||
|  | icon: "Bug" | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | Common issues and solutions for Palmr. deployment and usage. | ||||||
|  |  | ||||||
|  | ## 🚨 Permission Denied Errors | ||||||
|  |  | ||||||
|  | **Most common issue**: Permission denied when uploading files or accessing data directories. | ||||||
|  |  | ||||||
|  | ### Quick Diagnosis | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | # Check if this is a permission issue | ||||||
|  | docker-compose logs palmr | grep -i "permission\|denied\|eacces" | ||||||
|  |  | ||||||
|  | # Common error messages: | ||||||
|  | # EACCES: permission denied, open '/app/server/uploads/file.txt' | ||||||
|  | # Error: EACCES: permission denied, mkdir '/app/server/temp-uploads' | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### The Root Cause | ||||||
|  |  | ||||||
|  | **Palmr. defaults**: UID 1001, GID 1001   | ||||||
|  | **Linux standard**: UID 1000, GID 1000 | ||||||
|  |  | ||||||
|  | When using bind mounts, your host directories may have different ownership than Palmr's default UID/GID. | ||||||
|  |  | ||||||
|  | ### Solution 1: Environment Variables (Recommended) | ||||||
|  |  | ||||||
|  | Set Palmr. to use your host system's UID/GID: | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | # Find your UID/GID | ||||||
|  | id | ||||||
|  | # Output: uid=1000(user) gid=1000(group) groups=1000(group),27(sudo) | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | Add to your `docker-compose.yaml`: | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | services: | ||||||
|  |   palmr: | ||||||
|  |     environment: | ||||||
|  |       - PALMR_UID=1000 # Your UID | ||||||
|  |       - PALMR_GID=1000 # Your GID | ||||||
|  |     # ... rest of config | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | Restart the container: | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | docker-compose down && docker-compose up -d | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### Solution 2: Change Host Directory Ownership | ||||||
|  |  | ||||||
|  | If you prefer to keep Palmr's defaults: | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | # For single data directory | ||||||
|  | chown -R 1001:1001 ./data | ||||||
|  |  | ||||||
|  | # For separate upload/temp directories | ||||||
|  | mkdir -p uploads temp-uploads | ||||||
|  | chown -R 1001:1001 uploads temp-uploads | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### Solution 3: Docker Volume (Avoid the Issue) | ||||||
|  |  | ||||||
|  | Use Docker named volumes instead of bind mounts: | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | volumes: | ||||||
|  |   - palmr_data:/app/server  # Named volume (no permission issues) | ||||||
|  |   # Instead of: | ||||||
|  |   # - ./data:/app/server    # Bind mount (permission issues) | ||||||
|  |  | ||||||
|  | volumes: | ||||||
|  |   palmr_data: | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## 🐳 Container Issues | ||||||
|  |  | ||||||
|  | ### Container Won't Start | ||||||
|  |  | ||||||
|  | **Check logs first:** | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | docker-compose logs palmr | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | **Common issues:** | ||||||
|  |  | ||||||
|  | 1. **Port already in use** | ||||||
|  |  | ||||||
|  |    ```bash | ||||||
|  |    # Check what's using port 5487 | ||||||
|  |    sudo lsof -i :5487 | ||||||
|  |  | ||||||
|  |    # Or change port in docker-compose.yaml | ||||||
|  |    ports: | ||||||
|  |      - "5488:5487"  # Use different host port | ||||||
|  |    ``` | ||||||
|  |  | ||||||
|  | 2. **Invalid encryption key** | ||||||
|  |  | ||||||
|  |    ```bash | ||||||
|  |    # Error: Encryption key must be at least 32 characters (only if encryption is enabled) | ||||||
|  |    # Fix: Either disable encryption or provide a valid key | ||||||
|  |    environment: | ||||||
|  |      - DISABLE_FILESYSTEM_ENCRYPTION=true  # Disable encryption (default) | ||||||
|  |      # OR enable encryption with: | ||||||
|  |      # - DISABLE_FILESYSTEM_ENCRYPTION=false | ||||||
|  |      # - ENCRYPTION_KEY=your-very-long-secure-key-at-least-32-characters | ||||||
|  |    ``` | ||||||
|  |  | ||||||
|  | 3. **Missing environment variables** | ||||||
|  |    ```bash | ||||||
|  |    # Check variables are set (encryption is optional) | ||||||
|  |    docker exec palmr env | grep -E "DISABLE_FILESYSTEM_ENCRYPTION|ENCRYPTION_KEY|DATABASE_URL" | ||||||
|  |    ``` | ||||||
|  |  | ||||||
|  | ### Container Starts But App Doesn't Load | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | # Check if services are running inside container | ||||||
|  | docker exec palmr ps aux | ||||||
|  |  | ||||||
|  | # Check if ports are bound correctly | ||||||
|  | docker port palmr | ||||||
|  |  | ||||||
|  | # Test API directly | ||||||
|  | curl http://localhost:3333/health | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## 📁 File Upload Issues | ||||||
|  |  | ||||||
|  | ### Files Not Uploading | ||||||
|  |  | ||||||
|  | 1. **Check disk space:** | ||||||
|  |  | ||||||
|  |    ```bash | ||||||
|  |    df -h | ||||||
|  |    # Ensure you have enough space in upload directory | ||||||
|  |    ``` | ||||||
|  |  | ||||||
|  | 2. **Check file permissions in container:** | ||||||
|  |  | ||||||
|  |    ```bash | ||||||
|  |    docker exec palmr ls -la /app/server/uploads/ | ||||||
|  |    # Should show ownership by palmr user (UID 1001) | ||||||
|  |    ``` | ||||||
|  |  | ||||||
|  | 3. **Check upload limits:** | ||||||
|  |    - Default max file size is configurable | ||||||
|  |    - Check browser network tab for 413 errors | ||||||
|  |  | ||||||
|  | ### Files Upload But Can't Be Downloaded | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | # Check file exists and is readable | ||||||
|  | docker exec palmr ls -la /app/server/uploads/ | ||||||
|  |  | ||||||
|  | # Check file ownership | ||||||
|  | docker exec palmr stat /app/server/uploads/your-file.txt | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## 🔑 Authentication Issues | ||||||
|  |  | ||||||
|  | ### Can't Login to Admin Account | ||||||
|  |  | ||||||
|  | 1. **Reset admin password:** | ||||||
|  |  | ||||||
|  |    ```bash | ||||||
|  |    # Using the built-in reset script | ||||||
|  |    docker exec -it palmr /app/palmr-app/reset-password.sh | ||||||
|  |    ``` | ||||||
|  |  | ||||||
|  | 2. **Check database permissions:** | ||||||
|  |    ```bash | ||||||
|  |    docker exec palmr ls -la /app/server/prisma/ | ||||||
|  |    # palmr.db should be writable by palmr user (UID 1001) | ||||||
|  |    ``` | ||||||
|  |  | ||||||
|  | ### OIDC Authentication Not Working | ||||||
|  |  | ||||||
|  | See our [OIDC Configuration Guide](/docs/3.0-beta/oidc-authentication) for detailed setup. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## 🌐 Network Issues | ||||||
|  |  | ||||||
|  | ### Can't Access Web Interface | ||||||
|  |  | ||||||
|  | 1. **From localhost:** | ||||||
|  |  | ||||||
|  |    ```bash | ||||||
|  |    # Test if container is responding | ||||||
|  |    curl http://localhost:5487 | ||||||
|  |  | ||||||
|  |    # Check if port is bound | ||||||
|  |    docker port palmr 5487 | ||||||
|  |    ``` | ||||||
|  |  | ||||||
|  | 2. **From external network:** | ||||||
|  |  | ||||||
|  |    ```bash | ||||||
|  |    # Check firewall | ||||||
|  |    sudo ufw status | ||||||
|  |  | ||||||
|  |    # Test from external IP | ||||||
|  |    curl http://YOUR_SERVER_IP:5487 | ||||||
|  |    ``` | ||||||
|  |  | ||||||
|  | ### API Not Accessible | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | # Check if API port is exposed | ||||||
|  | docker port palmr 3333 | ||||||
|  |  | ||||||
|  | # Test API health | ||||||
|  | curl http://localhost:3333/health | ||||||
|  |  | ||||||
|  | # Check API documentation | ||||||
|  | curl http://localhost:3333/docs | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## 💾 Database Issues | ||||||
|  |  | ||||||
|  | ### Database Connection Errors | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | # Check database file exists and is writable | ||||||
|  | docker exec palmr ls -la /app/server/prisma/palmr.db | ||||||
|  |  | ||||||
|  | # Check database logs | ||||||
|  | docker-compose logs palmr | grep -i database | ||||||
|  |  | ||||||
|  | # Verify Prisma schema (run from palmr-app directory) | ||||||
|  | docker exec palmr sh -c "cd /app/palmr-app && npx prisma db push" | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### Database Corruption | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | # Stop container | ||||||
|  | docker-compose down | ||||||
|  |  | ||||||
|  | # Backup existing database | ||||||
|  | cp ./data/prisma/palmr.db ./data/prisma/palmr.db.backup | ||||||
|  |  | ||||||
|  | # Let Palmr recreate database on startup | ||||||
|  | rm ./data/prisma/palmr.db | ||||||
|  |  | ||||||
|  | # Start container (will recreate database) | ||||||
|  | docker-compose up -d | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## 🚀 Performance Issues | ||||||
|  |  | ||||||
|  | ### Slow File Uploads | ||||||
|  |  | ||||||
|  | 1. **Check available disk space:** | ||||||
|  |  | ||||||
|  |    ```bash | ||||||
|  |    df -h | ||||||
|  |    ``` | ||||||
|  |  | ||||||
|  | 2. **Monitor container resources:** | ||||||
|  |  | ||||||
|  |    ```bash | ||||||
|  |    docker stats palmr | ||||||
|  |    ``` | ||||||
|  |  | ||||||
|  | 3. **Check temp directory permissions:** | ||||||
|  |    ```bash | ||||||
|  |    docker exec palmr ls -la /app/server/temp-uploads/ | ||||||
|  |    ``` | ||||||
|  |  | ||||||
|  | ### High Memory Usage | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | # Check container memory usage | ||||||
|  | docker stats palmr | ||||||
|  |  | ||||||
|  | # Check Node.js memory usage | ||||||
|  | docker exec palmr ps aux | grep node | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## 🔍 Diagnostic Commands | ||||||
|  |  | ||||||
|  | ### Complete Health Check | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | #!/bin/bash | ||||||
|  | echo "=== Palmr. Health Check ===" | ||||||
|  |  | ||||||
|  | echo "1. Container Status:" | ||||||
|  | docker ps | grep palmr | ||||||
|  |  | ||||||
|  | echo "2. Container Logs (last 20 lines):" | ||||||
|  | docker-compose logs --tail=20 palmr | ||||||
|  |  | ||||||
|  | echo "3. Port Status:" | ||||||
|  | docker port palmr | ||||||
|  |  | ||||||
|  | echo "4. File Permissions:" | ||||||
|  | docker exec palmr ls -la /app/server/ | ||||||
|  |  | ||||||
|  | echo "5. Application Files:" | ||||||
|  | docker exec palmr ls -la /app/palmr-app/ | ||||||
|  |  | ||||||
|  | echo "6. Environment Variables:" | ||||||
|  | docker exec palmr env | grep -E "PALMR_|DISABLE_FILESYSTEM_ENCRYPTION|ENCRYPTION_|DATABASE_" | ||||||
|  |  | ||||||
|  | echo "7. API Health:" | ||||||
|  | curl -s http://localhost:3333/health || echo "API not accessible" | ||||||
|  |  | ||||||
|  | echo "8. Web Interface:" | ||||||
|  | curl -s -o /dev/null -w "%{http_code}" http://localhost:5487 || echo "Web interface not accessible" | ||||||
|  |  | ||||||
|  | echo "9. Disk Space:" | ||||||
|  | df -h | ||||||
|  |  | ||||||
|  | echo "=== End Health Check ===" | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### Log Analysis | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | # Check for common errors | ||||||
|  | docker-compose logs palmr 2>&1 | grep -E "error|Error|ERROR|failed|Failed|FAILED" | ||||||
|  |  | ||||||
|  | # Check permission issues | ||||||
|  | docker-compose logs palmr 2>&1 | grep -E "permission|denied|EACCES" | ||||||
|  |  | ||||||
|  | # Check startup sequence | ||||||
|  | docker-compose logs palmr 2>&1 | grep -E "🌴|🔧|🚀|✅" | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## 📞 Getting Help | ||||||
|  |  | ||||||
|  | If none of these solutions work: | ||||||
|  |  | ||||||
|  | 1. **Gather diagnostic information:** | ||||||
|  |  | ||||||
|  |    ```bash | ||||||
|  |    # Run the complete health check above | ||||||
|  |    # Save the output to a file | ||||||
|  |    ``` | ||||||
|  |  | ||||||
|  | 2. **Check our documentation:** | ||||||
|  |    - [UID/GID Configuration](/docs/3.0-beta/uid-gid-configuration) | ||||||
|  |    - [Quick Start Guide](/docs/3.0-beta/quick-start) | ||||||
|  |    - [API Reference](/docs/3.0-beta/api) | ||||||
|  |  | ||||||
|  | 3. **Open an issue on GitHub:** | ||||||
|  |    - Include your `docker-compose.yaml` | ||||||
|  |    - Include relevant log output | ||||||
|  |    - Describe your system (OS, Docker version, etc.) | ||||||
|  |    - [GitHub Issues](https://github.com/kyantech/Palmr/issues) | ||||||
|  |  | ||||||
|  | 4. **Check existing issues:** | ||||||
|  |    - Search [closed issues](https://github.com/kyantech/Palmr/issues?q=is%3Aissue+is%3Aclosed) for similar problems | ||||||
|  |    - Look for recent [discussions](https://github.com/kyantech/Palmr/discussions) | ||||||
							
								
								
									
										339
									
								
								apps/docs/content/docs/3.2-beta/uid-gid-configuration.mdx
									
									
									
									
									
										Normal file
									
								
							
							
						
						| @@ -0,0 +1,339 @@ | |||||||
|  | --- | ||||||
|  | title: UID/GID Configuration | ||||||
|  | icon: "Users" | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | Configure user and group permissions for seamless bind mount compatibility across different host systems, particularly NAS environments. | ||||||
|  |  | ||||||
|  | ## Overview | ||||||
|  |  | ||||||
|  | Palmr. supports runtime UID/GID configuration to resolve permission conflicts when using bind mounts. This eliminates the need for manual permission management on your host system. | ||||||
|  |  | ||||||
|  | **⚠️ Important**: Palmr uses **UID 1000, GID 1000** by default, which matches the standard Linux convention. However, some systems may use different UID/GID values, which can cause permission issues with bind mounts. | ||||||
|  |  | ||||||
|  | ## The Permission Problem | ||||||
|  |  | ||||||
|  | ### Why This Happens | ||||||
|  |  | ||||||
|  | - **Palmr Default**: UID 1000, GID 1000 (container) | ||||||
|  | - **Linux Standard**: UID 1000, GID 1000 (most host systems) | ||||||
|  | - **Result**: Usually compatible, but some systems may use different values | ||||||
|  |  | ||||||
|  | ### Common Error Scenarios | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | # When you see errors like: | ||||||
|  | EACCES: permission denied, open '/app/server/uploads/file.txt' | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | # Or when checking permissions: | ||||||
|  | $ ls -la uploads/ | ||||||
|  | drwxr-xr-x 2 user user 4096 Jan 15 10:00 uploads/ | ||||||
|  | # Container tries to write with different UID/GID than directory owner | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ## Quick Fix | ||||||
|  |  | ||||||
|  | ### Option 1: Set Palmr to Use Standard UID/GID (Recommended) | ||||||
|  |  | ||||||
|  | Add these environment variables to your `docker-compose.yaml`: | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | services: | ||||||
|  |   palmr: | ||||||
|  |     image: kyantech/palmr:latest | ||||||
|  |     container_name: palmr | ||||||
|  |     environment: | ||||||
|  |       - PALMR_UID=1000 | ||||||
|  |       - PALMR_GID=1000 | ||||||
|  |     ports: | ||||||
|  |       - "5487:5487" | ||||||
|  |     volumes: | ||||||
|  |       - ./uploads:/app/server/uploads:rw | ||||||
|  |       - ./temp-uploads:/app/server/temp-uploads:rw | ||||||
|  |     restart: unless-stopped | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### Option 2: Change Host Directory Permissions | ||||||
|  |  | ||||||
|  | If you prefer to keep Palmr's defaults: | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | # Create directories with correct ownership | ||||||
|  | mkdir -p uploads temp-uploads | ||||||
|  | chown -R 1001:1001 uploads temp-uploads | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ## Environment Variables | ||||||
|  |  | ||||||
|  | Configure permissions using these optional environment variables: | ||||||
|  |  | ||||||
|  | | Variable    | Description                      | Default | Example | | ||||||
|  | | ----------- | -------------------------------- | ------- | ------- | | ||||||
|  | | `PALMR_UID` | User ID for container processes  | `1001`  | `1000`  | | ||||||
|  | | `PALMR_GID` | Group ID for container processes | `1001`  | `1000`  | | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Finding Your Host UID/GID | ||||||
|  |  | ||||||
|  | Determine your host system's user and group IDs: | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | # Check current user | ||||||
|  | id | ||||||
|  |  | ||||||
|  | # Output example | ||||||
|  | uid=1000(user) gid=1000(group) groups=1000(group),27(sudo) | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | Use the `uid` and `gid` values for your `PALMR_UID` and `PALMR_GID` configuration. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Configuration Examples | ||||||
|  |  | ||||||
|  | ### Standard Linux System (Most Common) | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | services: | ||||||
|  |   palmr: | ||||||
|  |     image: kyantech/palmr:latest | ||||||
|  |     container_name: palmr | ||||||
|  |     environment: | ||||||
|  |       - PALMR_UID=1000 | ||||||
|  |       - PALMR_GID=1000 | ||||||
|  |     ports: | ||||||
|  |       - "5487:5487" | ||||||
|  |     volumes: | ||||||
|  |       - ./data:/app/server | ||||||
|  |     restart: unless-stopped | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### Synology NAS | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | services: | ||||||
|  |   palmr: | ||||||
|  |     image: kyantech/palmr:latest | ||||||
|  |     container_name: palmr | ||||||
|  |     environment: | ||||||
|  |       - PALMR_UID=1026 | ||||||
|  |       - PALMR_GID=100 | ||||||
|  |     ports: | ||||||
|  |       - "5487:5487" | ||||||
|  |     volumes: | ||||||
|  |       - /volume1/docker/palmr:/app/server | ||||||
|  |     restart: unless-stopped | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### QNAP NAS | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | services: | ||||||
|  |   palmr: | ||||||
|  |     image: kyantech/palmr:latest | ||||||
|  |     container_name: palmr | ||||||
|  |     environment: | ||||||
|  |       - PALMR_UID=1000 | ||||||
|  |       - PALMR_GID=100 | ||||||
|  |     ports: | ||||||
|  |       - "5487:5487" | ||||||
|  |     volumes: | ||||||
|  |       - /share/Container/palmr:/app/server | ||||||
|  |     restart: unless-stopped | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Troubleshooting | ||||||
|  |  | ||||||
|  | ### Common Permission Errors | ||||||
|  |  | ||||||
|  | **Error**: `EACCES: permission denied` | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | # 1. Check your current UID/GID | ||||||
|  | id | ||||||
|  |  | ||||||
|  | # 2. Check directory ownership | ||||||
|  | ls -la uploads/ temp-uploads/ | ||||||
|  |  | ||||||
|  | # 3. Fix via environment variables (preferred) | ||||||
|  | # Add to docker-compose.yaml: | ||||||
|  | # - PALMR_UID=1000 | ||||||
|  | # - PALMR_GID=1000 | ||||||
|  |  | ||||||
|  | # 4. Or fix via chown (alternative) | ||||||
|  | chown -R 1001:1001 uploads temp-uploads | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | **Error**: Container starts but files aren't accessible | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | # Check container's UID/GID configuration | ||||||
|  | docker-compose logs palmr | grep -E "🔧|Runtime UID/GID" | ||||||
|  |  | ||||||
|  | # Check file ownership inside container | ||||||
|  | docker exec palmr ls -la /app/server/ | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### Verification Commands | ||||||
|  |  | ||||||
|  | Verify UID/GID settings are applied correctly: | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | # View startup logs for UID/GID configuration | ||||||
|  | docker-compose logs palmr | head -20 | ||||||
|  |  | ||||||
|  | # Check file ownership in container | ||||||
|  | docker exec palmr ls -la /app/server/ | ||||||
|  |  | ||||||
|  | # Verify process is running with correct UID/GID | ||||||
|  | docker exec palmr ps aux | grep node | ||||||
|  |  | ||||||
|  | # Check environment variables | ||||||
|  | docker exec palmr env | grep PALMR | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### Advanced Troubleshooting | ||||||
|  |  | ||||||
|  | **NAS-specific debugging:** | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | # Synology - Check mount point ownership | ||||||
|  | ls -la /volume1/docker/palmr/ | ||||||
|  |  | ||||||
|  | # QNAP - Check mount point ownership | ||||||
|  | ls -la /share/Container/palmr/ | ||||||
|  |  | ||||||
|  | # Check NAS user configuration | ||||||
|  | cat /etc/passwd | grep -v nobody | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | **Docker bind mount issues:** | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | # Check if directories exist and are writable | ||||||
|  | test -w uploads && echo "uploads writable" || echo "uploads NOT writable" | ||||||
|  | test -w temp-uploads && echo "temp-uploads writable" || echo "temp-uploads NOT writable" | ||||||
|  |  | ||||||
|  | # Create directories with correct permissions | ||||||
|  | mkdir -p uploads temp-uploads | ||||||
|  | sudo chown -R $(id -u):$(id -g) uploads temp-uploads | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## When to Configure | ||||||
|  |  | ||||||
|  | UID/GID configuration is **required** when: | ||||||
|  |  | ||||||
|  | - ✅ Using bind mounts (most common case) | ||||||
|  | - ✅ Encountering "permission denied" errors | ||||||
|  | - ✅ Deploying on NAS systems (Synology, QNAP, etc.) | ||||||
|  | - ✅ Host system uses different default UID/GID values | ||||||
|  | - ✅ Running multiple containers that need to share files | ||||||
|  |  | ||||||
|  | UID/GID configuration is **optional** when: | ||||||
|  |  | ||||||
|  | - ❌ Using Docker named volumes (Docker manages permissions) | ||||||
|  | - ❌ Not using bind mounts | ||||||
|  | - ❌ No permission errors occurring | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Migration Guide | ||||||
|  |  | ||||||
|  | ### Existing Installations | ||||||
|  |  | ||||||
|  | To add UID/GID configuration to running installations: | ||||||
|  |  | ||||||
|  | 1. **Stop the container** | ||||||
|  |  | ||||||
|  |    ```bash | ||||||
|  |    docker-compose down | ||||||
|  |    ``` | ||||||
|  |  | ||||||
|  | 2. **Backup your data** | ||||||
|  |  | ||||||
|  |    ```bash | ||||||
|  |    cp -r ./data ./data-backup | ||||||
|  |    # or | ||||||
|  |    cp -r ./uploads ./uploads-backup | ||||||
|  |    cp -r ./temp-uploads ./temp-uploads-backup | ||||||
|  |    ``` | ||||||
|  |  | ||||||
|  | 3. **Check your UID/GID** | ||||||
|  |  | ||||||
|  |    ```bash | ||||||
|  |    id | ||||||
|  |    ``` | ||||||
|  |  | ||||||
|  | 4. **Update configuration** | ||||||
|  |    Add UID/GID variables to your `docker-compose.yaml`: | ||||||
|  |  | ||||||
|  |    ```yaml | ||||||
|  |    environment: | ||||||
|  |      - PALMR_UID=1000 | ||||||
|  |      - PALMR_GID=1000 | ||||||
|  |    ``` | ||||||
|  |  | ||||||
|  | 5. **Restart with new configuration** | ||||||
|  |    ```bash | ||||||
|  |    docker-compose up -d | ||||||
|  |    ``` | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Implementation Details | ||||||
|  |  | ||||||
|  | The UID/GID configuration process: | ||||||
|  |  | ||||||
|  | 1. **Detection** - Environment variables are read during container startup | ||||||
|  | 2. **Ownership Update** - File permissions are adjusted to match target UID/GID | ||||||
|  | 3. **Privilege Drop** - Application runs with specified user permissions via `su-exec` | ||||||
|  | 4. **Logging** - Configuration changes are logged for verification | ||||||
|  |  | ||||||
|  | This approach provides automatic permission management without user creation or system modification. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Build-Time Configuration | ||||||
|  |  | ||||||
|  | For custom base images with different default values: | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | docker build \ | ||||||
|  |   --build-arg PALMR_UID=2000 \ | ||||||
|  |   --build-arg PALMR_GID=2000 \ | ||||||
|  |   -t palmr:custom . | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | Runtime environment variables override build-time defaults. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Benefits | ||||||
|  |  | ||||||
|  | - **Zero Configuration** - Works automatically when environment variables are set | ||||||
|  | - **Universal Compatibility** - Supports any valid UID/GID combination | ||||||
|  | - **NAS Optimized** - Tested with major NAS platforms | ||||||
|  | - **Backward Compatible** - Existing deployments continue without modification | ||||||
|  | - **Performance Optimized** - Lightweight implementation using `su-exec` | ||||||
|  |  | ||||||
|  | ## Summary | ||||||
|  |  | ||||||
|  | For most users experiencing permission issues with bind mounts: | ||||||
|  |  | ||||||
|  | 1. **Find your UID/GID**: Run `id` command | ||||||
|  | 2. **Add to docker-compose.yaml**: | ||||||
|  |    ```yaml | ||||||
|  |    environment: | ||||||
|  |      - PALMR_UID=1000 | ||||||
|  |      - PALMR_GID=1000 | ||||||
|  |    ``` | ||||||
|  | 3. **Restart**: `docker-compose down && docker-compose up -d` | ||||||
|  |  | ||||||
|  | This ensures compatibility between Palmr's UID/GID and your host system's file ownership. | ||||||
| @@ -1,7 +1,3 @@ | |||||||
| { | { | ||||||
| 	"pages": [ |   "pages": ["3.2-beta", "2.0.0-beta"] | ||||||
| 		"3.0-beta", |  | ||||||
| 		"2.0.0-beta", |  | ||||||
| 		"1.1.7-beta" |  | ||||||
| 	] |  | ||||||
| } | } | ||||||
							
								
								
									
										67
									
								
								apps/docs/eslint.config.mjs
									
									
									
									
									
										Normal file
									
								
							
							
						
						| @@ -0,0 +1,67 @@ | |||||||
|  | /* eslint-disable import/no-anonymous-default-export */ | ||||||
|  | import path from "node:path"; | ||||||
|  | import { fileURLToPath } from "node:url"; | ||||||
|  | import { FlatCompat } from "@eslint/eslintrc"; | ||||||
|  | import js from "@eslint/js"; | ||||||
|  | import typescriptEslintEslintPlugin from "@typescript-eslint/eslint-plugin"; | ||||||
|  | import tsParser from "@typescript-eslint/parser"; | ||||||
|  | import prettier from "eslint-plugin-prettier"; | ||||||
|  |  | ||||||
|  | const __filename = fileURLToPath(import.meta.url); | ||||||
|  | const __dirname = path.dirname(__filename); | ||||||
|  | const compat = new FlatCompat({ | ||||||
|  |   baseDirectory: __dirname, | ||||||
|  |   recommendedConfig: js.configs.recommended, | ||||||
|  |   allConfig: js.configs.all, | ||||||
|  | }); | ||||||
|  |  | ||||||
|  | export default [ | ||||||
|  |   ...compat.extends("next", "next/core-web-vitals", "prettier"), | ||||||
|  |   { | ||||||
|  |     plugins: { | ||||||
|  |       prettier, | ||||||
|  |     }, | ||||||
|  |     rules: { | ||||||
|  |       "prettier/prettier": "error", | ||||||
|  |       camelcase: "off", | ||||||
|  |       "import/prefer-default-export": "off", | ||||||
|  |       "react/jsx-filename-extension": "off", | ||||||
|  |       "react/jsx-props-no-spreading": "off", | ||||||
|  |       "react/no-unused-prop-types": "off", | ||||||
|  |       "react/require-default-props": "off", | ||||||
|  |       "react/no-unescaped-entities": "off", | ||||||
|  |       "@next/next/no-img-element": "off", | ||||||
|  |       "import/extensions": [ | ||||||
|  |         "error", | ||||||
|  |         "ignorePackages", | ||||||
|  |         { | ||||||
|  |           ts: "never", | ||||||
|  |           tsx: "never", | ||||||
|  |           js: "never", | ||||||
|  |           jsx: "never", | ||||||
|  |         }, | ||||||
|  |       ], | ||||||
|  |     }, | ||||||
|  |   }, | ||||||
|  |   { | ||||||
|  |     files: ["**/*.+(ts|tsx)"], | ||||||
|  |     plugins: { | ||||||
|  |       "@typescript-eslint": typescriptEslintEslintPlugin, | ||||||
|  |     }, | ||||||
|  |     languageOptions: { | ||||||
|  |       parser: tsParser, | ||||||
|  |     }, | ||||||
|  |     rules: { | ||||||
|  |       "@typescript-eslint/explicit-function-return-type": "off", | ||||||
|  |       "@typescript-eslint/explicit-module-boundary-types": "off", | ||||||
|  |       "no-use-before-define": [0], | ||||||
|  |       "@typescript-eslint/no-use-before-define": [1], | ||||||
|  |       "@typescript-eslint/no-explicit-any": "off", | ||||||
|  |       "@typescript-eslint/no-var-requires": "off", | ||||||
|  |     }, | ||||||
|  |   }, | ||||||
|  |   // Ignore ESLint errors in @/ui directory | ||||||
|  |   { | ||||||
|  |     ignores: ["src/components/ui/**/*", "src/components/magicui/**/*"], | ||||||
|  |   }, | ||||||
|  | ]; | ||||||
| @@ -1,4 +1,4 @@ | |||||||
| import { createMDX } from 'fumadocs-mdx/next'; | import { createMDX } from "fumadocs-mdx/next"; | ||||||
|  |  | ||||||
| const withMDX = createMDX(); | const withMDX = createMDX(); | ||||||
|  |  | ||||||
| @@ -15,15 +15,15 @@ const config = { | |||||||
|     qualities: [100], |     qualities: [100], | ||||||
|     remotePatterns: [ |     remotePatterns: [ | ||||||
|       { |       { | ||||||
|         protocol: 'https', |         protocol: "https", | ||||||
|         hostname: '**' |         hostname: "**", | ||||||
|       }, |       }, | ||||||
|       { |       { | ||||||
|         protocol: 'http', |         protocol: "http", | ||||||
|         hostname: '**' |         hostname: "**", | ||||||
|       } |       }, | ||||||
|     ] |     ], | ||||||
|   } |   }, | ||||||
| }; | }; | ||||||
|  |  | ||||||
| export default withMDX(config); | export default withMDX(config); | ||||||
|   | |||||||
| @@ -1,6 +1,6 @@ | |||||||
| { | { | ||||||
|   "name": "palmr-docs", |   "name": "palmr-docs", | ||||||
|   "version": "v3.0-beta", |   "version": "3.2.5-beta", | ||||||
|   "description": "Docs for Palmr", |   "description": "Docs for Palmr", | ||||||
|   "private": true, |   "private": true, | ||||||
|   "author": "Daniel Luiz Alves <daniel@kyantech.com.br>", |   "author": "Daniel Luiz Alves <daniel@kyantech.com.br>", | ||||||
| @@ -13,37 +13,52 @@ | |||||||
|     "react", |     "react", | ||||||
|     "typescript" |     "typescript" | ||||||
|   ], |   ], | ||||||
|   "license": "BSD-2-Clause", |   "license": "Apache-2.0", | ||||||
|   "packageManager": "pnpm@10.6.0", |   "packageManager": "pnpm@10.6.0", | ||||||
|   "scripts": { |   "scripts": { | ||||||
|     "build": "next build", |     "build": "next build", | ||||||
|     "dev": "next dev --turbo", |     "dev": "next dev -p 3001", | ||||||
|     "start": "next start", |     "start": "next start", | ||||||
|     "postinstall": "fumadocs-mdx" |     "postinstall": "fumadocs-mdx", | ||||||
|  |     "lint": "eslint \"src/**/*.+(ts|tsx)\"", | ||||||
|  |     "lint:fix": "eslint \"src/**/*.+(ts|tsx)\" --fix", | ||||||
|  |     "format": "prettier . --write", | ||||||
|  |     "format:check": "prettier . --check", | ||||||
|  |     "type-check": "npx tsc --noEmit", | ||||||
|  |     "validate": "pnpm lint && pnpm type-check" | ||||||
|   }, |   }, | ||||||
|   "dependencies": { |   "dependencies": { | ||||||
|     "class-variance-authority": "^0.7.1", |     "class-variance-authority": "^0.7.1", | ||||||
|     "clsx": "^2.1.1", |     "clsx": "^2.1.1", | ||||||
|     "fumadocs-core": "15.2.7", |     "fumadocs-core": "15.2.7", | ||||||
|     "fumadocs-mdx": "11.6.0", |     "fumadocs-mdx": "11.6.10", | ||||||
|     "fumadocs-ui": "15.2.7", |     "fumadocs-ui": "15.2.7", | ||||||
|     "lucide-react": "^0.488.0", |     "lucide-react": "^0.525.0", | ||||||
|     "motion": "^12.9.1", |     "motion": "^12.23.0", | ||||||
|     "next": "15.3.0", |     "next": "15.3.4", | ||||||
|     "react": "^19.1.0", |     "react": "^19.1.0", | ||||||
|     "react-dom": "^19.1.0", |     "react-dom": "^19.1.0", | ||||||
|     "tailwind-merge": "^3.2.0" |     "tailwind-merge": "^3.2.0" | ||||||
|   }, |   }, | ||||||
|   "devDependencies": { |   "devDependencies": { | ||||||
|     "@tailwindcss/postcss": "^4.1.3", |     "@eslint/eslintrc": "3.3.1", | ||||||
|  |     "@eslint/js": "9.30.0", | ||||||
|  |     "@ianvs/prettier-plugin-sort-imports": "4.4.2", | ||||||
|  |     "@tailwindcss/postcss": "^4.1.11", | ||||||
|     "@types/mdx": "^2.0.13", |     "@types/mdx": "^2.0.13", | ||||||
|     "@types/node": "22.14.0", |     "@types/node": "22.14.0", | ||||||
|     "@types/react": "^19.1.0", |     "@types/react": "^19.1.8", | ||||||
|     "@types/react-dom": "^19.1.2", |     "@types/react-dom": "^19.1.6", | ||||||
|     "eslint": "^8", |     "@typescript-eslint/eslint-plugin": "8.35.1", | ||||||
|     "eslint-config-next": "15.3.0", |     "@typescript-eslint/parser": "8.35.1", | ||||||
|     "postcss": "^8.5.3", |     "eslint": "9.30.0", | ||||||
|     "tailwindcss": "^4.1.3", |     "eslint-config-next": "15.3.4", | ||||||
|  |     "eslint-config-prettier": "9.1.0", | ||||||
|  |     "eslint-plugin-prettier": "5.5.1", | ||||||
|  |     "postcss": "^8.5.6", | ||||||
|  |     "prettier": "3.6.2", | ||||||
|  |     "prettier-plugin-sort-json": "4.1.1", | ||||||
|  |     "tailwindcss": "^4.1.11", | ||||||
|     "tw-animate-css": "^1.2.8", |     "tw-animate-css": "^1.2.8", | ||||||
|     "typescript": "^5.8.3" |     "typescript": "^5.8.3" | ||||||
|   } |   } | ||||||
|   | |||||||
							
								
								
									
										5683
									
								
								apps/docs/pnpm-lock.yaml
									
									
									
										generated
									
									
									
								
							
							
						
						| @@ -1,5 +1,5 @@ | |||||||
| export default { | export default { | ||||||
|   plugins: { |   plugins: { | ||||||
|     '@tailwindcss/postcss': {}, |     "@tailwindcss/postcss": {}, | ||||||
|   }, |   }, | ||||||
| }; | }; | ||||||
|   | |||||||
							
								
								
									
										
											BIN
										
									
								
								apps/docs/public/assets/v3/oidc/all-providers.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 885 KiB | 
							
								
								
									
										
											BIN
										
									
								
								apps/docs/public/assets/v3/oidc/auth-providers.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 105 KiB | 
							
								
								
									
										
											BIN
										
									
								
								apps/docs/public/assets/v3/oidc/auth0/application-settings.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 166 KiB | 
							
								
								
									
										
											BIN
										
									
								
								apps/docs/public/assets/v3/oidc/auth0/application-type.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 168 KiB | 
							
								
								
									
										
											BIN
										
									
								
								apps/docs/public/assets/v3/oidc/auth0/auth0-dashboard.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 292 KiB | 
							
								
								
									
										
											BIN
										
									
								
								apps/docs/public/assets/v3/oidc/auth0/auth0-icon.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 151 KiB | 
							
								
								
									
										
											BIN
										
									
								
								apps/docs/public/assets/v3/oidc/auth0/config-urls.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 239 KiB | 
							
								
								
									
										
											BIN
										
									
								
								apps/docs/public/assets/v3/oidc/auth0/create-application.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 125 KiB | 
							
								
								
									
										
											BIN
										
									
								
								apps/docs/public/assets/v3/oidc/auth0/edit-auth0.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 167 KiB | 
							
								
								
									
										
											BIN
										
									
								
								apps/docs/public/assets/v3/oidc/auth0/enabled-auth0.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 150 KiB | 
							
								
								
									
										
											BIN
										
									
								
								apps/docs/public/assets/v3/oidc/auth0/oauth-credentials.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 174 KiB | 
							
								
								
									
										
											BIN
										
									
								
								apps/docs/public/assets/v3/oidc/auth0/sign-in-with-auth0.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 860 KiB |