clearflask / clearflask Goto Github PK

View Code? Open in Web Editor NEW

253.0 7.0 27.0 47.21 MB

Listen to your users during product development with ClearFlask

Home Page: https://clearflask.com

License: Apache License 2.0

Makefile 0.31% Java 43.08% JavaScript 0.66% Shell 2.03% Mustache 1.79% HTML 0.29% TypeScript 51.83% Dockerfile 0.02%

feedback roadmap

clearflask's Introduction

Open-source Feedback Management Tool.
Alternative to Canny and UserVoice.

Managed hosting
Self hosting
Contributing
Security Policy

Managed Hosting

Support our open-source development by choosing cloud hosting with scalable pricing, check us out on our website.

Self Hosting

Quick start

For a quick start using Docker, download the Docker Compose service file as docker-compose.yml, and run the following:

docker-compose --profile with-deps up

Point your browser at http://localhost and create an account using email admin@localhost.

You also want to setup outgoing mail, read the Email section.

If you wish to host it on your domain other than localhost, read the DNS section and then setup SSL/TLS certificates.

Replace dependencies

There are several dependencies that you can swap out for ClearFlask:

AWS DynamoDB or Localstack or API-compatible alternative (ScyllaDB is not fully compatible)
MinIO or AWS S3 or API-compatible alternative
One of:
- MySQL or Aurora
- ElasticSearch or OpenSearch
Email service via SMTP or AWS SES

And a few optional:

Google ReCaptcha
Let's Encrypt automagic certificate management
CloudFront as a CDN (Use in front of clearflask-connect)

Via Docker

You can spin up all dependencies via Docker.

Simply add the --profile with-deps to your docker-compose command when starting ClearFlask.

All database content will be persisted to local filesystem under data folder.

Via AWS

For production workload, you will want to spin up these dependencies yourself and point ClearFlask to their endpoints.

IAM access

For AWS services, clearflask-server auto-detects Access Keys using either a configuration property or the default locations. If you are running in EC2 or ECS, keys detection is automated, you just need to create the appropriate IAM role.

AWS DynamoDB

Provide IAM access including create table permission as table is created automatically by ClearFlask on startup.

IAM actions:

CreateTable
BatchGetItem
GetItem
Query
BatchWriteItem
DeleteItem
PutItem
UpdateItem

AWS S3

Create a private bucket with IAM access to ClearFlask.

IAM actions:

ListBucket
GetObject
DeleteObject
PutObject

You can also use an API-compatible alternative service such as Wasabi, MinIO...

ElasticSearch or MySQL

Recommended is AWS ES, give the proper IAM access

IAM actions, all in these categories:

List
Read
Write
Tagging

Alternatively you can deploy it yourself (cheaper) or host it on Elastic. Or you can choose to use MySQL/Aurora as a cheaper alternative.

AWS SES

In order to setup SES, you need to seek limit increase via AWS support.

Change the config property ...EmailServiceImpl$Config.useService to ses and give the proper IAM access.

IAM actions:

SendEmail
SendRawEmail

Alternatively use any other email provider and fill out the SMTP settings

Deploy ClearFlask

ClearFlask consists of two components:

Tomcat application for serving API requests
NodeJS for SSR, dynamic cert management and serving static files

Setup

Download the Docker Compose service file
Run it with docker-compose --profile with-deps up which creates few configuration files in your local directory
Carefully read and modify server/config-selfhost.cfg.
Carefully read and modify connect/connect.config.json.
Adjust the Docker Compose service file to add/remove dependencies if you are hosting them outside of Docker

Email

By default, email is configured for AWS SES pointing to your Localstack (which doesn't do anything).

You can choose to setup your own SMTP server or use AWS SES.

Email using SMTP

Change the configuration to SMTP:

com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.useService: smtp

Then you need to gather your SMTP settings and fill out the following:

com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.smtpStrategy: SMTP_TLS (SMTP_TLS, SMTPS, SMTP)
com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.smtpHost: smtp.gmail.com (e.g. smtp.gmail.com)
com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.smtpPort: 587 (587 for SMTP_TLS, 465 for SMTPS, 25 for SMTP)
com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.smtpUser: [email protected] (e.g. [email protected])
com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.smtpPassword: asdfqwerzxcvasdf (To get this working, you need to enable IMAP if not enabled. If you use 2FA, you need to generate an app password and use it here)
com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.emailDisplayName: ClearFlask (e.g. 'ClearFlask for MyCompany')
com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.fromEmailLocalPart: my.name (first part of your email, for [email protected], it would be 'my.name')
com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.fromEmailDomainOverride: gmail.com (domain part of your email, for [email protected], it would be 'gmail.com')

Email using AWS SES

Change the configuration to SMTP:

com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.useService: ses

Then fill out the SES settings:

com.smotana.clearflask.core.email.AmazonSimpleEmailServiceProvider$Config.region: us-east-1
com.smotana.clearflask.core.email.AmazonSimpleEmailServiceProvider$Config.serviceEndpoint: (Leave blank, unless you need to override)

DNS

By default, everything is assumed to be on localhost. If you wish to host your portal on yoursite.com or 192.168.1.123, set the following properties:

connect.config.json:parentDomain: yoursite.com
config-selfhost.cfg:com.smotana.clearflask.web.Application$Config.domain: yoursite.com

Certificate management

Automagic using Let's Encrypt

If you wish to have certificates fetched and renewed for you automagically using Let's Encrypt, ensure your DNS is correctly pointing to your server, it is publicly accessible, and set the following config parameters:

connect.config.json:disableAutoFetchCertificate: false
connect.config.json:forceRedirectHttpToHttps: true
config-selfhost.cfg:com.smotana.clearflask.web.security.AuthCookieImpl$Config.authCookieSecure: true

Once you load your site for the first time, a Certificate is auto-magically fetched for you.

Static certificate

If you wish to use your own certificate, set the following properties:

connect.config.json:disableAutoFetchCertificate: false
connect.config.json:forceRedirectHttpToHttps: true
config-selfhost.cfg:com.smotana.clearflask.web.security.AuthCookieImpl$Config.authCookieSecure: true
config-selfhost.cfg:com.smotana.clearflask.security.CertFetcherImpl$Config.staticCert: <SEE BELOW>

For the staticCert property value, this has to be a JSON object with the following structure, but you need to put it in a single line:

{
    "cert": {
        "cert": "-----BEGIN CERTIFICATE-----\nMIIFFjCC...",
        "chain": "-----BEGIN CERTIFICATE-----\nMIIE/jCC",
        "subject": "feedback.example.com",
        "altnames": [
            "feedback.example.com"
        ],
        "issuedAt": 1709572939000,
        "expiresAt": 1741108939000
    },
    "keypair": {
        "privateKeyPem": "-----BEGIN PRIVATE KEY-----\nMIIEvwIB..."
    }
}

Note that you have to put this into a single line. The cert, chain and keypair will replace any literal \n into a newline.

This approach is not recommended as you will have to update this certificate manually.

Self-managed behind reverse proxy

If you are managing TLS certificates behind a reverse proxy, redirect all http requests to https, set the following config:

connect.config.json:disableAutoFetchCertificate: true
connect.config.json:forceRedirectHttpToHttps: true
config-selfhost.cfg:com.smotana.clearflask.web.security.AuthCookieImpl$Config.authCookieSecure: true

No certificates

Although discouraged, you can run ClearFlask over HTTP only. Ensure these settings are set:

connect.config.json:disableAutoFetchCertificate: true
connect.config.json:forceRedirectHttpToHttps: false
config-selfhost.cfg:com.smotana.clearflask.web.security.AuthCookieImpl$Config.authCookieSecure: false

Dashboard account

For you to manage the dashboard, you need to whitelist an email to be able to create a super-admin account:

config-selfhost.cfg:com.smotana.clearflask.web.security.SuperAdminPredicate$Config.superAdminEmailRegex: ^[email protected]$

After you sign-up, disable further signups using:

config-selfhost.cfg:com.smotana.clearflask.web.resource.AccountResource$Config.signupEnabled: false

Run

Run docker-compose up or docker-compose --profile with-deps up to also start dependencies.
Point your browser at http://localhost or if you configured your DNS https://yoursite.com.
Create an account using admin@localhost email or based on your configuration of superAdminEmailRegex.

Maintenance

Migration between ElasticSearch/MySQL

Source of truth data is stored in a NoSQL DynamoDB compatible database. For searching/filtering, you have a choice of using a separate database:

ElasticSearch:

Intended for large projects
Searching is great (example: searching for 'Johnny' will find 'Jonathan')

MySQL:

Intended for small projects
Lightweight
Cheap to host
Searching is idential match only (example: searching for 'Jon' will find 'Jonathan')

Migration prerequisites

To check what you are using now, open your configuration file config-selfhost.cfg for the property com.smotana.clearflask.web.Application$Config.defaultSearchEngine. If you can't find it, the default value uses ElasticSearch.

You will need a JMX client such as jconsole probably already bundled with your JRE/JDK on your system or VisualVM. To connect to your running instance, you need to enable port forwarding in your docker-compose.yml file by uncommenting the JMX ports and restarting. Then you can connect to service:jmx:rmi:///jndi/rmi://localhost:9950/jmxrmi without credentials and without SSL.

During the migration, you should be checking the logs for any warnings or errors. Especially when starting up or invoking a JMX method. If you run in to issues, document it, open an issue on GitHub and optionally rolback by undoing all the steps in reverse order.

Migrate from Mysql to ElasticSearch

Double check you are using MySQL, you should have this property set: config-selfhost.cfg:com.smotana.clearflask.web.Application$Config.defaultSearchEngine: READWRITE_MYSQL
Edit docker-compose.yml:
1. Uncomment clearflask-server container's JMX ports 9950:9950 and 9951:9951
2. Uncomment elasticsearch container
3. Restart the server
Using JMX, invoke com.smotana.clearflask.web.resource.ProjectResource.createIndexes(true, false); On failure, check the logs
Edit docker-compose.yml
1. Change com.smotana.clearflask.web.Application$Config.defaultSearchEngine to READ_MYSQL_WRITE_BOTH
2. Restart the server
Using JMX, invoke com.smotana.clearflask.web.resource.ProjectResource.reindexProjects(true, true, false)
At this point you are using both ElasticSearch and MySQL but reading only from MySQL. To test a single project with ElasticSearch, as super admin open https://<your_domain>/dashboard/settings/project/advanced and at the bottom of the page force override the search engine to ElasticSearch. Remember to unset this property before continuing.
Edit docker-compose.yml
1. Change com.smotana.clearflask.web.Application$Config.defaultSearchEngine to READ_ELASTICSEARCH_WRITE_BOTH
2. Restart the server and ensure every project is working well.
Edit docker-compose.yml and change com.smotana.clearflask.web.Application$Config.defaultSearchEngine to READWRITE_ELASTICSEARCH
Edit docker-compose.yml:
1. Comment out mysql-db container to prevent it from starting up.
2. Comment out clearflask-server container's JMX ports 9950:9950 and 9951:9951
3. Restart the server
Remove the leftover data stored by the now non-functional MySQL container.

Migrate from ElasticSearch to Mysql

Double check you are using ElasticSearch, you may have this property set: config-selfhost.cfg:com.smotana.clearflask.web.Application$Config.defaultSearchEngine: READWRITE_ELASTICSEARCH . If it is missing, the default is ElasticSearch
Edit docker-compose.yml:
1. Uncomment clearflask-server container's JMX ports 9950:9950 and 9951:9951
2. Uncomment mysql-db container
3. Restart the server
Using JMX, invoke com.smotana.clearflask.web.resource.ProjectResource.createIndexes(false, true); On failure, check the logs
Edit docker-compose.yml
1. Change com.smotana.clearflask.web.Application$Config.defaultSearchEngine to READ_ELASTICSEARCH_WRITE_BOTH
2. Restart the server
Using JMX, invoke com.smotana.clearflask.web.resource.ProjectResource.reindexProjects(true, false, true)
At this point you are using both ElasticSearch and MySQL but reading only from ElasticSearch. To test a single project with MySQL, as super admin open https://<your_domain>/dashboard/settings/project/advanced and at the bottom of the page force override the search engine to MySQL. Remember to unset this property before continuing.
Edit docker-compose.yml
1. Change com.smotana.clearflask.web.Application$Config.defaultSearchEngine to READ_MYSQL_WRITE_BOTH
2. Restart the server and ensure every project is working well.
Edit docker-compose.yml and change com.smotana.clearflask.web.Application$Config.defaultSearchEngine to READWRITE_MYSQL
Edit docker-compose.yml:
1. Comment out elasticsearch container to prevent it from starting up.
2. Comment out clearflask-server container's JMX ports 9950:9950 and 9951:9951
3. Restart the server
Remove the leftover data stored by the now non-functional ElasticSearch container.

Contributing

Your contributions are very much appreciated. Please see here on how to contribute to our codebase.

Code quality

Java

Generally following the Google Java Style Guide
IntelliJ Recommended: Code style formatting is in .idea folder
It is expected to write a test for each functionality.

JS/TS

VisualCode recommended: code formatting and properties are defined in .vscode folder
We are yet to establish a proper test framework. A proposal would be welcome.

Building

Environment setup

Development has been done under Mac, Linux, and Windows (with WSL)

The following requirements are a minimum:

Java 11
Maven
Makefile (for local and production deployment)
Docker
FFmpeg and ffprobe (For babel-plugin-transform-media-imports)
OpenSSL (For local deployment's self-signed certs)

brew install maven ffmpeg make openssl

Please let us know if we missed anything.

Compile and build

Building is straightforward and can be done by running:

mvn clean install

Add -DskipTests or -DskipITs to skip all tests or just Integration tests respectively.

For developing integration tests, you may want to start a local instance of ClearFlask and run integrations directly from your IDE. Otherwise you will have to alwasy spin up all dependencies.

Run locally

There are several ways to run locally depending on what you want to test.

Frontend + Mock backend

Ideal for fast-iteration on frontend changes. Changes to code take effect immediately.

make frontend-start

Open browser at http://localhost:3000.

Connect + Frontend + Mock backend

Intended for testing Connect and SSR. For code changes to take effect, you must rebuild clearflask-frontend.

make connect-start

Open browser at http://localhost:9080.

HTTPS + Connect + Frontend + Backend

Intended for testing the whole deal before deployment. For code changes to take effect, you must completely rebuild clearflask.

make local-up
make local-down

Open browser at https://localhost.

Connect + Frontend + Backend (Self-host)

Intended for testing self-host deployment, uses locally built Docker images rather than officially released images. For code changes to take effect, you must completely rebuild clearflask.

make selfhost-up
make selfhost-down

Open browser at https://localhost.

Debugging

When running a local deploy, you can debug various components:

Attach debugger

For debugging clearflask-server running on Tomcat, point IntelliJ IDEA or your favourite IDE to remote JVM debug on localhost:9999.

JMX

For changing configuration parameters or running exposed operations, connect via JMX using your favourite tool ( JVisualVM, JConsole, ...) on localhost:9950 without credentials and without SSL.

ElasticSearch Kibana

To look at the ES cluster and run commands, point your browser at http://localhost:5601.

KillBill Kaui

To look at the billing sysstem, point your browser at http://localhost:8081.

Credentials are admin/password and API key and secret is bob/lazar.

If you are debugging an Integration Test, a log line will reveal the API key and secret: KillBill test randomized apiKey {} secretKey {}.

AWS services (DynamoDB, Route53, SES, S3)

You can use regular AWS command line tool and point it to our mocked up LocalStack services:

aws --endpoint-url=http://localhost:4566 ...

Architecture

Overall view

The following is a production deployment of ClearFlask. It was once scribbled down during a conversation and now it's an official architecture diagram until we have a better replacement.

Project Structure

clearflask-api

Contains OpenAPI definition for communication between frontend and backend. Also includes definition of project settings.

clearflask-frontend

Client side React application containing the Landing page, customer dashboard and portal. Entry point is index.ts.

Also contains a NodeJS server nicknamed Connect that serves static files, Server-Side Rendered page as well as handling dynamic TLS certificate issuing for customers. Entry point is connect.ts.

clearflask-legal

Resource module containing Privacy Policy and Terms of Service documents.

clearflask-logging

Server logging module used for formattinbg logs as well as sending criticial emails to SRE of any warnings or errors. It is a separate package since it's used by both clearflask-server as well as KillBill servers.

clearflask-resources

ClearFlask official vector logo and resources.

clearflask-server

Server implementation of the OpenAPI definition to serve requests from clients. Uses several dependencies:

DynamoDB: Most data is stored in this NoSQL database for fast access and scalability
ElasticSearch: For relevant results and searching, data is replicated to ES for fast searching.
S3: User uploaded images are served directly from S3.
KillBill: For payment processing and billing management, KillBill is used.

Release

Intended for ClearFlask developers, this guide is for making a release of ClearFlask to create Docker images and Maven artifacts.

Prerequisites

You need credentials for uploading to GitHub Packages repository for both Docker and Maven.

In GitHub personal settings create a PAT with read:packages, write:packages, and delete:packages scopes.

For Docker registry, run this command and input your PAT as password:

docker login ghcr.io -u USERNAME

Then fill out the following with your PAT and put it under ~/.m2/settings.xml:

<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
                          https://maven.apache.org/xsd/settings-1.0.0.xsd">

    <servers>
        <server>
            <id>github</id>
            <username>matusfaro</username>
            <password>~~INSERT PAT TOKEN~~</password>
        </server>
    </servers>

    <profiles>
        <profile>
            <id>github</id>
            <repositories>
                <repository>
                    <id>central</id>
                    <url>https://repo1.maven.org/maven2</url>
                </repository>
                <repository>
                    <id>github</id>
                    <url>https://maven.pkg.github.com/OWNER/*</url>
                    <snapshots>
                        <enabled>true</enabled>
                    </snapshots>
                </repository>
            </repositories>
        </profile>
    </profiles>

    <activeProfiles>
        <activeProfile>github</activeProfile>
    </activeProfiles>

</settings>

Perform release

To perform a release, decide which version to increment and run the following Makefile target:

make release-<patch|minor|major>

Continuing a failed release

If the perform:prepare Maven target failed, you can re-run the whole release again from beginning.

If the perform:release Maven target failed, you can resume it by:

cd target/checkout
mvn deploy -P docker-images-push -rf clearflask-<module-to-resume>

Security Policy

Reporting a Vulnerability

Please report to [email protected] for all vulnerabilities or questions regarding security. We will issue a bounty for useful vulnerabilities to pay for your contribution, however we do not have a set standard on the amount and type of vulnerabilities at this time.

clearflask's People

Contributors

Stargazers

Watchers

clearflask's Issues

ScyllaDB will fail due to unsupported TransactWriteItems operation

The readme document recommended using ScyllaDB as an alternative of AWS DynamoDB, so I tried but got the following error:

com.amazonaws.services.dynamodbv2.model.AmazonDynamoDBException: Unsupported operation TransactWriteItems (Service: AmazonDynamoDBv2; Status Code: 400; Error Code: UnknownOperationException; Request ID: null; Proxy: null)

I found that ScyllaDB indeed didn't implement some of the DynamoDB API, including this TransactWriteItems
(see https://opensource.docs.scylladb.com/stable/alternator/compatibility.html#unimplemented-api-features)

So I have to use either AWS official services or localstack. ClearFlask is still under evaluation in my team so AWS might not be an affordable way.

I'm not sure if it's a bug and whether clearflask is still compatible with ScyllaDB, as the error message came from aws package, I guess it might because the package had been updated when rebuilding the docker image and it will use these new APIs.

Link down

I would like to download that .tar.gz file from a deploy step in Readme:

Download or build the artifact clearflask-release-*-docker-compose-self-host.tar.gz from the latest release

But that link doesn't work.

Unable to create another project

Hi !

First, thanks about this awesome tool. I have an issue about creating a second project.

As you can see in the above image, it seems that the domain is conflicting with my other projet. But the portal domain input is not editable. So I have change my other project domain and subdomain as follow:

But I am still getting the issue and nothing seems to fix it.

[Feature Request] Custom Analytics Option

The addition of a custom analytics option would help significantly as it would allow people who opt to use their own analytics solution to add their own tracking codes.
This would be an integration that would allow the insertion of HTML code at the end of the body tag on all pages.

Crash when customising the public feedback filtering by category:task and status:ideas

Description
When customising the public feedback filtering by category:task and status:ideas, the app crashes.

To Reproduce

Go to Settings > Advanced > Layout > Feedback > Explorer
Set default filtering: category:task and status:ideas
Save changes
Go to public view of feedback/feature requests

Expected behaviour
The public feedback list has default filters on.

Screenshots

Can I update translation directly with self-host docker instance?

I just want to know if I can use docker volume to easily update any file of the docker instance then update the translation on the fly (withour any build/rebuild), or maybe the only way is to submit a new PR?

I'd like to contribute for the Chinese Simplified translation. I found the currrent translation is not complete and some words are not accurate.

Unable to signup with admin@localhost

I have setup clearflask using docker on a remote Ubuntu 20.04 machine. I am able to get it started and access the login page from my Windows PC by pointing to the IP address of the Ubuntu machine. When I go make an account, I use the admin@localhost email and it redirects to /dashboard. However, the /dashboard page never loads and I get the error "Action not allowed, please refresh and try again" displayed in the bottom left corner of the page. I have tried refreshing the page, restarting the docker containers, reinstalling clearflask, and changing the super admin regex in the config to a different email. None of these have fixed the issue.

When I run clearflask on Windows locally, I am able to access the login page using localhost and it lets me create an account using admin@localhost as intended. It seems like the only way to login as a super admin for the initial setup is by accessing the site locally. I am unable to do this with my setup on Ubuntu 20.04 because it's CLI based. I'm not sure if this is a bug or a security feature... if it is a security feature then a config option to disable this would be appreciated!

API Endpoints respond with 463

Hi,

I've set up a self-hosted CF on AWS following the instructions from the README.

Resources used:

ALB
EC2 Instance
OpenSearch
S3
DynamoDB table is being created as expected by CF

server/config-selfhost.cfg

com.smotana.clearflask.security.limiter.challenge.CaptchaChallenger$Config.enabled=false
com.smotana.clearflask.store.dynamo.DefaultDynamoDbProvider$Config.productionRegion=us-east-1
com.smotana.clearflask.store.elastic.DefaultElasticSearchProvider$Config.serviceEndpoint=https://redacted.us-east-1.es.amazonaws.com
com.smotana.clearflask.core.push.provider.BrowserPushServiceImpl$Config.publicKey=redacted
com.smotana.clearflask.core.push.provider.BrowserPushServiceImpl$Config.privateKey=redacted
com.smotana.clearflask.util.DefaultServerSecret$Config.sharedKey:cursor=redacted
com.smotana.clearflask.store.impl.DynamoElasticUserStore$Config.tokenSignerPrivKey=redacted
com.smotana.clearflask.web.Application$Config.domain=ideas.sub.domain.com
com.smotana.clearflask.web.security.AuthCookieImpl$Config.authCookieSecure=true
com.smotana.clearflask.web.Application$Config.startupWaitUntilDeps=true
com.smotana.clearflask.security.ClearFlaskSso$Config.secretKey=redacted
com.smotana.clearflask.web.security.SuperAdminPredicate$Config.superAdminEmailRegex=^[email protected]$
com.smotana.clearflask.web.resource.AccountResource$Config.signupEnabled=true
com.smotana.clearflask.store.impl.DynamoElasticAccountStore$Config.createIndexOnStartup=true
com.smotana.clearflask.web.security.AuthenticationFilter$Config.connectToken=redacted
com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.useService=smtp
com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.smtpStrategy=SMTP_TLS
com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.smtpHost=smtp.office365.com
com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.smtpPort=587
com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.smtpUser=redacted
com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.smtpPassword=redacted
com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.emailDisplayName=redacted
com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.fromEmailLocalPart=redacted
com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.fromEmailDomainOverride=domain.com
com.smotana.clearflask.store.s3.DefaultS3ClientProvider$Config.dnsResolverTo=localstack
com.smotana.clearflask.store.s3.DefaultS3ClientProvider$Config.productionRegion=us-east-1
com.smotana.clearflask.store.impl.S3ContentStore$Config.bucketName=redacted
com.smotana.clearflask.store.impl.S3ContentStore$Config.scheme=https
com.smotana.clearflask.store.impl.S3ContentStore$Config.createBucket=false
com.smotana.clearflask.store.github.GitHubStoreImpl$Config.enabled=false

connect/connect.config.json

{
    "connectToken": "redacted",
    "disableAutoFetchCertificate": true,
    "forceRedirectHttpToHttps": true,
    "parentDomain": "ideas.sub.domain.com",
    "apiBasePath": "https://ideas.sub.domain.com"
}

Startup logs (minus DEBUG/TRACE and redacted some information)
https://gist.github.com/neldridge/fb058df63738f43d5266a5ce0c14e513
There's nothing really helpful in this or in the DEBUG/TRACE. Maybe there's something I can turn on to enable better logging in the frontend?

console log

react-i18next:: It seems you are still using the old wait option, you may migrate to the new useSuspense behaviour.
(anonymous) @ createClass.js:124
n @ toPrimitive.js:11
o @ toPrimitive.js:22
h @ TouchRipple.js:36
A @ LanguageSelect.tsx:116
Jo @ react-lifecycles-compat.es.js:153
xs @ react-lifecycles-compat.es.js:261
gu @ react-lifecycles-compat.es.js:246
mu @ react-lifecycles-compat.es.js:246
su @ react-lifecycles-compat.es.js:239
ru @ react-lifecycles-compat.es.js:230
Wu @ react-lifecycles-compat.es.js:281
(anonymous) @ react-lifecycles-compat.es.js:284
cu @ react-lifecycles-compat.es.js:240
Zu @ react-lifecycles-compat.es.js:284
t.hydrate @ react-lifecycles-compat.es.js:290
(anonymous) @ index-csr.tsx:21
Promise.then (async)
j @ verify-stream.js:551
827 @ index-csr.tsx:20
r @ bootstrap:89
807 @ index.ts:16
r @ bootstrap:89
s @ bootstrap:45
n @ bootstrap:32
(anonymous) @ 85.4b71ce8d.chunk.js:2
cache.ts:31 Uncaught (in promise) TypeError: a is not a constructor
    at e.value (cache.ts:31:24)
    at Object.apply (server.ts:222:37)
    at AccountEnterPage.tsx:273:10
value @ cache.ts:31
apply @ server.ts:222
(anonymous) @ AccountEnterPage.tsx:273
Promise.then (async)
value @ AccountEnterPage.tsx:272
Ua @ react-lifecycles-compat.es.js:182
qa @ react-lifecycles-compat.es.js:181
xs @ react-lifecycles-compat.es.js:263
gu @ react-lifecycles-compat.es.js:246
mu @ react-lifecycles-compat.es.js:246
su @ react-lifecycles-compat.es.js:239
ru @ react-lifecycles-compat.es.js:230
Wu @ react-lifecycles-compat.es.js:281
(anonymous) @ react-lifecycles-compat.es.js:284
cu @ react-lifecycles-compat.es.js:240
Zu @ react-lifecycles-compat.es.js:284
t.hydrate @ react-lifecycles-compat.es.js:290
(anonymous) @ index-csr.tsx:21
Promise.then (async)
j @ verify-stream.js:551
827 @ index-csr.tsx:20
r @ bootstrap:89
807 @ index.ts:16
r @ bootstrap:89
s @ bootstrap:45
n @ bootstrap:32
(anonymous) @ 85.4b71ce8d.chunk.js:2
createClass.js:153          GET https://ideas.sub.domain.com/api/v1/admin/plan 463
(anonymous) @ createClass.js:153
(anonymous) @ runtime.ts:83
l @ createForOfIteratorHelper.js:63
(anonymous) @ createForOfIteratorHelper.js:293
(anonymous) @ createForOfIteratorHelper.js:118
n @ browser.ts:3
s @ browser.ts:25
(anonymous) @ browser.ts:32
(anonymous) @ browser.ts:21
(anonymous) @ runtime.ts:25
(anonymous) @ runtime.ts:47
l @ createForOfIteratorHelper.js:63
(anonymous) @ createForOfIteratorHelper.js:293
(anonymous) @ createForOfIteratorHelper.js:118
n @ browser.ts:3
s @ browser.ts:25
(anonymous) @ browser.ts:32
(anonymous) @ browser.ts:21
(anonymous) @ runtime.ts:21
(anonymous) @ PlanAdminApi.ts:46
l @ createForOfIteratorHelper.js:63
(anonymous) @ createForOfIteratorHelper.js:293
(anonymous) @ createForOfIteratorHelper.js:118
n @ browser.ts:3
s @ browser.ts:25
(anonymous) @ browser.ts:32
(anonymous) @ browser.ts:21
(anonymous) @ PlanAdminApi.ts:37
(anonymous) @ PlanAdminApi.ts:59
l @ createForOfIteratorHelper.js:63
(anonymous) @ createForOfIteratorHelper.js:293
(anonymous) @ createForOfIteratorHelper.js:118
n @ browser.ts:3
s @ browser.ts:25
(anonymous) @ browser.ts:32
(anonymous) @ browser.ts:21
(anonymous) @ PlanAdminApi.ts:37
value @ index.ts:2615
apply @ server.ts:221
(anonymous) @ AccountEnterPage.tsx:273
Promise.then (async)
value @ AccountEnterPage.tsx:272
Ua @ react-lifecycles-compat.es.js:182
qa @ react-lifecycles-compat.es.js:181
xs @ react-lifecycles-compat.es.js:263
gu @ react-lifecycles-compat.es.js:246
mu @ react-lifecycles-compat.es.js:246
su @ react-lifecycles-compat.es.js:239
ru @ react-lifecycles-compat.es.js:230
Wu @ react-lifecycles-compat.es.js:281
(anonymous) @ react-lifecycles-compat.es.js:284
cu @ react-lifecycles-compat.es.js:240
Zu @ react-lifecycles-compat.es.js:284
t.hydrate @ react-lifecycles-compat.es.js:290
(anonymous) @ index-csr.tsx:21
Promise.then (async)
j @ verify-stream.js:551
827 @ index-csr.tsx:20
r @ bootstrap:89
807 @ index.ts:16
r @ bootstrap:89
s @ bootstrap:45
n @ bootstrap:32
(anonymous) @ 85.4b71ce8d.chunk.js:2
Show 10 more frames
createClass.js:124 Server error: 463 failed plansGet
browser.ts:6 Uncaught (in promise) Response {__sentry_captured__: true, type: 'basic', url: 'https://ideas.sub.domain.com/api/v1/admin/plan', redirected: false, status: 463, …}
n @ browser.ts:6
u @ browser.ts:29
Promise.then (async)
n @ browser.ts:13
u @ browser.ts:29
Promise.then (async)
n @ browser.ts:13
s @ browser.ts:25
(anonymous) @ browser.ts:32
(anonymous) @ browser.ts:21
(anonymous) @ server.ts:43
(anonymous) @ serverAdmin.ts:54
apply @ server.ts:209
value @ index.ts:2607
apply @ server.ts:221
(anonymous) @ AccountEnterPage.tsx:273
Promise.then (async)
value @ AccountEnterPage.tsx:272
Ua @ react-lifecycles-compat.es.js:182
qa @ react-lifecycles-compat.es.js:181
xs @ react-lifecycles-compat.es.js:263
gu @ react-lifecycles-compat.es.js:246
mu @ react-lifecycles-compat.es.js:246
su @ react-lifecycles-compat.es.js:239
ru @ react-lifecycles-compat.es.js:230
Wu @ react-lifecycles-compat.es.js:281
(anonymous) @ react-lifecycles-compat.es.js:284
cu @ react-lifecycles-compat.es.js:240
Zu @ react-lifecycles-compat.es.js:284
t.hydrate @ react-lifecycles-compat.es.js:290
(anonymous) @ index-csr.tsx:21
Promise.then (async)
j @ verify-stream.js:551
827 @ index-csr.tsx:20
r @ bootstrap:89
807 @ index.ts:16
r @ bootstrap:89
s @ bootstrap:45
n @ bootstrap:32
(anonymous) @ 85.4b71ce8d.chunk.js:2
7The resource <URL> was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Error:

Image upload results in broken picture

Our team has a self hosted clearflask instance behind an nginx proxy server.
It is working fine but every time we want to upload an image the only thing being shown is this:

According to our Nginx logs the upload resulted in an HTTP 200

SOME_VALID_IP - - [18/Apr/2023:14:35:25 +0000] "POST /api/v1/project/OUR_PROJECT_ID/content/upload HTTP/2.0" 200 313 "https://clearflask.VALID_DOMAIN_NAME.dev/dashboard/feedback" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/112.0"
SOME_VALID_IP - - [18/Apr/2023:14:35:26 +0000] "POST /api/v1/project/OUR_PROJECT_ID/content/upload HTTP/2.0" 200 312 "https://clearflask.VALID_DOMAIN_NAME.dev/dashboard/feedback" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/112.0"
SOME_VALID_IP - - [18/Apr/2023:14:35:26 +0000] "POST /api/v1/project/OUR_PROJECT_ID/content/upload HTTP/2.0" 200 313 "https://clearflask.VALID_DOMAIN_NAME.dev/dashboard/feedback" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/112.0"
SOME_VALID_IP - - [18/Apr/2023:14:35:26 +0000] "POST /api/v1/project/OUR_PROJECT_ID/content/upload HTTP/2.0" 200 315 "https://clearflask.VALID_DOMAIN_NAME.dev/dashboard/feedback" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/112.0"
SOME_VALID_IP - - [18/Apr/2023:14:35:26 +0000] "POST /api/v1/project/OUR_PROJECT_ID/content/upload HTTP/2.0" 200 312 "https://clearflask.VALID_DOMAIN_NAME.dev/dashboard/feedback" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/112.0"

We already tried our best to disable all restrictions for the nginx instance with no luck, i mean the 200 code did not change, but pictures are still broken.

Also while filtering through our clearflask logs we did not find any suspicious things at first glance:
(our IP's and company name were removed)
logs.txt

The docker-compose we are using is this one:
(as txt file because github does not support .yml files in messages it seems)
(ENV variables are set and working!)
docker-compose.yml.txt

Any help or advice would be appreciated as we cannot really find similar problems on the internet.

Announcements must be saved as a draft before they can be published

I use the cloud version of ClearFlask. As soon as I try to publish a newly created announcement via the primary "Submit" button, nothing happens. You have to save the article as a draft beforehand. After that, the primary button works as expected.

I noticed that this only happens when the switch to inform subscribers is activated.

Cloud service is down

Don't know if you are already working on it.

Log Level

Hi, how can I change the log level of the server as it generates a lot of DEBUG and TRACE messages. I have tried adding - JAVA_OPTS="-Dorg.slf4j.simpleLogger.defaultLogLevel=WARN -Dlog4j.rootLogger=WARN" to docker environments but to no luck. I'm using docker-compose.self-host.yml.

Unable to upload images correctly in the feedback

I am trying to upload images in a feedback, but it would be like this:

I found that the image has been successfully uploaded, but when retrieving the image, the URL does not have a port number.

So I add the a port number to this property.

Now I can see the image on the preview.

But after submitting, the image is missing.

I use ClearFlask on:

[√] Self-hosted (Own domain)
Cloud (clearflask.com)
Haven't tried (yet)

My financial contributions to ClearFlask:

[√] I use a free Plan
Thinking about it
Monthly / Yearly Plan
Lifetime Plan

This is high priority request:

Cannot add more than 10 tags

When adding more than 10 tags to a category in admin dashboard, the dashboard UI will start having some confusions and when click PUBLISH button it will raise error Connection failure processing configSetAdmin. Then when refresh the page another error Connection failure processing configGetAllAndUserBindAllAdmin will raise and the dashboard could never be accessible again even after restarting the services. That means this bug will break the whole site.

Some more confusions about voting and comment

When using "I want this" instead of simple arrow, it will not show the voting count, and the be-lit-on button will return to grey after refreshing, is this an expected behavior? Why?
When adding comment, the comment itself will automatically has one upvote, is this an expected behavior? Why?
When deleting a comment, the comment will be marked as deleted and still be shown at its original place, and there's no way to completely remove/clear it, is this an expected behavior? Why?
There's no cancel button when editing a comment, I think the simple way could be clicking any blank area to exit editing mode without saving it.

I found clearflask is powerful but really needs more documents to explain its design, especially for these puzzling things, thanks.

Reloading Page Causes Redirect

Reloading the page causes the user to be redirected to <yourdomain.com>/dashboard, regardless of if the user is logged in or not.
This is extremely inconvenient as users are sent to a page they have no access to and are denied access just for reloading the page.

This also happens whenever the user directly visits a link instead of clicking the button to go to that page, which I suspect is the actual problem here. This also means that authentication using oauth redirects to the dashboard URL, presenting the user with the "Welcome back to ClearFlask" login page.

User not persisted after restart

It's something really weird, but user is actually not persisted after restarting the docker containers. Default stack with localstack and all volumes are persisted on the host, same way as the docker-compose.yml of the repo. Is there anything to set in config ?

Notification sanitization is too strict

Notifications are sanitized too strictly with [^A-Za-z0-9 ]+ that makes it impossible for non-english languages to have meaningful notifications including CJK.

Is there a helm chart available for this?

To deploy on Kubernetes

Discussing architecture

Hello, discovered clear flask in this discussing in reddit: https://www.reddit.com/r/aws/comments/yh6bzf/aws_solution_to_unlimited_custom_domain_for/

I'm interested to know, how your implementation of having custom domain for customer is working.

Can you contact me in my email? [email protected]

Thank you!

SMTP Connection

I've just installed a docker based instance and am encountering issues configuring SMTP. This instance is from the latest docker containers ( ghcr.io/clearflask/clearflask-server:latest ) or rather a copy from yesterday.

My configuration:

com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.smtpStrategy=SMTP_TLS
com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.smtpHost=smtp.sparkpostmail.com
com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.smtpPort=587
com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.smtpUser=SMTP_Injection
com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.smtpPassword=redacted
com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.emailDisplayName=displayname
com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.fromEmailLocalPart=noreply
com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.fromEmailDomainOverride=redacted.com

the container itself (clearflask-server) can connect (have tested with nmap) on the cli. However when the web app tries to connect I see logs such as:

Caused by: javax.mail.MessagingException: Could not connect to SMTP host: smtp.sparkpostmail.com, port: 587
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)

The server requires TLSv1.2 which is not mentioned as disabled in the java.security file and it seems likely this is the correct configuration and a "workable" situation.

openssl s_client -connect smtp.sparkpostmail.com:587 -starttls smtp

Server response snippit:

-----END CERTIFICATE-----
subject=CN = *.sparkpostmail.com

issuer=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = RapidSSL TLS RSA CA G1

No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits

SSL handshake has read 4579 bytes and written 473 bytes
Verification: OK

New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384

An item I see that may be an issue is the wildcard certificate?

I have followed a suggestion from a previous query on this topic and added the following env var to the server container, however am not seeing any related logs.

`JAVA_OPTS="-Djavax.net.debug=ssl"`

I have also followed the email providers suggestions, no joy: https://support.sparkpost.com/docs/faq/smtp-connection-problems

Can anyone provide some additional suggestions for debugging?

How to enable https with a self-signed certificate

I deployed ClearFlask on an intranet server, so I cannot use Let's Encrypt. Is it possible to use a self-signed certificate to enable HTTPS?

Integrate with Meilisearch

It would be interesting to add the possibility of integration with Meilisearch as an alternative to ElasticSearch.

element-attribute violations(s): {img =[]}

We are carrying out the assessment through a self-managed installation.

We are experiencing an issue uploading some media and it is not saved. It appears in the edit but as soon as we click save it disappears.

We use AWS S3 instead of localstack (*same with localstack and got the same error).

I was able to verify that the file is sent to the aws s3 bucket... so we load the log from the server name container, and I see the following error:

14:23:35.222 [http-nio-8080-exec-6] INFO c.s.c.web.security.Sanitizer - HTML policy violation(s) for devops-zzzr7 idea id test-790, element attribute violations: {img =[]}

I use ClearFlask on:

Self-hosted (Own domain)
Cloud (clearflask.com)
Haven't tried (yet)

My financial contributions to ClearFlask:

I use a free Plan
Thinking about it
Monthly / Yearly Plan
Lifetime Plan

I'd be willing to implement this feature:

Using custom status as Completed

Originally clearflask has a builtin completed status in roadmap task category, but if I delete it and use any other custom status as completed, then the mechanism "completed tasks can be added to announcement on next page" will break because announcement management does not know which status is "completed", so it will mistakely show tasks that can be linked to but with wrong status. I think you may want to add a config to setup a "completed" status just as the "entry status".

Email Delivery Failure

I have tried all of the various SMTP options for mail delivery, however, the server fails to properly send mail regardless of the method I use. It recognizes the method it is attempting to send with, but always fails with an error stating that there is no appropriate protocol.

org.simplejavamail.mailer.internal.MailerException: Third party error
	at org.simplejavamail.mailer.internal.SendMailClosure.executeClosure(SendMailClosure.java:91)
	at org.simplejavamail.mailer.internal.AbstractProxyServerSyncingClosure.run(AbstractProxyServerSyncingClosure.java:56)
	at org.simplejavamail.internal.util.concurrent.AsyncOperationHelper$1.run(AsyncOperationHelper.java:75)
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: javax.mail.MessagingException: Could not convert socket to TLS
	at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:1907)
	at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:666)
	at javax.mail.Service.connect(Service.java:317)
	at javax.mail.Service.connect(Service.java:176)
	at javax.mail.Service.connect(Service.java:125)
	at org.simplejavamail.mailer.internal.util.TransportRunner.runOnSessionTransport(TransportRunner.java:75)
	at org.simplejavamail.mailer.internal.util.TransportRunner.sendMessage(TransportRunner.java:48)
	at org.simplejavamail.mailer.internal.SendMailClosure.executeClosure(SendMailClosure.java:82)
	... 7 common frames omitted
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
	at java.base/sun.security.ssl.HandshakeContext.<init>(HandshakeContext.java:170)
	at java.base/sun.security.ssl.ClientHandshakeContext.<init>(ClientHandshakeContext.java:98)
	at java.base/sun.security.ssl.TransportContext.kickstart(TransportContext.java:221)
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:443)
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:421)
	at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:549)
	at com.sun.mail.util.SocketFetcher.startTLS(SocketFetcher.java:486)
	at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:1902)
	... 14 common frames omitted
05:17:06.349 [pool-24-thread-1] WARN  c.s.c.c.p.provider.EmailServiceImpl - Email cannot be delivered

It, however, properly reflects the options as I change them in the config.

DEBUG o.s.m.internal.util.SessionLogger - starting async mail with session (host: smtp.<REDACTED>.com, port: 587, username: <REDACTED>, authenticate: true, transport: SMTP)

DEBUG o.s.m.internal.util.SessionLogger - starting async mail with session (host: smtp.<REDACTED>.com, port: 587, username: <REDACTED>, authenticate: true, transport: SMTPS)

DEBUG o.s.m.internal.util.SessionLogger - starting async mail with session (host: smtp.<REDACTED>.com, port: 587, username: <REDACTED>, authenticate: true, transport: SMTP_TLS)

Can't add tags to the task

Problem:
Task tagging doesn't work. Editing only works if I have previously imported a file with tagged tasks.

Description is not saving on local docker instalation

Hi thanks for making Clearflask opensource.
There is an issue form clean install on docker-compose
when user goes to the /feedback and leaves the feedback description is ignored
also is there are some permissions for normal user to link ideas together? I got an error with "Not allowed to merge". If so I could not find it in /dashboard
thanks

How to Upload Feedback Using the API？

I want use the api /project/{projectID}/idea api to Upload Feedback, and I keep getting 403 Forbidden response code.
It seems that I have to log in to send Feedback.
I want to add user feedback functionality to a desktop application, Is there any why to achieve this?

Admin Users

So I love this so far but the only thing I'm struggling with, and I don't know if I missed documentation somewhere, is I see there is an ability to invite users in the project panel. I know this doesn't work because of the superadmin regex and the setting the user registration to false.
One thing that really drew me to this is so the team I collaborate with can move away from Trello. Trello has a nice roadmap board but allowing users to submit ideas and vote on them is less than ideal. This looks like the nice bridge between the gap for that. However, I only see the ability to toggle users as Mods, which is great to have people moderating the comments, or posting suggestions for someone, but I see no where to assign Admin users.
Since I collab with others that release things as well, sometimes independently, I'd need for them to be able to adjust the roadmap as well. Currently I only see a way for me to adjust it solo on a self-hosted docker instance and no one else.
Is there something I'm missing in the documentation somewhere or is this not currently possible?

ElasticSearch Crash

The ElasticSearch container crashes with the default deployment. The error is as follows:

{"type": "server", "timestamp": "2022-04-28T07:35:23,250Z", "level": "ERROR", "component": "o.e.b.ElasticsearchUncaughtExceptionHandler", "cluster.name": "docker-cluster", "node.name": "0db46d3180f6", "message": "uncaught exception in thread [main]", 
"stacktrace": ["org.elasticsearch.bootstrap.StartupException: ElasticsearchException[failed to bind service]; nested: AccessDeniedException[/usr/share/elasticsearch/data/nodes];",
"at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:174) ~[elasticsearch-7.10.0.jar:7.10.0]",
"at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:161) ~[elasticsearch-7.10.0.jar:7.10.0]",
"at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-7.10.0.jar:7.10.0]",
"at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:127) ~[elasticsearch-cli-7.10.0.jar:7.10.0]",
"at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-7.10.0.jar:7.10.0]",
"at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:126) ~[elasticsearch-7.10.0.jar:7.10.0]",
"at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) ~[elasticsearch-7.10.0.jar:7.10.0]",
"Caused by: org.elasticsearch.ElasticsearchException: failed to bind service",
"at org.elasticsearch.node.Node.<init>(Node.java:729) ~[elasticsearch-7.10.0.jar:7.10.0]",
"at org.elasticsearch.node.Node.<init>(Node.java:289) ~[elasticsearch-7.10.0.jar:7.10.0]",
"at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:227) ~[elasticsearch-7.10.0.jar:7.10.0]",
"at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:227) ~[elasticsearch-7.10.0.jar:7.10.0]",
"at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:393) ~[elasticsearch-7.10.0.jar:7.10.0]",
"at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:170) ~[elasticsearch-7.10.0.jar:7.10.0]",
"... 6 more",
"Caused by: java.nio.file.AccessDeniedException: /usr/share/elasticsearch/data/nodes",
"at sun.nio.fs.UnixException.translateToIOException(UnixException.java:90) ~[?:?]",
"at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:106) ~[?:?]",
"at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111) ~[?:?]",
"at sun.nio.fs.UnixFileSystemProvider.createDirectory(UnixFileSystemProvider.java:388) ~[?:?]",
"at java.nio.file.Files.createDirectory(Files.java:694) ~[?:?]",
"at java.nio.file.Files.createAndCheckIsDirectory(Files.java:801) ~[?:?]",
"at java.nio.file.Files.createDirectories(Files.java:787) ~[?:?]",
"at org.elasticsearch.env.NodeEnvironment.lambda$new$0(NodeEnvironment.java:275) ~[elasticsearch-7.10.0.jar:7.10.0]",
"at org.elasticsearch.env.NodeEnvironment$NodeLock.<init>(NodeEnvironment.java:212) ~[elasticsearch-7.10.0.jar:7.10.0]",
"at org.elasticsearch.env.NodeEnvironment.<init>(NodeEnvironment.java:272) ~[elasticsearch-7.10.0.jar:7.10.0]",
"at org.elasticsearch.node.Node.<init>(Node.java:362) ~[elasticsearch-7.10.0.jar:7.10.0]",
"at org.elasticsearch.node.Node.<init>(Node.java:289) ~[elasticsearch-7.10.0.jar:7.10.0]",
"at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:227) ~[elasticsearch-7.10.0.jar:7.10.0]",
"at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:227) ~[elasticsearch-7.10.0.jar:7.10.0]",
"at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:393) ~[elasticsearch-7.10.0.jar:7.10.0]",
"at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:170) ~[elasticsearch-7.10.0.jar:7.10.0]",
"... 6 more"] }
uncaught exception in thread [main]
ElasticsearchException[failed to bind service]; nested: AccessDeniedException[/usr/share/elasticsearch/data/nodes];
Likely root cause: java.nio.file.AccessDeniedException: /usr/share/elasticsearch/data/nodes
	at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:90)
	at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:106)
	at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)
	at java.base/sun.nio.fs.UnixFileSystemProvider.createDirectory(UnixFileSystemProvider.java:388)
	at java.base/java.nio.file.Files.createDirectory(Files.java:694)
	at java.base/java.nio.file.Files.createAndCheckIsDirectory(Files.java:801)
	at java.base/java.nio.file.Files.createDirectories(Files.java:787)
	at org.elasticsearch.env.NodeEnvironment.lambda$new$0(NodeEnvironment.java:275)
	at org.elasticsearch.env.NodeEnvironment$NodeLock.<init>(NodeEnvironment.java:212)
	at org.elasticsearch.env.NodeEnvironment.<init>(NodeEnvironment.java:272)
	at org.elasticsearch.node.Node.<init>(Node.java:362)
	at org.elasticsearch.node.Node.<init>(Node.java:289)
	at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:227)
	at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:227)
	at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:393)
	at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:170)
	at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:161)
	at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
	at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:127)
	at org.elasticsearch.cli.Command.main(Command.java:90)
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:126)
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92)

SMTP send error using self-host option

Using the self-host docker-compose file and the latest clearflask-server image (with digest ed1f3a04bec9), and an external SMTP server configured as such:

# Select generic SMTP ('smtp') or Amazon SES ('ses')
com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.useService=smtp
# For SMTP
com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.smtpStrategy=SMTP
com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.smtpHost=outgoing.server.net
com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.smtpPort=587
com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.smtpUser=user@tld.com
com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.smtpPassword=xxxx
com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.emailDisplayName=Clearflask
com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.fromEmailLocalPart=noreply
com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.fromEmailDomainOverride=company.com
com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.bccEmails=nick.douma@company.com

I seem to get an error about building the email body, a class cast exception from multipart_mixed to a DataContentHandler:

clearflask-server_1   | 14:29:57.645 [pool-28-thread-1] ERROR o.s.i.util.concurrent.NamedRunnable - Failed to run sendMail process
clearflask-server_1   | org.simplejavamail.mailer.internal.MailerException: Failed to send email [ID: '<1617344838.3.1706797737574@21f994d5da02>'], reason: Unknown error
clearflask-server_1   | 	at org.simplejavamail.mailer.internal.SendMailClosure.handleException(SendMailClosure.java:85)
clearflask-server_1   | 	at org.simplejavamail.mailer.internal.SendMailClosure.executeClosure(SendMailClosure.java:76)
clearflask-server_1   | 	at org.simplejavamail.mailer.internal.AbstractProxyServerSyncingClosure.run(AbstractProxyServerSyncingClosure.java:56)
clearflask-server_1   | 	at org.simplejavamail.internal.util.concurrent.NamedRunnable.run(NamedRunnable.java:40)
clearflask-server_1   | 	at java.base/java.util.concurrent.CompletableFuture$AsyncRun.run(CompletableFuture.java:1736)
clearflask-server_1   | 	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
clearflask-server_1   | 	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
clearflask-server_1   | 	at java.base/java.lang.Thread.run(Thread.java:829)
clearflask-server_1   | Caused by: java.lang.ClassCastException: class com.sun.mail.handlers.multipart_mixed cannot be cast to class jakarta.activation.DataContentHandler (com.sun.mail.handlers.multipart_mixed and jakarta.activation.DataContentHandler are in unnamed module of loader org.apache.catalina.loader.ParallelWebappClassLoader @2e237e39)
clearflask-server_1   | 	at jakarta.activation.MailcapCommandMap.getDataContentHandler(MailcapCommandMap.java:620)
clearflask-server_1   | 	at jakarta.activation.MailcapCommandMap.createDataContentHandler(MailcapCommandMap.java:591)
clearflask-server_1   | 	at jakarta.activation.DataHandler.getDataContentHandler(DataHandler.java:591)
clearflask-server_1   | 	at jakarta.activation.DataHandler.writeTo(DataHandler.java:290)
clearflask-server_1   | 	at jakarta.mail.internet.MimeBodyPart.writeTo(MimeBodyPart.java:1683)
clearflask-server_1   | 	at jakarta.mail.internet.MimeMessage.writeTo(MimeMessage.java:1911)
clearflask-server_1   | 	at org.eclipse.angus.mail.smtp.SMTPTransport.sendMessage(SMTPTransport.java:1305)
clearflask-server_1   | 	at org.simplejavamail.mailer.internal.util.TransportRunner.lambda$sendMessage$0(TransportRunner.java:61)
clearflask-server_1   | 	at org.simplejavamail.mailer.internal.util.TransportRunner.runOnSessionTransport(TransportRunner.java:81)
clearflask-server_1   | 	at org.simplejavamail.mailer.internal.util.TransportRunner.sendMessage(TransportRunner.java:56)
clearflask-server_1   | 	at org.simplejavamail.mailer.internal.SendMailClosure.executeClosure(SendMailClosure.java:69)
clearflask-server_1   | 	... 6 common frames omitted
clearflask-server_1   | 	Suppressed: jakarta.mail.MessagingException: Exception reading response
clearflask-server_1   | 		at org.eclipse.angus.mail.smtp.SMTPTransport.readServerResponse(SMTPTransport.java:2509)
clearflask-server_1   | 		at org.eclipse.angus.mail.smtp.SMTPTransport.close(SMTPTransport.java:1401)
clearflask-server_1   | 		at org.simplejavamail.mailer.internal.util.TransportRunner.runOnSessionTransport(TransportRunner.java:82)
clearflask-server_1   | 		... 8 common frames omitted
clearflask-server_1   | 	Caused by: java.net.SocketTimeoutException: Read timed out
clearflask-server_1   | 		at java.base/java.net.SocketInputStream.socketRead0(Native Method)
clearflask-server_1   | 		at java.base/java.net.SocketInputStream.socketRead(SocketInputStream.java:115)
clearflask-server_1   | 		at java.base/java.net.SocketInputStream.read(SocketInputStream.java:168)
clearflask-server_1   | 		at java.base/java.net.SocketInputStream.read(SocketInputStream.java:140)
clearflask-server_1   | 		at java.base/sun.security.ssl.SSLSocketInputRecord.read(SSLSocketInputRecord.java:478)
clearflask-server_1   | 		at java.base/sun.security.ssl.SSLSocketInputRecord.readHeader(SSLSocketInputRecord.java:472)
clearflask-server_1   | 		at java.base/sun.security.ssl.SSLSocketInputRecord.bytesInCompletePacket(SSLSocketInputRecord.java:70)
clearflask-server_1   | 		at java.base/sun.security.ssl.SSLSocketImpl.readApplicationRecord(SSLSocketImpl.java:1454)
clearflask-server_1   | 		at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:1065)
clearflask-server_1   | 		at org.eclipse.angus.mail.util.TraceInputStream.read(TraceInputStream.java:107)
clearflask-server_1   | 		at java.base/java.io.BufferedInputStream.fill(BufferedInputStream.java:252)
clearflask-server_1   | 		at java.base/java.io.BufferedInputStream.read(BufferedInputStream.java:271)
clearflask-server_1   | 		at org.eclipse.angus.mail.util.LineInputStream.readLine(LineInputStream.java:104)
clearflask-server_1   | 		at org.eclipse.angus.mail.smtp.SMTPTransport.readServerResponse(SMTPTransport.java:2489)
clearflask-server_1   | 		... 10 common frames omitted

I've tried all non-TLS and TLS mechanisms supported. When dumping the packets, it seems that the connection goes correctly until the STARTTLS command, and after that nothing is else is sent until the remote server closes the connection. Seems like something goes wrong with building the sender/recipient, or the email body.

Am I configuring this wrong, or is this a bug?

Error executing 'CREATE FUNCTION

Hi, I can see the following errors in the logs:

Error executing 'CREATE FUNCTION vote_wilson
(...)
END  ' (line 34): FUNCTION vote_wilson already exists
Error executing 'CREATE FUNCTION exp_decay
(...)
END  ' (line 21): FUNCTION exp_decay already exists

Is this something I should be worried about?

Problems of managing users and admins

I found there're might be two systems/mechanisms of user management. One is signing up from xxxx.com/login page and this will by default create a new project with that user and make him as owner. Another is with OAuth/SSO or manually added by the owner, which belongs to current project.

My requirement is, there should be only one project, it has one owner and multiple admins, other normal users should create there account with OAuth. I tested and found following problems:

Cannot directly add existing account as project admin (in the teammate page), I have to send invitation email to the corresponding email address of that user, and he has to do sign up again from the invitation url, he cannot use the existing OAuth created account to login to dashboard as this account has no way to set password (maybe the real reason is there're two different accounts, described below). But because I want only one project, it is better to not allow signing up after initializing the first project.
Actually when signing up the email being input do not really need to be the same as the address which received the invitation, so it seems the user owns two accounts now, one for dashbord admin of the project, another for frontend usage of the same project. Even though the user input same email as his frontend OAuth account, these are still two different accounts, and the admin user has to remember yet another password. The good news is if he use same email, then jumping from dashboard to frontend will automatically use the corresponding frontend account.
After adding new user in the dashboard (ADD button in xxxx.com/dashbord/users), it cannot login from the xxxx.com/login entry and it always says email or password incorrect. It seems this is just a frontend account so cannot login from backend. However there's no way to directly login a frontend account using email and password, so I don't know what's the meaning of manually adding users in the dashboard, is it just used for on-behalf things? Another bug is after deleting this manually created user from dashboard and trying to sign up using the same email, it says the email already exists, so it looks like it's not really deleted, but still exists in database.

Clearflask connect has hardcoded values

Hi, our team doesn't like that the values are hardcoded, and as such makes it impossible to deploy on our infastructure. Would you happen to have a way or solution to solve this problem?

Any help is appreciated. Thanks in advance.

clearflask / clearflask Goto Github PK

clearflask's Introduction

Contents

Managed Hosting

Self Hosting

Quick start

Replace dependencies

Via Docker

Via AWS

IAM access

AWS DynamoDB

AWS S3

ElasticSearch or MySQL

AWS SES

Deploy ClearFlask

Setup

Email

Email using SMTP

Email using AWS SES

DNS

Certificate management

Automagic using Let's Encrypt

Static certificate

Self-managed behind reverse proxy

No certificates

Dashboard account

Run

Maintenance

Migration between ElasticSearch/MySQL

Migration prerequisites

Migrate from Mysql to ElasticSearch

Migrate from ElasticSearch to Mysql

Contributing

Code quality

Java

JS/TS

Building

Environment setup

Compile and build

Run locally

Frontend + Mock backend

Connect + Frontend + Mock backend

HTTPS + Connect + Frontend + Backend

Connect + Frontend + Backend (Self-host)

Debugging

Attach debugger

JMX

ElasticSearch Kibana

KillBill Kaui

AWS services (DynamoDB, Route53, SES, S3)

Architecture

Overall view

Project Structure

clearflask-api

clearflask-frontend

clearflask-legal

clearflask-logging

clearflask-resources

clearflask-server

Release

Prerequisites

Perform release

Continuing a failed release

Security Policy

Reporting a Vulnerability

clearflask's People

Contributors

Stargazers

Watchers

Forkers

clearflask's Issues

Recommend Projects

Recommend Topics

Recommend Org

Jobs