Initial commit (forced pushed a few times to get the basics worked ou…

…t without a ton of commits)

.dockerignore

@@ -0,0 +1,4 @@
+/Dockerfile
+/LICENSE
+/README.md
+/.github

.github/renovate.json

@@ -0,0 +1,16 @@
+{
+   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+   "extends": [
+     "config:base",
+     "docker:enableMajor",
+     "default:automergeDigest"
+   ],
+   "packageRules": [
+    {
+      "matchDatasources": ["docker"],
+      "matchPackageNames": ["ubuntu"],
+      "matchUpdateTypes": ["minor", "patch", "pin", "digest"],
+      "automerge": true
+    }
+  ]
+ }

.github/workflows/docker-publish.yml

@@ -0,0 +1,81 @@
+name: Docker
+
+# This all came from github. I wrote none of it, but I did remove some bits that didn't work.
+
+on:
+  push:
+    branches: [ "main" ]
+    # Publish semver tags as releases.
+    tags: [ 'v*.*.*' ]
+  pull_request:
+    branches: [ "main" ]
+
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: ghcr.io
+  # github.repository as <account>/<repo>
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          # we need the whole thing so we can count commits.
+          fetch-depth: '0'
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: 'arm64'
+
+      # Workaround: https://github.com/docker/build-push-action/issues/461
+      - name: Setup Docker buildx
+        uses: docker/setup-buildx-action@v3
+
+      # Login against a Docker registry except on PR
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: More Docker metadata
+        run: |
+          echo BUILD_DATE=$(date -u +%Y-%m-%dT%H:%M:00Z) >> $GITHUB_ENV
+          echo COMMITS=$(git rev-list --count --all || echo 0) >> $GITHUB_ENV
+
+      # Build and push Docker image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

.gitignore

@@ -0,0 +1 @@
+/.vscode/*

Dockerfile

@@ -0,0 +1,25 @@
+# syntax=docker/dockerfile:1
+
+FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.18
+
+# install packages
+RUN \
+  if [ -z ${NGINX_VERSION+x} ]; then \
+    NGINX_VERSION=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.18/main/x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp \
+    && awk '/^P:nginx$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://'); \
+  fi && \
+
+  apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community \
+    php82-pecl-mcrypt && \
+  echo "**** configure php-fpm to pass env vars ****" && \
+  sed -E -i 's/^;?clear_env ?=.*$/clear_env = no/g' /etc/php82/php-fpm.d/www.conf && \
+  grep -qxF 'clear_env = no' /etc/php82/php-fpm.d/www.conf || echo 'clear_env = no' >> /etc/php82/php-fpm.d/www.conf && \
+  echo "env[PATH] = /usr/local/bin:/usr/bin:/bin" >> /etc/php82/php-fpm.conf
+
+# add local files
+COPY root/ /
+
+# ports and volumes
+EXPOSE 80 443
+
+VOLUME /config

README.md

@@ -0,0 +1,25 @@
+![Logo](root/app/www/public/images/logo-64.png)
+
+# Starr Proxy
+
+## Purpose
+
+Provide access scoped apikeys & stop letting every 3rd party app and script have full access to your starr instance(s)!
+
+Some apps only need one or two endpoints but have full access/control over everything, needlessly.
+
+Access logs per app are generated so you can see everytime the app hits the proxy, allowed and rejected requests, etc
+
+## App templates
+
+There are some pre-built templates than enable just the api access the app actually needs so they are quick and easy to setup. More will be added in time for the common 3rd party apps.
+
+## Screenshots
+
+When viewing the access log for an allowed app, the bottom contains all the endpoints referenced in the log and if the app has access or not. Clicking the red x allows access.
+
+![Usage](root/app/www/public/images/screenshots/endpointUsage.png)
+
+Easily view apps, what they access, etc
+
+![Apps](root/app/www/public/images/screenshots/apps.png)