Cleanup: Update .gitignore and verify TOR implementation

- Add publish directories to .gitignore (both root and TeleBot) - Exclude compressed assets (*.br, *.gz) except wwwroot - Exclude archive files (*.tar.gz, *.zip) - Run TOR verification: 9/9 checks PASSED ✓ - Document nginx push notification configuration This cleanup prevents build artifacts from cluttering git status while maintaining proper TOR security configuration verification. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-01 16:20:16 +01:00 · 2025-10-01 16:20:16 +01:00 · 4992b6b839
commit 4992b6b839
parent bb3d603f83
4 changed files with 129 additions and 2 deletions
--- a/.gitignore
+++ b/.gitignore
@ -18,6 +18,18 @@ build/
 bld/
 [Bb]in/
 [Oo]bj/
+publish/
+**/publish/
+
+# Compressed assets
+*.br
+*.gz
+!wwwroot/**/*.gz
+!wwwroot/**/*.br
+
+# Archive files
+*.tar.gz
+*.zip

 # MSTest test Results
 [Tt]est[Rr]esult*/
--- a/TeleBot/.gitignore
+++ b/TeleBot/.gitignore
@ -62,6 +62,18 @@ bld/
 [Oo]bj/
 [Ll]og/
 [Ll]ogs/
+publish/
+**/publish/
+
+# Compressed assets
+*.br
+*.gz
+!wwwroot/**/*.gz
+!wwwroot/**/*.br
+
+# Archive files
+*.tar.gz
+*.zip

 # NuGet
 *.nupkg
--- a/TeleBot/test-results/tor-verification-results.xml
+++ b/TeleBot/test-results/tor-verification-results.xml
@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<testsuites tests="9" failures="0" time="1759292545">
-    <testsuite name="TeleBot TOR Verification" tests="9" failures="0" timestamp="2025-10-01T04:22:25">
+<testsuites tests="9" failures="0" time="1759331930">
+    <testsuite name="TeleBot TOR Verification" tests="9" failures="0" timestamp="2025-10-01T15:18:50">
    </testsuite>
 </testsuites>
--- a/nginx-push-notification-fix.md
+++ b/nginx-push-notification-fix.md
@ -0,0 +1,103 @@
+# Nginx Push Notification Configuration Fix
+
+## Issue
+Push notifications are failing because the nginx CORS headers are configured for `https://admin.dark.side` instead of the actual domain being used.
+
+## Current Configuration (Line ~19 in nginx config)
+```nginx
+# CORS headers for push notifications
+add_header 'Access-Control-Allow-Origin' 'https://admin.dark.side' always;
+```
+
+## Required Fix
+The CORS headers need to be updated to match the actual domain being used for the admin panel:
+
+```nginx
+# CORS headers for push notifications
+add_header 'Access-Control-Allow-Origin' 'https://admin.thebankofdebbie.giize.com' always;
+add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
+add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization' always;
+add_header 'Access-Control-Allow-Credentials' 'true' always;
+```
+
+## Manual Fix Steps
+
+1. **SSH into the server:**
+   ```bash
+   ssh -i vps_hardening_key -p 2255 sysadmin@10.13.13.1
+   # OR
+   ssh -i vps_hardening_key -p 2255 sysadmin@srv1002428.hstgr.cloud
+   ```
+
+2. **Check current nginx configuration:**
+   ```bash
+   sudo ls -la /etc/nginx/sites-enabled/
+   sudo grep -r "admin.dark.side" /etc/nginx/sites-enabled/
+   ```
+
+3. **Edit the configuration file:**
+   ```bash
+   sudo nano /etc/nginx/sites-available/admin-littleshop
+   # OR wherever the config file is located
+   ```
+
+4. **Update the CORS headers:**
+   - Find: `'https://admin.dark.side'`
+   - Replace with: `'https://admin.thebankofdebbie.giize.com'`
+
+   Or for more flexible CORS (allow from the actual requesting origin):
+   ```nginx
+   # Dynamic CORS based on request origin
+   set $cors_origin "";
+   if ($http_origin ~* (https?://(admin\.)?thebankofdebbie\.giize\.com|https?://srv1002428\.hstgr\.cloud)) {
+       set $cors_origin $http_origin;
+   }
+   add_header 'Access-Control-Allow-Origin' $cors_origin always;
+   add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
+   add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization' always;
+   add_header 'Access-Control-Allow-Credentials' 'true' always;
+   ```
+
+5. **Test the configuration:**
+   ```bash
+   sudo nginx -t
+   ```
+
+6. **Reload nginx if config is valid:**
+   ```bash
+   sudo systemctl reload nginx
+   ```
+
+## Push Notification Endpoints
+The following endpoints need to be accessible with proper CORS headers:
+- `/api/push/vapidpublickey` - Returns the VAPID public key
+- `/api/push/subscribe` - Handles push subscription
+- `/service-worker.js` - Service worker file
+- `/manifest.json` - PWA manifest
+- `/pwa.js` - PWA initialization script
+
+## Testing
+After updating the configuration, test push notifications:
+
+1. Visit the admin panel at the correct domain
+2. Click the notification bell icon
+3. Allow notifications when prompted
+4. Check browser console for any CORS errors
+
+## Alternative: Using nginx-proxy-manager
+If the server is using nginx-proxy-manager (Docker container), the configuration might need to be updated via the UI:
+1. Access nginx-proxy-manager UI (usually port 81)
+2. Find the proxy host for the admin panel
+3. Update the Advanced tab with custom nginx configuration for CORS headers
+
+## DNS Configuration Required
+Ensure `admin.thebankofdebbie.giize.com` points to the server IP (31.97.57.205):
+```
+admin.thebankofdebbie.giize.com A 31.97.57.205
+```
+
+## SSL Certificate
+The domain will need a valid SSL certificate. This can be obtained via:
+- Let's Encrypt (certbot)
+- nginx-proxy-manager's built-in Let's Encrypt support
+- Or using a self-signed certificate temporarily