Use nodejs 22 in docker images

Dockerfile

@@ -1,5 +1,5 @@
 ARG BASE_IMAGE=debian:bookworm-slim
-ARG PHP_VERSION=8.3
+ARG PHP_VERSION=8.4
 
 FROM ${BASE_IMAGE} AS base
 ARG PHP_VERSION
@@ -48,7 +48,7 @@ RUN apt-get update && apt-get -y install \
 # Install node and yarn
 RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \
     echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list && \
-    curl -sL https://deb.nodesource.com/setup_20.x | bash - && \
+    curl -sL https://deb.nodesource.com/setup_22.x | bash - && \
     apt-get update && apt-get install -y \
       nodejs \
       yarn \

Dockerfile-frankenphp

@@ -1,4 +1,4 @@
-FROM dunglas/frankenphp:1-php8.3 AS frankenphp_upstream
+FROM dunglas/frankenphp:1-php8.4 AS frankenphp_upstream
 
 RUN apt-get update && apt-get -y install \
       curl \
@@ -13,13 +13,33 @@ RUN apt-get update && apt-get -y install \
       zip \
     && apt-get -y autoremove && apt-get clean autoclean && rm -rf /var/lib/apt/lists/*;
 
-# Install node and yarn
-RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \
-    echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list && \
-    curl -sL https://deb.nodesource.com/setup_20.x | bash - && \
-    apt-get update && apt-get install -y \
-      nodejs yarn \
-    && apt-get -y autoremove && apt-get clean autoclean && rm -rf /var/lib/apt/lists/*
+RUN set -eux; \
+    # Prepare keyrings directory
+    mkdir -p /etc/apt/keyrings; \
+    \
+    # Import Yarn GPG key
+    curl -fsSL https://dl.yarnpkg.com/debian/pubkey.gpg \
+      | tee /etc/apt/keyrings/yarn.gpg >/dev/null; \
+    chmod 644 /etc/apt/keyrings/yarn.gpg; \
+    \
+    # Add Yarn repo with signed-by
+    echo "deb [signed-by=/etc/apt/keyrings/yarn.gpg] https://dl.yarnpkg.com/debian stable main" \
+      | tee /etc/apt/sources.list.d/yarn.list; \
+    \
+    # Run NodeSource setup script (unchanged)
+    curl -sL https://deb.nodesource.com/setup_22.x | bash -; \
+    \
+    # Install Node.js + Yarn
+    apt-get update; \
+    apt-get install -y --no-install-recommends \
+      nodejs \
+      yarn; \
+    \
+    # Cleanup
+    apt-get -y autoremove; \
+    apt-get clean autoclean; \
+    rm -rf /var/lib/apt/lists/*
+
 
 # Install PHP
 RUN set -eux; \

docs/configuration.md

@@ -43,7 +43,8 @@ options listed, see `.env` file for the full list of possible env variables.
 Environment variables allow to overwrite settings in the web interface. This is useful, if you want to enforce certain
 settings to be unchangable by users, or if you want to configure settings in a central place in a deployed environment.
 On the settings page, you can hover over a setting to see, which environment variable can be used to overwrite it, it 
-is shown as tooltip.
+is shown as tooltip. API keys or similar sensitve data which is overwritten by env variables, are redacted on the web
+interface, so that even administrators cannot see them (only the last 2 characters and the length).
 
 For technical and security reasons some settings can only be configured via environment variables and not via the web
 interface. These settings are marked with "(env only)" in the description below.

docs/usage/getting_started.md

@@ -12,11 +12,19 @@ Before starting, it's useful to read a bit about the [concepts of Part-DB]({% li
 1. TOC
 {:toc}
 
-## Customize config files
+## Customize system settings
 
-Before you start creating data structures, you should configure Part-DB to your needs by changing possible configuration
-options.
-This is done either via changing the `.env.local` file in a direct installation or by changing the env variables in
+Before starting creating datastructures, you should check the system settings to ensure that they fit your needs.
+After login as an administrator, you can find the settings in the sidebar under `Tools -> System -> Settings`.
+![image]({% link assets/getting_started/system_settings.png %})
+
+Here you can change various settings, like the name of your Part-DB instance (which is shown in the title bar of the
+browser), the default language (which is used if no user preference is set), the default timezone (which is used to
+display times correctly), the default currency (which is used to display prices correctly), and many more.
+
+Some more fundamental settings like database connection, mail server settings, SSO, etc. are configured via environment variables.
+Environment variables also allow to overwrite various settings from the web interface.
+Environment variables can be changed by editing the `.env.local` file in a direct installation or by changing the env variables in
 your `docker-compose.yaml` file.
 A list of possible configuration options can be found [here]({% link configuration.md %}).
 
@@ -44,8 +52,8 @@ used.
 
 ## (Optional) Customize homepage banner
 
-The banner which is shown on the homepage, can be customized/changed by changing the `config/banner.md` file with a text
-editor. You can use markdown and (safe) HTML here, to style and customize the banner.
+The banner which is shown on the homepage, can be customized/changed via the homepage banner setting in system settings. 
+You can use markdown and (safe) HTML here, to style and customize the banner.
 You can even use LaTeX-style equations by wrapping the expressions into `$` (like `$E=mc^2$`, which is rendered inline:
 $E=mc^2$) or `$$` (like `$$E=mc^2$$`) which will be rendered as a block, like so: $$E=mc^2$$
 
@@ -202,4 +210,4 @@ later.
 You can choose from your created datastructures to add manufacturer information, supplier information, etc. to the part.
 You can also create new datastructures on the fly, if you want to add additional information to the part, by typing the
 name of the new datastructure in the field and select the "New ..." option in the dropdown menu. See [tips]({% link
-usage/tips_tricks.md %}) for more information.
+usage/tips_tricks.md %}) for more information.

docs/usage/information_provider_system.md

@@ -80,6 +80,11 @@ Normally the providers utilize an API of a service, and you need to create an ac
 Also, there are limits on how many requests you can do per day or month, depending on the provider and your contract
 with them.
 
+Data providers can be either configured in the system settings (in the info provider tab) or on the settings page which is
+reachable via the cogwheel symbol next to the provider in the provider list. It is also possible to configure them via
+environment variables. See below for the available configuration options. API keys configured via environment variables
+are redacted in the settings interface.
+
 The following providers are currently available and shipped with Part-DB:
 
 (All trademarks are property of their respective owners. Part-DB is not affiliated with any of the companies.)

src/Form/Type/APIKeyType.php

@@ -28,9 +28,14 @@ use Symfony\Component\Form\Extension\Core\Type\PasswordType;
 use Symfony\Component\Form\FormInterface;
 use Symfony\Component\Form\FormView;
 use Symfony\Component\OptionsResolver\OptionsResolver;
+use Symfony\Contracts\Translation\TranslatorInterface;
 
 class APIKeyType extends AbstractType
 {
+    public function __construct(private readonly TranslatorInterface $translator)
+    {
+    }
+
     public function getParent(): string
     {
         return PasswordType::class;
@@ -38,8 +43,30 @@ class APIKeyType extends AbstractType
 
     public function buildView(FormView $view, FormInterface $form, array $options): void
     {
-        //Ensure that the field is never empty
-        $view->vars['value'] = $form->getViewData();
+        $viewData = $form->getViewData();
+
+        //If the field is disabled, show the redacted API key
+        if ($options['disabled'] ?? false) {
+            if ($viewData === null || $viewData === '') {
+                $view->vars['value'] = $viewData;
+            } else {
+
+                $view->vars['value'] = self::redact((string)$viewData) . ' (' . $this ->translator->trans("form.apikey.redacted") . ')';
+            }
+        } else { //Otherwise, show the actual value
+            $view->vars['value'] = $viewData;
+        }
+    }
+
+    public static function redact(string $apiKey): string
+    {
+        //Show only the last 2 characters of the API key if it is long enough (more than 16 characters)
+        //Replace all other characters with dots
+        if (strlen($apiKey) > 16) {
+            return str_repeat('*', strlen($apiKey) - 2) . substr($apiKey, -2);
+        }
+
+        return str_repeat('*', strlen($apiKey));
     }
 
     public function configureOptions(OptionsResolver $resolver): void

translations/messages.en.xlf

@@ -13051,5 +13051,11 @@ Please note, that you can not impersonate a disabled user. If you try you will g
         <target>Info provider settings</target>
       </segment>
     </unit>
+    <unit id="VgSodKY" name="form.apikey.redacted">
+      <segment>
+        <source>form.apikey.redacted</source>
+        <target>Redacted for security reasons</target>
+      </segment>
+    </unit>
   </file>
 </xliff>