Api v3 refactor

.env.example

@@ -1,28 +1,34 @@
 ## Environment Variables
 
-ARCH=amd64
-NEST_PORT=3033
-HOST=0.0.0.0
+BRANCH_NAME=main
+HOST=127.0.0.1
 
-# !!! Path should be with " / " at the start !!!
+# NestJS
+NEST_PORT=3033
 NEST_PREFIX=/api
 SECRET=
-JWT_EXPIRATION=30
-API_HOST=https://api.sourcescan.dev
 
 # NGINX
 NGINX_PORT=33
 
 # IPFS
 IPFS_HOST=sscan-ipfs
 IPFS_PORT=5001
-
-# Used for external comunication with ipfs
-SWARM_PORT=4001
 GATE_PORT=8080
+SWARM_PORT=4001
+QUICKNODE_API_KEY=
+
+# External IP for IPFS swarm announce (auto-detected if empty)
+IPFS_EXTERNAL_IP=
+
+# IPFS WebUI auth
+IPFS_ADMIN_USER=admin
+IPFS_ADMIN_PASS=
 
-# Near module env
+# NEAR
+NEAR_MAINNET_RPC=https://rpc.mainnet.near.org
 NEAR_MAINNET_ACCOUNT_ID=
 NEAR_MAINNET_PRIVATE_KEY=
+NEAR_TESTNET_RPC=https://rpc.testnet.near.org
 NEAR_TESTNET_ACCOUNT_ID=
-NEAR_TESTNET_PRIVATE_KEY=
+NEAR_TESTNET_PRIVATE_KEY=

.github/workflows/main.yml

@@ -2,21 +2,23 @@ name: Main CI
 
 on:
   push:
-    branches: [ "main" ]
+    branches: [ "main", "api-v2" ]
   pull_request:
-    branches: [ "main" ]
+    branches: [ "main", "api-v2" ]
 
 jobs:
   build:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
 
-    - name: Use Node.js 16.x
-      uses: actions/setup-node@v3
+    - name: Use Node.js 24.x LTS
+      uses: actions/setup-node@v4
       with:
-        node-version: '16.x'
+        node-version: '24.x'
+        cache: 'npm'
+        cache-dependency-path: nest/package-lock.json
 
     - name: Install and Build
       run: |
@@ -29,19 +31,26 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
 
-    - name: Use Node.js 16.x
-      uses: actions/setup-node@v3
+    - name: Use Node.js 24.x LTS
+      uses: actions/setup-node@v4
       with:
-        node-version: '16.x'
+        node-version: '24.x'
+        cache: 'npm'
+        cache-dependency-path: nest/package-lock.json
 
     - name: Install Dependencies
       run: |
         cd nest
         npm ci
 
-    - name: Test Nest JS
+    - name: Lint
+      run: |
+        cd nest
+        npm run lint
+
+    - name: Test
       run: |
         cd nest
         npm run test

.gitignore

@@ -50,4 +50,5 @@ pnpm-lock.yaml
 
 docker-data
 
-dist/
+dist/
+

README.md

@@ -1,12 +1,32 @@
 # SourceScan NestJS Back-end and API
+
 ## Installation
 
 1. Create .env file
-	 `cp .env.example .env`
+   ```
+   cp .env.example .env
+   ```
 2. Build and run containers
-	 `docker compose up -d --build`
-3. Add these lines to **./docker-data/ipfs/config** to open this node to global ipfs
+   ```
+   docker compose up -d --build
+   ```
+
+## Firewall Configuration
+
+**Open these ports (public access required):**
+| Port | Protocol | Service | Description |
+|------|----------|---------|-------------|
+| 33 | TCP | Nginx | API proxy (NGINX_PORT) |
+| 4001 | TCP+UDP | IPFS Swarm | P2P communication (SWARM_PORT) |
+
+**Keep closed (internal only, bound to 127.0.0.1):**
+| Port | Service | Description |
+|------|---------|-------------|
+| 3033 | NestJS | Backend API (NEST_PORT) |
+| 5001 | IPFS API | Admin interface (IPFS_PORT) |
+| 8080 | IPFS Gateway | Content gateway (GATE_PORT) |
 
- `"AppendAnnounce":  [  "/ip4/{hostname}/tcp/{swarm_port}", "/ip4/{hostname}/udp/{swarm_port}/quic", "/ip4/{hostname}/udp/{swarm_port}/quic-v1", "/ip4/{hostname}/udp/{swarm_port}/quic-v1/webtransport" ]`
+## IPFS WebUI
 
-After that you need to restart IPFS container
+- Local: http://localhost:5001/webui
+- Via nginx: http://localhost:33/ipfs-admin/webui (requires IPFS_ADMIN_USER/PASS)

docker-compose.yml

@@ -0,0 +1,70 @@
+services:
+  sscan-nest:
+    build:
+      context: nest
+    platform: linux/amd64
+    container_name: ${BRANCH_NAME:-main}_sscan-nest
+    restart: always
+    networks:
+      - nwk
+    ports:
+      - '127.0.0.1:${NEST_PORT}:${NEST_PORT}'
+    volumes:
+      - ./nest/scripts:/app/scripts
+    env_file:
+      - .env
+    privileged: true
+
+  sscan-ipfs:
+    image: ipfs/kubo:v0.39.0
+    container_name: ${BRANCH_NAME:-main}_sscan-ipfs
+    restart: always
+    environment:
+      - IPFS_PROFILE=server
+      - IPFS_PATH=/ipfsdata
+      - IPFS_EXTERNAL_IP=${IPFS_EXTERNAL_IP}
+      - SWARM_PORT=${SWARM_PORT}
+    networks:
+      - nwk
+    ports:
+      - "${SWARM_PORT}:4001"
+      - "${SWARM_PORT}:4001/udp"
+      - "127.0.0.1:${IPFS_PORT}:5001"
+      - "127.0.0.1:${GATE_PORT}:8080"
+    volumes:
+      - ./docker-data/ipfs:/ipfsdata
+      - ./ipfs/001-configure.sh:/container-init.d/001-configure.sh:ro
+    healthcheck:
+      test: ["CMD-SHELL", "ipfs swarm peers | head -1"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+  sscan-nginx:
+    image: nginx:1.27
+    container_name: ${BRANCH_NAME:-main}_sscan-nginx
+    restart: always
+    ports:
+      - '${HOST}:${NGINX_PORT}:${NGINX_PORT}'
+    networks:
+      - nwk
+    volumes:
+      - ./nginx/:/etc/nginx/templates/
+      - ./nginx/scripts/entrypoint.sh:/entrypoint.sh:ro
+    entrypoint: /entrypoint.sh
+    command: ["nginx", "-g", "daemon off;"]
+    environment:
+      - NGINX_PORT=${NGINX_PORT}
+      - NEST_PORT=${NEST_PORT}
+      - GATE_PORT=${GATE_PORT}
+      - IPFS_PORT=${IPFS_PORT}
+      - IPFS_ADMIN_USER=${IPFS_ADMIN_USER}
+      - IPFS_ADMIN_PASS=${IPFS_ADMIN_PASS}
+    depends_on:
+      - sscan-nest
+      - sscan-ipfs
+
+networks:
+  nwk:
+    name: ${BRANCH_NAME:-main}_nwk
+    driver: bridge

ipfs/001-configure.sh

@@ -0,0 +1,27 @@
+#!/bin/sh
+set -ex
+
+# Configure IPFS API for WebUI access through nginx proxy
+ipfs config --json API.HTTPHeaders.Access-Control-Allow-Origin '["*"]'
+ipfs config --json API.HTTPHeaders.Access-Control-Allow-Methods '["PUT", "POST", "GET"]'
+ipfs config --json API.HTTPHeaders.Access-Control-Allow-Headers '["Authorization", "Content-Type"]'
+ipfs config --json API.HTTPHeaders.Access-Control-Allow-Credentials '["true"]'
+
+# Listen on all interfaces (secured by nginx)
+ipfs config Addresses.API /ip4/0.0.0.0/tcp/5001
+ipfs config Addresses.Gateway /ip4/0.0.0.0/tcp/8080
+
+# Get external IP (from env or auto-detect)
+EXTERNAL_IP="${IPFS_EXTERNAL_IP:-$(curl -4 -s --max-time 5 ifconfig.me || echo "")}"
+
+if [ -n "$EXTERNAL_IP" ] && [ -n "$SWARM_PORT" ]; then
+  echo "Configuring announce addresses for: $EXTERNAL_IP:$SWARM_PORT"
+  ipfs config --json Addresses.Announce "[
+    \"/ip4/${EXTERNAL_IP}/tcp/${SWARM_PORT}\",
+    \"/ip4/${EXTERNAL_IP}/udp/${SWARM_PORT}/quic-v1\"
+  ]"
+else
+  echo "Skipping announce config (no external IP detected)"
+fi
+
+echo "IPFS configured successfully"