Merge branch 'main' into patch-1

Author: karlhorky

CHANGELOG.md

@@ -13,9 +13,17 @@ and this project adheres to
 - ⚡️(frontend) improve accessibility:
   - #1248
   - #1235
+  - #1275
   - #1255
   - #1262
+  - #1244
   - #1270
+  - #1282
+
+### Fixed
+
+- 🐛(makefile) Windows compatibility fix for Docker volume mounting #1264
+- 🐛(minio) fix user permission error with Minio and Windows #1264
 
 ## [3.5.0] - 2025-07-31
 

Makefile

@@ -35,9 +35,13 @@ DB_PORT            = 5432
 
 # -- Docker
 # Get the current user ID to use for docker run and docker exec commands
-DOCKER_UID          = $(shell id -u)
-DOCKER_GID          = $(shell id -g)
-DOCKER_USER         = $(DOCKER_UID):$(DOCKER_GID)
+ifeq ($(OS),Windows_NT)
+DOCKER_USER         := 0:0     # run containers as root on Windows
+else
+DOCKER_UID          := $(shell id -u)
+DOCKER_GID          := $(shell id -g)
+DOCKER_USER         := $(DOCKER_UID):$(DOCKER_GID)
+endif
 COMPOSE             = DOCKER_USER=$(DOCKER_USER) docker compose
 COMPOSE_E2E         = DOCKER_USER=$(DOCKER_USER) docker compose -f compose.yml -f compose-e2e.yml
 COMPOSE_EXEC        = $(COMPOSE) exec
@@ -48,7 +52,7 @@ COMPOSE_RUN_CROWDIN = $(COMPOSE_RUN) crowdin crowdin
 
 # -- Backend
 MANAGE              = $(COMPOSE_RUN_APP) python manage.py
-MAIL_YARN           = $(COMPOSE_RUN) -w /app/src/mail node yarn
+MAIL_YARN           = $(COMPOSE_RUN) -w //app/src/mail node yarn
 
 # -- Frontend
 PATH_FRONT          = ./src/frontend

bin/_config.sh

@@ -38,6 +38,10 @@ function _set_user() {
 # options: docker compose command options
 # ARGS   : docker compose command arguments
 function _docker_compose() {
+    # Set DOCKER_USER for Windows compatibility with MinIO
+    if [[ "$OSTYPE" == "msys" || "$OSTYPE" == "cygwin" || -n "${WSL_DISTRO_NAME:-}" ]]; then
+        export DOCKER_USER="0:0"
+    fi
 
     echo "🐳(compose) file: '${COMPOSE_FILE}'"
     docker compose \

docker/files/production/etc/nginx/conf.d/default.conf.template

@@ -11,6 +11,9 @@ server {
     server_name localhost;
     charset utf-8;
 
+    # increase max upload size
+    client_max_body_size 10m;
+
     # Disables server version feedback on pages and in headers
     server_tokens off;
 
@@ -68,7 +71,7 @@ server {
         proxy_set_header Host $host;
     }
 
-    location  /collaboration/api/ {
+    location /collaboration/api/ {
         # Collaboration server
         proxy_pass http://${YPROVIDER_HOST}:4444;
         proxy_set_header Host $host;
@@ -95,7 +98,7 @@ server {
 
         add_header Content-Security-Policy "default-src 'none'" always;
     }
-    
+
     location /media-auth {
         proxy_pass http://docs_backend/api/v1.0/documents/media-auth/;
         proxy_set_header X-Forwarded-Proto https;
@@ -109,4 +112,4 @@ server {
         proxy_set_header Content-Length "";
         proxy_set_header X-Original-Method $request_method;
     }
-}
+}

docs/examples/compose/compose.yaml

@@ -7,12 +7,12 @@ services:
       timeout: 2s
       retries: 300
     env_file:
-    - env.d/postgresql
-    - env.d/common
+      - env.d/postgresql
+      - env.d/common
     environment:
-    - PGDATA=/var/lib/postgresql/data/pgdata
+      - PGDATA=/var/lib/postgresql/data/pgdata
     volumes:
-    - ./data/databases/backend:/var/lib/postgresql/data/pgdata
+      - ./data/databases/backend:/var/lib/postgresql/data/pgdata
 
   redis:
     image: redis:8
@@ -22,12 +22,12 @@ services:
     user: ${DOCKER_USER:-1000}
     restart: always
     environment:
-    - DJANGO_CONFIGURATION=Production
+      - DJANGO_CONFIGURATION=Production
     env_file:
-    - env.d/common
-    - env.d/backend
-    - env.d/yprovider
-    - env.d/postgresql
+      - env.d/common
+      - env.d/backend
+      - env.d/yprovider
+      - env.d/postgresql
     healthcheck:
       test: ["CMD", "python", "manage.py", "check"]
       interval: 15s
@@ -45,24 +45,24 @@ services:
     image: lasuite/impress-y-provider:latest
     user: ${DOCKER_USER:-1000}
     env_file:
-    - env.d/common
-    - env.d/yprovider
+      - env.d/common
+      - env.d/yprovider
 
   frontend:
     image: lasuite/impress-frontend:latest
     user: "101"
     entrypoint:
-    - /docker-entrypoint.sh
+      - /docker-entrypoint.sh
     command: ["nginx", "-g", "daemon off;"]
     env_file:
-    - env.d/common
+      - env.d/common
     # Uncomment and set your values if using our nginx proxy example
     #environment:
-    # - VIRTUAL_HOST=${DOCS_HOST} # used by nginx proxy 
+    # - VIRTUAL_HOST=${DOCS_HOST} # used by nginx proxy
     # - VIRTUAL_PORT=8083 # used by nginx proxy
     # - LETSENCRYPT_HOST=${DOCS_HOST} # used by lets encrypt to generate TLS certificate
     volumes:
-    - ./default.conf.template:/etc/nginx/templates/docs.conf.template
+      - ./default.conf.template:/etc/nginx/templates/docs.conf.template
     depends_on:
       backend:
         condition: service_healthy

docs/examples/compose/keycloak/compose.yaml

@@ -7,23 +7,23 @@ services:
       timeout: 2s
       retries: 300
     env_file:
-    - env.d/kc_postgresql
+      - env.d/kc_postgresql
     volumes:
-    - ./data/keycloak:/var/lib/postgresql/data/pgdata
+      - ./data/keycloak:/var/lib/postgresql/data/pgdata
 
   keycloak:
     image: quay.io/keycloak/keycloak:26.1.3
     command: ["start"]
     env_file:
-    - env.d/kc_postgresql
-    - env.d/keycloak
+      - env.d/kc_postgresql
+      - env.d/keycloak
     # Uncomment and set your values if using our nginx proxy example
     # environment:
-    # - VIRTUAL_HOST=id.yourdomain.tld # used by nginx proxy 
+    # - VIRTUAL_HOST=id.yourdomain.tld # used by nginx proxy
     # - VIRTUAL_PORT=8080 # used by nginx proxy
     # - LETSENCRYPT_HOST=id.yourdomain.tld # used by lets encrypt to generate TLS certificate
     depends_on:
-      kc_postgresql::
+      kc_postgresql:
         condition: service_healthy
         restart: true
 # Uncomment if using our nginx proxy example
@@ -33,4 +33,4 @@ services:
 #
 #networks:
 #  proxy-tier:
-#    external: true
+#    external: true

docs/examples/compose/minio/compose.yaml

@@ -2,8 +2,8 @@ services:
   minio:
     image: minio/minio
     environment:
-    - MINIO_ROOT_USER=<set minio root username>
-    - MINIO_ROOT_PASSWORD=<set minio root password>
+      - MINIO_ROOT_USER=<set minio root username>
+      - MINIO_ROOT_PASSWORD=<set minio root password>
     # Uncomment and set your values if using our nginx proxy example
     # - VIRTUAL_HOST=storage.yourdomain.tld # used by nginx proxy 
     # - VIRTUAL_PORT=9000 # used by nginx proxy
@@ -16,12 +16,12 @@ services:
     entrypoint: ""
     command: minio server /data
     volumes:
-    - ./data/minio:/data
+      - ./data/minio:/data
 # Uncomment if using our nginx proxy example
 #    networks:
-#    - proxy-tier
+#      - proxy-tier
 
 # Uncomment if using our nginx proxy example
 #networks:
 #  proxy-tier:
-#    external: true
+#    external: true

docs/examples/compose/nginx-proxy/compose.yaml

@@ -3,28 +3,28 @@ services:
     image: nginxproxy/nginx-proxy
     container_name: nginx-proxy
     ports:
-    - "80:80"
-    - "443:443"
+      - "80:80"
+      - "443:443"
     volumes:
-    - html:/usr/share/nginx/html
-    - certs:/etc/nginx/certs:ro
-    - /var/run/docker.sock:/tmp/docker.sock:ro
+      - html:/usr/share/nginx/html
+      - certs:/etc/nginx/certs:ro
+      - /var/run/docker.sock:/tmp/docker.sock:ro
     networks:
-    - proxy-tier
+      - proxy-tier
 
   acme-companion:
     image: nginxproxy/acme-companion
     container_name: nginx-proxy-acme
     environment:
-    - [email protected]
+      - [email protected]
     volumes_from:
-    - nginx-proxy
+      - nginx-proxy
     volumes:
-    - certs:/etc/nginx/certs:rw
-    - acme:/etc/acme.sh
-    - /var/run/docker.sock:/var/run/docker.sock:ro
+      - certs:/etc/nginx/certs:rw
+      - acme:/etc/acme.sh
+      - /var/run/docker.sock:/var/run/docker.sock:ro
     networks:
-    - proxy-tier
+      - proxy-tier
 
 networks:
   proxy-tier:

docs/troubleshoot.md

@@ -83,55 +83,6 @@ If you already have CRLF line endings in your local repository, the **best appro
    git commit -m "✏️(project) Fix line endings to LF"
    ```
 
-## Minio Permission Issues on Windows
-
-### Problem Description
-
-On Windows, you may encounter permission-related errors when running Minio in development mode with Docker Compose. This typically happens because:
-
-- **Windows file permissions** don't map well to Unix-style user IDs used in Docker containers
-- **Docker Desktop** may have issues with user mapping when using the `DOCKER_USER` environment variable
-- **Minio container** fails to start or access volumes due to permission conflicts
-
-### Common Symptoms
-
-- Minio container fails to start with permission denied errors
-- Error messages related to file system permissions in Minio logs
-- Unable to create or access buckets in the development environment
-- Docker Compose showing Minio service as unhealthy or exited
-
-### Solution for Windows Users
-
-If you encounter Minio permission issues on Windows, you can temporarily disable user mapping for the Minio service:
-
-1. **Open the `compose.yml` file**
-
-2. **Comment out the user directive** in the `minio` service section:
-   ```yaml
-   minio:
-     # user: ${DOCKER_USER:-1000}  # Comment this line on Windows if permission issues occur
-     image: minio/minio
-     environment:
-       - MINIO_ROOT_USER=impress
-       - MINIO_ROOT_PASSWORD=password
-     # ... rest of the configuration
-   ```
-
-3. **Restart the services**:
-   ```bash
-   make run
-   ```
-
-### Why This Works
-
-- Commenting out the `user` directive allows the Minio container to run with its default user
-- This bypasses Windows-specific permission mapping issues
-- The container will have the necessary permissions to access and manage the mounted volumes
-
-### Note
-
-This is a **development-only workaround**. In production environments, proper user mapping and security considerations should be maintained according to your deployment requirements.
-
 ## Frontend File Watching Issues on Windows
 
 ### Problem Description

env.d/production.dist/backend

@@ -43,8 +43,8 @@ OIDC_RP_CLIENT_ID=<client_id>
 OIDC_RP_CLIENT_SECRET=<client secret>
 OIDC_RP_SIGN_ALGO=RS256
 OIDC_RP_SCOPES="openid email"
-#USER_OIDC_FIELD_TO_SHORTNAME
-#USER_OIDC_FIELDS_TO_FULLNAME
+#OIDC_USERINFO_SHORTNAME_FIELD
+#OIDC_USERINFO_FULLNAME_FIELDS
 
 LOGIN_REDIRECT_URL=https://${DOCS_HOST}
 LOGIN_REDIRECT_URL_FAILURE=https://${DOCS_HOST}