Trey T
ba0688a412
route-explorer's /api/token sits behind invisible Cloudflare Turnstile
that requires Apple's Private Access Token attestation. Third-party
iOS apps don't qualify for PAT issuance, and Linux Docker containers
can't pass it either (cross-OS fingerprint, even with patchright /
Camoufox). Migrates direct-flight search to FlightAware; multi-stop
and where-can-I-go remain via embedded SFSafariViewController.
- FlightAwareScheduleClient — scrapes route.rvt + trackpoll JSON for
real schedules without auth. T+0..2 day window. Tests against
captured HTML fixtures.
- BlobRouteClient — pulls the public Vercel blob route catalog
route-explorer's frontend reads (no auth, no Turnstile).
- DiagnosticLogger + LoggingURLSessionDelegate + DiagnosticsView —
device-shareable forensic trace. Boot header captures device, OS,
locale, UA; share-sheet export of session logs.
- TurnstileDebugView — live WKWebView gate inspector. Used to prove
the PAT-entitlement gap on a real device.
- RouteExplorerBrowserView — SFSafariViewController wrapper. Real
Safari clears Turnstile naturally; the in-app browser opens at
pre-filled search URLs. Surfaced from Search ("Open in
route-explorer") and Settings → Tools.
- RouteExplorerTokenStore + RouteExplorerSetupView — bookmarklet
capture flow (token round-tripped via flights://routeexplorer-token
URL scheme). Kept dormant for future use.
backend/ — Docker proxy attempts (Playwright, patchright, Camoufox).
All fail on Linux because Cloudflare auto-denies before the Turnstile
widget renders. Documented; kept as scaffolding for a future paid-
solver integration.
scripts/probe_flightaware.py — reference algorithm for the FA path.
scripts/probe_nodriver.py — local-Mac sanity check confirming the
gate clears with real macOS Chrome (proves the blocker is
fingerprint-level, not network-level).
30 lines
1.0 KiB
YAML
30 lines
1.0 KiB
YAML
services:
|
|
flights-backend:
|
|
container_name: flights-backend
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile
|
|
image: flights-backend:latest
|
|
restart: unless-stopped
|
|
ports:
|
|
# NginxProxyManager forwards flights.treytartt.com → host:8090.
|
|
# The container listens on 8090 inside.
|
|
- "8090:8090"
|
|
environment:
|
|
- SHARED_SECRET=${SHARED_SECRET}
|
|
- TOKEN_TTL_SECONDS=1500
|
|
# Chromium needs /dev/shm for its renderer process. Without this
|
|
# shm_size bump it crashes on the first navigation in a container.
|
|
shm_size: "2gb"
|
|
cap_add:
|
|
# nodriver's profile setup occasionally pokes at SYS_ADMIN-only
|
|
# paths inside the sandbox; without --no-sandbox + this cap we
|
|
# see "Chrome failed to start" intermittently.
|
|
- SYS_ADMIN
|
|
healthcheck:
|
|
test: ["CMD", "python3", "-c", "import urllib.request; urllib.request.urlopen('http://localhost:8090/health').read()"]
|
|
interval: 30s
|
|
timeout: 5s
|
|
retries: 3
|
|
start_period: 90s
|