From 0dfc780676c0e4cd6d91acceb293be2a65d5df3e Mon Sep 17 00:00:00 2001
From: George Brownbridge <gbrownbridge@cmcl.io>
Date: Fri, 16 May 2025 10:31:38 +0100
Subject: [PATCH 1/3] dev-secure-viz: Bumped stack version number.

---
 stack-clients/docker-compose.yml       | 2 +-
 stack-clients/pom.xml                  | 2 +-
 stack-data-uploader/docker-compose.yml | 2 +-
 stack-data-uploader/pom.xml            | 4 ++--
 stack-manager/docker-compose.yml       | 2 +-
 stack-manager/pom.xml                  | 4 ++--
 6 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/stack-clients/docker-compose.yml b/stack-clients/docker-compose.yml
index 62b8dec1..98c395ec 100644
--- a/stack-clients/docker-compose.yml
+++ b/stack-clients/docker-compose.yml
@@ -1,6 +1,6 @@
 services:
   stack-client:
-    image: ghcr.io/theworldavatar/stack-client${IMAGE_SUFFIX}:1.46.3
+    image: ghcr.io/theworldavatar/stack-client${IMAGE_SUFFIX}:1.47.0-secure-vis-SNAPSHOT
     secrets:
       - blazegraph_password
       - postgis_password
diff --git a/stack-clients/pom.xml b/stack-clients/pom.xml
index 6126f770..252148aa 100644
--- a/stack-clients/pom.xml
+++ b/stack-clients/pom.xml
@@ -7,7 +7,7 @@
 
     <groupId>com.cmclinnovations</groupId>
     <artifactId>stack-clients</artifactId>
-    <version>1.46.3</version>
+    <version>1.47.0-secure-vis-SNAPSHOT</version>
 
     <name>Stack Clients</name>
     <url>https://theworldavatar.io</url>
diff --git a/stack-data-uploader/docker-compose.yml b/stack-data-uploader/docker-compose.yml
index fe6da1eb..c03418db 100644
--- a/stack-data-uploader/docker-compose.yml
+++ b/stack-data-uploader/docker-compose.yml
@@ -1,6 +1,6 @@
 services:
   stack-data-uploader:
-    image: ghcr.io/theworldavatar/stack-data-uploader${IMAGE_SUFFIX}:1.46.3
+    image: ghcr.io/theworldavatar/stack-data-uploader${IMAGE_SUFFIX}:1.47.0-secure-vis-SNAPSHOT
     secrets:
       - blazegraph_password
       - postgis_password
diff --git a/stack-data-uploader/pom.xml b/stack-data-uploader/pom.xml
index 943ea09c..16bcc9da 100644
--- a/stack-data-uploader/pom.xml
+++ b/stack-data-uploader/pom.xml
@@ -7,7 +7,7 @@
 
     <groupId>com.cmclinnovations</groupId>
     <artifactId>stack-data-uploader</artifactId>
-    <version>1.46.3</version>
+    <version>1.47.0-secure-vis-SNAPSHOT</version>
 
     <name>Stack Data Uploader</name>
     <url>https://theworldavatar.io</url>
@@ -38,7 +38,7 @@
         <dependency>
             <groupId>com.cmclinnovations</groupId>
             <artifactId>stack-clients</artifactId>
-            <version>1.46.3</version>
+            <version>1.47.0-secure-vis-SNAPSHOT</version>
         </dependency>
 
         <dependency>
diff --git a/stack-manager/docker-compose.yml b/stack-manager/docker-compose.yml
index 126f031d..e31bb4e3 100644
--- a/stack-manager/docker-compose.yml
+++ b/stack-manager/docker-compose.yml
@@ -1,6 +1,6 @@
 services:
   stack-manager:
-    image: ghcr.io/theworldavatar/stack-manager${IMAGE_SUFFIX}:1.46.3
+    image: ghcr.io/theworldavatar/stack-manager${IMAGE_SUFFIX}:1.47.0-secure-vis-SNAPSHOT
     environment:
       EXTERNAL_PORT: "${EXTERNAL_PORT-3838}"
       STACK_BASE_DIR: "${STACK_BASE_DIR}"
diff --git a/stack-manager/pom.xml b/stack-manager/pom.xml
index 38ac0f2d..c6383c9b 100644
--- a/stack-manager/pom.xml
+++ b/stack-manager/pom.xml
@@ -7,7 +7,7 @@
 
     <groupId>com.cmclinnovations</groupId>
     <artifactId>stack-manager</artifactId>
-    <version>1.46.3</version>
+    <version>1.47.0-secure-vis-SNAPSHOT</version>
 
     <name>Stack Manager</name>
     <url>https://theworldavatar.io</url>
@@ -38,7 +38,7 @@
         <dependency>
             <groupId>com.cmclinnovations</groupId>
             <artifactId>stack-clients</artifactId>
-            <version>1.46.3</version>
+            <version>1.47.0-secure-vis-SNAPSHOT</version>
         </dependency>
 
         <dependency>

From 6cd2145bf46d36be1b8f8dcdd4b2b33c3e09be27 Mon Sep 17 00:00:00 2001
From: George Brownbridge <gbrownbridge@cmcl.io>
Date: Fri, 16 May 2025 10:32:15 +0100
Subject: [PATCH 2/3] dev-secure-viz: Bumped the default version of the viz.

---
 .../stack/services/built-ins/visualisation.json            | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/stack-clients/src/main/resources/com/cmclinnovations/stack/services/built-ins/visualisation.json b/stack-clients/src/main/resources/com/cmclinnovations/stack/services/built-ins/visualisation.json
index 86b93fab..2d42e80f 100644
--- a/stack-clients/src/main/resources/com/cmclinnovations/stack/services/built-ins/visualisation.json
+++ b/stack-clients/src/main/resources/com/cmclinnovations/stack/services/built-ins/visualisation.json
@@ -4,12 +4,17 @@
         "Name": "visualisation",
         "TaskTemplate": {
             "ContainerSpec": {
-                "Image": "ghcr.io/cambridge-cares/twa-vf:4",
+                "Image": "ghcr.io/theworldavatar/viz:5.25.0-bugfix-SNAPSHOT",
                 "Mounts": [
                     {
                         "Type": "volume",
                         "Source": "vis-files",
                         "Target": "/var/www/html"
+                    },
+                    {
+                        "Type": "volume",
+                        "Source": "vis-previous-state",
+                        "Target": "/twa/.public_hash/previous-state-of-public-folder"
                     }
                 ],
                 "Secrets": [

From 5438b496d09c2d62c1829aca1304ed0967ea13ec Mon Sep 17 00:00:00 2001
From: George Brownbridge <gbrownbridge@cmcl.io>
Date: Fri, 16 May 2025 10:33:30 +0100
Subject: [PATCH 3/3] dev-secure-viz: Added a session secret for the viz
 container.

---
 .../stack/clients/core/PasswordEndpointConfig.java          | 2 +-
 .../stack/services/VisualisationService.java                | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/stack-clients/src/main/java/com/cmclinnovations/stack/clients/core/PasswordEndpointConfig.java b/stack-clients/src/main/java/com/cmclinnovations/stack/clients/core/PasswordEndpointConfig.java
index 76479067..5fe03b20 100644
--- a/stack-clients/src/main/java/com/cmclinnovations/stack/clients/core/PasswordEndpointConfig.java
+++ b/stack-clients/src/main/java/com/cmclinnovations/stack/clients/core/PasswordEndpointConfig.java
@@ -10,7 +10,7 @@ public class PasswordEndpointConfig extends AbstractEndpointConfig {
 
     private final String passwordFile;
 
-    protected PasswordEndpointConfig(String name, String passwordFile) {
+    public PasswordEndpointConfig(String name, String passwordFile) {
         super(name);
         this.passwordFile = passwordFile;
     }
diff --git a/stack-clients/src/main/java/com/cmclinnovations/stack/services/VisualisationService.java b/stack-clients/src/main/java/com/cmclinnovations/stack/services/VisualisationService.java
index 9769906b..5f1489c4 100644
--- a/stack-clients/src/main/java/com/cmclinnovations/stack/services/VisualisationService.java
+++ b/stack-clients/src/main/java/com/cmclinnovations/stack/services/VisualisationService.java
@@ -1,5 +1,6 @@
 package com.cmclinnovations.stack.services;
 
+import com.cmclinnovations.stack.clients.core.PasswordEndpointConfig;
 import com.cmclinnovations.stack.services.config.ServiceConfig;
 
 public class VisualisationService extends ContainerService {
@@ -14,5 +15,10 @@ public VisualisationService(String stackName, ServiceConfig config) {
     protected void doPreStartUpConfiguration() {
         ensureOptionalSecret("mapbox_username");
         ensureOptionalSecret("mapbox_api_key");
+
+        String sessionSecret = new PasswordEndpointConfig("viz_session_secret", "/run/secrets/viz_session_secret")
+                .getPassword();
+        setEnvironmentVariableIfAbsent("SESSION_SECRET", sessionSecret);
     }
+
 }