From 34b24f3eb7952e1b86f91d925a0a02e97cb9c552 Mon Sep 17 00:00:00 2001
From: Ralf Vogler <ralf.vogler@gmail.com>
Date: Mon, 26 May 2025 00:46:09 +0200
Subject: [PATCH] make patchright work in docker

---
 Dockerfile           | 53 ++++++++++++++++++++------------------------
 docker-entrypoint.sh | 23 +++++--------------
 epic-games.js        |  3 ++-
 3 files changed, 32 insertions(+), 47 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 1da4c55..17ef9ae 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 # FROM mcr.microsoft.com/playwright:v1.20.0
-# Partially from https://github.com/microsoft/playwright/blob/main/utils/docker/Dockerfile.focal
+# Partially from https://github.com/microsoft/playwright/blob/main/utils/docker/Dockerfile.jammy
 FROM ubuntu:jammy
 
 # Configuration variables are at the end!
@@ -8,9 +8,9 @@ FROM ubuntu:jammy
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 ARG DEBIAN_FRONTEND=noninteractive
 
-# Install up-to-date node & npm, deps for virtual screen & noVNC, firefox, pip for apprise.
+# Install nodejs and deps for virtual display, noVNC, chromium, and pip for installing apprise.
 RUN apt-get update \
-    && apt-get install --no-install-recommends -y curl ca-certificates gnupg \
+    && apt-get install -y --no-install-recommends curl ca-certificates gnupg \
     && mkdir -p /etc/apt/keyrings \
     && curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg \
     && echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list \
@@ -23,43 +23,38 @@ RUN apt-get update \
       novnc websockify \
       dos2unix \
       python3-pip \
-    # && npx playwright install-deps firefox \
-    && apt-get install --no-install-recommends -y \
-      libgtk-3-0 \
-      libasound2 \
-      libxcomposite1 \
-      libpangocairo-1.0-0 \
-      libpango-1.0-0 \
+    # RUN npx patchright install-deps chromium
+    # ^ installing deps manually instead saved ~130MB:
+    && apt-get install -y --no-install-recommends \
+      libnss3 \
+      libnspr4 \
       libatk1.0-0 \
-      libcairo-gobject2 \
+      libatk-bridge2.0-0 \
+      libcups2 \
+      libxkbcommon0 \
+      libatspi2.0-0 \
+      libxcomposite1 \
+      libgbm1 \
+      libpango-1.0-0 \
       libcairo2 \
-      libgdk-pixbuf-2.0-0 \
-      libdbus-glib-1-2 \
-      libxcursor1 \
+      libasound2 \
     && apt-get autoremove -y \
+    # https://www.perplexity.ai/search/what-files-do-i-need-to-remove-imjwdphNSUWK98WzsmQswA
     && apt-get clean \
     && rm -rf \
+      /var/lib/apt/lists/* \
+      /var/cache/* \
+      /var/tmp/* \
       /tmp/* \
       /usr/share/doc/* \
-      /var/cache/* \
-      /var/lib/apt/lists/* \
-      /var/tmp/*
-
-# RUN node --version
-# RUN npm --version
-
-RUN ln -s /usr/share/novnc/vnc_auto.html /usr/share/novnc/index.html
-RUN pip install --no-cache-dir apprise
+    && ln -s /usr/share/novnc/vnc_auto.html /usr/share/novnc/index.html \
+    && pip install --no-cache-dir apprise
 
 WORKDIR /fgc
 COPY package*.json ./
 
-# Playwright installs patched firefox to ~/.cache/ms-playwright/firefox-*
-# Requires some system deps to run (see inlined install-deps above).
-RUN npm install
-# Old: PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD + install firefox (had to be done after `npm install` to get the correct version). Now: playwright-firefox as npm dep and `npm install` will only install that.
-# From 1.38 Playwright will no longer install browser automatically for playwright, but apparently still for playwright-firefox: https://github.com/microsoft/playwright/releases/tag/v1.38.0
-# RUN npx playwright install firefox
+# --no-shell to avoid installing chromium_headless_shell (307MB) since headless mode could be detected without patching the browser itself
+RUN npm install && npx patchright install chromium --no-shell && du -h -d1 ~/.cache/ms-playwright
 
 COPY . .
 
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
index 7b321a1..43337cc 100755
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -6,28 +6,16 @@ echo "Version: https://github.com/vogler/free-games-claimer/tree/${COMMIT}"
 [ -n "$BRANCH" ] && [ "$BRANCH" != "main" ] && echo "Branch: ${BRANCH}"
 echo "Build: $NOW"
 
+BROWSER="${BROWSER_DIR:-data/browser}"
+
 # Remove chromium profile lock.
 # When running in docker and then killing it, on the next run chromium displayed a dialog to unlock the profile which made the script time out.
 # Maybe due to changed hostname of container or due to how the docker container kills playwright - didn't check.
 # https://bugs.chromium.org/p/chromium/issues/detail?id=367048
-rm -f /fgc/data/browser/SingletonLock
-
-# Firefox preferences are stored in $BROWSER_DIR/pref.js and can be overridden by a file user.js
-# Since this file has to be in the volume (data/browser), we can't do this in Dockerfile.
-mkdir -p /fgc/data/browser
-# fix for 'Incorrect response' after solving a captcha correctly - https://github.com/vogler/free-games-claimer/issues/261#issuecomment-1868385830
-# echo 'user_pref("privacy.resistFingerprinting", true);' > /fgc/data/browser/user.js
-cat <<EOT >/fgc/data/browser/user.js
-user_pref("privacy.resistFingerprinting", true);
-// user_pref("privacy.resistFingerprinting.letterboxing", true);
-// user_pref("browser.contentblocking.category", "strict");
-// user_pref("webgl.disabled", true);
-EOT
-# TODO disable session restore message?
+rm -f /fgc/$BROWSER/SingletonLock
 
 # Remove X server display lock, fix for `docker compose up` which reuses container which made it fail after initial run, https://github.com/vogler/free-games-claimer/issues/31
-# echo $DISPLAY
-# ls -l /tmp/.X11-unix/
+# Maybe no longer needed after adding #478's -nolisten unix below
 rm -f /tmp/.X1-lock
 
 # 6000+SERVERNUM is the TCP port Xvfb is listening on:
@@ -36,10 +24,11 @@ rm -f /tmp/.X1-lock
 # Options passed directly to the Xvfb server:
 # -ac disables host-based access control mechanisms
 # −screen NUM WxHxD creates the screen and sets its width, height, and depth
+# -nolisten unix tells the server not to use Unix domain sockets, thus avoiding the need to create /tmp/.X11-unix
 
 export DISPLAY=:1 # need to export this, otherwise playwright complains with 'Looks like you launched a headed browser without having a XServer running.'
 Xvfb $DISPLAY -ac -screen 0 "${WIDTH}x${HEIGHT}x${DEPTH}" &
-echo "Xvfb display server created screen with resolution ${WIDTH}x${HEIGHT}"
+echo "Xvfb display server created screen with resolution ${WIDTH}x${HEIGHT} -nolisten unix"
 if [ -z "$VNC_PASSWORD" ]; then
 	pw="-nopw"
 	pwt="no password!"
diff --git a/epic-games.js b/epic-games.js
index e0841d2..c182e7b 100644
--- a/epic-games.js
+++ b/epic-games.js
@@ -31,7 +31,8 @@ const context = await chromium.launchPersistentContext(cfg.dir.browser, {
   args: [
     '--hide-crash-restore-bubble',
   ],
-  chromiumSandbox: true, // https://github.com/Kaliiiiiiiiii-Vinyzu/patchright/issues/52
+  // The following makes the browser crash in docker with 'Chromium sandboxing failed!':
+  // chromiumSandbox: true, // https://github.com/Kaliiiiiiiiii-Vinyzu/patchright/issues/52
 });
 
 // console.log(context.browser().browserType()); // browser is null...