fix: require JWT auth on daily-chat endpoint, simplify Dockerfile Prisma generate
Build & Deploy Mobile / build-and-deploy (push) Failing after 10s

The /api/chat/daily route accepted a client-supplied userId with no
auth check. Require a verified Bearer JWT and derive the user from
the token instead. Also drop the manual openssl install and
--schema flag from the Dockerfile now that a second `prisma generate`
runs in the runner stage, and add a standard .dockerignore.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01LwWLS2FYnE9ofqDF9hQFxA
This commit is contained in:
FalahMobile
2026-07-09 12:11:56 +08:00
parent f3bb801715
commit 93e26d749d
4 changed files with 30 additions and 5 deletions
+12
View File
@@ -0,0 +1,12 @@
node_modules
.next
.git
*.md
.env*
.gitignore
.eslint*
.prettier*
.next
npm-debug.log
yarn-debug.log
yarn-error.log
+7
View File
@@ -31,6 +31,8 @@ yarn-error.log*
# Testing # Testing
coverage/ coverage/
playwright-report/
test-results/
# Secrets (DO NOT COMMIT) # Secrets (DO NOT COMMIT)
*.pem *.pem
@@ -50,9 +52,14 @@ coverage/
deno.lock deno.lock
# SQLite dev database # SQLite dev database
dev.db
dev.db-journal
prisma/dev.db prisma/dev.db
prisma/dev.db-journal prisma/dev.db-journal
# Generated service worker (serwist build output)
public/sw.js
# Claude (workspace config, not project code) # Claude (workspace config, not project code)
.claude/* .claude/*
!.claude/commands/ !.claude/commands/
+2 -2
View File
@@ -7,11 +7,10 @@ COPY package.json package-lock.json* ./
RUN npm ci RUN npm ci
FROM base AS builder FROM base AS builder
RUN apt-get update && apt-get install -y --no-install-recommends openssl && rm -rf /var/lib/apt/lists/*
WORKDIR /app WORKDIR /app
COPY --from=deps /app/node_modules ./node_modules COPY --from=deps /app/node_modules ./node_modules
COPY . . COPY . .
RUN npx prisma generate --schema=./prisma/schema.prisma && npm run build RUN npx prisma generate && npm run build
FROM base AS runner FROM base AS runner
WORKDIR /app WORKDIR /app
@@ -23,6 +22,7 @@ RUN mkdir -p /app/data
COPY --from=builder /app/.next/standalone ./ COPY --from=builder /app/.next/standalone ./
COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
COPY --from=builder /app/prisma ./prisma COPY --from=builder /app/prisma ./prisma
RUN npx prisma generate
RUN mkdir -p /app/public RUN mkdir -p /app/public
USER nextjs USER nextjs
EXPOSE 3000 EXPOSE 3000
+9 -3
View File
@@ -1,5 +1,6 @@
import { NextRequest, NextResponse } from 'next/server' import { NextRequest, NextResponse } from 'next/server'
import { prisma } from '@/lib/prisma' import { prisma } from '@/lib/prisma'
import { verifyJWT } from '@/lib/auth'
// ───────────────────────────────────────────── // ─────────────────────────────────────────────
// Greeting pools — tiered by engagement level // Greeting pools — tiered by engagement level
@@ -44,10 +45,15 @@ function pickRandom<T>(pool: T[]): T {
export async function POST(req: NextRequest) { export async function POST(req: NextRequest) {
try { try {
const { userId } = await req.json() const authHeader = req.headers.get('authorization')
if (!userId) { if (!authHeader?.startsWith('Bearer ')) {
return NextResponse.json({ error: 'userId required' }, { status: 400 }) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
} }
const payload = await verifyJWT(authHeader.slice(7))
if (!payload) {
return NextResponse.json({ error: 'Invalid token' }, { status: 401 })
}
const userId = payload.id
const user = await prisma.user.findUnique({ where: { id: userId } }) const user = await prisma.user.findUnique({ where: { id: userId } })
if (!user) { if (!user) {