fix: require JWT auth on daily-chat endpoint, simplify Dockerfile Prisma generate
Build & Deploy Mobile / build-and-deploy (push) Failing after 10s
Build & Deploy Mobile / build-and-deploy (push) Failing after 10s
The /api/chat/daily route accepted a client-supplied userId with no auth check. Require a verified Bearer JWT and derive the user from the token instead. Also drop the manual openssl install and --schema flag from the Dockerfile now that a second `prisma generate` runs in the runner stage, and add a standard .dockerignore. Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01LwWLS2FYnE9ofqDF9hQFxA
This commit is contained in:
@@ -0,0 +1,12 @@
|
|||||||
|
node_modules
|
||||||
|
.next
|
||||||
|
.git
|
||||||
|
*.md
|
||||||
|
.env*
|
||||||
|
.gitignore
|
||||||
|
.eslint*
|
||||||
|
.prettier*
|
||||||
|
.next
|
||||||
|
npm-debug.log
|
||||||
|
yarn-debug.log
|
||||||
|
yarn-error.log
|
||||||
@@ -31,6 +31,8 @@ yarn-error.log*
|
|||||||
|
|
||||||
# Testing
|
# Testing
|
||||||
coverage/
|
coverage/
|
||||||
|
playwright-report/
|
||||||
|
test-results/
|
||||||
|
|
||||||
# Secrets (DO NOT COMMIT)
|
# Secrets (DO NOT COMMIT)
|
||||||
*.pem
|
*.pem
|
||||||
@@ -50,9 +52,14 @@ coverage/
|
|||||||
deno.lock
|
deno.lock
|
||||||
|
|
||||||
# SQLite dev database
|
# SQLite dev database
|
||||||
|
dev.db
|
||||||
|
dev.db-journal
|
||||||
prisma/dev.db
|
prisma/dev.db
|
||||||
prisma/dev.db-journal
|
prisma/dev.db-journal
|
||||||
|
|
||||||
|
# Generated service worker (serwist build output)
|
||||||
|
public/sw.js
|
||||||
|
|
||||||
# Claude (workspace config, not project code)
|
# Claude (workspace config, not project code)
|
||||||
.claude/*
|
.claude/*
|
||||||
!.claude/commands/
|
!.claude/commands/
|
||||||
|
|||||||
+2
-2
@@ -7,11 +7,10 @@ COPY package.json package-lock.json* ./
|
|||||||
RUN npm ci
|
RUN npm ci
|
||||||
|
|
||||||
FROM base AS builder
|
FROM base AS builder
|
||||||
RUN apt-get update && apt-get install -y --no-install-recommends openssl && rm -rf /var/lib/apt/lists/*
|
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
COPY --from=deps /app/node_modules ./node_modules
|
COPY --from=deps /app/node_modules ./node_modules
|
||||||
COPY . .
|
COPY . .
|
||||||
RUN npx prisma generate --schema=./prisma/schema.prisma && npm run build
|
RUN npx prisma generate && npm run build
|
||||||
|
|
||||||
FROM base AS runner
|
FROM base AS runner
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
@@ -23,6 +22,7 @@ RUN mkdir -p /app/data
|
|||||||
COPY --from=builder /app/.next/standalone ./
|
COPY --from=builder /app/.next/standalone ./
|
||||||
COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
|
COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
|
||||||
COPY --from=builder /app/prisma ./prisma
|
COPY --from=builder /app/prisma ./prisma
|
||||||
|
RUN npx prisma generate
|
||||||
RUN mkdir -p /app/public
|
RUN mkdir -p /app/public
|
||||||
USER nextjs
|
USER nextjs
|
||||||
EXPOSE 3000
|
EXPOSE 3000
|
||||||
|
|||||||
@@ -1,5 +1,6 @@
|
|||||||
import { NextRequest, NextResponse } from 'next/server'
|
import { NextRequest, NextResponse } from 'next/server'
|
||||||
import { prisma } from '@/lib/prisma'
|
import { prisma } from '@/lib/prisma'
|
||||||
|
import { verifyJWT } from '@/lib/auth'
|
||||||
|
|
||||||
// ─────────────────────────────────────────────
|
// ─────────────────────────────────────────────
|
||||||
// Greeting pools — tiered by engagement level
|
// Greeting pools — tiered by engagement level
|
||||||
@@ -44,10 +45,15 @@ function pickRandom<T>(pool: T[]): T {
|
|||||||
|
|
||||||
export async function POST(req: NextRequest) {
|
export async function POST(req: NextRequest) {
|
||||||
try {
|
try {
|
||||||
const { userId } = await req.json()
|
const authHeader = req.headers.get('authorization')
|
||||||
if (!userId) {
|
if (!authHeader?.startsWith('Bearer ')) {
|
||||||
return NextResponse.json({ error: 'userId required' }, { status: 400 })
|
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
|
||||||
}
|
}
|
||||||
|
const payload = await verifyJWT(authHeader.slice(7))
|
||||||
|
if (!payload) {
|
||||||
|
return NextResponse.json({ error: 'Invalid token' }, { status: 401 })
|
||||||
|
}
|
||||||
|
const userId = payload.id
|
||||||
|
|
||||||
const user = await prisma.user.findUnique({ where: { id: userId } })
|
const user = await prisma.user.findUnique({ where: { id: userId } })
|
||||||
if (!user) {
|
if (!user) {
|
||||||
|
|||||||
Reference in New Issue
Block a user