fix: require JWT auth on daily-chat endpoint, simplify Dockerfile Prisma generate
Build & Deploy Mobile / build-and-deploy (push) Failing after 10s
Build & Deploy Mobile / build-and-deploy (push) Failing after 10s
The /api/chat/daily route accepted a client-supplied userId with no auth check. Require a verified Bearer JWT and derive the user from the token instead. Also drop the manual openssl install and --schema flag from the Dockerfile now that a second `prisma generate` runs in the runner stage, and add a standard .dockerignore. Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01LwWLS2FYnE9ofqDF9hQFxA
This commit is contained in:
@@ -0,0 +1,12 @@
|
||||
node_modules
|
||||
.next
|
||||
.git
|
||||
*.md
|
||||
.env*
|
||||
.gitignore
|
||||
.eslint*
|
||||
.prettier*
|
||||
.next
|
||||
npm-debug.log
|
||||
yarn-debug.log
|
||||
yarn-error.log
|
||||
@@ -31,6 +31,8 @@ yarn-error.log*
|
||||
|
||||
# Testing
|
||||
coverage/
|
||||
playwright-report/
|
||||
test-results/
|
||||
|
||||
# Secrets (DO NOT COMMIT)
|
||||
*.pem
|
||||
@@ -50,9 +52,14 @@ coverage/
|
||||
deno.lock
|
||||
|
||||
# SQLite dev database
|
||||
dev.db
|
||||
dev.db-journal
|
||||
prisma/dev.db
|
||||
prisma/dev.db-journal
|
||||
|
||||
# Generated service worker (serwist build output)
|
||||
public/sw.js
|
||||
|
||||
# Claude (workspace config, not project code)
|
||||
.claude/*
|
||||
!.claude/commands/
|
||||
|
||||
+2
-2
@@ -7,11 +7,10 @@ COPY package.json package-lock.json* ./
|
||||
RUN npm ci
|
||||
|
||||
FROM base AS builder
|
||||
RUN apt-get update && apt-get install -y --no-install-recommends openssl && rm -rf /var/lib/apt/lists/*
|
||||
WORKDIR /app
|
||||
COPY --from=deps /app/node_modules ./node_modules
|
||||
COPY . .
|
||||
RUN npx prisma generate --schema=./prisma/schema.prisma && npm run build
|
||||
RUN npx prisma generate && npm run build
|
||||
|
||||
FROM base AS runner
|
||||
WORKDIR /app
|
||||
@@ -23,6 +22,7 @@ RUN mkdir -p /app/data
|
||||
COPY --from=builder /app/.next/standalone ./
|
||||
COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
|
||||
COPY --from=builder /app/prisma ./prisma
|
||||
RUN npx prisma generate
|
||||
RUN mkdir -p /app/public
|
||||
USER nextjs
|
||||
EXPOSE 3000
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
import { NextRequest, NextResponse } from 'next/server'
|
||||
import { prisma } from '@/lib/prisma'
|
||||
import { verifyJWT } from '@/lib/auth'
|
||||
|
||||
// ─────────────────────────────────────────────
|
||||
// Greeting pools — tiered by engagement level
|
||||
@@ -44,10 +45,15 @@ function pickRandom<T>(pool: T[]): T {
|
||||
|
||||
export async function POST(req: NextRequest) {
|
||||
try {
|
||||
const { userId } = await req.json()
|
||||
if (!userId) {
|
||||
return NextResponse.json({ error: 'userId required' }, { status: 400 })
|
||||
const authHeader = req.headers.get('authorization')
|
||||
if (!authHeader?.startsWith('Bearer ')) {
|
||||
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
|
||||
}
|
||||
const payload = await verifyJWT(authHeader.slice(7))
|
||||
if (!payload) {
|
||||
return NextResponse.json({ error: 'Invalid token' }, { status: 401 })
|
||||
}
|
||||
const userId = payload.id
|
||||
|
||||
const user = await prisma.user.findUnique({ where: { id: userId } })
|
||||
if (!user) {
|
||||
|
||||
Reference in New Issue
Block a user