grant/proof-of-work
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
990f5582b85df3b521fefb396913b873eb3d1597
proof-of-work/start9/0.4/Dockerfile
T
Keysat 990f5582b8 Typed Prisma queries, bcrypt native, CSP nonces, /api/me/import, more tests 
Typed Prisma queries
- where: any in app/api/workouts/route.ts (GET + POST) and
  lib/db/workouts.ts replaced with Prisma.WorkoutWhereInput +
  Prisma.WorkoutCreateInput + Prisma.DateTimeFilter. Catches typos
  at compile time and surfaces query shape directly in tooltips.

Workout import endpoint tests (tests/routes-import.test.ts)
- 7 tests covering /api/workouts/import/save: 401 unauthenticated,
  empty workouts rejected, case-insensitive name matching against
  existing exercises, new-exercise creation with isCustom=true and
  type='other' default, explicit existingExerciseId honored over
  name lookup, multiple workouts per call, sequential setNumber
  per exercise per workout.

bcryptjs -> bcrypt (native)
- Roughly 10x faster than the pure-JS implementation under load —
  login latency drops from ~250ms to ~25ms. Hash format is fully
  cross-compatible with bcryptjs ($2a$ / $2b$ both verify), so
  existing user passwords keep working without migration.
- Dockerfile builder stage adds python3 + make + g++ as a safety net
  for native node-gyp compilation on alpine when prebuilt binaries
  aren't available.
- Runner stage explicitly COPYs node_modules/bcrypt so the .node
  binding is unambiguously present even if Next.js standalone
  tracing somehow misses it.
- StartOS package's changeAdminCredentials.ts keeps bcryptjs (it's
  bundled by ncc into a single JS file and runs only on the rare
  admin action; native bcrypt would require shipping the .node
  binding through ncc which it doesn't handle gracefully).

CSP nonces (middleware.ts + next.config.js)
- Per-request nonce generated in middleware. Forwarded to Next via
  the x-nonce request header, which Next 13.4+ automatically stamps
  onto its inline bootstrap scripts. CSP response header includes
  `'nonce-${nonce}' 'strict-dynamic'`, dropping the previous
  `'unsafe-inline'` from script-src.
- Static CSP removed from next.config.js (middleware-set headers
  override static ones, so keeping both was redundant).
- Middleware matcher widened to all paths except static assets so
  the CSP applies to every page response. Existing /main + /api
  auth gating preserved.
- style-src keeps 'unsafe-inline' — Next/Tailwind still inject
  critical inline <style>; tightening that requires hash-based
  style-src or per-style nonce stamping (Next doesn't auto-do
  either). Worth a follow-up if you want the cleanest possible CSP.

/api/me/import (mirror of /api/me/export)
- Accepts the same JSON shape /api/me/export emits (schema string
  validated: only `proof-of-work-export@1` accepted today).
- mode: 'merge' (default) — adds imported rows; existing exercises
  with matching names are NOT overwritten (the user's custom version
  wins). All workout sets with a known exercise get rebound to the
  user's actual exercise id via name lookup.
- mode: 'replace' — wipes the user's exercises/workouts/sets first,
  then imports. Requires `confirm: "REPLACE"` in the body.
- Always scoped to the actor — never touches other users' data.
- Profile/admin flag/sessions/InstanceSettings deliberately not
  imported (account identity stays put).
- 7 tests cover: 401, schema rejection, merge create+skip, replace
  confirmation gate, replace wipes-then-imports, isolation across
  users.
- ExportMyData component grew Import (merge) + Import (replace)
  buttons with native browser confirm() before the destructive
  replace.

Test suite now 81 tests across 9 files in ~2.6s.
2026-05-09 11:05:03 -05:00

98 lines
4.0 KiB
Docker
Raw Blame History

# syntax=docker/dockerfile:1.6
#
# Proof of Work (proof-of-work) — StartOS 0.4 package image.
#
# Build context: repo root (see manifest.images.main.source.dockerBuild.workdir
# which is set to '../..' so all COPY paths below are repo-root-relative).
#
# This Dockerfile is self-contained: it references only files under
# `proof-of-work/` (the upstream app) and `start9/0.4/` (this wrapper).
#
# Data preservation (v1.0.0:1 — initial seeded cutover):
# - This image bakes a one-time snapshot of the maintainer's live /data
# volume under /app/seed/data so the cutover from the legacy `workout-log`
# package preserves every workout, exercise, and preference.
# - docker_entrypoint.sh copies the seed into the StartOS-managed /data
# volume only on a truly-fresh first boot (both /data/app.db missing AND
# /data/.seeded absent). Every subsequent boot leaves /data alone.
# - v1.0.0:2 will strip the seed copy from the image and the seed-copy
# branch from the entrypoint once the cutover is verified in production.
# - A tiny empty-schema fallback DB is also COPYed from the builder stage
# (at /app/prisma/data/app.db) as a safety net for fresh sideloads on a
# brand-new host with no existing /data and no baked seed.
FROM node:20-alpine AS builder
WORKDIR /app
# openssl: Prisma engine runtime
# python3 + make + g++: native node-gyp builds (bcrypt). Even when the
# `bcrypt` npm package ships musl prebuilts, a postinstall fallback
# compile is the safety net — no compile, no boot.
RUN apk add --no-cache openssl python3 make g++
COPY proof-of-work/package.json proof-of-work/package-lock.json ./
RUN npm ci
COPY proof-of-work/ ./
RUN npx prisma generate
# Build a fallback empty-but-schema-correct DB. Used by docker_entrypoint.sh
# only when /data has no app.db AND no baked seed is available (i.e. after
# v1.0.0:2 strips the seed). Seeded with the curated exercise library via
# `npm run db:seed`, so a brand-new install still gets the full library.
RUN mkdir -p /tmp-seed \
&& DATABASE_URL=file:/tmp-seed/app.db npx prisma db push --skip-generate \
&& DATABASE_URL=file:/tmp-seed/app.db npm run db:seed
RUN npm run build
FROM node:20-alpine AS runner
WORKDIR /app
RUN apk add --no-cache dumb-init curl openssl sqlite \
&& addgroup -S nodejs -g 1001 \
&& adduser -S nextjs -u 1001 -G nodejs
ENV NODE_ENV=production \
HOSTNAME=0.0.0.0 \
PORT=3000 \
WORKOUT_DATA_DIR=/data \
WORKOUT_DB_PATH=/data/app.db \
WORKOUT_FALLBACK_SEED_DB_PATH=/app/prisma/data/app.db \
WORKOUT_BAKED_SEED_DB_PATH=/app/seed/data/app.db \
WORKOUT_LIBRARY_JSON_PATH=/app/prisma/exercises.seed.json
# Next.js standalone runtime bundle
COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
COPY --from=builder --chown=nextjs:nodejs /app/public ./public
COPY --from=builder --chown=nextjs:nodejs /app/prisma ./prisma
# Native bcrypt binding. Next.js standalone tracing usually picks up
# the .node file but we copy explicitly as a belt-and-braces guard —
# bundling failures here surface as auth being silently broken at boot.
COPY --from=builder --chown=nextjs:nodejs /app/node_modules/bcrypt ./node_modules/bcrypt
# Empty-schema fallback DB (used only when no baked seed is available on a
# brand-new sideload).
COPY --from=builder --chown=nextjs:nodejs /tmp-seed/app.db /app/prisma/data/app.db
# Baked one-time cutover seed: the maintainer's live /data snapshot pulled
# off the running `workout-log` host via refresh_seed.sh. Copied into /data
# only on truly-fresh first boot. Removed in v1.0.0:2.
COPY --chown=nextjs:nodejs start9/0.4/seed/data /app/seed/data
# Container entrypoint and diagnostic healthcheck
COPY start9/0.4/docker_entrypoint.sh /usr/local/bin/docker_entrypoint.sh
COPY start9/0.4/healthcheck.sh /usr/local/bin/healthcheck.sh
RUN chmod +x /usr/local/bin/docker_entrypoint.sh /usr/local/bin/healthcheck.sh \
&& mkdir -p /data \
&& chown -R nextjs:nodejs /app /data
EXPOSE 3000
ENTRYPOINT ["dumb-init", "--", "/usr/local/bin/docker_entrypoint.sh"]
Reference in New Issue View Git Blame Copy Permalink