mirror of
https://github.com/AmruthPillai/Reactive-Resume.git
synced 2026-07-09 20:44:53 +10:00
bdfb854602
* fix: resolve local data directory to /app/data in production Docker In the official Docker image, cwd is /app/apps/web (set via WORKDIR), but the data volume is mounted at /app/data. Without pnpm-workspace.yaml present in the runtime image, findWorkspaceRoot() returns null, so getLocalDataDirectory() fell back to <cwd>/data = /app/apps/web/data, which the node user has no permission to create. This caused the storage healthcheck to fail with EACCES. Add a production fallback: when cwd ends in apps/web, resolve the data directory to two levels up (matching /app/data in the official image). Re-resolves #2990. https://claude.ai/code/session_015pSTtukxf7mFTty2Y6PHZf * fix: replace apps/web heuristic with LOCAL_STORAGE_PATH env var The previous fix special-cased a cwd ending in apps/web to land on /app/data, but the heuristic could false-positive on any path with that suffix and was fragile to Dockerfile changes. pnpm-workspace.yaml is never copied into the runtime image, so the workspace-root walk was also dead code in production. Replace the heuristic with an explicit LOCAL_STORAGE_PATH env var: - Set LOCAL_STORAGE_PATH=/app/data in the Dockerfile (single source of truth). - Add LOCAL_STORAGE_PATH to the env schema; storage and statistics services pass it through to getLocalDataDirectory. - getLocalDataDirectory now uses the override when set, else workspace root (dev), else cwd/data. - New Nitro plugin validates the resolved local data directory at startup and refuses to boot with a clear error if it isn't writable, surfacing permission issues immediately instead of at first upload/healthcheck. - Document the new variable in .env.example and the Docker self-hosting docs. https://claude.ai/code/session_015pSTtukxf7mFTty2Y6PHZf * fix: address review feedback on storage path handling - apps/web/plugins/2.storage.ts: use the default-import style for node:fs/promises (matches the rest of the repo, sidesteps any named-export concerns for fs.constants). - packages/env/src/server.ts: reject relative LOCAL_STORAGE_PATH values via a zod refinement. Relative paths would be resolved against cwd, which differs between dev and Docker — exactly the same surprise the original bug had. Failing fast at config validation time gives a clear error before the server boots. https://claude.ai/code/session_015pSTtukxf7mFTty2Y6PHZf * fix: update data volume configuration in Docker Compose and enhance Nitro plugin * fix: remove "Can I customize the templates?" FAQ entry from multiple language files --------- Co-authored-by: Claude <noreply@anthropic.com>
102 lines
3.4 KiB
Bash
102 lines
3.4 KiB
Bash
# --- Application ---
|
|
# Port used by the web server in local development and self-hosted containers.
|
|
PORT="3000"
|
|
|
|
# Public URL where the app is served. Used for auth callbacks, OAuth issuer URLs,
|
|
# OpenGraph metadata, and absolute upload URLs.
|
|
APP_URL="http://localhost:3000"
|
|
|
|
# --- Database (PostgreSQL) ---
|
|
# PostgreSQL connection URL. In Docker Compose, the hostname is usually `postgres`;
|
|
# when running directly on your machine, `localhost` is typical.
|
|
DATABASE_URL="postgresql://postgres:postgres@localhost:5432/postgres"
|
|
|
|
# --- Authentication ---
|
|
# Generated using `openssl rand -hex 32`
|
|
AUTH_SECRET="change-me-to-a-secure-secret-key-in-production"
|
|
|
|
# Better Auth Dashboard (optional)
|
|
# Enables the Better Auth Dashboard plugin when set, you probably don't need this.
|
|
BETTER_AUTH_API_KEY=""
|
|
|
|
# Social Auth (Google, optional)
|
|
# Set both values to enable Google sign-in.
|
|
GOOGLE_CLIENT_ID=""
|
|
GOOGLE_CLIENT_SECRET=""
|
|
|
|
# Social Auth (GitHub, optional)
|
|
# Set both values to enable GitHub sign-in.
|
|
GITHUB_CLIENT_ID=""
|
|
GITHUB_CLIENT_SECRET=""
|
|
|
|
# Social Auth (LinkedIn, optional)
|
|
# Set both values to enable LinkedIn sign-in.
|
|
LINKEDIN_CLIENT_ID=""
|
|
LINKEDIN_CLIENT_SECRET=""
|
|
|
|
# Custom OAuth Provider (optional)
|
|
# Set OAUTH_CLIENT_ID and OAUTH_CLIENT_SECRET plus either OAUTH_DISCOVERY_URL or
|
|
# the three manual endpoint URLs below.
|
|
OAUTH_PROVIDER_NAME=""
|
|
OAUTH_CLIENT_ID=""
|
|
OAUTH_CLIENT_SECRET=""
|
|
OAUTH_DISCOVERY_URL=""
|
|
OAUTH_AUTHORIZATION_URL=""
|
|
OAUTH_TOKEN_URL=""
|
|
OAUTH_USER_INFO_URL=""
|
|
|
|
# Space-separated scopes requested from the custom OAuth provider.
|
|
OAUTH_SCOPES="openid profile email"
|
|
|
|
# Comma-separated extra hosts/origins allowed for dynamic OAuth client redirect URIs.
|
|
# By default, only the APP_URL origin is allowed.
|
|
OAUTH_DYNAMIC_CLIENT_REDIRECT_HOSTS=""
|
|
|
|
# --- Email (optional) ---
|
|
# If SMTP_HOST, SMTP_USER, SMTP_PASS, or SMTP_FROM is missing, the app logs the
|
|
# email to the console instead.
|
|
SMTP_HOST="localhost"
|
|
SMTP_PORT="1025"
|
|
SMTP_USER=""
|
|
SMTP_PASS=""
|
|
SMTP_FROM="Reactive Resume <noreply@rxresu.me>"
|
|
SMTP_SECURE="false"
|
|
|
|
# --- Storage (optional) ---
|
|
# If all S3 keys are disabled, the app uses local filesystem storage instead.
|
|
# Make sure to mount this directory to a volume or the host filesystem to ensure data integrity.
|
|
# LOCAL_STORAGE_PATH overrides where local uploads/cache are written.
|
|
# Defaults to /app/data in the official Docker image; in dev, defaults to <workspace>/data.
|
|
# LOCAL_STORAGE_PATH="/app/data"
|
|
|
|
# Seaweedfs
|
|
S3_ACCESS_KEY_ID="seaweedfs"
|
|
S3_SECRET_ACCESS_KEY="seaweedfs"
|
|
S3_REGION="us-east-1"
|
|
S3_ENDPOINT="http://localhost:8333"
|
|
S3_BUCKET="reactive-resume"
|
|
S3_FORCE_PATH_STYLE="true"
|
|
|
|
# --- Feature Flags ---
|
|
# This flag disables new signups, both on the web app and the server.
|
|
FLAG_DISABLE_SIGNUPS="false"
|
|
|
|
# This flag disables email/password login. Disables email verification, forgot password, and reset password flows.
|
|
# Users can still sign up via social auth (Google/GitHub/Custom OAuth), unless FLAG_DISABLE_SIGNUPS is also set to true.
|
|
FLAG_DISABLE_EMAIL_AUTH="false"
|
|
|
|
# This flag disables the image processing.
|
|
# This is useful if you are using a machine with limited resources, like a Raspberry Pi.
|
|
FLAG_DISABLE_IMAGE_PROCESSING="false"
|
|
|
|
# --- Others ---
|
|
# Google Cloud API Key (optional)
|
|
# For font-list generation tooling.
|
|
# Requires "Google Fonts Developer API" to be enabled.
|
|
GOOGLE_CLOUD_API_KEY=""
|
|
|
|
# Crowdin (optional)
|
|
# For translation tooling.
|
|
CROWDIN_PROJECT_ID=""
|
|
CROWDIN_API_TOKEN=""
|