feat: Production Docker, Security Hardening, BullMQ Queues & Swagger DTOs#1076
Open
RUKAYAT-CODER wants to merge 1 commit into
Open
Conversation
BE-03 (Docker + CI): - Add multi-stage backend/Dockerfile (node:20-alpine, EXPOSE 6006) - Add multi-stage frontend/Dockerfile (standalone Next.js, EXPOSE 3000) - Add docker-compose.prod.yml with postgres, redis, backend, frontend services - Add .github/workflows/backend-ci.yml (lint, test, build, migration dry-run) - Add .github/workflows/frontend-ci.yml (type-check, lint, build) - Add backend/.npmrc for legacy-peer-deps compatibility BE-04 (Security): - Add HTTP security headers to frontend/next.config.ts (CSP, X-Frame-Options, HSTS, etc.) - Add output:standalone and Cloudinary remotePattern to next.config.ts - Add backend/src/api-keys/ module (entity, service, guard, controller) - Update env-validation with JWT_SECRET as required, add REDIS_HOST/PORT/PASSWORD, Twilio, Web Push, Stellar contract vars, and PLATFORM_FEE_PERCENT - Add .env.example with all environment variables documented BE-05 (BullMQ + Cron Jobs): - Install @nestjs/bullmq and bullmq - Add backend/src/queue/ module with three named queues: stellar-anchor, email-send, pdf-generate with 3-attempt exponential backoff - Add processor classes with updateProgress(25/50/75/100) pattern - Add backend/src/tasks/ module with stuck-shipment check (daily 2AM) and temp-file cleanup (daily 3AM) cron jobs - Add GET /admin/queue/stats endpoint returning job counts per queue - Register BullModule.forRootAsync in AppModule using REDIS_HOST/PORT BE-09 (Swagger DTOs): - Create BidResponseDto, AddressResponseDto, ReviewResponseDto, WebhookResponseDto, AuditLogResponseDto - Add @apiresponse({ type }) to GET endpoints in bids, addresses, reviews, webhooks, audit-log controllers Fixes: correct HealthIndicatorResult return type in cloudinary, smtp, and db health indicators (was HealthCheckResult) Closes CodeGirlsInc#960 Closes CodeGirlsInc#961 Closes CodeGirlsInc#962 Closes CodeGirlsInc#969
|
@RUKAYAT-CODER is attempting to deploy a commit to the Mftee's projects Team on Vercel. A member of the Team first needs to authorize it. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
docker-compose.prod.ymlwith postgres/redis/backend/frontend services and health checks, plus separatebackend-ci.ymlandfrontend-ci.ymlGitHub Actions workflowsapi-keysmodule with cryptographic key generation/validation viaX-API-Keyguard, full environment variable audit with Joi schema and.env.examplestellar-anchor,email-send,pdf-generate) and processors with 3-attempt exponential backoff and progress tracking;TasksServicecron jobs for stuck-shipment flagging (daily 2AM) and temp-file cleanup (daily 3AM);GET /admin/queue/statsendpointBidResponseDto,AddressResponseDto,ReviewResponseDto,WebhookResponseDto,AuditLogResponseDto) with full@ApiPropertydecoration; typed@ApiResponseadded to GET endpoints so Swagger renders complete response schemasTest plan
docker build -f backend/Dockerfile backend/anddocker build -f frontend/Dockerfile frontend/complete without errorsdocker compose -f docker-compose.prod.yml upbrings all four services healthyPOST /api-keysreturns the full key once;GET /api-keysreturns prefix onlyX-API-Keyheader with a valid key authenticates a protected endpoint; expired/invalid key returns 401redis-cli keys bull:*)GET /admin/queue/statsreturns job counts for each queue (403 for non-admins)/docsshows populated request/response schemas for bids, addresses, reviews, webhookscurl -I http://localhost:3000)Closes #960
Closes #961
Closes #962
Closes #969