Frontend: - Creiez frontend/lib/auth.ts cu saveToken, getToken, getAuthHeader, clearAuth - Modific api.ts: axiosInstance cu interceptor Bearer token + 401 → /login redirect - Modific login page: salveaza JWT token din response Backend: - [H-02] Integrez slowapi rate limiting: 10 req/minute pe /items/extract-label - [M-01] CORS: ALLOWED_ORIGINS din env (dev fallback: localhost:3000, localhost:3002) - [C-01] JWT_SECRET_KEY din env (dev fallback: ephemeral key) docker-compose.yml: - Adaug ALLOWED_ORIGINS env var (dev: localhost) - Adaug JWT_SECRET_KEY env var cu fallback warning Status: - ✅ JWT backend: complet - ✅ JWT frontend: token save + attach + 401 handling - ✅ Rate limiting: 10/min pe extract-label - ✅ CORS: configurable via env Gata pentru dev + testing local. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
58 lines
1.4 KiB
YAML
58 lines
1.4 KiB
YAML
version: '3.8'
|
|
|
|
services:
|
|
backend:
|
|
build:
|
|
context: .
|
|
dockerfile: backend/Dockerfile
|
|
networks:
|
|
- inventory_net
|
|
ports:
|
|
- "8000:8000"
|
|
volumes:
|
|
- ./data:/app/data
|
|
- ./logs:/app/logs
|
|
environment:
|
|
- DATA_DIR=/app/data
|
|
- LOGS_DIR=/app/logs
|
|
# [M-01] CORS allowed origins — personalizează pentru producție
|
|
- ALLOWED_ORIGINS=http://localhost:3000,http://localhost:3002
|
|
# [C-01] JWT secret key — GENEREAZĂ O VALOARE SIGURĂ PENTRU PRODUCȚIE!
|
|
- JWT_SECRET_KEY=${JWT_SECRET_KEY:-change-me-in-production}
|
|
restart: unless-stopped
|
|
|
|
frontend:
|
|
build:
|
|
context: .
|
|
dockerfile: frontend/Dockerfile
|
|
networks:
|
|
- inventory_net
|
|
ports:
|
|
- "3000:3000"
|
|
volumes:
|
|
- ./logs:/app/logs
|
|
# Write Next.js logs to both stdout (docker logs) and file (mapped volume)
|
|
command: sh -c "mkdir -p /app/logs && node server.js 2>&1 | tee -a /app/logs/frontend.log"
|
|
restart: unless-stopped
|
|
|
|
proxy:
|
|
image: caddy:alpine
|
|
networks:
|
|
- inventory_net
|
|
ports:
|
|
- "3002:3002"
|
|
- "3003:3003"
|
|
volumes:
|
|
- ./Caddyfile:/etc/caddy/Caddyfile
|
|
# Persist the internal Caddy certificates so users don't get new certificate warnings constantly
|
|
- ./data/caddy_data:/data
|
|
- ./data/caddy_config:/config
|
|
depends_on:
|
|
- frontend
|
|
- backend
|
|
restart: unless-stopped
|
|
|
|
networks:
|
|
inventory_net:
|
|
driver: bridge
|