Skip to content

chore: fix some small issue for deploy #161

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Mar 5, 2025
Merged

chore: fix some small issue for deploy #161

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
4ee26b8
feat(backend): update email confirmation logic and add database confi…
Sma1lboy Mar 5, 2025
c9f2892
feat(frontend): add URL protocol prefix handling and update environme…
Sma1lboy Mar 5, 2025
24f2d1d
feat(docker): add Traefik configuration for reverse proxy and TLS sup…
Sma1lboy Mar 5, 2025
a225283
[autofix.ci] apply automated fixes
autofix-ci[bot] Mar 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions backend/src/auth/auth.service.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@
) {
// Read the MAIL_ENABLED environment variable, default to 'true'
this.isMailEnabled =
this.configService.get<string>('MAIL_ENABLED', 'true').toLowerCase() ===
this.configService.get<string>('MAIL_ENABLED', 'false').toLowerCase() ===
'true';
}

Expand Down Expand Up @@ -80,7 +80,7 @@
message: 'Email already confirmed or user not found.',
success: false,
};
} catch (error) {

Check warning on line 83 in backend/src/auth/auth.service.ts

View workflow job for this annotation

GitHub Actions / autofix 

'error' is defined but never used
return {
message: 'Invalid or expired token',
success: false,
Expand Down Expand Up @@ -192,7 +192,7 @@
throw new UnauthorizedException('Invalid credentials');
}

if (!user.isEmailConfirmed) {
if (!user.isEmailConfirmed && this.isMailEnabled) {
throw new Error('Email not confirmed. Please check your inbox.');
}

Expand Down Expand Up @@ -252,7 +252,7 @@
}

return true;
} catch (error) {

Check warning on line 255 in backend/src/auth/auth.service.ts

View workflow job for this annotation

GitHub Actions / autofix 

'error' is defined but never used
return false;
}
}
Expand Down
23 changes: 22 additions & 1 deletion backend/src/config/env.validation.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,27 @@
import { IsOptional, IsString, IsNumber, IsIn } from 'class-validator';
import { IsOptional, IsString, IsNumber, IsIn, IsPort } from 'class-validator';

export class EnvironmentVariables {
// Database Configuration - all optional
@IsOptional()
@IsString()
DB_HOST?: string;

@IsOptional()
@IsPort()
DB_PORT?: string;

@IsOptional()
@IsString()
DB_USERNAME?: string;

@IsOptional()
@IsString()
DB_PASSWORD?: string;

@IsOptional()
@IsString()
DB_DATABASE?: string;

@IsNumber()
PORT: number;

Expand Down
1 change: 1 addition & 0 deletions backend/template/react-ts/vite.config.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,5 +30,6 @@ export default defineConfig({
watch: {
usePolling: true,
},
allowedHosts: true,
},
});
11 changes: 1 addition & 10 deletions codefox-common/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,20 +5,11 @@
"main": "dist/cjs/index.js",
"module": "dist/esm/index.js",
"types": "dist/types/index.d.ts",
"exports": {
".": {
"import": "./dist/esm/index.js",
"require": "./dist/cjs/index.js",
"types": "./dist/types/index.d.ts",
"default": "./dist/esm/index.js"
},
"./dist/*": "./dist/*"
},
"files": [
"dist"
],
"scripts": {
"build": "pnpm run build:cjs && pnpm run build:esm && pnpm run build:types",
"build": "rimraf dist && pnpm run build:cjs && pnpm run build:esm && pnpm run build:types",
"build:frontend": "pnpm run build",
"build:backend": "pnpm run build",
"build:cjs": "tsc -p tsconfig.cjs.json",
Expand Down
29 changes: 29 additions & 0 deletions docker/docker-compose.pord.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
version: '3'

services:
reverse-proxy:
image: traefik:v3.3
command:
- '--api.insecure=true'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Security concern: Traefik API is enabled in insecure mode.

Enabling Traefik's API in insecure mode (--api.insecure=true) in a production environment exposes the dashboard without authentication, which could be a security risk.

Consider either:

  1. Disabling the API in production
- - '--api.insecure=true'
+ # API disabled in production for security
  1. Or securing it with authentication and HTTPS:
- - '--api.insecure=true'
+ - '--api.dashboard=true'
+ - '--api.insecure=false'
+ - '--entrypoints.traefik.address=:9001'
+ - '--entrypoints.traefik.http.tls=true'
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- '--api.insecure=true'
# API disabled in production for security
Suggested change
- '--api.insecure=true'
- '--api.dashboard=true'
- '--api.insecure=false'
- '--entrypoints.traefik.address=:9001'
- '--entrypoints.traefik.http.tls=true'

- '--providers.docker=true'
- '--providers.docker.exposedbydefault=false'
- '--providers.file.directory=/etc/traefik/config'
- '--providers.file.watch=true'
- '--entrypoints.web.address=:80'
- '--entrypoints.websecure.address=:443'
ports:
- '80:80'
- '443:443'
- '9001:8080'
volumes:
- /var/run/docker.sock:/var/run/docker.sock
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Security concern: Docker socket is mounted as a volume.

Mounting the Docker socket (/var/run/docker.sock) gives Traefik full access to the Docker daemon, which is a significant security risk if Traefik is compromised.

Consider using a more secure approach:

  • Use Docker socket proxy to limit access
  • Apply proper permissions
  • Or use alternative Docker provider methods
- - /var/run/docker.sock:/var/run/docker.sock
+ # Use a socket proxy with limited permissions instead
+ - socket-proxy:/var/run/docker.sock

You would then need to add a socket proxy service to your compose file.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- /var/run/docker.sock:/var/run/docker.sock
# Use a socket proxy with limited permissions instead
- socket-proxy:/var/run/docker.sock

- /etc/letsencrypt:/etc/letsencrypt
- ./traefik-config:/etc/traefik/config
networks:
- traefik_network
extra_hosts:
Comment on lines +22 to +24
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Network name inconsistency with code reference.

The network defined here (traefik_network) doesn't match the network referenced in the Docker run command in route.ts (codefox_traefik_network).

Ensure network names are consistent across all files:

networks:
-  traefik_network:
+  codefox_traefik_network:
    driver: bridge

Committable suggestion skipped: line range outside the PR's diff.

- 'host.docker.internal:host-gateway'

networks:
traefik_network:
driver: bridge
0 docker-compose.yml → docker/docker-compose.yml
View file
Open in desktop
File renamed without changes.
58 changes: 58 additions & 0 deletions docker/traefik-config/services.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
http:
routers:
frontend:
rule: 'Host(`codefox.net`) && !PathPrefix(`/graphql`)'
entrypoints:
- websecure
tls: {}
service: frontend
priority: 10

backend:
rule: 'Host(`codefox.net`) && PathPrefix(`/graphql`)'
entrypoints:
- websecure
tls: {}
service: backend
priority: 20
redirect-all:
rule: 'hostregexp(`{host:.+}`)'
entrypoints:
- web
middlewares:
- redirect-to-https
service: noop

services:
frontend:
loadBalancer:
servers:
- url: 'http://host.docker.internal:3000'

backend:
loadBalancer:
servers:
- url: 'http://host.docker.internal:8080'

noop:
loadBalancer:
servers:
- url: 'http://localhost:9000'

middlewares:
redirect-to-https:
redirectScheme:
scheme: https
permanent: true

cors:
headers:
accessControlAllowMethods:
- GET
- POST
- PUT
- DELETE
- OPTIONS
accessControlAllowHeaders:
- Content-Type
- Authorization
4 changes: 4 additions & 0 deletions docker/traefik-config/tls.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
tls:
certificates:
- certFile: /etc/letsencrypt/live/codefox.net/fullchain.pem
keyFile: /etc/letsencrypt/live/codefox.net/privkey.pem
5 changes: 5 additions & 0 deletions frontend/.env.example
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1,6 @@
NEXT_PUBLIC_GRAPHQL_URL=http://localhost:8080/graphql

# TLS OPTION for HTTPS
TLS=false
# TRAEFIK OPTION for HTTPS
TRAEFIK_DOMAIN=your_domain.com
26 changes: 20 additions & 6 deletions frontend/src/app/api/runProject/route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import puppetter from 'puppeteer';
import { useMutation } from '@apollo/client/react/hooks/useMutation';
import { toast } from 'sonner';
import { UPDATE_PROJECT_PHOTO_URL } from '@/graphql/request';
import { TLS } from '@/utils/const';

const runningContainers = new Map<
string,
Expand Down Expand Up @@ -147,12 +148,25 @@ async function buildAndRunDocker(
console.log(`Running Docker container: ${containerName}`);

// 3. Run the Docker container
const runCommand = `docker run -d --name ${containerName} -l "traefik.enable=true" \
-l "traefik.http.routers.${subdomain}.rule=Host(\\"${domain}\\")" \
-l "traefik.http.services.${subdomain}.loadbalancer.server.port=5173" \
--network=codefox_traefik_network -p ${exposedPort}:5173 \
-v "${directory}:/app" \
${imageName}`;
let runCommand;
if (TLS) {
runCommand = `docker run -d --name ${containerName} -l "traefik.enable=true" \
-l "traefik.http.routers.${subdomain}.rule=Host(\\"${domain}\\")" \
-l "traefik.http.routers.${subdomain}.entrypoints=websecure" \
-l "traefik.http.routers.${subdomain}.tls=true" \
-l "traefik.http.services.${subdomain}.loadbalancer.server.port=5173" \
--network=codefox_traefik_network -p ${exposedPort}:5173 \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

🧩 Analysis chain

Verify network name consistency with docker-compose file.

The Docker run command references codefox_traefik_network, but the docker-compose.pord.yml file defines traefik_network. Ensure these network names are consistent.

🏁 Script executed:

#!/bin/bash
# Check for network name consistency across the codebase

echo "Network references in Docker files:"
fd -g "docker-compose*.yml" -x grep -E "network|traefik_network" {}

echo "\nNetwork references in code:"
rg -A 1 -B 1 "network=.*traefik" --glob "*.ts" --glob "*.tsx" --glob "*.js"

Length of output: 1042

Align Docker network naming for consistency

The frontend/src/app/api/runProject/route.ts file uses --network=codefox_traefik_network at line 158, which doesn’t match the traefik_network defined in the docker-compose files. Please update the network name in the Docker run command (or adjust the docker-compose configuration) so that both references are consistent.

  • Location: frontend/src/app/api/runProject/route.ts (line 158)
  • Suggested update: Change codefox_traefik_network to traefik_network

-v "${directory}:/app" \
${imageName}`;
} else {
runCommand = `docker run -d --name ${containerName} -l "traefik.enable=true" \
-l "traefik.http.routers.${subdomain}.rule=Host(\\"${domain}\\")" \
-l "traefik.http.routers.${subdomain}.entrypoints=web" \
-l "traefik.http.services.${subdomain}.loadbalancer.server.port=5173" \
--network=codefox_traefik_network -p ${exposedPort}:5173 \
-v "${directory}:/app" \
${imageName}`;
}
Comment on lines +151 to +169
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Refactor to reduce duplication in Docker run commands.

The Docker run commands for TLS and non-TLS modes contain significant duplication. This makes maintenance difficult and increases the risk of inconsistencies.

Consider refactoring to a more maintainable approach:

-        let runCommand;
-        if (TLS) {
-          runCommand = `docker run -d --name ${containerName} -l "traefik.enable=true" \
-        -l "traefik.http.routers.${subdomain}.rule=Host(\\"${domain}\\")" \
-        -l "traefik.http.routers.${subdomain}.entrypoints=websecure" \
-        -l "traefik.http.routers.${subdomain}.tls=true" \
-        -l "traefik.http.services.${subdomain}.loadbalancer.server.port=5173" \
-        --network=codefox_traefik_network -p ${exposedPort}:5173 \
-        -v "${directory}:/app" \
-        ${imageName}`;
-        } else {
-          runCommand = `docker run -d --name ${containerName} -l "traefik.enable=true" \
-        -l "traefik.http.routers.${subdomain}.rule=Host(\\"${domain}\\")" \
-        -l "traefik.http.routers.${subdomain}.entrypoints=web" \
-        -l "traefik.http.services.${subdomain}.loadbalancer.server.port=5173" \
-        --network=codefox_traefik_network -p ${exposedPort}:5173 \
-        -v "${directory}:/app" \
-        ${imageName}`;
-        }
+        // Set entrypoint and TLS options based on TLS setting
+        const entrypoint = TLS ? 'websecure' : 'web';
+        const tlsOption = TLS ? '-l "traefik.http.routers.${subdomain}.tls=true" ' : '';
+        
+        const runCommand = `docker run -d --name ${containerName} -l "traefik.enable=true" \
+        -l "traefik.http.routers.${subdomain}.rule=Host(\\"${domain}\\")" \
+        -l "traefik.http.routers.${subdomain}.entrypoints=${entrypoint}" \
+        ${tlsOption}\
+        -l "traefik.http.services.${subdomain}.loadbalancer.server.port=5173" \
+        --network=codefox_traefik_network -p ${exposedPort}:5173 \
+        -v "${directory}:/app" \
+        ${imageName}`;
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
let runCommand;
if (TLS) {
runCommand = `docker run -d --name ${containerName} -l "traefik.enable=true" \
-l "traefik.http.routers.${subdomain}.rule=Host(\\"${domain}\\")" \
-l "traefik.http.routers.${subdomain}.entrypoints=websecure" \
-l "traefik.http.routers.${subdomain}.tls=true" \
-l "traefik.http.services.${subdomain}.loadbalancer.server.port=5173" \
--network=codefox_traefik_network -p ${exposedPort}:5173 \
-v "${directory}:/app" \
${imageName}`;
} else {
runCommand = `docker run -d --name ${containerName} -l "traefik.enable=true" \
-l "traefik.http.routers.${subdomain}.rule=Host(\\"${domain}\\")" \
-l "traefik.http.routers.${subdomain}.entrypoints=web" \
-l "traefik.http.services.${subdomain}.loadbalancer.server.port=5173" \
--network=codefox_traefik_network -p ${exposedPort}:5173 \
-v "${directory}:/app" \
${imageName}`;
}
// Set entrypoint and TLS options based on TLS setting
const entrypoint = TLS ? 'websecure' : 'web';
const tlsOption = TLS ? '-l "traefik.http.routers.${subdomain}.tls=true" ' : '';
const runCommand = `docker run -d --name ${containerName} -l "traefik.enable=true" \
-l "traefik.http.routers.${subdomain}.rule=Host(\\"${domain}\\")" \
-l "traefik.http.routers.${subdomain}.entrypoints=${entrypoint}" \
${tlsOption}\
-l "traefik.http.services.${subdomain}.loadbalancer.server.port=5173" \
--network=codefox_traefik_network -p ${exposedPort}:5173 \
-v "${directory}:/app" \
${imageName}`;


console.log(`Executing run command: ${runCommand}`);

Expand Down
5 changes: 3 additions & 2 deletions frontend/src/components/chat/code-engine/web-view.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import {
ZoomOut,
} from 'lucide-react';
import puppeteer from 'puppeteer';
import { URL_PROTOCOL_PREFIX } from '@/utils/const';

export default function WebPreview() {
const { curProject, getWebUrl } = useContext(ProjectContext);
Expand Down Expand Up @@ -41,7 +42,7 @@ export default function WebPreview() {
lastProjectPathRef.current = projectPath;

if (containerRef.current?.projectPath === projectPath) {
setBaseUrl(`http://${containerRef.current.domain}`);
setBaseUrl(`${URL_PROTOCOL_PREFIX}://${containerRef.current.domain}`);
return;
}

Expand All @@ -52,7 +53,7 @@ export default function WebPreview() {
domain,
};

const baseUrl = `http://${domain}`;
const baseUrl = `${URL_PROTOCOL_PREFIX}://${domain}`;
console.log('baseUrl:', baseUrl);
setBaseUrl(baseUrl);
setDisplayPath('/');
Expand Down
5 changes: 3 additions & 2 deletions frontend/src/components/root/expand-card.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import React, { useContext, useEffect, useRef, useState } from 'react';
import { AnimatePresence, motion } from 'framer-motion';
import { X } from 'lucide-react';
import { ProjectContext } from '../chat/code-engine/project-context';
import { URL_PROTOCOL_PREFIX } from '@/utils/const';

export function ExpandableCard({ projects }) {
const [active, setActive] = useState(null);
Expand Down Expand Up @@ -37,7 +38,7 @@ export function ExpandableCard({ projects }) {

try {
const data = await getWebUrl(project.path);
const url = `http://${data.domain}`;
const url = `${URL_PROTOCOL_PREFIX}://${data.domain}`;
cachedUrls.current.set(project.id, url);
setIframeUrl(url);
} catch (error) {
Expand Down Expand Up @@ -120,7 +121,7 @@ export function ExpandableCard({ projects }) {
const data = await getWebUrl(project.path);

console.log(project.image);
const url = `http://${data.domain}`;
const url = `${URL_PROTOCOL_PREFIX}://${data.domain}`;
setIframeUrl(url);
handleCardClick(project);
setActive(project);
Expand Down
12 changes: 12 additions & 0 deletions frontend/src/utils/const.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
/**
* @description: API URL
* @type {string}
* @example 'https://api.example.com'
*/
export const URL_PROTOCOL_PREFIX =
process.env.TLS == 'false' ? 'http' : 'https';

/**
* Validate if the current environment is using TLS
*/
export const TLS = process.env.TLS == 'true';
Comment on lines +1 to +12
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

🧩 Analysis chain

Consider adding a fallback for undefined environment variables.

The current implementation doesn't handle cases where the TLS environment variable is not defined. This could lead to unexpected behavior in different environments.

/**
 * @description: API URL
 * @type {string}
 * @example 'https://api.example.com'
 */
export const URL_PROTOCOL_PREFIX =
-  process.env.TLS == 'false' ? 'http' : 'https';
+  process.env.TLS === 'false' ? 'http' : 'https';

/**
 * Validate if the current environment is using TLS
 */
-export const TLS = process.env.TLS == 'true';
+export const TLS = process.env.TLS === 'true';

I'd also recommend ensuring these variables are properly set in your environments by verifying the configuration files:

🏁 Script executed:

#!/bin/bash
# Check if TLS is defined in environment configuration files

# Look for TLS in .env files
echo "Checking .env files for TLS configuration:"
fd -g ".env*" -x cat {} | grep -i "TLS"

# Look for TLS in next.config.js
echo "Checking next.config.js for TLS configuration:"
fd -g "next.config.js" -x cat {}

Length of output: 482

Action Required: Implement Fallbacks for Undefined TLS and Update Environment File Search

Please make the following changes to ensure consistent behavior across environments:

  • Handle Undefined TLS:
    Instead of directly comparing process.env.TLS, assign it to a variable with a default fallback. For example, if you expect a default of 'false' (or adjust as needed), you might update the file as follows:

    /**
 * @description: API URL
 * @type {string}
 * @example 'https://api.example.com'
 */
-export const URL_PROTOCOL_PREFIX =
-  process.env.TLS == 'false' ? 'http' : 'https';
+const TLS_VALUE = typeof process.env.TLS !== 'undefined' ? process.env.TLS : 'false';
+export const URL_PROTOCOL_PREFIX =
+  TLS_VALUE === 'false' ? 'http' : 'https';

/**
 * Validate if the current environment is using TLS
 */
-export const TLS = process.env.TLS == 'true';
+export const TLS = TLS_VALUE === 'true';

  • Improve Environment Variable Verification:
    The shell script output indicates that hidden files (like your .env files) are not being searched by default. When verifying configuration files, update the search command to include hidden files. For example:

    -fd -g ".env*" -x cat {} | grep -i "TLS"
+fd --hidden -g ".env*" -x cat {} | grep -i "TLS"

  • Confirm Proper Configuration:
    Ensure that your environment configuration files (and next.config.js if applicable) indeed set the TLS variable as expected. This will help avoid unexpected behavior, especially in environments where the variable might be omitted.

Please address these points to improve robustness and consistency in TLS handling.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
/**
* @description: API URL
* @type {string}
* @example 'https://api.example.com'
*/
export const URL_PROTOCOL_PREFIX =
process.env.TLS == 'false' ? 'http' : 'https';
/**
* Validate if the current environment is using TLS
*/
export const TLS = process.env.TLS == 'true';
/**
* @description: API URL
* @type {string}
* @example 'https://api.example.com'
*/
const TLS_VALUE = typeof process.env.TLS !== 'undefined' ? process.env.TLS : 'false';
export const URL_PROTOCOL_PREFIX =
TLS_VALUE === 'false' ? 'http' : 'https';
/**
* Validate if the current environment is using TLS
*/
export const TLS = TLS_VALUE === 'true';

Loading
Loading