puffin-app/server/Dockerfile

# Production Dockerfile for Puffin Backend
FROM node:20-alpine

WORKDIR /app

# Install wget for healthcheck
RUN apk add --no-cache wget

# Copy package files
COPY package*.json ./

# Install production dependencies only
RUN npm ci --only=production

# Copy application code
COPY . .

# Create data directory for SQLite
RUN mkdir -p /app/data

# Expose port
EXPOSE 3001

# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \
  CMD wget --no-verbose --tries=1 --spider http://localhost:3001/health || exit 1

# Start the server
CMD ["node", "index.js"]
Implement comprehensive Stripe security fixes and production deployment CRITICAL SECURITY FIXES: - Add webhook secret validation to prevent signature bypass - Implement idempotency protection across all webhook handlers - Add atomic database updates to prevent race conditions - Improve CORS security with origin validation and logging - Remove .env from git tracking to protect secrets STRIPE INTEGRATION: - Add support for checkout.session.expired webhook event - Add Stripe publishable key to environment configuration - Fix webhook handlers with proper idempotency checks - Update Order model with atomic updatePaymentAndStatus method - Add comprehensive logging for webhook processing DEPLOYMENT ARCHITECTURE: - Split into two Docker images (frontend-latest, backend-latest) - Update CI/CD to build separate frontend and backend images - Configure backend on port 3801 (internal 3001) - Add production-ready docker-compose.yml - Remove redundant docker-compose.portainer.yml - Update nginx configuration for both frontend and backend DOCUMENTATION: - Add PRODUCTION-SETUP.md with complete deployment guide - Add docs/stripe-security-fixes.md with security audit details - Add docs/stripe-checkout-sessions.md with integration docs - Add docs/stripe-webhooks.md with webhook configuration - Update .env.example with all required variables including Stripe publishable key CONFIGURATION: - Consolidate to single .env.example template - Update .gitignore to protect all .env variants - Add server/Dockerfile for backend container - Update DEPLOYMENT.md with new architecture 🔒 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-10-30 12:18:57 +01:00			`# Production Dockerfile for Puffin Backend`
			`FROM node:20-alpine`

			`WORKDIR /app`

			`# Install wget for healthcheck`
			`RUN apk add --no-cache wget`

			`# Copy package files`
			`COPY package*.json ./`

			`# Install production dependencies only`
			`RUN npm ci --only=production`

			`# Copy application code`
			`COPY . .`

			`# Create data directory for SQLite`
			`RUN mkdir -p /app/data`

			`# Expose port`
			`EXPOSE 3001`

			`# Health check`
			`HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \`
			`CMD wget --no-verbose --tries=1 --spider http://localhost:3001/health \|\| exit 1`

			`# Start the server`
			`CMD ["node", "index.js"]`