puffin-app/Dockerfile

# Build Stage
FROM node:20-alpine AS build

WORKDIR /app

# Copy package files and install dependencies
COPY package*.json ./
RUN npm ci

# Copy the rest of the app and build it
COPY . .
RUN npm run build

# Production Stage - Simple HTTP server
FROM node:20-alpine

WORKDIR /app

# Install serve package globally for serving static files
RUN npm install -g serve

# Copy the built app from the build stage
COPY --from=build /app/dist ./dist

# Copy the env.sh script for runtime configuration
COPY env.sh /app/env.sh
RUN chmod +x /app/env.sh

# Expose port 3000
EXPOSE 3000

# Use env.sh to generate runtime config, then start serve
CMD ["/app/env.sh", "serve", "-s", "dist", "-l", "3000"]
initial push 2025-05-13 18:50:30 +02:00			`# Build Stage`
			`FROM node:20-alpine AS build`

			`WORKDIR /app`

			`# Copy package files and install dependencies`
			`COPY package*.json ./`
			`RUN npm ci`

			`# Copy the rest of the app and build it`
			`COPY . .`
			`RUN npm run build`

Implement comprehensive Stripe security fixes and production deployment CRITICAL SECURITY FIXES: - Add webhook secret validation to prevent signature bypass - Implement idempotency protection across all webhook handlers - Add atomic database updates to prevent race conditions - Improve CORS security with origin validation and logging - Remove .env from git tracking to protect secrets STRIPE INTEGRATION: - Add support for checkout.session.expired webhook event - Add Stripe publishable key to environment configuration - Fix webhook handlers with proper idempotency checks - Update Order model with atomic updatePaymentAndStatus method - Add comprehensive logging for webhook processing DEPLOYMENT ARCHITECTURE: - Split into two Docker images (frontend-latest, backend-latest) - Update CI/CD to build separate frontend and backend images - Configure backend on port 3801 (internal 3001) - Add production-ready docker-compose.yml - Remove redundant docker-compose.portainer.yml - Update nginx configuration for both frontend and backend DOCUMENTATION: - Add PRODUCTION-SETUP.md with complete deployment guide - Add docs/stripe-security-fixes.md with security audit details - Add docs/stripe-checkout-sessions.md with integration docs - Add docs/stripe-webhooks.md with webhook configuration - Update .env.example with all required variables including Stripe publishable key CONFIGURATION: - Consolidate to single .env.example template - Update .gitignore to protect all .env variants - Add server/Dockerfile for backend container - Update DEPLOYMENT.md with new architecture 🔒 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-10-30 12:18:57 +01:00			`# Production Stage - Simple HTTP server`
			`FROM node:20-alpine`
initial push 2025-05-13 18:50:30 +02:00
Implement comprehensive Stripe security fixes and production deployment CRITICAL SECURITY FIXES: - Add webhook secret validation to prevent signature bypass - Implement idempotency protection across all webhook handlers - Add atomic database updates to prevent race conditions - Improve CORS security with origin validation and logging - Remove .env from git tracking to protect secrets STRIPE INTEGRATION: - Add support for checkout.session.expired webhook event - Add Stripe publishable key to environment configuration - Fix webhook handlers with proper idempotency checks - Update Order model with atomic updatePaymentAndStatus method - Add comprehensive logging for webhook processing DEPLOYMENT ARCHITECTURE: - Split into two Docker images (frontend-latest, backend-latest) - Update CI/CD to build separate frontend and backend images - Configure backend on port 3801 (internal 3001) - Add production-ready docker-compose.yml - Remove redundant docker-compose.portainer.yml - Update nginx configuration for both frontend and backend DOCUMENTATION: - Add PRODUCTION-SETUP.md with complete deployment guide - Add docs/stripe-security-fixes.md with security audit details - Add docs/stripe-checkout-sessions.md with integration docs - Add docs/stripe-webhooks.md with webhook configuration - Update .env.example with all required variables including Stripe publishable key CONFIGURATION: - Consolidate to single .env.example template - Update .gitignore to protect all .env variants - Add server/Dockerfile for backend container - Update DEPLOYMENT.md with new architecture 🔒 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-10-30 12:18:57 +01:00			`WORKDIR /app`
initial push 2025-05-13 18:50:30 +02:00
Implement comprehensive Stripe security fixes and production deployment CRITICAL SECURITY FIXES: - Add webhook secret validation to prevent signature bypass - Implement idempotency protection across all webhook handlers - Add atomic database updates to prevent race conditions - Improve CORS security with origin validation and logging - Remove .env from git tracking to protect secrets STRIPE INTEGRATION: - Add support for checkout.session.expired webhook event - Add Stripe publishable key to environment configuration - Fix webhook handlers with proper idempotency checks - Update Order model with atomic updatePaymentAndStatus method - Add comprehensive logging for webhook processing DEPLOYMENT ARCHITECTURE: - Split into two Docker images (frontend-latest, backend-latest) - Update CI/CD to build separate frontend and backend images - Configure backend on port 3801 (internal 3001) - Add production-ready docker-compose.yml - Remove redundant docker-compose.portainer.yml - Update nginx configuration for both frontend and backend DOCUMENTATION: - Add PRODUCTION-SETUP.md with complete deployment guide - Add docs/stripe-security-fixes.md with security audit details - Add docs/stripe-checkout-sessions.md with integration docs - Add docs/stripe-webhooks.md with webhook configuration - Update .env.example with all required variables including Stripe publishable key CONFIGURATION: - Consolidate to single .env.example template - Update .gitignore to protect all .env variants - Add server/Dockerfile for backend container - Update DEPLOYMENT.md with new architecture 🔒 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-10-30 12:18:57 +01:00			`# Install serve package globally for serving static files`
			`RUN npm install -g serve`
initial push 2025-05-13 18:50:30 +02:00
Implement comprehensive Stripe security fixes and production deployment CRITICAL SECURITY FIXES: - Add webhook secret validation to prevent signature bypass - Implement idempotency protection across all webhook handlers - Add atomic database updates to prevent race conditions - Improve CORS security with origin validation and logging - Remove .env from git tracking to protect secrets STRIPE INTEGRATION: - Add support for checkout.session.expired webhook event - Add Stripe publishable key to environment configuration - Fix webhook handlers with proper idempotency checks - Update Order model with atomic updatePaymentAndStatus method - Add comprehensive logging for webhook processing DEPLOYMENT ARCHITECTURE: - Split into two Docker images (frontend-latest, backend-latest) - Update CI/CD to build separate frontend and backend images - Configure backend on port 3801 (internal 3001) - Add production-ready docker-compose.yml - Remove redundant docker-compose.portainer.yml - Update nginx configuration for both frontend and backend DOCUMENTATION: - Add PRODUCTION-SETUP.md with complete deployment guide - Add docs/stripe-security-fixes.md with security audit details - Add docs/stripe-checkout-sessions.md with integration docs - Add docs/stripe-webhooks.md with webhook configuration - Update .env.example with all required variables including Stripe publishable key CONFIGURATION: - Consolidate to single .env.example template - Update .gitignore to protect all .env variants - Add server/Dockerfile for backend container - Update DEPLOYMENT.md with new architecture 🔒 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-10-30 12:18:57 +01:00			`# Copy the built app from the build stage`
			`COPY --from=build /app/dist ./dist`
initial push 2025-05-13 18:50:30 +02:00
Fix frontend runtime environment configuration CRITICAL FIX: - Frontend now loads environment variables at runtime instead of build time - This allows changing configuration without rebuilding the Docker image CHANGES: - Add env-config.js script loader to index.html - Update env.sh to use correct path for serve (/app/dist) - Update Dockerfile to run env.sh before starting serve - Add VITE_STRIPE_PUBLISHABLE_KEY to docker-compose environment HOW IT WORKS: 1. env.sh reads VITE_* variables from container environment 2. Generates /app/dist/env-config.js with window.env object 3. index.html loads env-config.js before React app 4. src/utils/config.ts reads from window.env at runtime This fixes the "Missing required environment variable: WREN_API_TOKEN" error because the frontend can now access environment variables passed to the container. 🔒 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-10-30 12:30:29 +01:00			`# Copy the env.sh script for runtime configuration`
			`COPY env.sh /app/env.sh`
			`RUN chmod +x /app/env.sh`

Implement comprehensive Stripe security fixes and production deployment CRITICAL SECURITY FIXES: - Add webhook secret validation to prevent signature bypass - Implement idempotency protection across all webhook handlers - Add atomic database updates to prevent race conditions - Improve CORS security with origin validation and logging - Remove .env from git tracking to protect secrets STRIPE INTEGRATION: - Add support for checkout.session.expired webhook event - Add Stripe publishable key to environment configuration - Fix webhook handlers with proper idempotency checks - Update Order model with atomic updatePaymentAndStatus method - Add comprehensive logging for webhook processing DEPLOYMENT ARCHITECTURE: - Split into two Docker images (frontend-latest, backend-latest) - Update CI/CD to build separate frontend and backend images - Configure backend on port 3801 (internal 3001) - Add production-ready docker-compose.yml - Remove redundant docker-compose.portainer.yml - Update nginx configuration for both frontend and backend DOCUMENTATION: - Add PRODUCTION-SETUP.md with complete deployment guide - Add docs/stripe-security-fixes.md with security audit details - Add docs/stripe-checkout-sessions.md with integration docs - Add docs/stripe-webhooks.md with webhook configuration - Update .env.example with all required variables including Stripe publishable key CONFIGURATION: - Consolidate to single .env.example template - Update .gitignore to protect all .env variants - Add server/Dockerfile for backend container - Update DEPLOYMENT.md with new architecture 🔒 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-10-30 12:18:57 +01:00			`# Expose port 3000`
			`EXPOSE 3000`
initial push 2025-05-13 18:50:30 +02:00
Fix frontend runtime environment configuration CRITICAL FIX: - Frontend now loads environment variables at runtime instead of build time - This allows changing configuration without rebuilding the Docker image CHANGES: - Add env-config.js script loader to index.html - Update env.sh to use correct path for serve (/app/dist) - Update Dockerfile to run env.sh before starting serve - Add VITE_STRIPE_PUBLISHABLE_KEY to docker-compose environment HOW IT WORKS: 1. env.sh reads VITE_* variables from container environment 2. Generates /app/dist/env-config.js with window.env object 3. index.html loads env-config.js before React app 4. src/utils/config.ts reads from window.env at runtime This fixes the "Missing required environment variable: WREN_API_TOKEN" error because the frontend can now access environment variables passed to the container. 🔒 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-10-30 12:30:29 +01:00			`# Use env.sh to generate runtime config, then start serve`
			`CMD ["/app/env.sh", "serve", "-s", "dist", "-l", "3000"]`