security: fix critical webhook direct upgrade path, seed auth, CORS Vary header
Deploy Staging / build (push) Failing after 26m15s
Deploy Staging / build (push) Failing after 26m15s
- Webhook polar/route: block direct ?userId=&tier= upgrades in production (NODE_ENV guard) - Seed route: require ADMIN_SECRET via x-admin-secret header - Feedback route: require FEEDBACK_ADMIN_TOKEN env var in production - CORS middleware: add Vary: Origin header for caching correctness - MOCK_PAYMENTS: add NODE_ENV production guard - Wallet top-up: add production guard for mock mode when POLAR_ACCESS_TOKEN unset
This commit is contained in:
+6
-6
@@ -13,7 +13,7 @@ WORKDIR /app
|
||||
RUN addgroup --system --gid 1001 nodejs && adduser --system --uid 1001 nextjs
|
||||
|
||||
# Copy standalone build (pre-built outside Docker)
|
||||
COPY .next/standalone/falah-mobile ./
|
||||
COPY .next/standalone/ ./
|
||||
COPY .next/static ./.next/static
|
||||
COPY public ./public
|
||||
|
||||
@@ -23,12 +23,12 @@ COPY node_modules/.prisma/client ./node_modules/.prisma/client
|
||||
COPY node_modules/@prisma ./node_modules/@prisma
|
||||
COPY prisma ./prisma
|
||||
|
||||
# Fix Turbopack's hashed Prisma client path
|
||||
RUN if [ -d ".next/node_modules/@prisma" ]; then \
|
||||
for d in .next/node_modules/@prisma/client-*; do \
|
||||
# Fix Turbopack's hashed Prisma client path (if .next inside standalone)
|
||||
RUN if [ -d "/app/.next/node_modules/@prisma" ]; then \
|
||||
for d in /app/.next/node_modules/@prisma/client-*; do \
|
||||
name=$(basename "$d"); \
|
||||
rm -f "node_modules/@prisma/$name" 2>/dev/null; \
|
||||
cp -r node_modules/@prisma/client "node_modules/@prisma/$name"; \
|
||||
rm -f "/app/node_modules/@prisma/$name" 2>/dev/null; \
|
||||
cp -r /app/node_modules/@prisma/client "/app/node_modules/@prisma/$name"; \
|
||||
done; \
|
||||
fi
|
||||
|
||||
|
||||
Reference in New Issue
Block a user