diff --git a/Dockerfile b/Dockerfile index 56dbef19..3bf5b40d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,8 +5,8 @@ ENV PNPM_HOME="/root/.local/share/pnpm" ENV PATH="${PATH}:${PNPM_HOME}" ENV PYTHONUNBUFFERED=1 RUN apk add --update --no-cache python3 && ln -sf python3 /usr/bin/python -RUN python3 -m ensurepip -RUN pip3 install --no-cache --upgrade pip setuptools +RUN python3 -m venv .venv +RUN . .venv/bin/activate && pip3 install --no-cache --upgrade pip setuptools RUN apk add --no-cache make RUN apk add build-base RUN npm install --global pnpm @@ -29,4 +29,3 @@ RUN pnpm -r run build RUN rm -rf /app/.pnpm-store WORKDIR /app/backend - diff --git a/backend/src/app.ts b/backend/src/app.ts index e75d8908..43620f91 100644 --- a/backend/src/app.ts +++ b/backend/src/app.ts @@ -18,7 +18,6 @@ import { createExpressEndpoints } from '@ts-rest/express'; import router from '~/v1/routes'; import routerV2 from '~/v2/routes'; -import lusca from "lusca"; import session from 'express-session'; import * as crypto from "crypto"; import { morganMiddleware } from './logger'; @@ -40,7 +39,6 @@ app.use(morganMiddleware); app.use(cookieParser( secret, )); -app.use(lusca.csrf()); app.use(passport.initialize()); app.use(express.urlencoded({ extended: true })); app.use(express.json()); diff --git a/backend/src/v1/routes/users.routes.ts b/backend/src/v1/routes/users.routes.ts index efe9eb9f..4d9de9bb 100644 --- a/backend/src/v1/routes/users.routes.ts +++ b/backend/src/v1/routes/users.routes.ts @@ -407,7 +407,7 @@ export const router = Router(); * example: [] */ router - .get('/search', getRateLimiter, authValidate(roleSet.librarian), search) + .get('/search', getRateLimiter, authValidate(roleSet.service), search) .post('/create', create) .patch('/update/:id', cudRateLimiter, authValidate(roleSet.librarian), update) .patch('/myupdate', cudRateLimiter, authValidate(roleSet.all), myupdate) diff --git a/docker-compose.yaml b/docker-compose.yaml index fbb9ecca..427ce4d9 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -6,8 +6,11 @@ services: container_name: nginx volumes: - ./nginx/conf.d:/etc/nginx/conf.d + - ./build:/usr/share/nginx/html/ + - /etc/letsencrypt:/etc/letsencrypt ports: - 80:80 + - 443:443 database: platform: linux/x86_64 diff --git a/nginx/conf.d/default.conf b/nginx/conf.d/default.conf index fc523713..ed487f38 100644 --- a/nginx/conf.d/default.conf +++ b/nginx/conf.d/default.conf @@ -1,7 +1,6 @@ server { listen 80; - #listen [::]:443; - server_name server.42library.kr; + server_name 42library.kr; #access_log /var/log/nginx/host.access.log main; @@ -27,6 +26,13 @@ server { proxy_set_header X-Forwarded-Proto $scheme; } + location / { + root /usr/share/nginx/html; + index index.html index.htm; + + try_files $uri $uri/ /index.html; + } + #error_page 404 /404.html; # redirect server error pages to the static page /50x.html @@ -35,27 +41,4 @@ server { location = /50x.html { root /usr/share/nginx/html; } - - # proxy the PHP scripts to Apache listening on 127.0.0.1:80 - # - #location ~ \.php$ { - # proxy_pass http://127.0.0.1; - #} - - # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 - # - #location ~ \.php$ { - # root html; - # fastcgi_pass 127.0.0.1:9000; - # fastcgi_index index.php; - # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; - # include fastcgi_params; - #} - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} } diff --git a/scripts/letsencrypt.sh b/scripts/letsencrypt.sh new file mode 100644 index 00000000..7dd9a702 --- /dev/null +++ b/scripts/letsencrypt.sh @@ -0,0 +1,2 @@ +#!/bin/sh +echo "Starting letsencrypt.sh"