Commit Graph

20 Commits

Author SHA1 Message Date
nineap 864d4bc852 CI сам собирает .env на прод/dev VPS из repo Variables/Secrets
Раньше .env копировался на сервер руками по .env.example — теперь
deploy-prod/deploy-dev в deploy.yml пишут его сами перед docker compose up,
тем же принципом, что уже был у netrunner-data. .env.example остаётся
только как справочник по составу переменных, не инструкция "скопируй на
сервер".
2026-07-10 18:18:47 +07:00
nineap ebc618743a CI: VPS_IP/DEV_VPS_IP переносит из secrets в vars
IP control-plane сервера сам по себе не секрет (не даёт доступа), просто
не хочется палить его без причины — vars в приватном репо видны так же,
как код, но не маскируются в логах и не write-only, как secrets.
Настоящие секреты (SSH-ключи, GHCR_TOKEN) не тронуты.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
2026-07-09 16:35:55 +07:00
nineap 4a8816b908 Build the Caddy image in CI instead of on the dev VPS
The previous deploy attempt confirmed the failure mode directly: `docker
compose build caddy` over SSH got most of the way through compiling
xcaddy (downloading Go modules) and then the whole SSH command hit
appleboy/ssh-action's timeout mid-build, aborting the deploy before it
ever reached `up -d`. Compiling anything on that VPS was already a
deliberate anti-pattern here — see DEPLOYMENT.md's "compilation happens
in GitHub Actions, never on the VPS" — this just hadn't been applied to
the new Caddy service yet.

Added a build-caddy job to build.yml pushing
ghcr.io/nineap/netrunner-caddy-cloudflare:latest (hardcoded lowercase
owner — github.repository_owner resolves to "nineAp" and Docker rejects
mixed-case image refs, same fix already applied to the main image's
deploy script). docker-compose.dev-remote.yml now just pulls that image;
deploy.yml no longer builds it over SSH or ships Dockerfile.caddy to the
server at all.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
2026-07-05 13:52:07 +07:00
nineap d22cd0de41 Add Caddy for real TLS on dev — Telegram Web Apps require https://
Bot buttons that open a Web App (Личный Кабинет/Тарифы/Синдикат) appeared
to load and then silently do nothing on the dev stand. Root cause:
teloxide's WebAppInfo::url (and the underlying Bot API) requires an HTTPS
URL — Telegram's client refuses to render a Web App served over plain
HTTP, with no error surfaced to the user, just a stuck loading state.
WEB_APP_BASE_URL was http://dev.netrunner-vpn.com:8080.

Port 443 on the dev VPS is already in use by a VPN node, and port 80 is
closed, so a normal HTTP-01 ACME challenge won't work. Added a custom
Caddy build (caddy-dns/cloudflare) terminating TLS via DNS-01 on port
8443 instead, reverse-proxying to the existing plain-HTTP app container.
WEB_APP_BASE_URL and the CORS/CSRF allowlists now point at the :8443
origin, and COOKIE_SECURE reverts to true (the default, matching prod) —
now that the backend actually has real TLS to serve it over, we no
longer need the plain-HTTP workaround introduced for the earlier
cookie-drop bug. Verified the custom image builds and the Caddyfile
validates (only the dummy Cloudflare token used for the local test is
rejected, as expected).

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
2026-07-04 19:36:38 +07:00
nineap 588adbb92b fix: lowercase GHCR image path, drop broken SSH env-forwarding in prod deploy too
github.repository_owner resolves to "nineAp" (mixed case), which Docker
rejects as an invalid repository reference — hardcode the lowercase
"nineap" used by the GHCR package and the compose files' image default.
Also apply the same secrets-interpolation fix from the dev job to
deploy-prod so a future manual prod deploy doesn't hit the same
"password is empty" failure from unforwarded SSH env vars.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
2026-07-04 12:55:59 +07:00
nineap 7da6e341d1 fix: stop relying on SSH env-var forwarding for GHCR_TOKEN in dev deploy
appleboy/ssh-action's envs: mechanism forwards vars via SSH SendEnv,
which sshd silently drops unless AcceptEnv is configured server-side.
On the freshly bootstrapped dev VPS that left GHCR_TOKEN empty on the
remote end, so `docker login --password-stdin` failed with "password
is empty" even though the SSH connection itself was fine. Interpolate
the secret directly into the script text instead.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
2026-07-04 12:48:54 +07:00
nineap 465570267d ci: split deploy pipeline into dev (auto) and prod (manual) jobs
Add slim docker-compose.dev-remote.yml (app+db+redis, no monitoring)
for the remote dev VPS, and a deploy-dev job that auto-runs after a
successful image build on main. Bump Dockerfile.dev's Rust image so
edition2024 dependencies build. Stop tracking .env.dev (real secrets
were committed) in favor of .env.dev.example / .env.dev-remote.example
templates.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
2026-07-03 15:56:16 +07:00
Kirill e997a20fe6 deployment 2026-06-29 18:05:33 +07:00
Kirill f06cc48763 security: fix CSRF/ownership/timing vulns; add billing reconciliation
- auth/guard: добавить CSRF-проверку Origin/Referer для cookie-мутаций,
  исправить инвертированную логику admin_guard (пускал всех, блокировал админов),
  перевести admin_guard на from_fn_with_state
- auth/service: timing-safe сравнение HMAC через verify_slice вместо != по hex;
  криптостойкий Seed через Alphanumeric (был цифровой 0-9)
- billing: confirm_payment проверяет owner (caller_id == invoice.user_id);
  активация триала только для Telegram-аккаунтов (Sybil-защита);
  реализована reconcile_pending_payments — сверка blockchain->pending-инвойсы
- billing/providers: get_recent_transactions перенесён в трейт PaymentProvider
- nodes/service: unwrap() -> map_err по всему SSH-пути; убран TcpStream import
- docker: multi-stage build с cargo-chef, non-root user, healthcheck;
  prod-compose добавляет one-shot migrate-сервис, убирает проброс порта БД
- deploy.yml: параметр image_tag, set -e, pull всего стека вместо только app
- users/service: обработка NO_TICKETS / NO_USER из БД вместо catch-all

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-29 17:58:24 +07:00
nineap 26d6f2db8a deploy change, update token system, fix abuses and add admin verify 2026-05-26 12:50:25 +07:00
nineap 693e48af59 backend sliced by modules 2026-05-02 18:24:57 +07:00
nineap b3543c8fac deploy update 2026-04-28 19:43:57 +07:00
nineap fb88fd34a8 update and fixes 2026-04-28 18:08:56 +07:00
nineap 2e673a18ba deploy update 2026-04-28 16:19:38 +07:00
nineap 9b4190f20e pipeline update 2026-04-28 16:07:40 +07:00
nineap 3a9c3b59ca pipeline update 2026-04-28 15:27:14 +07:00
nineap 75312d035a api fixes 2026-04-24 15:06:54 +07:00
nineap 5aecd41d4f update pipeline, create cache, optimized build 2026-04-23 14:50:36 +07:00
nineap 0ea37900bd pipeline update 2026-04-23 14:47:46 +07:00
nineap 4057d039b8 pipeline and codebase updates 2026-04-22 10:16:58 +07:00