Hartmut/CapaKraken
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
e5ecea81c58ed6b4147fdc87701f997b237ebb0d
CapaKraken/docker-compose.yml
T
Hartmut e5ecea81c5 fix(auth): resolve MFA post-activation login failures — tickets #38 #40 #41 
#41 (critical): Replace plain Error throws in authorize() with CredentialsSignin
subclasses (MfaRequiredError / MfaRequiredSetupError / InvalidTotpError).
Auth.js v5 forwards CredentialsSignin.code to the client via SignInResponse.code;
plain throws become CallbackRouteError and the message is never visible.
Signin page now checks result.code ?? result.error for exact code matching.

#38: MfaPromptBanner converted to fully client-side component via
trpc.user.getMfaStatus.useQuery() — disappears immediately after MFA enable
without requiring page reload. Snooze key remains userId-scoped via useSession().
Server-side prisma.user.findUnique call removed from (app)/layout.tsx.

#40: NEXTAUTH_URL default fallback removed from docker-compose.yml.
The variable is now required (:?) — docker compose up fails with a descriptive
error if the value is missing, preventing silent localhost redirect bugs.

Tests: auth.test.ts (5), MfaPromptBanner.test.ts (7), reset-password.test.ts (6)
All new tests green. pnpm --filter @capakraken/web exec tsc --noEmit clean.

Co-Authored-By: claude-flow <ruv@ruv.net>
2026-04-02 00:20:47 +02:00

101 lines
3.0 KiB
YAML
Raw Blame History

name: capakraken
services:
postgres:
image: postgres:16-alpine
ports:
- "5433:5432"
environment:
POSTGRES_DB: capakraken
POSTGRES_USER: capakraken
POSTGRES_PASSWORD: capakraken_dev
command: >
postgres
-c log_connections=on
-c log_disconnections=on
-c log_statement=ddl
-c log_line_prefix='%t [%p] %u@%d '
-c log_min_duration_statement=1000
volumes:
- capakraken_pgdata:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U capakraken -d capakraken"]
interval: 5s
timeout: 3s
retries: 5
redis:
image: redis:7-alpine
ports:
- "6380:6379"
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 5s
timeout: 3s
retries: 5
pgadmin:
image: dpage/pgadmin4
ports:
- "5050:80"
environment:
PGADMIN_DEFAULT_EMAIL: ${PGADMIN_EMAIL:-admin@capakraken.dev}
PGADMIN_DEFAULT_PASSWORD: ${PGADMIN_PASSWORD:?PGADMIN_PASSWORD must be set}
depends_on:
postgres:
condition: service_healthy
app:
build:
context: .
dockerfile: Dockerfile.dev
ports:
- "3100:3100"
environment:
# Always use the Docker-internal service name. The host-level DATABASE_URL
# (localhost:5433) must not bleed into the container where "localhost" is
# the container itself, not the host.
DATABASE_URL: postgresql://capakraken:capakraken_dev@postgres:5432/capakraken
REDIS_URL: redis://redis:6379
NEXTAUTH_URL: ${NEXTAUTH_URL:?NEXTAUTH_URL must be set (e.g. https://your-domain.com)}
NEXTAUTH_SECRET: ${NEXTAUTH_SECRET:?set NEXTAUTH_SECRET}
# Bypass auth + API rate limiters for E2E test runs only.
# MUST remain "false" in any production or staging deployment.
# Set E2E_TEST_MODE=true in the host environment before running E2E tests.
E2E_TEST_MODE: "${E2E_TEST_MODE:-false}"
# AI provider secrets — forwarded from host .env, not hardcoded
AZURE_OPENAI_API_KEY: ${AZURE_OPENAI_API_KEY:-}
OPENAI_API_KEY: ${OPENAI_API_KEY:-}
GEMINI_API_KEY: ${GEMINI_API_KEY:-}
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
volumes:
- .:/app
# Anonymous volumes mask the bind-mount for generated/installed artefacts.
# Docker seeds them from the image layer on first start; they persist across restarts.
# pnpm stores all packages in the root node_modules/.pnpm virtual store — one volume covers it all.
- /app/node_modules
- /app/apps/web/.next
profiles:
- full
postgres-test:
image: postgres:16-alpine
ports:
- "${POSTGRES_TEST_PORT:-5434}:5432"
environment:
POSTGRES_DB: capakraken_test
POSTGRES_USER: capakraken
POSTGRES_PASSWORD: capakraken_test
tmpfs:
- /var/lib/postgresql/data
profiles:
- test
volumes:
capakraken_pgdata:
name: capakraken_pgdata
Reference in New Issue View Git Blame Copy Permalink