jennie/ghostguild-org
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: jennie:a2a8d945c6d45ee39029db965a732732ffcb1e97
Branches Tags
jennie:main
jennie:chore/serena-config-update
jennie:chore/visual-fidelity-fixes
jennie:fix/e2e-stabilization-2026-04-26
jennie:fix/events-matrix-p0
jennie:board-classifieds-redesign
jennie:worktree-agent-a0328c91
jennie:testing-infrastructure
jennie:security/asvs-remediation
...
compare: jennie:04eb33df6e70efff83aee30cabf85afa9c8c1064
Branches Tags
jennie:main
jennie:chore/serena-config-update
jennie:chore/visual-fidelity-fixes
jennie:fix/e2e-stabilization-2026-04-26
jennie:fix/events-matrix-p0
jennie:board-classifieds-redesign
jennie:worktree-agent-a0328c91
jennie:testing-infrastructure
jennie:security/asvs-remediation

2 commits
a2a8d945c6 ... 04eb33df6e

Author SHA1 Message Date
Jennie Robinson Faber
04eb33df6e refactor(env): unify required-env validation through useRuntimeConfig
Some checks failed
Test / vitest (push) Successful in 11m10s
Details
Test / playwright (push) Failing after 14m51s
Details
Test / visual (push) Failing after 11m1s
Details
Test / Notify on failure (push) Successful in 3s
Details 
validate-env.js now reads all four required vars (MONGODB_URI, JWT_SECRET,
RESEND_API_KEY, HELCIM_API_TOKEN) from useRuntimeConfig() instead of mixing
direct process.env reads with a JWT-only special case. Mongoose and the six
Resend instantiations follow suit. Either bare or NUXT_-prefixed env names
are accepted, so Dokploy no longer needs duplicate entries.
 2026-04-26 14:47:02 +01:00
Jennie Robinson Faber
1083a1d260 chore(docker): bump node 20 → 22 
Silences oidc-provider's "Unsupported runtime" warning on every boot.
 2026-04-26 14:46:55 +01:00
10 changed files with 19 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Dockerfile
View file

@ -1,5 +1,5 @@
# Build stage # Build stage
FROM node:20-alpine AS builder FROM node:22-alpine AS builder
WORKDIR /app WORKDIR /app
COPY package*.json ./ COPY package*.json ./
@ -10,7 +10,7 @@ RUN npm run build
# Production stage — only the self-contained .output is needed. # Production stage — only the self-contained .output is needed.
# bash + curl are added so Dokploy scheduled tasks (which wrap commands in # bash + curl are added so Dokploy scheduled tasks (which wrap commands in
# `bash -c "..."`) can run; alpine ships only ash and has no curl by default. # `bash -c "..."`) can run; alpine ships only ash and has no curl by default.
FROM node:20-alpine FROM node:22-alpine
RUN apk add --no-cache bash curl RUN apk add --no-cache bash curl
WORKDIR /app WORKDIR /app
COPY --from=builder /app/.output .output COPY --from=builder /app/.output .output

3
nuxt.config.ts
View file

@ -91,8 +91,7 @@ export default defineNuxtConfig({
}, },
runtimeConfig: { runtimeConfig: {
// Private keys (server-side only) // Private keys (server-side only)
mongodbUri: mongodbUri: process.env.MONGODB_URI || "",
process.env.MONGODB_URI || "mongodb://localhost:27017/ghostguild",
jwtSecret: process.env.JWT_SECRET || "", jwtSecret: process.env.JWT_SECRET || "",
resendApiKey: process.env.RESEND_API_KEY || "", resendApiKey: process.env.RESEND_API_KEY || "",
helcimApiToken: process.env.HELCIM_API_TOKEN || "", helcimApiToken: process.env.HELCIM_API_TOKEN || "",

2
server/api/admin/members/invite.post.js
View file

@ -4,7 +4,7 @@ import { Resend } from 'resend'
import Member from '../../../models/member.js' import Member from '../../../models/member.js'
import { connectDB } from '../../../utils/mongoose.js' import { connectDB } from '../../../utils/mongoose.js'
const resend = new Resend(process.env.RESEND_API_KEY) const resend = new Resend(useRuntimeConfig().resendApiKey)
export default defineEventHandler(async (event) => { export default defineEventHandler(async (event) => {
await requireAdmin(event) await requireAdmin(event)

2
server/api/admin/pre-registrants/invite.post.js
View file

@ -4,7 +4,7 @@ import { Resend } from 'resend'
import PreRegistration from '../../../models/preRegistration.js' import PreRegistration from '../../../models/preRegistration.js'
import { connectDB } from '../../../utils/mongoose.js' import { connectDB } from '../../../utils/mongoose.js'
const resend = new Resend(process.env.RESEND_API_KEY) const resend = new Resend(useRuntimeConfig().resendApiKey)
export default defineEventHandler(async (event) => { export default defineEventHandler(async (event) => {
await requireAdmin(event) await requireAdmin(event)

24
server/plugins/validate-env.js
View file

@ -1,23 +1,17 @@
export default defineNitroPlugin(() => { export default defineNitroPlugin(() => {
const required = [ const config = useRuntimeConfig()
'MONGODB_URI', const checks = {
'JWT_SECRET', MONGODB_URI: config.mongodbUri,
'RESEND_API_KEY', JWT_SECRET: config.jwtSecret,
'HELCIM_API_TOKEN', RESEND_API_KEY: config.resendApiKey,
] HELCIM_API_TOKEN: config.helcimApiToken,
}
const missing = required.filter((key) => { const missing = Object.entries(checks).filter(([, value]) => !value).map(([key]) => key)
// Check both process.env and runtime config where applicable
if (key === 'JWT_SECRET') {
const config = useRuntimeConfig()
return !config.jwtSecret
}
return !process.env[key]
})
if (missing.length > 0) { if (missing.length > 0) {
console.error(`FATAL: Missing required environment variables: ${missing.join(', ')}`) console.error(`FATAL: Missing required environment variables: ${missing.join(', ')}`)
console.error('Set these in your .env file or environment variables.') console.error('Set these (or their NUXT_-prefixed equivalents) in your .env file or environment variables.')
process.exit(1) process.exit(1)
} }
}) })

2
server/routes/oidc/interaction/login.post.ts
View file

@ -12,7 +12,7 @@ import { Resend } from "resend";
import Member from "../../../models/member.js"; import Member from "../../../models/member.js";
import { connectDB } from "../../../utils/mongoose.js"; import { connectDB } from "../../../utils/mongoose.js";
const resend = new Resend(process.env.RESEND_API_KEY); const resend = new Resend(useRuntimeConfig().resendApiKey);
export default defineEventHandler(async (event) => { export default defineEventHandler(async (event) => {
await connectDB(); await connectDB();

2
server/utils/magicLink.js
View file

@ -6,7 +6,7 @@ import { randomUUID } from 'crypto'
import { Resend } from 'resend' import { Resend } from 'resend'
import Member from '../models/member.js' import Member from '../models/member.js'
const resend = new Resend(process.env.RESEND_API_KEY) const resend = new Resend(useRuntimeConfig().resendApiKey)
/** /**
* Issue a 15-minute magic-link JWT for `email` and email it. * Issue a 15-minute magic-link JWT for `email` and email it.

2
server/utils/mongoose.js
View file

@ -7,7 +7,7 @@ export const connectDB = async () => {
return; return;
} }
const MONGODB_URI = process.env.NUXT_MONGODB_URI || process.env.MONGODB_URI || 'mongodb://localhost:27017/ghostguild'; const MONGODB_URI = useRuntimeConfig().mongodbUri;
try { try {
await mongoose.connect(MONGODB_URI, { await mongoose.connect(MONGODB_URI, {

2
server/utils/payments.js
View file

@ -2,7 +2,7 @@ import { Resend } from 'resend'
import Payment from '../models/payment.js' import Payment from '../models/payment.js'
import { paymentConfirmationEmail } from '../emails/paymentConfirmation.js' import { paymentConfirmationEmail } from '../emails/paymentConfirmation.js'
const resend = new Resend(process.env.RESEND_API_KEY) const resend = new Resend(useRuntimeConfig().resendApiKey)
function mapStatus(helcimStatus) { function mapStatus(helcimStatus) {
if (helcimStatus === 'paid') return 'success' if (helcimStatus === 'paid') return 'success'

2
server/utils/resend.js
View file

@ -1,6 +1,6 @@
import { Resend } from "resend"; import { Resend } from "resend";
const resend = new Resend(process.env.RESEND_API_KEY); const resend = new Resend(useRuntimeConfig().resendApiKey);
/** /**
* Send event registration confirmation email * Send event registration confirmation email