Compare commits

..

6 Commits

10 changed files with 292 additions and 9 deletions

85
Jenkinsfile vendored Normal file
View File

@@ -0,0 +1,85 @@
pipeline {
agent any
environment {
REGISTRY_IMAGE = "plesk-agency-portal"
IMAGE_LATEST = "${REGISTRY_IMAGE}:latest"
IMAGE_BUILD = "${REGISTRY_IMAGE}:build-${BUILD_NUMBER}"
}
stages {
stage('Checkout') {
steps {
checkout scm
}
}
stage('Install dependencies') {
steps {
sh 'npm ci'
}
}
// stage('Lint') {
// steps {
// script {
// def hasLint = sh(script: "node -e \"const fs=require('fs');const p=require('./package.json');process.exit(p?.scripts?.lint?0:1)\"", returnStatus: true)
// if (hasLint == 0) {
// sh 'npm run lint'
// } else {
// echo 'No lint script configured; skipping lint stage.'
// }
// }
// }
// }
stage('Build application') {
steps {
sh 'npm run build'
}
}
stage('Build Docker image') {
steps {
sh 'docker build -t ${IMAGE_LATEST} -t ${IMAGE_BUILD} .'
}
}
stage('Deploy') {
steps {
script {
if (!env.DEPLOY_SSH_CREDENTIAL_ID) {
error 'DEPLOY_SSH_CREDENTIAL_ID is required'
}
}
sshagent(credentials: ["${env.DEPLOY_SSH_CREDENTIAL_ID}"]) {
sh '''
set -euo pipefail
: "${DEPLOY_SSH_HOST:?Missing DEPLOY_SSH_HOST}"
: "${DEPLOY_SSH_USER:?Missing DEPLOY_SSH_USER}"
: "${DEPLOY_PATH:?Missing DEPLOY_PATH}"
rsync -az \
docker-compose.prod.yml \
scripts/deploy-prod.sh \
scripts/smoke-check.sh \
scripts/rollback-prod.sh \
${DEPLOY_SSH_USER}@${DEPLOY_SSH_HOST}:${DEPLOY_PATH}/
docker save ${IMAGE_LATEST} ${IMAGE_BUILD} \
| ssh ${DEPLOY_SSH_USER}@${DEPLOY_SSH_HOST} 'docker load'
ssh ${DEPLOY_SSH_USER}@${DEPLOY_SSH_HOST} \
"chmod +x ${DEPLOY_PATH}/deploy-prod.sh ${DEPLOY_PATH}/smoke-check.sh ${DEPLOY_PATH}/rollback-prod.sh && APP_IMAGE='${IMAGE_BUILD}' DEPLOY_PATH='${DEPLOY_PATH}' ${DEPLOY_PATH}/deploy-prod.sh"
'''
}
}
}
stage('Smoke check') {
steps {
sh 'chmod +x scripts/smoke-check.sh && scripts/smoke-check.sh ${APP_BASE_URL}'
}
}
}
}

View File

@@ -9,7 +9,7 @@ export async function POST(req: Request) {
try { try {
const secret = req.headers.get("x-cron-secret"); const secret = req.headers.get("x-cron-secret");
if (!env.cronSecret || !secret || secret !== env.cronSecret) { if (!env.cronSharedSecret || !secret || secret !== env.cronSharedSecret) {
return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
} }

View File

@@ -9,7 +9,7 @@ export async function POST(req: Request) {
try { try {
const secret = req.headers.get("x-cron-secret"); const secret = req.headers.get("x-cron-secret");
if (!env.cronSecret || !secret || secret !== env.cronSecret) { if (!env.cronSharedSecret || !secret || secret !== env.cronSharedSecret) {
return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
} }

View File

@@ -2,12 +2,18 @@ import { createRouteHandlerClient } from "@supabase/auth-helpers-nextjs";
import { NextResponse } from "next/server"; import { NextResponse } from "next/server";
import { cookies } from "next/headers"; import { cookies } from "next/headers";
import { env } from "@/lib/env";
import type { Database } from "@/lib/types"; import type { Database } from "@/lib/types";
export async function GET(request: Request) { export async function GET(request: Request) {
const requestUrl = new URL(request.url); const requestUrl = new URL(request.url);
const code = requestUrl.searchParams.get("code"); const code = requestUrl.searchParams.get("code");
const next = requestUrl.searchParams.get("next") ?? "/dashboard"; const nextParam = requestUrl.searchParams.get("next");
const next =
nextParam && nextParam.startsWith("/") && !nextParam.startsWith("//")
? nextParam
: "/dashboard";
const redirectOrigin = env.appOrigin || requestUrl.origin;
if (code) { if (code) {
const supabase = createRouteHandlerClient<Database>({ cookies }); const supabase = createRouteHandlerClient<Database>({ cookies });
@@ -15,18 +21,16 @@ export async function GET(request: Request) {
if (error) { if (error) {
console.error(error); console.error(error);
return NextResponse.redirect( return NextResponse.redirect(
new URL(`/login?authError=1`, requestUrl.origin), new URL(`/login?authError=1`, redirectOrigin),
); );
} }
const { const {
data: { user }, data: { user },
} = await supabase.auth.getUser(); } = await supabase.auth.getUser();
if (!user) { if (!user) {
return NextResponse.redirect( return NextResponse.redirect(new URL(`/login?noUser=1`, redirectOrigin));
new URL(`/login?noUser=1`, requestUrl.origin),
);
} }
} }
return NextResponse.redirect(new URL(next, requestUrl.origin)); return NextResponse.redirect(new URL(next, redirectOrigin));
} }

View File

@@ -1,6 +1,7 @@
services: services:
web: web:
container_name: plesk-agency-portal container_name: plesk-agency-portal
image: ${APP_IMAGE:-plesk-agency-portal:latest}
build: build:
context: . context: .
dockerfile: Dockerfile dockerfile: Dockerfile

View File

@@ -56,3 +56,94 @@ Before deploying, set production-safe values in `.env` (using `.env.example` as
- cron/job shared secrets - cron/job shared secrets
Keep secrets out of source control. Keep secrets out of source control.
## Reverse proxy assumptions (Nginx Proxy Manager)
This app is expected to run behind a reverse proxy in production.
- TLS is terminated at the proxy.
- Proxy forwards standard host/protocol headers (`Host`, `X-Forwarded-Proto`, `X-Forwarded-Host`).
- Public origin is configured explicitly with `NEXT_PUBLIC_APP_URL`.
To keep callback behavior stable behind proxy layers, auth redirect responses use the configured application origin from environment configuration rather than relying only on request host detection.
## Callback URL expectations
- `NEXT_PUBLIC_APP_URL` must be set to the public HTTPS URL used by users.
- Supabase auth redirect/callback configuration must allow:
- `<NEXT_PUBLIC_APP_URL>/auth/callback`
The callback route also validates the `next` parameter as an internal path to prevent unsafe external redirects.
## Cron protection expectations
Operational cron endpoints are protected with a shared secret.
- Required header: `x-cron-secret`
- Server secret source: `CRON_SHARED_SECRET`
- Backward compatibility fallback: `CRON_SECRET`
For new production setups, set `CRON_SHARED_SECRET` and use that value for all cron callers.
## Jenkins pipeline flow
The repository includes a declarative `Jenkinsfile` with the following stages:
1. **Checkout**
2. **Install dependencies** (`npm ci`)
3. **Lint** (runs only when `package.json` contains a `lint` script)
4. **Build application** (`npm run build`)
5. **Build Docker image** (tags `latest` and `build-${BUILD_NUMBER}`)
6. **Deploy** over SSH to the app host
7. **Smoke check** against `/api/health`
## Required Jenkins configuration
Configure these values in Jenkins job/folder/global environment or credentials-backed environment variables:
- `DEPLOY_SSH_HOST` - remote app host
- `DEPLOY_SSH_USER` - SSH user on remote host
- `DEPLOY_SSH_CREDENTIAL_ID` - Jenkins SSH Agent credential ID
- `DEPLOY_PATH` - remote deployment path (for example `/opt/plesk-agency-portal`)
- `APP_BASE_URL` - externally reachable app URL used by smoke check
The pipeline assumes Jenkins credentials are managed outside this repository.
## Deploy flow
Deployment is intentionally simple and bash-based:
1. Jenkins builds Docker image tags locally.
2. Jenkins syncs deployment files (`docker-compose.prod.yml`, deploy/smoke/rollback scripts) to the remote deploy path.
3. Jenkins streams Docker images to the remote host (`docker save | ssh docker load`).
4. Jenkins runs `scripts/deploy-prod.sh` remotely.
5. Script applies the selected image tag via:
```bash
APP_IMAGE=<tag> docker compose -f docker-compose.prod.yml up -d --no-build
```
6. Script prints `docker compose ps` status.
## Rollback flow
Rollback uses `scripts/rollback-prod.sh` with a previously built image tag:
```bash
DEPLOY_PATH=/opt/plesk-agency-portal \
APP_BASE_URL=https://your-app.example.com \
scripts/rollback-prod.sh plesk-agency-portal:build-123
```
Rollback redeploys that image with compose, then immediately reruns smoke checks.
## Smoke check behavior
`scripts/smoke-check.sh`:
- accepts a base URL argument
- requests `${BASE_URL}/api/health`
- fails on non-200 responses
- fails on invalid JSON or missing expected fields (`ok: true`, `service` string)
This gives a quick post-deploy validation gate for both deploy and rollback operations.

View File

@@ -3,6 +3,18 @@ const requiredEnvs = [
"NEXT_PUBLIC_SUPABASE_ANON_KEY", "NEXT_PUBLIC_SUPABASE_ANON_KEY",
] as const; ] as const;
const configuredAppUrl = process.env.NEXT_PUBLIC_APP_URL?.trim();
function getAppOrigin() {
if (!configuredAppUrl) return "http://localhost:3000";
try {
return new URL(configuredAppUrl).origin;
} catch {
return "http://localhost:3000";
}
}
for (const key of requiredEnvs) { for (const key of requiredEnvs) {
if (!process.env[key]) { if (!process.env[key]) {
// Keep as runtime warning for smoother local setup. // Keep as runtime warning for smoother local setup.
@@ -12,9 +24,12 @@ for (const key of requiredEnvs) {
} }
export const env = { export const env = {
appUrl: process.env.NEXT_PUBLIC_APP_URL ?? "http://localhost:3000", appUrl: configuredAppUrl ?? "http://localhost:3000",
appOrigin: getAppOrigin(),
jobSecret: process.env.JOB_SECRET ?? "", jobSecret: process.env.JOB_SECRET ?? "",
cronSecret: process.env.CRON_SECRET ?? "", cronSecret: process.env.CRON_SECRET ?? "",
cronSharedSecret:
process.env.CRON_SHARED_SECRET ?? process.env.CRON_SECRET ?? "",
encryptionKey: process.env.ENCRYPTION_KEY ?? "", encryptionKey: process.env.ENCRYPTION_KEY ?? "",
pleskCredEncKey: process.env.PLESK_CRED_ENC_KEY ?? "", pleskCredEncKey: process.env.PLESK_CRED_ENC_KEY ?? "",
stripeSecretKey: process.env.STRIPE_SECRET_KEY ?? "", stripeSecretKey: process.env.STRIPE_SECRET_KEY ?? "",

30
scripts/deploy-prod.sh Executable file
View File

@@ -0,0 +1,30 @@
#!/usr/bin/env bash
set -euo pipefail
DEPLOY_PATH="${DEPLOY_PATH:-/opt/plesk-agency-portal}"
APP_IMAGE="${APP_IMAGE:-plesk-agency-portal:latest}"
SOURCE_PATH="${SOURCE_PATH:-${DEPLOY_PATH}}"
mkdir -p "${DEPLOY_PATH}"
for file in docker-compose.prod.yml deploy-prod.sh smoke-check.sh rollback-prod.sh; do
if [ -f "${SOURCE_PATH}/${file}" ]; then
cp "${SOURCE_PATH}/${file}" "${DEPLOY_PATH}/${file}"
fi
done
chmod +x "${DEPLOY_PATH}/deploy-prod.sh" \
"${DEPLOY_PATH}/smoke-check.sh" \
"${DEPLOY_PATH}/rollback-prod.sh" 2>/dev/null || true
if [ ! -f "${DEPLOY_PATH}/docker-compose.prod.yml" ]; then
echo "Missing docker-compose.prod.yml in ${DEPLOY_PATH}" >&2
exit 1
fi
cd "${DEPLOY_PATH}"
APP_IMAGE="${APP_IMAGE}" docker compose -f docker-compose.prod.yml up -d --no-build
docker compose -f docker-compose.prod.yml ps

30
scripts/rollback-prod.sh Executable file
View File

@@ -0,0 +1,30 @@
#!/usr/bin/env bash
set -euo pipefail
PREVIOUS_IMAGE_TAG="${1:-}"
DEPLOY_PATH="${DEPLOY_PATH:-/opt/plesk-agency-portal}"
APP_BASE_URL="${APP_BASE_URL:-}"
if [ -z "${PREVIOUS_IMAGE_TAG}" ]; then
echo "Usage: $0 <previous-image-tag>" >&2
exit 1
fi
if [ -z "${APP_BASE_URL}" ]; then
echo "APP_BASE_URL is required" >&2
exit 1
fi
if [ ! -f "${DEPLOY_PATH}/docker-compose.prod.yml" ]; then
echo "Missing docker-compose.prod.yml in ${DEPLOY_PATH}" >&2
exit 1
fi
cd "${DEPLOY_PATH}"
APP_IMAGE="${PREVIOUS_IMAGE_TAG}" docker compose -f docker-compose.prod.yml up -d --no-build
"${DEPLOY_PATH}/smoke-check.sh" "${APP_BASE_URL}"
docker compose -f docker-compose.prod.yml ps

27
scripts/smoke-check.sh Executable file
View File

@@ -0,0 +1,27 @@
#!/usr/bin/env bash
set -euo pipefail
BASE_URL="${1:-}"
if [ -z "${BASE_URL}" ]; then
echo "Usage: $0 <base-url>" >&2
exit 1
fi
URL="${BASE_URL%/}/api/health"
TMP_FILE="$(mktemp)"
trap 'rm -f "${TMP_FILE}"' EXIT
HTTP_CODE=$(curl -sS -o "${TMP_FILE}" -w "%{http_code}" "${URL}")
if [ "${HTTP_CODE}" != "200" ]; then
echo "Smoke check failed: ${URL} returned ${HTTP_CODE}" >&2
cat "${TMP_FILE}" >&2 || true
exit 1
fi
node -e "const fs=require('fs');const d=JSON.parse(fs.readFileSync(process.argv[1],'utf8'));if(d?.ok!==true||typeof d?.service!=='string'){process.exit(1)}" "${TMP_FILE}"
echo "Smoke check passed: ${URL}"