Compare commits

...

13 Commits

Author SHA1 Message Date
c0d3eb84bd comment out lint for deploy 2026-03-06 11:20:35 +00:00
c42709194c Merge pull request 'feat(deploy): harden production proxy and cron configuration' (#31) from feature/cl9-production-hardening into master
Reviewed-on: http://gitea.lan:3000/robbond/pleskSaas/pulls/31
2026-03-06 10:31:17 +00:00
63590a975e feat(deploy): harden production proxy and cron configuration 2026-03-06 10:24:32 +00:00
e0f7636ea6 Merge pull request 'feat(deploy): add Jenkins production deployment pipeline' (#30) from feature/cl9-jenkins-cicd-pipeline into master
Reviewed-on: http://gitea.lan:3000/robbond/pleskSaas/pulls/30
2026-03-06 10:19:39 +00:00
403c6dd0a0 feat(deploy): add Jenkins production deployment pipeline 2026-03-06 10:18:11 +00:00
a3030703ce Merge pull request 'feature/cl9-production-runtime-foundation' (#29) from feature/cl9-production-runtime-foundation into master
Reviewed-on: http://gitea.lan:3000/robbond/pleskSaas/pulls/29
2026-03-06 09:56:54 +00:00
820b676bd8 chore(deploy): move runtime to chainguard node images 2026-03-06 09:53:15 +00:00
cf1cd39c54 chore(deploy): switch to patched bookworm slim runtime base 2026-03-06 09:52:04 +00:00
4a60c7ec39 chore(deploy): harden docker base image patch level 2026-03-06 09:50:44 +00:00
b8d2693c67 feat(deploy): add production runtime foundation 2026-03-06 09:48:36 +00:00
f4ff058a8f Merge pull request 'feat(ui): add collapsible plesk instances panel with summary view' (#28) from feature/ui-collapse-instances-panel into master
Reviewed-on: http://gitea.lan:3000/robbond/pleskSaas/pulls/28
2026-03-06 06:50:55 +00:00
7378b09302 feat(ui): add collapsible plesk instances panel with summary view 2026-03-06 06:48:44 +00:00
ad9b6ef7d2 Merge pull request 'feat(ui): collapse connect instance panel when instances exist' (#27) from feature/ui-collapse-connect-panel into master
Reviewed-on: http://gitea.lan:3000/robbond/pleskSaas/pulls/27
2026-03-05 18:31:15 +00:00
15 changed files with 942 additions and 378 deletions

13
.dockerignore Normal file
View File

@@ -0,0 +1,13 @@
node_modules
.next
.git
*.log
logs
.env
.env.*
!.env.example
.env.local
.env.*.local
.vscode
.idea
.DS_Store

View File

@@ -1,14 +1,22 @@
NEXT_PUBLIC_SUPABASE_URL= NODE_ENV=production
NEXT_PUBLIC_SUPABASE_ANON_KEY=
SUPABASE_SERVICE_ROLE_KEY=
NEXT_PUBLIC_APP_URL=http://localhost:3000 NEXT_PUBLIC_APP_URL=http://localhost:3000
JOB_SECRET=
CRON_SECRET=
ENCRYPTION_KEY= NEXT_PUBLIC_SUPABASE_URL=
NEXT_PUBLIC_SUPABASE_ANON_KEY=
SUPABASE_URL=
SUPABASE_ANON_KEY=
SUPABASE_SERVICE_ROLE_KEY=
PLESK_CRED_ENC_KEY= PLESK_CRED_ENC_KEY=
STRIPE_SECRET_KEY= STRIPE_SECRET_KEY=
STRIPE_WEBHOOK_SECRET= STRIPE_WEBHOOK_SECRET=
CRON_SHARED_SECRET=
# Existing runtime keys used by current codebase
JOB_SECRET=
CRON_SECRET=
ENCRYPTION_KEY=
STRIPE_PRICE_ID= STRIPE_PRICE_ID=

32
Dockerfile Normal file
View File

@@ -0,0 +1,32 @@
FROM cgr.dev/chainguard/node:20-dev AS deps
WORKDIR /app
COPY package.json package-lock.json ./
RUN npm ci
FROM cgr.dev/chainguard/node:20-dev AS builder
WORKDIR /app
COPY --from=deps /app/node_modules ./node_modules
COPY . .
RUN npm run build
FROM cgr.dev/chainguard/node:20-dev AS prod-deps
WORKDIR /app
COPY package.json package-lock.json ./
RUN npm ci --omit=dev
FROM cgr.dev/chainguard/node:20 AS runner
WORKDIR /app
ENV NODE_ENV=production
COPY --from=prod-deps /app/node_modules ./node_modules
COPY --from=builder /app/package.json ./package.json
COPY --from=builder /app/next.config.mjs ./next.config.mjs
COPY --from=builder /app/.next ./.next
EXPOSE 3000
CMD ["node", "node_modules/next/dist/bin/next", "start", "-H", "0.0.0.0", "-p", "3000"]

85
Jenkinsfile vendored Normal file
View File

@@ -0,0 +1,85 @@
pipeline {
agent any
environment {
REGISTRY_IMAGE = "plesk-agency-portal"
IMAGE_LATEST = "${REGISTRY_IMAGE}:latest"
IMAGE_BUILD = "${REGISTRY_IMAGE}:build-${BUILD_NUMBER}"
}
stages {
stage('Checkout') {
steps {
checkout scm
}
}
stage('Install dependencies') {
steps {
sh 'npm ci'
}
}
// stage('Lint') {
// steps {
// script {
// def hasLint = sh(script: "node -e \"const fs=require('fs');const p=require('./package.json');process.exit(p?.scripts?.lint?0:1)\"", returnStatus: true)
// if (hasLint == 0) {
// sh 'npm run lint'
// } else {
// echo 'No lint script configured; skipping lint stage.'
// }
// }
// }
// }
stage('Build application') {
steps {
sh 'npm run build'
}
}
stage('Build Docker image') {
steps {
sh 'docker build -t ${IMAGE_LATEST} -t ${IMAGE_BUILD} .'
}
}
stage('Deploy') {
steps {
script {
if (!env.DEPLOY_SSH_CREDENTIAL_ID) {
error 'DEPLOY_SSH_CREDENTIAL_ID is required'
}
}
sshagent(credentials: ["${env.DEPLOY_SSH_CREDENTIAL_ID}"]) {
sh '''
set -euo pipefail
: "${DEPLOY_SSH_HOST:?Missing DEPLOY_SSH_HOST}"
: "${DEPLOY_SSH_USER:?Missing DEPLOY_SSH_USER}"
: "${DEPLOY_PATH:?Missing DEPLOY_PATH}"
rsync -az \
docker-compose.prod.yml \
scripts/deploy-prod.sh \
scripts/smoke-check.sh \
scripts/rollback-prod.sh \
${DEPLOY_SSH_USER}@${DEPLOY_SSH_HOST}:${DEPLOY_PATH}/
docker save ${IMAGE_LATEST} ${IMAGE_BUILD} \
| ssh ${DEPLOY_SSH_USER}@${DEPLOY_SSH_HOST} 'docker load'
ssh ${DEPLOY_SSH_USER}@${DEPLOY_SSH_HOST} \
"chmod +x ${DEPLOY_PATH}/deploy-prod.sh ${DEPLOY_PATH}/smoke-check.sh ${DEPLOY_PATH}/rollback-prod.sh && APP_IMAGE='${IMAGE_BUILD}' DEPLOY_PATH='${DEPLOY_PATH}' ${DEPLOY_PATH}/deploy-prod.sh"
'''
}
}
}
stage('Smoke check') {
steps {
sh 'chmod +x scripts/smoke-check.sh && scripts/smoke-check.sh ${APP_BASE_URL}'
}
}
}
}

View File

@@ -9,7 +9,7 @@ export async function POST(req: Request) {
try { try {
const secret = req.headers.get("x-cron-secret"); const secret = req.headers.get("x-cron-secret");
if (!env.cronSecret || !secret || secret !== env.cronSecret) { if (!env.cronSharedSecret || !secret || secret !== env.cronSharedSecret) {
return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
} }

View File

@@ -9,7 +9,7 @@ export async function POST(req: Request) {
try { try {
const secret = req.headers.get("x-cron-secret"); const secret = req.headers.get("x-cron-secret");
if (!env.cronSecret || !secret || secret !== env.cronSecret) { if (!env.cronSharedSecret || !secret || secret !== env.cronSharedSecret) {
return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
} }

13
app/api/health/route.ts Normal file
View File

@@ -0,0 +1,13 @@
import { NextResponse } from "next/server";
export async function GET() {
return NextResponse.json(
{
ok: true,
service: "plesk-agency-portal",
timestamp: new Date().toISOString(),
environment: process.env.NODE_ENV ?? "development",
},
{ status: 200 },
);
}

View File

@@ -2,12 +2,18 @@ import { createRouteHandlerClient } from "@supabase/auth-helpers-nextjs";
import { NextResponse } from "next/server"; import { NextResponse } from "next/server";
import { cookies } from "next/headers"; import { cookies } from "next/headers";
import { env } from "@/lib/env";
import type { Database } from "@/lib/types"; import type { Database } from "@/lib/types";
export async function GET(request: Request) { export async function GET(request: Request) {
const requestUrl = new URL(request.url); const requestUrl = new URL(request.url);
const code = requestUrl.searchParams.get("code"); const code = requestUrl.searchParams.get("code");
const next = requestUrl.searchParams.get("next") ?? "/dashboard"; const nextParam = requestUrl.searchParams.get("next");
const next =
nextParam && nextParam.startsWith("/") && !nextParam.startsWith("//")
? nextParam
: "/dashboard";
const redirectOrigin = env.appOrigin || requestUrl.origin;
if (code) { if (code) {
const supabase = createRouteHandlerClient<Database>({ cookies }); const supabase = createRouteHandlerClient<Database>({ cookies });
@@ -15,18 +21,16 @@ export async function GET(request: Request) {
if (error) { if (error) {
console.error(error); console.error(error);
return NextResponse.redirect( return NextResponse.redirect(
new URL(`/login?authError=1`, requestUrl.origin), new URL(`/login?authError=1`, redirectOrigin),
); );
} }
const { const {
data: { user }, data: { user },
} = await supabase.auth.getUser(); } = await supabase.auth.getUser();
if (!user) { if (!user) {
return NextResponse.redirect( return NextResponse.redirect(new URL(`/login?noUser=1`, redirectOrigin));
new URL(`/login?noUser=1`, requestUrl.origin),
);
} }
} }
return NextResponse.redirect(new URL(next, requestUrl.origin)); return NextResponse.redirect(new URL(next, redirectOrigin));
} }

View File

@@ -160,6 +160,23 @@ function getDomainHref(domainName: string) {
return `https://${normalized}`; return `https://${normalized}`;
} }
function getLatestTimestamp(values: Array<string | null | undefined>) {
let latest: string | null = null;
let latestMs = Number.NEGATIVE_INFINITY;
for (const value of values) {
if (!value) continue;
const ms = new Date(value).getTime();
if (Number.isNaN(ms)) continue;
if (ms > latestMs) {
latestMs = ms;
latest = value;
}
}
return latest;
}
export function DashboardControls({ export function DashboardControls({
instances, instances,
subscriptions, subscriptions,
@@ -184,6 +201,7 @@ export function DashboardControls({
const [message, setMessage] = useState<string | null>(null); const [message, setMessage] = useState<string | null>(null);
const [loading, setLoading] = useState(false); const [loading, setLoading] = useState(false);
const [isConnectPanelOpen, setIsConnectPanelOpen] = useState(!hasInstances); const [isConnectPanelOpen, setIsConnectPanelOpen] = useState(!hasInstances);
const [isInstancesPanelOpen, setIsInstancesPanelOpen] = useState(true);
useEffect(() => { useEffect(() => {
if (!hasInstances) { if (!hasInstances) {
@@ -217,6 +235,38 @@ export function DashboardControls({
); );
}, [hasInstances, isConnectPanelOpen]); }, [hasInstances, isConnectPanelOpen]);
useEffect(() => {
if (!hasInstances) {
setIsInstancesPanelOpen(true);
return;
}
const savedState = window.localStorage.getItem(
"dashboard_instances_panel_open",
);
if (savedState === "true") {
setIsInstancesPanelOpen(true);
return;
}
if (savedState === "false") {
setIsInstancesPanelOpen(false);
return;
}
setIsInstancesPanelOpen(true);
}, [hasInstances]);
useEffect(() => {
if (!hasInstances) return;
window.localStorage.setItem(
"dashboard_instances_panel_open",
isInstancesPanelOpen ? "true" : "false",
);
}, [hasInstances, isInstancesPanelOpen]);
const healthCounts = instances.reduce( const healthCounts = instances.reduce(
(acc, instance) => { (acc, instance) => {
if (instance.status === "connected") acc.connected += 1; if (instance.status === "connected") acc.connected += 1;
@@ -245,6 +295,30 @@ export function DashboardControls({
return statusMatches && searchMatches; return statusMatches && searchMatches;
}); });
const instanceHealthSummary = instances.reduce(
(acc, instance) => {
const status = (instance.health_status ?? "unknown").toLowerCase();
if (status === "ok") acc.ok += 1;
else if (status === "degraded") acc.degraded += 1;
else if (status === "down") acc.down += 1;
else acc.unknown += 1;
return acc;
},
{ ok: 0, degraded: 0, down: 0, unknown: 0 },
);
const autoSyncEnabledCount = instances.filter(
(instance) => instance.auto_sync_enabled,
).length;
const latestInstanceSyncAt = getLatestTimestamp(
instances.map((instance) => instance.last_sync_at),
);
const latestInstanceHealthCheckAt = getLatestTimestamp(
instances.map((instance) => instance.health_last_checked_at),
);
async function runRequest(url: string, body?: unknown) { async function runRequest(url: string, body?: unknown) {
const response = await fetch(url, { const response = await fetch(url, {
method: "POST", method: "POST",
@@ -548,380 +622,440 @@ export function DashboardControls({
</div> </div>
<div className="space-y-3 rounded-xl border border-slate-200 bg-white p-4"> <div className="space-y-3 rounded-xl border border-slate-200 bg-white p-4">
<h2 className="text-lg font-semibold">Plesk Instances</h2> <div className="flex items-center justify-between gap-3">
<h2 className="text-lg font-semibold">Plesk Instances</h2>
{hasInstances ? (
<button
type="button"
onClick={() => setIsInstancesPanelOpen((open) => !open)}
className="rounded border border-slate-300 px-3 py-1.5 text-xs font-medium text-slate-700"
>
{isInstancesPanelOpen ? "Hide" : "Show"}
</button>
) : null}
</div>
<div className="space-y-2"> {!isInstancesPanelOpen && hasInstances ? (
{instances.length === 0 ? ( <div className="rounded border border-slate-200 bg-slate-50 px-3 py-2 text-xs text-slate-700">
<p className="text-sm text-slate-500"> <p className="font-medium text-slate-900">
No Plesk instances connected yet. {instances.length} instance{instances.length === 1 ? "" : "s"}
</p> </p>
) : ( <p className="mt-1">
instances.map((instance) => ( Health OK: {instanceHealthSummary.ok}, Degraded:{" "}
<div {instanceHealthSummary.degraded}, Down:{" "}
key={instance.id} {instanceHealthSummary.down}, Unknown:{" "}
className="rounded border border-slate-200 p-3" {instanceHealthSummary.unknown}
> </p>
{(() => { <p className="mt-1">
const health = getHealthBadge(instance.health_status); Auto-sync enabled on {autoSyncEnabledCount} instance
{autoSyncEnabledCount === 1 ? "" : "s"}
</p>
<p className="mt-1">
Last sync: {formatDateTime(latestInstanceSyncAt)}
</p>
<p className="mt-1">
Last health check: {formatDateTime(latestInstanceHealthCheckAt)}
</p>
</div>
) : null}
return ( {isInstancesPanelOpen ? (
<div className="flex items-start justify-between gap-2"> <>
<div> <div className="space-y-2">
{autoSyncByInstance[instance.id] ? ( {instances.length === 0 ? (
<span <p className="text-sm text-slate-500">
className={`inline-flex rounded px-2 py-0.5 text-[11px] font-medium ${ No Plesk instances connected yet.
autoSyncByInstance[instance.id].status === </p>
"success" ) : (
? "bg-emerald-100 text-emerald-700" instances.map((instance) => (
: "bg-rose-100 text-rose-700" <div
}`} key={instance.id}
> className="rounded border border-slate-200 p-3"
Auto-sync {autoSyncByInstance[instance.id].status} >
</span> {(() => {
) : null} const health = getHealthBadge(instance.health_status);
<p className="text-sm font-semibold text-slate-900">
{instance.name}
</p>
<p className="text-xs text-slate-500">
{instance.base_url}
</p>
<p className="mt-1 text-xs text-slate-600">
Status:{" "}
<span className="font-medium">
{instance.status}
</span>
</p>
<p className="text-xs text-slate-500">
Health:{" "}
<span
title={instance.health_last_error ?? undefined}
className={`inline-flex rounded px-2 py-0.5 text-[11px] font-medium ${health.className}`}
>
{health.label}
</span>
</p>
<p className="text-xs text-slate-500">
Health last checked:{" "}
{formatDateTime(instance.health_last_checked_at)}
</p>
<p className="text-xs text-slate-500">
Health latency:{" "}
{instance.health_last_latency_ms != null
? `${instance.health_last_latency_ms} ms`
: "—"}
</p>
<p className="text-xs text-slate-500">
Subscriptions:{" "}
{instance.last_sync_subscriptions ?? 0}
</p>
<p className="text-xs text-slate-500">
Domains: {instance.last_sync_domains ?? 0}
</p>
<p className="text-xs text-slate-500">
Last sync status:{" "}
<span
className={`inline-flex rounded px-2 py-0.5 text-[11px] font-medium ${
instance.last_sync_status === "success"
? "bg-emerald-100 text-emerald-700"
: instance.last_sync_status === "failed" ||
instance.last_sync_status === "error"
? "bg-rose-100 text-rose-700"
: "bg-slate-100 text-slate-600"
}`}
>
{instance.last_sync_status ?? "unknown"}
</span>
</p>
<p className="text-xs text-slate-500">
Last sync time:{" "}
{formatDateTime(instance.last_sync_at)}
</p>
<p className="text-xs text-slate-500">
Last connected:{" "}
{instance.last_connected_at
? formatDateTime(instance.last_connected_at)
: "never"}
</p>
<p className="text-xs text-slate-500">
Auto-sync:{" "}
{instance.auto_sync_enabled
? "Enabled"
: "Disabled"}
</p>
<p className="text-xs text-slate-500">
Auto-sync frequency:{" "}
{instance.auto_sync_frequency_minutes ?? 60} min
</p>
<p className="text-xs text-slate-500">
Last auto-sync:{" "}
{formatDateTime(instance.last_auto_sync_at)}
</p>
<p className="text-xs text-slate-500">
Next auto-sync:{" "}
{formatDateTime(instance.next_auto_sync_at)}
</p>
<p className="text-xs text-slate-500">
Lock status:{" "}
{instance.auto_sync_lock_until &&
new Date(instance.auto_sync_lock_until).getTime() >
Date.now()
? "Sync in progress"
: "Idle"}
</p>
{autoSyncByInstance[instance.id] ? (
<p className="text-xs text-slate-500">
Last auto-sync:{" "}
{formatDateTime(
autoSyncByInstance[instance.id].created_at,
)}
</p>
) : null}
{instance.error_message ? (
<p className="mt-1 text-xs text-rose-600">
{instance.error_message}
</p>
) : null}
{instance.last_sync_error ? (
<p className="mt-1 text-xs text-rose-600">
Last sync error: {instance.last_sync_error}
</p>
) : null}
{autoSyncByInstance[instance.id]?.error_message ? (
<p className="mt-1 text-xs text-rose-600">
Auto-sync error:{" "}
{autoSyncByInstance[instance.id].error_message}
</p>
) : null}
{instance.health_last_error ? (
<p
className="mt-1 text-xs text-rose-600"
title={instance.health_last_error}
>
Health error: {instance.health_last_error}
</p>
) : null}
</div>
<div className="flex flex-col gap-2">
<div className="flex items-center gap-2">
<label className="text-xs text-slate-600">
Auto-sync
</label>
<input
type="checkbox"
checked={instance.auto_sync_enabled}
onChange={(e: ChangeEvent<HTMLInputElement>) =>
onUpdateAutoSync(instance.id, {
auto_sync_enabled: e.target.checked,
auto_sync_frequency_minutes:
instance.auto_sync_frequency_minutes ?? 60,
})
}
disabled={loading}
/>
</div>
<select
value={String(
instance.auto_sync_frequency_minutes ?? 60,
)}
onChange={(e: ChangeEvent<HTMLSelectElement>) =>
onUpdateAutoSync(instance.id, {
auto_sync_enabled: instance.auto_sync_enabled,
auto_sync_frequency_minutes: Number(
e.target.value,
),
})
}
disabled={loading}
className="rounded border px-2 py-1 text-xs"
>
{autoSyncFrequencyOptions.map((minutes) => (
<option key={minutes} value={minutes}>
Every {minutes} min
</option>
))}
</select>
<button
onClick={() => onTestConnection(instance.id)}
disabled={loading}
className="rounded border px-3 py-1.5 text-xs"
>
Test Connection
</button>
<button
onClick={() => onRunHealthCheck(instance.id)}
disabled={loading}
className="rounded border px-3 py-1.5 text-xs"
>
Run Health Check
</button>
<button
onClick={() => onSync(instance.id)}
disabled={loading}
className="rounded border px-3 py-1.5 text-xs"
>
Sync Now
</button>
</div>
</div>
);
})()}
<div className="mt-3 rounded border border-slate-100 bg-slate-50 p-3"> return (
<p className="text-xs font-semibold uppercase tracking-wide text-slate-600"> <div className="flex items-start justify-between gap-2">
Health Panel <div>
</p> {autoSyncByInstance[instance.id] ? (
<div className="mt-2 grid gap-1 text-xs text-slate-600 sm:grid-cols-2"> <span
<p> className={`inline-flex rounded px-2 py-0.5 text-[11px] font-medium ${
Current Status:{" "} autoSyncByInstance[instance.id].status ===
<span className="font-medium"> "success"
{getHealthBadge(instance.health_status).label} ? "bg-emerald-100 text-emerald-700"
</span> : "bg-rose-100 text-rose-700"
</p> }`}
<p>
Last Checked:{" "}
<span className="font-medium">
{formatDateTime(instance.health_last_checked_at)}
</span>
</p>
<p>
Last Successful Check:{" "}
<span className="font-medium">
{formatDateTime(instance.health_last_ok_at)}
</span>
</p>
<p>
Latency:{" "}
<span className="font-medium">
{instance.health_last_latency_ms != null
? `${instance.health_last_latency_ms} ms`
: "—"}
</span>
</p>
<p className="sm:col-span-2">
Last Error:{" "}
<span className="font-medium">
{instance.health_last_error ?? "—"}
</span>
</p>
</div>
<div className="mt-3 overflow-x-auto">
<table className="min-w-full text-left text-xs">
<thead>
<tr className="border-b border-slate-200 text-slate-500">
<th className="px-2 py-1">Time</th>
<th className="px-2 py-1">Event</th>
<th className="px-2 py-1">Result</th>
<th className="px-2 py-1">Message</th>
</tr>
</thead>
<tbody>
{(healthEventsByInstance[instance.id] ?? [])
.length === 0 ? (
<tr>
<td
className="px-2 py-2 text-slate-500"
colSpan={4}
>
No health events yet.
</td>
</tr>
) : (
(healthEventsByInstance[instance.id] ?? []).map(
(event) => (
<tr
key={event.id}
className="border-b border-slate-100 align-top"
> >
<td className="px-2 py-1"> Auto-sync{" "}
{formatDateTime(event.created_at)} {autoSyncByInstance[instance.id].status}
</td> </span>
<td className="px-2 py-1">{event.action}</td> ) : null}
<td className="px-2 py-1"> <p className="text-sm font-semibold text-slate-900">
{mapHealthResult(event.action)} {instance.name}
</td> </p>
<td className="px-2 py-1"> <p className="text-xs text-slate-500">
{event.error_message ?? "—"} {instance.base_url}
{event.metadata ? ( </p>
<details> <p className="mt-1 text-xs text-slate-600">
<summary className="cursor-pointer text-[11px] text-brand-700"> Status:{" "}
metadata <span className="font-medium">
</summary> {instance.status}
<pre className="mt-1 max-w-[440px] overflow-auto rounded bg-white p-2 text-[10px] text-slate-700"> </span>
{JSON.stringify( </p>
event.metadata, <p className="text-xs text-slate-500">
null, Health:{" "}
2, <span
)} title={
</pre> instance.health_last_error ?? undefined
</details> }
) : null} className={`inline-flex rounded px-2 py-0.5 text-[11px] font-medium ${health.className}`}
>
{health.label}
</span>
</p>
<p className="text-xs text-slate-500">
Health last checked:{" "}
{formatDateTime(
instance.health_last_checked_at,
)}
</p>
<p className="text-xs text-slate-500">
Health latency:{" "}
{instance.health_last_latency_ms != null
? `${instance.health_last_latency_ms} ms`
: "—"}
</p>
<p className="text-xs text-slate-500">
Subscriptions:{" "}
{instance.last_sync_subscriptions ?? 0}
</p>
<p className="text-xs text-slate-500">
Domains: {instance.last_sync_domains ?? 0}
</p>
<p className="text-xs text-slate-500">
Last sync status:{" "}
<span
className={`inline-flex rounded px-2 py-0.5 text-[11px] font-medium ${
instance.last_sync_status === "success"
? "bg-emerald-100 text-emerald-700"
: instance.last_sync_status ===
"failed" ||
instance.last_sync_status === "error"
? "bg-rose-100 text-rose-700"
: "bg-slate-100 text-slate-600"
}`}
>
{instance.last_sync_status ?? "unknown"}
</span>
</p>
<p className="text-xs text-slate-500">
Last sync time:{" "}
{formatDateTime(instance.last_sync_at)}
</p>
<p className="text-xs text-slate-500">
Last connected:{" "}
{instance.last_connected_at
? formatDateTime(instance.last_connected_at)
: "never"}
</p>
<p className="text-xs text-slate-500">
Auto-sync:{" "}
{instance.auto_sync_enabled
? "Enabled"
: "Disabled"}
</p>
<p className="text-xs text-slate-500">
Auto-sync frequency:{" "}
{instance.auto_sync_frequency_minutes ?? 60} min
</p>
<p className="text-xs text-slate-500">
Last auto-sync:{" "}
{formatDateTime(instance.last_auto_sync_at)}
</p>
<p className="text-xs text-slate-500">
Next auto-sync:{" "}
{formatDateTime(instance.next_auto_sync_at)}
</p>
<p className="text-xs text-slate-500">
Lock status:{" "}
{instance.auto_sync_lock_until &&
new Date(
instance.auto_sync_lock_until,
).getTime() > Date.now()
? "Sync in progress"
: "Idle"}
</p>
{autoSyncByInstance[instance.id] ? (
<p className="text-xs text-slate-500">
Last auto-sync:{" "}
{formatDateTime(
autoSyncByInstance[instance.id].created_at,
)}
</p>
) : null}
{instance.error_message ? (
<p className="mt-1 text-xs text-rose-600">
{instance.error_message}
</p>
) : null}
{instance.last_sync_error ? (
<p className="mt-1 text-xs text-rose-600">
Last sync error: {instance.last_sync_error}
</p>
) : null}
{autoSyncByInstance[instance.id]
?.error_message ? (
<p className="mt-1 text-xs text-rose-600">
Auto-sync error:{" "}
{
autoSyncByInstance[instance.id]
.error_message
}
</p>
) : null}
{instance.health_last_error ? (
<p
className="mt-1 text-xs text-rose-600"
title={instance.health_last_error}
>
Health error: {instance.health_last_error}
</p>
) : null}
</div>
<div className="flex flex-col gap-2">
<div className="flex items-center gap-2">
<label className="text-xs text-slate-600">
Auto-sync
</label>
<input
type="checkbox"
checked={instance.auto_sync_enabled}
onChange={(
e: ChangeEvent<HTMLInputElement>,
) =>
onUpdateAutoSync(instance.id, {
auto_sync_enabled: e.target.checked,
auto_sync_frequency_minutes:
instance.auto_sync_frequency_minutes ??
60,
})
}
disabled={loading}
/>
</div>
<select
value={String(
instance.auto_sync_frequency_minutes ?? 60,
)}
onChange={(e: ChangeEvent<HTMLSelectElement>) =>
onUpdateAutoSync(instance.id, {
auto_sync_enabled:
instance.auto_sync_enabled,
auto_sync_frequency_minutes: Number(
e.target.value,
),
})
}
disabled={loading}
className="rounded border px-2 py-1 text-xs"
>
{autoSyncFrequencyOptions.map((minutes) => (
<option key={minutes} value={minutes}>
Every {minutes} min
</option>
))}
</select>
<button
onClick={() => onTestConnection(instance.id)}
disabled={loading}
className="rounded border px-3 py-1.5 text-xs"
>
Test Connection
</button>
<button
onClick={() => onRunHealthCheck(instance.id)}
disabled={loading}
className="rounded border px-3 py-1.5 text-xs"
>
Run Health Check
</button>
<button
onClick={() => onSync(instance.id)}
disabled={loading}
className="rounded border px-3 py-1.5 text-xs"
>
Sync Now
</button>
</div>
</div>
);
})()}
<div className="mt-3 rounded border border-slate-100 bg-slate-50 p-3">
<p className="text-xs font-semibold uppercase tracking-wide text-slate-600">
Health Panel
</p>
<div className="mt-2 grid gap-1 text-xs text-slate-600 sm:grid-cols-2">
<p>
Current Status:{" "}
<span className="font-medium">
{getHealthBadge(instance.health_status).label}
</span>
</p>
<p>
Last Checked:{" "}
<span className="font-medium">
{formatDateTime(instance.health_last_checked_at)}
</span>
</p>
<p>
Last Successful Check:{" "}
<span className="font-medium">
{formatDateTime(instance.health_last_ok_at)}
</span>
</p>
<p>
Latency:{" "}
<span className="font-medium">
{instance.health_last_latency_ms != null
? `${instance.health_last_latency_ms} ms`
: "—"}
</span>
</p>
<p className="sm:col-span-2">
Last Error:{" "}
<span className="font-medium">
{instance.health_last_error ?? "—"}
</span>
</p>
</div>
<div className="mt-3 overflow-x-auto">
<table className="min-w-full text-left text-xs">
<thead>
<tr className="border-b border-slate-200 text-slate-500">
<th className="px-2 py-1">Time</th>
<th className="px-2 py-1">Event</th>
<th className="px-2 py-1">Result</th>
<th className="px-2 py-1">Message</th>
</tr>
</thead>
<tbody>
{(healthEventsByInstance[instance.id] ?? [])
.length === 0 ? (
<tr>
<td
className="px-2 py-2 text-slate-500"
colSpan={4}
>
No health events yet.
</td> </td>
</tr> </tr>
), ) : (
) (healthEventsByInstance[instance.id] ?? []).map(
)} (event) => (
</tbody> <tr
</table> key={event.id}
className="border-b border-slate-100 align-top"
>
<td className="px-2 py-1">
{formatDateTime(event.created_at)}
</td>
<td className="px-2 py-1">
{event.action}
</td>
<td className="px-2 py-1">
{mapHealthResult(event.action)}
</td>
<td className="px-2 py-1">
{event.error_message ?? "—"}
{event.metadata ? (
<details>
<summary className="cursor-pointer text-[11px] text-brand-700">
metadata
</summary>
<pre className="mt-1 max-w-[440px] overflow-auto rounded bg-white p-2 text-[10px] text-slate-700">
{JSON.stringify(
event.metadata,
null,
2,
)}
</pre>
</details>
) : null}
</td>
</tr>
),
)
)}
</tbody>
</table>
</div>
</div>
</div> </div>
</div> ))
</div> )}
)) </div>
)}
</div>
<div className="space-y-2"> <div className="space-y-2">
<label className="text-sm font-medium">Subscription Action</label> <label className="text-sm font-medium">
<select Subscription Action
value={actionSubId} </label>
onChange={(e: ChangeEvent<HTMLSelectElement>) => <select
setActionSubId(e.target.value) value={actionSubId}
} onChange={(e: ChangeEvent<HTMLSelectElement>) =>
className="w-full rounded border border-slate-300 px-3 py-2 text-sm" setActionSubId(e.target.value)
> }
{subscriptions.map((subscription) => ( className="w-full rounded border border-slate-300 px-3 py-2 text-sm"
<option key={subscription.id} value={subscription.id}> >
{subscription.name ?? subscription.plesk_subscription_id} {subscriptions.map((subscription) => (
</option> <option key={subscription.id} value={subscription.id}>
))} {subscription.name ?? subscription.plesk_subscription_id}
</select> </option>
<select ))}
value={actionType} </select>
onChange={(e: ChangeEvent<HTMLSelectElement>) => <select
setActionType(e.target.value as "suspend" | "unsuspend") value={actionType}
} onChange={(e: ChangeEvent<HTMLSelectElement>) =>
className="w-full rounded border border-slate-300 px-3 py-2 text-sm" setActionType(e.target.value as "suspend" | "unsuspend")
> }
<option value="suspend">Suspend</option> className="w-full rounded border border-slate-300 px-3 py-2 text-sm"
<option value="unsuspend">Unsuspend</option> >
</select> <option value="suspend">Suspend</option>
<button <option value="unsuspend">Unsuspend</option>
onClick={onSubscriptionAction} </select>
disabled={loading || !actionSubId} <button
className="rounded border px-3 py-2 text-sm" onClick={onSubscriptionAction}
> disabled={loading || !actionSubId}
Execute Action className="rounded border px-3 py-2 text-sm"
</button> >
</div> Execute Action
</button>
</div>
<div className="flex gap-2 pt-2"> <div className="flex gap-2 pt-2">
<button <button
onClick={onCheckout} onClick={onCheckout}
disabled={loading} disabled={loading}
className="rounded bg-brand-600 px-3 py-2 text-sm text-white" className="rounded bg-brand-600 px-3 py-2 text-sm text-white"
> >
Start Checkout Start Checkout
</button> </button>
<button <button
onClick={onPortal} onClick={onPortal}
disabled={loading} disabled={loading}
className="rounded border px-3 py-2 text-sm" className="rounded border px-3 py-2 text-sm"
> >
Billing Portal Billing Portal
</button> </button>
</div> </div>
{message ? <p className="text-sm text-slate-600">{message}</p> : null} {message ? (
<p className="text-sm text-slate-600">{message}</p>
) : null}
</>
) : null}
</div> </div>
<div className="space-y-3 rounded-xl border border-slate-200 bg-white p-4 lg:col-span-2"> <div className="space-y-3 rounded-xl border border-slate-200 bg-white p-4 lg:col-span-2">

24
docker-compose.prod.yml Normal file
View File

@@ -0,0 +1,24 @@
services:
web:
container_name: plesk-agency-portal
image: ${APP_IMAGE:-plesk-agency-portal:latest}
build:
context: .
dockerfile: Dockerfile
restart: unless-stopped
env_file:
- .env
ports:
- "3000:3000"
healthcheck:
test:
[
"CMD",
"node",
"-e",
"fetch('http://127.0.0.1:3000/api/health').then((r)=>{if(!r.ok)process.exit(1)}).catch(()=>process.exit(1))",
]
interval: 30s
timeout: 5s
retries: 3
start_period: 20s

View File

@@ -0,0 +1,149 @@
# Production Deployment Runtime Foundation
This project can be deployed in a dedicated Proxmox container using Docker Compose. The files added here establish a minimal production runtime baseline without changing application business logic or Supabase security boundaries.
## Dockerfile purpose
The `Dockerfile` uses a multi-stage build on Node 20:
- installs dependencies
- runs `next build`
- prepares a lean runtime image with production dependencies
- runs the app with `next start` on port `3000`
This keeps the runtime image small and focused on serving the built Next.js app.
## docker-compose.prod.yml purpose
`docker-compose.prod.yml` defines one service:
- service name: `web`
- container name: `plesk-agency-portal`
- restart policy: `unless-stopped`
- environment from `.env`
- port mapping `3000:3000`
- health check against `/api/health`
## External Supabase requirement
Supabase remains external to this application container. The app container must only connect to Supabase via environment variables. No local Supabase container is included in this production compose file.
## Health endpoint usage
`GET /api/health` provides a fast, dependency-light runtime check for container orchestration and uptime checks.
Example:
```bash
curl -s http://localhost:3000/api/health
```
Expected response shape:
- `ok: true`
- `service: "plesk-agency-portal"`
- `timestamp`
- `environment`
## Production environment expectations
Before deploying, set production-safe values in `.env` (using `.env.example` as the template), including:
- app URL and `NODE_ENV`
- Supabase public and server credentials
- Plesk credential encryption key
- Stripe secrets
- cron/job shared secrets
Keep secrets out of source control.
## Reverse proxy assumptions (Nginx Proxy Manager)
This app is expected to run behind a reverse proxy in production.
- TLS is terminated at the proxy.
- Proxy forwards standard host/protocol headers (`Host`, `X-Forwarded-Proto`, `X-Forwarded-Host`).
- Public origin is configured explicitly with `NEXT_PUBLIC_APP_URL`.
To keep callback behavior stable behind proxy layers, auth redirect responses use the configured application origin from environment configuration rather than relying only on request host detection.
## Callback URL expectations
- `NEXT_PUBLIC_APP_URL` must be set to the public HTTPS URL used by users.
- Supabase auth redirect/callback configuration must allow:
- `<NEXT_PUBLIC_APP_URL>/auth/callback`
The callback route also validates the `next` parameter as an internal path to prevent unsafe external redirects.
## Cron protection expectations
Operational cron endpoints are protected with a shared secret.
- Required header: `x-cron-secret`
- Server secret source: `CRON_SHARED_SECRET`
- Backward compatibility fallback: `CRON_SECRET`
For new production setups, set `CRON_SHARED_SECRET` and use that value for all cron callers.
## Jenkins pipeline flow
The repository includes a declarative `Jenkinsfile` with the following stages:
1. **Checkout**
2. **Install dependencies** (`npm ci`)
3. **Lint** (runs only when `package.json` contains a `lint` script)
4. **Build application** (`npm run build`)
5. **Build Docker image** (tags `latest` and `build-${BUILD_NUMBER}`)
6. **Deploy** over SSH to the app host
7. **Smoke check** against `/api/health`
## Required Jenkins configuration
Configure these values in Jenkins job/folder/global environment or credentials-backed environment variables:
- `DEPLOY_SSH_HOST` - remote app host
- `DEPLOY_SSH_USER` - SSH user on remote host
- `DEPLOY_SSH_CREDENTIAL_ID` - Jenkins SSH Agent credential ID
- `DEPLOY_PATH` - remote deployment path (for example `/opt/plesk-agency-portal`)
- `APP_BASE_URL` - externally reachable app URL used by smoke check
The pipeline assumes Jenkins credentials are managed outside this repository.
## Deploy flow
Deployment is intentionally simple and bash-based:
1. Jenkins builds Docker image tags locally.
2. Jenkins syncs deployment files (`docker-compose.prod.yml`, deploy/smoke/rollback scripts) to the remote deploy path.
3. Jenkins streams Docker images to the remote host (`docker save | ssh docker load`).
4. Jenkins runs `scripts/deploy-prod.sh` remotely.
5. Script applies the selected image tag via:
```bash
APP_IMAGE=<tag> docker compose -f docker-compose.prod.yml up -d --no-build
```
6. Script prints `docker compose ps` status.
## Rollback flow
Rollback uses `scripts/rollback-prod.sh` with a previously built image tag:
```bash
DEPLOY_PATH=/opt/plesk-agency-portal \
APP_BASE_URL=https://your-app.example.com \
scripts/rollback-prod.sh plesk-agency-portal:build-123
```
Rollback redeploys that image with compose, then immediately reruns smoke checks.
## Smoke check behavior
`scripts/smoke-check.sh`:
- accepts a base URL argument
- requests `${BASE_URL}/api/health`
- fails on non-200 responses
- fails on invalid JSON or missing expected fields (`ok: true`, `service` string)
This gives a quick post-deploy validation gate for both deploy and rollback operations.

View File

@@ -3,6 +3,18 @@ const requiredEnvs = [
"NEXT_PUBLIC_SUPABASE_ANON_KEY", "NEXT_PUBLIC_SUPABASE_ANON_KEY",
] as const; ] as const;
const configuredAppUrl = process.env.NEXT_PUBLIC_APP_URL?.trim();
function getAppOrigin() {
if (!configuredAppUrl) return "http://localhost:3000";
try {
return new URL(configuredAppUrl).origin;
} catch {
return "http://localhost:3000";
}
}
for (const key of requiredEnvs) { for (const key of requiredEnvs) {
if (!process.env[key]) { if (!process.env[key]) {
// Keep as runtime warning for smoother local setup. // Keep as runtime warning for smoother local setup.
@@ -12,9 +24,12 @@ for (const key of requiredEnvs) {
} }
export const env = { export const env = {
appUrl: process.env.NEXT_PUBLIC_APP_URL ?? "http://localhost:3000", appUrl: configuredAppUrl ?? "http://localhost:3000",
appOrigin: getAppOrigin(),
jobSecret: process.env.JOB_SECRET ?? "", jobSecret: process.env.JOB_SECRET ?? "",
cronSecret: process.env.CRON_SECRET ?? "", cronSecret: process.env.CRON_SECRET ?? "",
cronSharedSecret:
process.env.CRON_SHARED_SECRET ?? process.env.CRON_SECRET ?? "",
encryptionKey: process.env.ENCRYPTION_KEY ?? "", encryptionKey: process.env.ENCRYPTION_KEY ?? "",
pleskCredEncKey: process.env.PLESK_CRED_ENC_KEY ?? "", pleskCredEncKey: process.env.PLESK_CRED_ENC_KEY ?? "",
stripeSecretKey: process.env.STRIPE_SECRET_KEY ?? "", stripeSecretKey: process.env.STRIPE_SECRET_KEY ?? "",

30
scripts/deploy-prod.sh Executable file
View File

@@ -0,0 +1,30 @@
#!/usr/bin/env bash
set -euo pipefail
DEPLOY_PATH="${DEPLOY_PATH:-/opt/plesk-agency-portal}"
APP_IMAGE="${APP_IMAGE:-plesk-agency-portal:latest}"
SOURCE_PATH="${SOURCE_PATH:-${DEPLOY_PATH}}"
mkdir -p "${DEPLOY_PATH}"
for file in docker-compose.prod.yml deploy-prod.sh smoke-check.sh rollback-prod.sh; do
if [ -f "${SOURCE_PATH}/${file}" ]; then
cp "${SOURCE_PATH}/${file}" "${DEPLOY_PATH}/${file}"
fi
done
chmod +x "${DEPLOY_PATH}/deploy-prod.sh" \
"${DEPLOY_PATH}/smoke-check.sh" \
"${DEPLOY_PATH}/rollback-prod.sh" 2>/dev/null || true
if [ ! -f "${DEPLOY_PATH}/docker-compose.prod.yml" ]; then
echo "Missing docker-compose.prod.yml in ${DEPLOY_PATH}" >&2
exit 1
fi
cd "${DEPLOY_PATH}"
APP_IMAGE="${APP_IMAGE}" docker compose -f docker-compose.prod.yml up -d --no-build
docker compose -f docker-compose.prod.yml ps

30
scripts/rollback-prod.sh Executable file
View File

@@ -0,0 +1,30 @@
#!/usr/bin/env bash
set -euo pipefail
PREVIOUS_IMAGE_TAG="${1:-}"
DEPLOY_PATH="${DEPLOY_PATH:-/opt/plesk-agency-portal}"
APP_BASE_URL="${APP_BASE_URL:-}"
if [ -z "${PREVIOUS_IMAGE_TAG}" ]; then
echo "Usage: $0 <previous-image-tag>" >&2
exit 1
fi
if [ -z "${APP_BASE_URL}" ]; then
echo "APP_BASE_URL is required" >&2
exit 1
fi
if [ ! -f "${DEPLOY_PATH}/docker-compose.prod.yml" ]; then
echo "Missing docker-compose.prod.yml in ${DEPLOY_PATH}" >&2
exit 1
fi
cd "${DEPLOY_PATH}"
APP_IMAGE="${PREVIOUS_IMAGE_TAG}" docker compose -f docker-compose.prod.yml up -d --no-build
"${DEPLOY_PATH}/smoke-check.sh" "${APP_BASE_URL}"
docker compose -f docker-compose.prod.yml ps

27
scripts/smoke-check.sh Executable file
View File

@@ -0,0 +1,27 @@
#!/usr/bin/env bash
set -euo pipefail
BASE_URL="${1:-}"
if [ -z "${BASE_URL}" ]; then
echo "Usage: $0 <base-url>" >&2
exit 1
fi
URL="${BASE_URL%/}/api/health"
TMP_FILE="$(mktemp)"
trap 'rm -f "${TMP_FILE}"' EXIT
HTTP_CODE=$(curl -sS -o "${TMP_FILE}" -w "%{http_code}" "${URL}")
if [ "${HTTP_CODE}" != "200" ]; then
echo "Smoke check failed: ${URL} returned ${HTTP_CODE}" >&2
cat "${TMP_FILE}" >&2 || true
exit 1
fi
node -e "const fs=require('fs');const d=JSON.parse(fs.readFileSync(process.argv[1],'utf8'));if(d?.ok!==true||typeof d?.service!=='string'){process.exit(1)}" "${TMP_FILE}"
echo "Smoke check passed: ${URL}"