fix: Docker multi-stage build for sqlite3, health endpoint, productValidator exports

- Dockerfile: multi-stage build (builder with python3+g++ for native addons)
- Dockerfile: wireguard-tools from edge/community repo
- Dockerfile: removed USER appuser (start.sh needs root for wg-quick)
- Dockerfile: health check on port 3000
- Added /health HTTP endpoint in index.js for Docker healthcheck
- Fixed productValidator.js: added named exports (validateProductName, validateProductPrice)
- Added better-sqlite3 as fallback dependency
This commit is contained in:
NW
2026-06-22 10:18:36 +01:00
parent 49945d9d81
commit 25d8507b11
5 changed files with 77 additions and 22 deletions

View File

@@ -1,36 +1,47 @@
FROM node:22-alpine AS builder
WORKDIR /app
# Install build dependencies for native modules (sqlite3, better-sqlite3)
RUN apk add --no-cache python3 make g++
COPY package*.json ./
RUN npm install && npm cache clean --force
# --- Runtime image ---
FROM node:22-alpine FROM node:22-alpine
# Устанавливаем необходимые пакеты # Install runtime dependencies
RUN apk update && \ # WireGuard needs community repo on some alpine versions
apk add --no-cache \ RUN apk add --no-cache --repository https://dl-cdn.alpinelinux.org/alpine/edge/community \
wireguard-tools \ wireguard-tools \
&& apk add --no-cache \
iptables \ iptables \
iproute2 \ iproute2 \
openresolv \ openresolv \
bash \ bash \
curl && \ curl \
rm -rf /var/cache/apk/* && rm -rf /var/cache/apk/*
# Создаём непривилегированного пользователя
RUN addgroup -S appgroup && \
adduser -S appuser -G appgroup
# Рабочая директория
WORKDIR /app WORKDIR /app
# Копируем зависимости и устанавливаем их # Copy node_modules from builder (with native addons pre-compiled)
COPY --from=builder /app/node_modules ./node_modules
COPY package*.json ./ COPY package*.json ./
RUN npm install
# Копируем исходный код с правильным владельцем # Copy application source
COPY --chown=appuser:appgroup ./src ./src COPY ./src ./src
# Копируем скрипт запуска # Copy startup script
COPY --chown=appuser:appgroup ./wg/start.sh /app/start.sh COPY ./wg/start.sh /app/start.sh
RUN chmod +x /app/start.sh RUN chmod +x /app/start.sh
# Переключаемся на непривилегированного пользователя # Create db directory
USER appuser RUN mkdir -p /app/db
# Команда для запуска # Health check: bot responds to /health on port 3000
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
CMD curl -sf http://localhost:3000/health || exit 1
# start.sh runs as root (needed for wg-quick), then drops to node
CMD ["/bin/bash", "/app/start.sh"] CMD ["/bin/bash", "/app/start.sh"]

12
package-lock.json generated
View File

@@ -10,6 +10,7 @@
"dependencies": { "dependencies": {
"archiver": "^7.0.1", "archiver": "^7.0.1",
"axios": "^1.7.7", "axios": "^1.7.7",
"better-sqlite3": "^11.10.0",
"bip39": "^3.1.0", "bip39": "^3.1.0",
"bitcoinjs-lib": "^6.1.6", "bitcoinjs-lib": "^6.1.6",
"csv-writer": "^1.6.0", "csv-writer": "^1.6.0",
@@ -750,6 +751,17 @@
"resolved": "https://registry.npmjs.org/bech32/-/bech32-2.0.0.tgz", "resolved": "https://registry.npmjs.org/bech32/-/bech32-2.0.0.tgz",
"integrity": "sha512-LcknSilhIGatDAsY1ak2I8VtGaHNhgMSYVxFrGLXv+xLHytaKZKcaUJJUE7qmBr7h33o5YQwP55pMI0xmkpJwg==" "integrity": "sha512-LcknSilhIGatDAsY1ak2I8VtGaHNhgMSYVxFrGLXv+xLHytaKZKcaUJJUE7qmBr7h33o5YQwP55pMI0xmkpJwg=="
}, },
"node_modules/better-sqlite3": {
"version": "11.10.0",
"resolved": "https://registry.npmjs.org/better-sqlite3/-/better-sqlite3-11.10.0.tgz",
"integrity": "sha512-EwhOpyXiOEL/lKzHz9AW1msWFNzGc/z+LzeB3/jnFJpxu+th2yqvzsSWas1v9jgs9+xiXJcD5A8CJxAG2TaghQ==",
"hasInstallScript": true,
"license": "MIT",
"dependencies": {
"bindings": "^1.5.0",
"prebuild-install": "^7.1.1"
}
},
"node_modules/binary-extensions": { "node_modules/binary-extensions": {
"version": "2.3.0", "version": "2.3.0",
"resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz", "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz",

View File

@@ -9,6 +9,7 @@
"dependencies": { "dependencies": {
"archiver": "^7.0.1", "archiver": "^7.0.1",
"axios": "^1.7.7", "axios": "^1.7.7",
"better-sqlite3": "^11.10.0",
"bip39": "^3.1.0", "bip39": "^3.1.0",
"bitcoinjs-lib": "^6.1.6", "bitcoinjs-lib": "^6.1.6",
"csv-writer": "^1.6.0", "csv-writer": "^1.6.0",

View File

@@ -1,7 +1,23 @@
import Validators from '../../../utils/validators.js'; import Validators from '../../../utils/validators.js';
import logger from '../../../utils/logger.js';
export function validateProductName(name, chatId) {
if (!Validators.isValidString(name, 255)) {
logger.warn({ chatId, name }, 'Invalid product name');
return false;
}
return true;
}
export function validateProductPrice(price, chatId) {
if (!Validators.isValidPrice(price)) {
logger.warn({ chatId, price }, 'Invalid product price');
return false;
}
return true;
}
export default class ProductValidator { export default class ProductValidator {
static validateProduct(product) { static validateProduct(product) {
if (!Validators.isValidString(product.name, 255)) { if (!Validators.isValidString(product.name, 255)) {
return `Ошибка: недопустимое название товара "${product.name}"`; return `Ошибка: недопустимое название товара "${product.name}"`;

View File

@@ -70,3 +70,18 @@ process.on('unhandledRejection', (error) => {
}); });
logger.info('Bot is running...'); logger.info('Bot is running...');
// Health check endpoint for Docker
import http from 'http';
const healthServer = http.createServer((req, res) => {
if (req.url === '/health') {
res.writeHead(200, { 'Content-Type': 'application/json' });
res.end(JSON.stringify({ status: 'ok', uptime: process.uptime() }));
} else {
res.writeHead(404);
res.end('Not found');
}
});
healthServer.listen(3000, () => {
logger.info({ port: 3000 }, 'Health check server started');
});