bert.hausmans/crewli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

WS-3 PR-B2b: A13-3 + single-cookie + single-host (incl. flatpickr precursor) #6

Merged
bert.hausmans merged 8 commits from feat/ws-3-pr-b2b-single-cookie-deploy into main 2026-05-06 01:16:07 +02:00
Conversation 0 Commits 8 Files Changed 24 +18 -19
3 changed files with 18 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit a748c9ee7a - Show all commits

15
deploy.sh
View File

@@ -93,18 +93,13 @@ else
echo "→ package-lock.json unchanged — skipping npm ci"
fi
echo "→ Building frontend assets (apps/app + apps/portal)..."
# Explicit per-workspace build to avoid silent single-app builds
echo "→ Building frontend assets (apps/app)..."
npm run build -w apps/app
npm run build -w apps/portal
# Verify both dist folders exist and are non-empty
for app in app portal; do
if [ ! -f "apps/$app/dist/index.html" ]; then
echo "❌ Build failed: apps/$app/dist/index.html missing"
exit 1
fi
done
if [ ! -f "apps/app/dist/index.html" ]; then
echo "❌ Build failed: apps/app/dist/index.html missing"
exit 1
fi
# ──────────────────────────────────────────
# 5. Run migrations

18
deploy/README.md
View File

@@ -28,18 +28,26 @@ server {
}
```
### Portal (portal.crewli.app)
### Legacy portal redirect (portal.crewli.app)
Pre-WS-3 (April 2026), Crewli ran a separate portal SPA at
`portal.crewli.app`. The dual-SPA was consolidated into a single
workspace; the legacy host should redirect 301 → `crewli.app`:
```nginx
server {
server_name portal.crewli.app;
listen 443 ssl;
# ... TLS config from DirectAdmin / Let's Encrypt ...
include /path/to/deploy/nginx/security-headers.conf;
include /path/to/deploy/nginx/csp-portal.conf;
# ... rest of config
return 301 https://crewli.app$request_uri;
}
```
DNS retirement of `portal.crewli.app` is a separate operational task
tracked outside this repo. Until DNS is repointed, this redirect
handles any stale links.
## CSP Rollout Process
1. Start with `Content-Security-Policy-Report-Only` (uncomment in `csp-spa.conf`)

4
deploy/nginx/csp-portal.conf
View File

@@ -1,4 +0,0 @@
# CSP for portal.crewli.app
# Same policy as SPA but with stricter connect-src since portal
# should only talk to the API.
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://api.crewli.app; frame-ancestors 'none'; form-action 'self'; base-uri 'self'" always;