yiekheng/cm_whatsapp_bot_v1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
cm_whatsapp_bot_v1/apps/web/next.config.ts
yiekheng b29d137c84 feat: production hardening — robots, allowedOrigins, container non-root, rate limits, CLI bootstrap 
robots.ts + metadata.robots blocks indexing.
serverActions.allowedOrigins gates cross-origin Server Action posts.
Bot + web Dockerfiles add a non-root 'app' user (uid 1000) with
chmod 700 on /data/sessions.
sendTestAction grows a per-group rate limit (3/60s).
resumeReminderRunAction + cancelReminderRunAction get a per-IP
rate limit (30/10s).
.env.example documents every required key.
packages/db/src/scripts/{set-password,create-user}.ts + thin shell
wrappers in scripts/ — first admin sets their password via
./scripts/set-password.sh admin before signing in.
2026-05-10 18:05:34 +08:00

52 lines
2.0 KiB
TypeScript
Raw Blame History

import type { NextConfig } from "next";
import { join } from "node:path";
import withSerwistInit from "@serwist/next";
// Pin Turbopack's workspace root explicitly — pnpm + Turbopack can't always
// infer it inside Docker bind mounts.
const workspaceRoot = join(import.meta.dirname, "..", "..");
// We consume @cmbot/db and @cmbot/shared via their compiled dist (their
// package.json `main` points at ./dist/index.js). The dist is built at
// container start (see docker-compose.dev.yml) and during the production
// Docker build (see docker/web.Dockerfile). This sidesteps Turbopack's
// inability to resolve NodeNext-style `.js` extensions to `.ts` source.
const nextConfig: NextConfig = {
reactStrictMode: true,
output: "standalone",
outputFileTracingRoot: workspaceRoot,
// Allow Server Actions and dev HMR from the LAN host (phone testing).
// Tighten before exposing publicly via the reverse proxy.
allowedDevOrigins: ["192.168.0.253", "test.04080616.xyz", "rexwa.04080616.xyz"],
experimental: {
typedRoutes: true,
serverActions: {
allowedOrigins: ["wabot.04080616.xyz", "localhost:9000"],
// Default Server Action body limit is 1 MB — way under WhatsApp's
// 100 MB document cap. Lifted to 100 MB so document uploads reach
// the action; the per-kind WhatsApp validator
// (lib/whatsapp-media.ts) then enforces the actual limit
// (5 MB image / 16 MB video/audio / 100 MB document) and returns
// a useful error for the rest.
bodySizeLimit: "100mb",
},
},
turbopack: {
root: workspaceRoot,
},
};
// PWA: @serwist/next compiles `src/pwa/sw.ts` into `public/sw.js` at
// production build time, baking in the static-asset precache manifest.
// We disable it in dev because Turbopack + a service worker on every
// reload makes hot-reload extremely flaky.
const withSerwist = withSerwistInit({
swSrc: "src/pwa/sw.ts",
swDest: "public/sw.js",
cacheOnNavigation: true,
reloadOnOnline: true,
disable: process.env.NODE_ENV !== "production",
});
export default withSerwist(nextConfig);
Reference in New Issue View Git Blame Copy Permalink