gib/convex-monorepo
Template
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update some thangs

Browse Source
This commit is contained in:
Gabriel Brown
2026-03-26 12:22:16 -05:00
parent d16f4287ce
commit 56fe2a2af3
4 changed files with 32 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
AGENTS.md
View File

@@ -1087,20 +1087,23 @@ sudo docker compose up -d next-app
### The `.dockerignore` situation (known issue) ### The `.dockerignore` situation (known issue)
There are two `.dockerignore` files: There is one `.dockerignore` file at the repo root: `/.dockerignore`. Docker always
reads the `.dockerignore` from the root of the build context, which is set to `../`
(the repo root) in `compose.yml` — so the root file is the only one that ever applies.
- `/.dockerignore` (root) — has `.env` commented out, meaning the `.env` file IS The `.env` file is intentionally included in the build context (the `.env` lines are
included in the Docker build context commented out in `/.dockerignore`). This is how `SENTRY_AUTH_TOKEN` and `NEXT_PUBLIC_*`
- `/docker/.dockerignore` — explicitly excludes `.env` variables reach the Next.js build step inside the container.
The Docker build context is set to the repo root in `compose.yml`. The root Do not un-comment those lines without understanding the full implications — removing
`.dockerignore` is the one that applies. Because `.env` is not excluded, it gets sent `.env` from the build context would break Sentry source map uploads and
to the builder and environment variables are available at build time. This is how `NEXT_PUBLIC_*` variable baking into the client bundle.
`SENTRY_AUTH_TOKEN` and other build-time vars reach the Next.js build step.
This is a known imperfect approach but it works. Do not "fix" it without understanding **Note on `docker/.env`:** This file is entirely separate and serves a different
the full implications — removing `.env` from the build context would break Sentry purpose. It is read by Docker Compose itself (not the build) to interpolate the
source map uploads and `NEXT_PUBLIC_*` variable baking into the client bundle. `${VARIABLE}` placeholders in `compose.yml` — things like container names, network
names, and Convex origin URLs. It is not the same as the root `/.env` and the two
are not interchangeable.
### Convex data persistence ### Convex data persistence
@@ -1287,43 +1290,16 @@ native fix for this or if a custom update script is needed.
--- ---
**2. Password validation mismatch** ⚠️ Medium priority **2. Password validation mismatch** ✅ Fixed
`packages/backend/types/auth.ts` exports `PASSWORD_REGEX` which requires special `validatePassword()` in `packages/backend/convex/custom/auth/providers/password.ts`
characters. `packages/backend/convex/custom/auth/providers/password.ts::validatePassword()` now fully matches `PASSWORD_REGEX` in `packages/backend/types/auth.ts`. Both enforce:
does NOT check for special characters. These two are inconsistent. The frontend sign-in minimum 8 characters, maximum 100, no whitespace, at least one digit, one lowercase
form does enforce special characters via its own Zod schema, but the backend validation letter, one uppercase letter, and at least one special character (`[\p{P}\p{S}]`).
is weaker than the type definition implies. Either align `validatePassword()` to match
`PASSWORD_REGEX`, or update `PASSWORD_REGEX` to not require special characters.
--- ---
**3. `import type` enforcement removed** ✅ Fixed **3. Root `.dockerignore` includes `.env` in build context** Known, works intentionally
The `@typescript-eslint/consistent-type-imports` and `import/consistent-type-specifier-style`
rules that forced separate `import type` statements have been removed from
`tools/eslint/base.ts`. Type imports can now be mixed inline or on separate lines —
whatever reads most naturally in context.
---
**4. `const` arrow function lint rule added** ✅ Fixed
`eslint-plugin-prefer-arrow-functions` has been added to `tools/eslint/base.ts` and the
`prefer-arrow-functions/prefer-arrow-functions` rule is now enforced as a warning. All
function declarations across the codebase have been auto-converted to `const` arrow
function syntax.
---
**5. Turbo generator uses pnpm** ✅ Fixed in this session
`turbo/generators/config.ts` previously called `pnpm i` and `pnpm prettier`. This has
been fixed to use `bun install` and `bun prettier`.
---
**6. Root `.dockerignore` includes `.env` in build context** Known, works intentionally
The root `.dockerignore` has `.env` commented out, meaning the `.env` file is sent to The root `.dockerignore` has `.env` commented out, meaning the `.env` file is sent to
the Docker build context. This is how build-time env vars (Sentry token, `NEXT_PUBLIC_*`) the Docker build context. This is how build-time env vars (Sentry token, `NEXT_PUBLIC_*`)
@@ -1331,9 +1307,12 @@ reach the Next.js build step. It's a known imperfect approach but fully function
A proper solution would use Docker build args (`ARG`) or multi-stage secrets, but this A proper solution would use Docker build args (`ARG`) or multi-stage secrets, but this
requires careful restructuring to avoid breaking Sentry source map uploads. requires careful restructuring to avoid breaking Sentry source map uploads.
The redundant `docker/.dockerignore` has been deleted — it was never read by Docker
since the build context is always the repo root.
--- ---
**7. In-memory IP banning resets on restart** Future enhancement **4. In-memory IP banning resets on restart** Future enhancement
`src/lib/proxy/ban-sus-ips.ts` stores bans in a JavaScript `Map`. Bans reset whenever `src/lib/proxy/ban-sus-ips.ts` stores bans in a JavaScript `Map`. Bans reset whenever
the Next.js server restarts (container restart, redeploy, etc.). A more robust solution the Next.js server restarts (container restart, redeploy, etc.). A more robust solution
@@ -1342,7 +1321,7 @@ job) or to Redis.
--- ---
**8. `apps/next/src/lib/metadata.ts` has hardcoded branding** ⚠️ Template concern **5. `apps/next/src/lib/metadata.ts` has hardcoded branding** ⚠️ Template concern
When using this as a template for a new project, `metadata.ts` must be updated: When using this as a template for a new project, `metadata.ts` must be updated:
the title template (`'%s | Convex Monorepo'`) and any other project-specific strings. the title template (`'%s | Convex Monorepo'`) and any other project-specific strings.
@@ -1350,7 +1329,7 @@ Same for `next.config.js` `images.remotePatterns` (currently `*.gbrown.org`).
--- ---
**9. No CI/CD** Future enhancement **6. No CI/CD** Future enhancement
There is no `.github/workflows/` directory. All deployment is done manually via SSH. There is no `.github/workflows/` directory. All deployment is done manually via SSH.
A future enhancement would add GitHub Actions (or Gitea Actions, since this repo is A future enhancement would add GitHub Actions (or Gitea Actions, since this repo is
@@ -1358,7 +1337,7 @@ on Gitea) for automated lint and typecheck on pull requests.
--- ---
**10. Scripts organization** Future exploration **7. Scripts organization** Future exploration
Currently: Currently:
@@ -1372,14 +1351,14 @@ moving everything to `docker/scripts/`.
--- ---
**11. Expo `eas.json` specifies pnpm** ⚠️ Low priority (Expo is WIP anyway) **8. Expo `eas.json` specifies pnpm** ⚠️ Low priority (Expo is WIP anyway)
`apps/expo/eas.json` specifies `pnpm 9.15.4` as the package manager. Should specify `apps/expo/eas.json` specifies `pnpm 9.15.4` as the package manager. Should specify
bun. This is low priority since the Expo app is not in active development. bun. This is low priority since the Expo app is not in active development.
--- ---
**12. React Email templates not yet implemented** Future enhancement **9. React Email templates not yet implemented** Future enhancement
`@react-email/components` and `react-email` are in `packages/backend/package.json` as `@react-email/components` and `react-email` are in `packages/backend/package.json` as
planned dependencies. The current `usesend.ts` uses inline HTML strings for email planned dependencies. The current `usesend.ts` uses inline HTML strings for email

49
docker/.dockerignore
View File

@@ -1,49 +0,0 @@
# Dependencies - MUST exclude these
node_modules
**/node_modules
.pnp
.pnp.js
# Turbo
.turbo
**/.turbo
# Next.js build artifacts
.next
**/.next
out
**/out
# Development
.git
.gitignore
*.log
.env
.env.*
!.env.example
.vscode
.idea
# Tests
**/__tests__
**/*.test.ts
**/*.test.tsx
**/*.spec.ts
# Build artifacts
dist
**/dist
build
**/build
# Convex local
packages/backend/.convex
# OS
.DS_Store
Thumbs.db
# Docker
docker
Dockerfile
.dockerignore

8
docker/compose.yml
View File

@@ -11,14 +11,6 @@ services:
container_name: ${NEXT_CONTAINER_NAME} container_name: ${NEXT_CONTAINER_NAME}
environment: environment:
- NODE_ENV - NODE_ENV
- SENTRY_AUTH_TOKEN
- NEXT_PUBLIC_SITE_URL
- NEXT_PUBLIC_CONVEX_URL
- NEXT_PUBLIC_PLAUSIBLE_URL
- NEXT_PUBLIC_SENTRY_DSN
- NEXT_PUBLIC_SENTRY_URL
- NEXT_PUBLIC_SENTRY_ORG
- NEXT_PUBLIC_SENTRY_PROJECT_NAME
hostname: ${NEXT_CONTAINER_NAME} hostname: ${NEXT_CONTAINER_NAME}
domainname: ${NEXT_DOMAIN_NAME} domainname: ${NEXT_DOMAIN_NAME}
networks: ['${NETWORK:-nginx-bridge}'] networks: ['${NETWORK:-nginx-bridge}']

4
packages/backend/convex/custom/auth/providers/password.ts
View File

@@ -24,9 +24,11 @@ export const validatePassword = (password: string): boolean => {
if ( if (
password.length < 8 || password.length < 8 ||
password.length > 100 || password.length > 100 ||
/\s/.test(password) ||
!/\d/.test(password) || !/\d/.test(password) ||
!/[a-z]/.test(password) || !/[a-z]/.test(password) ||
!/[A-Z]/.test(password) !/[A-Z]/.test(password) ||
!/[\p{P}\p{S}]/u.test(password)
) { ) {
return false; return false;
} }