Task-Tracker-Lab · soorq · Apr 10, 2026 · Apr 10, 2026 · Apr 10, 2026 · Apr 10, 2026
diff --git a/.env.example b/.env.example
@@ -1,7 +1,7 @@
 # --- APP ---
 PORT=3000
 NODE_ENV=development
-CORS_ALLOWED_ORIGINS=http://localhost:3000
+CORS_ALLOWED_ORIGINS=http://localhost:3000,http://127.0.0.1:3000
 
 # --- POSTGRES ---
 DB_USERNAME=admin
@@ -18,6 +18,30 @@ DB_SCHEMA=base
 DATABASE_URL=postgres://${DB_USERNAME}:${DB_PASSWORD}@localhost:${DB_PORT}/${DB_DATABASE}
 
 # --- REDIS ---
-REDIS_HOST=redis
-REDIS_PORT=6379
-REDIS_EXTERNAL_PORT=6380
+# in the docker network will be, not show port redis, at prod env
+# REDIS_HOST=redis
+# at development mode
+REDIS_HOST=127.0.0.1
+REDIS_PORT=7000
+
+JWT_ACCESS_SECRET=same-same-same-same-same
+JWT_ACCESS_EXPIRES_IN=15m
+
+JWT_REFRESH_SECRET=same-same-same-same-same
+JWT_REFRESH_EXPIRES_IN=15m
+
+# --- MAIL SETTINGS ---
+MAIL_HOST=smtp.gmail.com
+MAIL_PORT=465
+MAIL_USER=example@gmail.com
+
+# 16x password
+MAIL_PASSWORD=xxxxxxxxyyyyyyyy
+MAIL_FROM_NAME="Task Tracker"
+MAIL_FROM_EMAIL=example@gmail.com
+
+S3_BUCKET_NAME=''
+S3_ENDPOINT=''
+S3_REGION=''
+S3_ACCESS_KEY=''
+S3_SECRET_KEY=''
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -2,7 +2,7 @@ name: Build and Push
 
 on:
     push:
-        branches: [dev, main]
+        branches: [dev, main, feat/**]
 
 env:
     REGISTRY: ghcr.io
@@ -13,20 +13,20 @@ jobs:
         runs-on: ubuntu-latest
         permissions:
             contents: read
-            # packages: write
+            packages: write
 
         steps:
             - uses: actions/checkout@v4
 
             - name: Set up Docker Buildx
               uses: docker/setup-buildx-action@v3
 
-            # - name: Log in to the Container registry
-            #   uses: docker/login-action@v3
-            #   with:
-            #       registry: ${{ env.REGISTRY }}
-            #       username: ${{ github.actor }}
-            #       password: ${{ secrets.GITHUB_TOKEN }}
+            - name: Log in to the Container registry
+              uses: docker/login-action@v3
+              with:
+                  registry: ${{ env.REGISTRY }}
+                  username: ${{ github.actor }}
+                  password: ${{ secrets.GITHUB_TOKEN }}
 
             - name: Extract metadata (tags, labels)
               id: meta
@@ -36,13 +36,14 @@ jobs:
                   tags: |
                       type=ref,event=branch
                       type=sha,format=short
+                      type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
 
             - name: Build and push Docker image
               uses: docker/build-push-action@v5
               with:
                   context: .
                   file: ./Dockerfile.prod
-                  push: false # add true, if your setup variables
+                  push: true
                   tags: ${{ steps.meta.outputs.tags }}
                   labels: ${{ steps.meta.outputs.labels }}
                   cache-from: type=gha

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -2,9 +2,9 @@ name: CI
 
 on:
   pull_request:
-    branches: [dev, main]
+    branches: [dev, main, "feat/**"]
   push:
-    branches: [dev, main]
+    branches: [dev, main, "feat/**"]
 
 jobs:
   quality-check:

diff --git a/Dockerfile.prod b/Dockerfile.prod
@@ -18,7 +18,7 @@ COPY . .
 RUN pnpm run build
 
 RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
-    pnpm prune --prod
+    pnpm prune --prod --ignore-scripts
 
 FROM node:20-alpine AS runner
 WORKDIR /app
@@ -28,7 +28,9 @@ ENV PORT=3000
 
 COPY --from=build /app/dist ./dist
 COPY --from=build /app/node_modules ./node_modules
+COPY --from=build /app/migrations ./migrations
 COPY --from=build /app/package.json ./
+COPY --from=build /app/drizzle.config.ts ./drizzle.config.ts
 
 EXPOSE 3000
 

diff --git a/infra/README.md b/infra/README.md
@@ -0,0 +1,7 @@
+# Command to run infra at dev mode
+
+Run it by pwd at root! Not include at this dir
+
+```sh
+docker compose -f ./infra/dev/compose.dev.yaml --env-file .env --profile infra up --build -d -V
+```
diff --git a/infra/compose.dev.yaml b/infra/compose.dev.yaml
diff --git a/infra/dev/README.md b/infra/dev/README.md
@@ -0,0 +1,41 @@
+# Файл для фронт разрабов
+
+## Описание
+
+Данный конфиг разворачивает полный инстанс бэкенда (API + DB + Redis)
+для локальной разработки фронтенда.
+
+## ТРЕБОВАНИЯ:
+
+1. Положить актуальный файл .env в директорию с этим файлом
+   (путь: ./infra/dev/.env).
+2. Наличие Docker Desktop / Docker Engine.
+
+## ЗАПУСК:
+
+Выполните команду из корня проекта:
+
+```sh
+docker compose -f ./infra/dev/compose.dev.yaml --profile infra up --pull always --build -d -V
+```
+
+## ЧТО ВНУТРИ:
+
+- API: http://localhost:3000
+- Postgres: localhost:6000 (пароли и база берутся из .env)
+- Redis: localhost:7000
+
+## ОСОБЕННОСТИ:
+
+- Авто-миграции: Приложение само накатит SQL-схему при старте.
+- Healthchecks: Контейнер API не поднимется, пока DB и Redis
+  не станут доступны (status: healthy).
+- Изоляция: Используется выделенная сеть 'task-tracker-gateway'.
+
+## RESET:
+
+Если нужно полностью очистить базу и начать с нуля:
+
+```sh
+docker compose -f ./infra/dev/compose.dev.yaml --profile infra down -v
+```
diff --git a/infra/dev/compose.dev.yaml b/infra/dev/compose.dev.yaml
@@ -0,0 +1,83 @@
+version: "3.9"
+
+name: task-tracker-api
+
+services:
+  api:
+    hostname: api
+    container_name: api
+    image: ghcr.io/task-tracker-lab/task-tracker-backend:feat-user
+    env_file:
+      - .env
+    ports:
+      - "3000:3000"
+    depends_on:
+      database:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
+    networks:
+      - backend
+    deploy:
+      resources:
+        limits:
+          cpus: "2.0"
+          memory: 1024M
+        reservations:
+          cpus: "0.5"
+          memory: 256M
+
+  database:
+    hostname: database
+    container_name: database
+    image: postgres:16-alpine
+    restart: always
+    env_file:
+      - .env
+    environment:
+      POSTGRES_USER: ${DB_USERNAME}
+      POSTGRES_PASSWORD: ${DB_PASSWORD}
+      POSTGRES_DB: ${DB_DATABASE}
+    ports:
+      - "6000:5432"
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+    networks:
+      - backend
+    healthcheck:
+      test:
+        [
+          "CMD-SHELL",
+          'pg_isready -U "$$POSTGRES_USER" -d "$$POSTGRES_DB" -q || exit 1',
+        ]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+    profiles: ["infra"]
+
+  redis:
+    hostname: redis
+    container_name: redis
+    image: redis:7-alpine
+    restart: always
+    ports:
+      - "7000:6379"
+    command: redis-server --save 60 1 --loglevel notice
+    volumes:
+      - redis_data:/data
+    networks:
+      - backend
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 5s
+      timeout: 3s
+      retries: 5
+    profiles: ["infra"]
+
+volumes:
+  postgres_data:
+  redis_data:
+
+networks:
+  backend:
+    name: task-tracker-gateway
diff --git a/libs/bootstrap/src/setups/cors.ts b/libs/bootstrap/src/setups/cors.ts
@@ -11,13 +11,22 @@ export function setupCors(app: NestFastifyApplication, origins: string[]) {
                     return callback(null, true);
                 }
 
-                const { hostname } = new URL(origin);
+                try {
+                    const { hostname } = new URL(origin);
+                    const allowedHostnames = origins.map((o) => new URL(o).hostname);
 
-                if (origins.some((o) => hostname === o || hostname.endsWith(`.${o}`))) {
-                    callback(null, origin);
-                }
+                    if (
+                        allowedHostnames.some(
+                            (allowed) => hostname === allowed || hostname.endsWith(`.${allowed}`),
+                        )
+                    ) {
+                        return callback(null, origin);
+                    }
 
-                callback(new Error('Not allowed by CORS'), false);
+                    callback(new Error('Not allowed by CORS'), false);
+                } catch (e) {
+                    callback(new Error('Invalid origin format'), false);
+                }
             },
             credentials: true,
             methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS', 'PATCH'],

diff --git a/libs/bootstrap/src/setups/swagger.ts b/libs/bootstrap/src/setups/swagger.ts
@@ -3,6 +3,7 @@ import { cleanupOpenApiDoc } from 'nestjs-zod';
 import type { NestFastifyApplication } from '@nestjs/platform-fastify';
 import type { SwaggerOptions } from '../interfaces';
 import { SWAGGER_DEFAULTS } from '../configs/swagger';
+import { GlobalErrorResponse } from 'src/shared/error/schema';
 
 export async function setupSwagger(app: NestFastifyApplication, options: SwaggerOptions = {}) {
     const { title, description, version, path, server } = {
@@ -22,7 +23,9 @@ export async function setupSwagger(app: NestFastifyApplication, options: Swagger
     if (stage) builder.addServer(`https://api.${stage}`, 'Staging');
     if (domain) builder.addServer(`https://api.${domain}`, 'Production');
 
-    const document = SwaggerModule.createDocument(app, builder.build());
+    const document = SwaggerModule.createDocument(app, builder.build(), {
+        extraModels: [GlobalErrorResponse.Output],
+    });
 
     SwaggerModule.setup(path, app, cleanupOpenApiDoc(document), {
         jsonDocumentUrl: `${path}/s/json`,