From fc33f027d60b6b54a1ba312ac4ed043c3056de77 Mon Sep 17 00:00:00 2001 From: Ho Ngoc Hai Date: Sun, 4 Jan 2026 11:53:33 +0700 Subject: [PATCH] =?UTF-8?q?build:=20Th=C3=AAm=20binary=20targets=20cho=20P?= =?UTF-8?q?risma,=20chuy=E1=BB=83n=20rate=20limiter=20sang=20memory=20stor?= =?UTF-8?q?e,=20v=C3=A0=20c=E1=BA=ADp=20nh=E1=BA=ADt=20Dockerfile=20=C4=91?= =?UTF-8?q?=E1=BB=83=20s=E1=BB=AD=20d=E1=BB=A5ng=20pnpm=20hoisting=20c?= =?UTF-8?q?=C3=B9ng=20openssl=20runtime.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- services/iam-service/Dockerfile | 23 ++++++++++++++--------- services/iam-service/prisma/schema.prisma | 3 ++- services/iam-service/src/main.ts | 13 ++++--------- 3 files changed, 20 insertions(+), 19 deletions(-) diff --git a/services/iam-service/Dockerfile b/services/iam-service/Dockerfile index 7e00077a..a099d6b3 100644 --- a/services/iam-service/Dockerfile +++ b/services/iam-service/Dockerfile @@ -39,9 +39,11 @@ USER node # VI: Copy source code (files phải thuộc về node user để pnpm có thể ghi) COPY --chown=node:node . . -# EN: Install dependencies for iam-service only -# VI: Chỉ cài đặt dependencies cho iam-service -RUN pnpm install --frozen-lockfile=false --filter @goodgo/iam-service... +# EN: Install dependencies for iam-service only with hoisting +# VI: Chỉ cài đặt dependencies cho iam-service với hoisting +# EN: --shamefully-hoist creates flat node_modules without symlinks +# VI: --shamefully-hoist tạo node_modules phẳng không có symlinks +RUN pnpm install --frozen-lockfile=false --shamefully-hoist --filter @goodgo/iam-service... # EN: Generate Prisma Client explicitly # VI: Generate Prisma Client một cách rõ ràng @@ -51,8 +53,8 @@ RUN cd services/iam-service && npx prisma generate # VI: Build tất cả packages mà iam-service phụ thuộc RUN pnpm --filter @goodgo/iam-service... build -# EN: Manually remove dev dependencies to reduce image size but keep workspace packages -# VI: Manually xóa dev dependencies để giảm image size nhưng giữ workspace packages +# EN: Remove dev dependencies to reduce size +# VI: Xóa dev dependencies để giảm size RUN rm -rf services/iam-service/node_modules/.pnpm/*-dev-* && \ rm -rf node_modules/.pnpm/*@types+* && \ rm -rf node_modules/.pnpm/*eslint* && \ @@ -65,11 +67,12 @@ RUN rm -rf services/iam-service/node_modules/.pnpm/*-dev-* && \ # VI: Production stage - minimal runtime image FROM base AS runner -# EN: Install runtime dependencies only -# VI: Install runtime dependencies only +# EN: Install runtime dependencies (curl for healthcheck, dumb-init for signal handling, openssl for Prisma) +# VI: Cài đặt runtime dependencies (curl cho healthcheck, dumb-init cho signal handling, openssl cho Prisma) USER root RUN apk add --no-cache \ curl \ + openssl \ && rm -rf /var/cache/apk/* # EN: Create non-root user for security @@ -86,8 +89,10 @@ RUN mkdir -p /app && \ # VI: Switch sang non-root user USER microservice -# EN: Copy entire workspace structure with symlinks intact -# VI: Copy toàn bộ workspace structure với symlinks nguyên vẹn +# EN: Copy entire /app but .dockerignore will exclude source files +# VI: Copy toàn bộ /app nhưng .dockerignore sẽ loại trừ source files +# EN: This preserves pnpm workspace symlinks while excluding unnecessary files +# VI: Điều này giữ nguyên pnpm workspace symlinks trong khi loại trừ files không cần COPY --from=deps --chown=microservice:nodejs /app /app WORKDIR /app/services/iam-service diff --git a/services/iam-service/prisma/schema.prisma b/services/iam-service/prisma/schema.prisma index 1e792714..81540e5c 100644 --- a/services/iam-service/prisma/schema.prisma +++ b/services/iam-service/prisma/schema.prisma @@ -2,7 +2,8 @@ // VI: Schema Prisma cho Enterprise IAM Service generator client { - provider = "prisma-client-js" + provider = "prisma-client-js" + binaryTargets = ["native", "linux-musl-openssl-3.0.x", "linux-musl-arm64-openssl-3.0.x"] } datasource db { diff --git a/services/iam-service/src/main.ts b/services/iam-service/src/main.ts index 4da6239e..c8c312d0 100644 --- a/services/iam-service/src/main.ts +++ b/services/iam-service/src/main.ts @@ -39,18 +39,13 @@ app.use( }) ); -// EN: Rate limiting -// VI: Giới hạn số lượng request +// EN: Rate limiting (use memory store initially, Redis will be used after connection) +// VI: Giới hạn số lượng request (dùng memory store ban đầu, Redis sẽ được dùng sau khi kết nối) const limiter = rateLimit({ windowMs: 15 * 60 * 1000, max: 100, - // EN: Use Redis for distributed rate limiting - // VI: Sử dụng Redis để giới hạn rate phân tán - store: new RedisStore({ - // @ts-expect-error - rate-limit-redis types mismatch with ioredis - sendCommand: (...args: string[]) => getRedisClient().call(...args), - }), - + // EN: Use memory store by default, will upgrade to Redis when available + // VI: Dùng memory store mặc định, sẽ nâng cấp lên Redis khi có sẵn }); app.use('/api', limiter);