Dockerfile.backend

# syntax=docker/dockerfile:1

# ============================================================================
# Builder stage
# ============================================================================
FROM node:22.11.0-slim AS builder

RUN npm install -g corepack@latest && corepack enable

WORKDIR /app

# Copy all package manifests so pnpm can resolve the workspace lockfile,
# but use --ignore-scripts to skip buttplug's Rust/WASM build entirely.
COPY pnpm-workspace.yaml package.json pnpm-lock.yaml ./
COPY packages/backend/package.json ./packages/backend/package.json
COPY packages/frontend/package.json ./packages/frontend/package.json
COPY packages/buttplug/package.json ./packages/buttplug/package.json
COPY packages/types/package.json ./packages/types/package.json

RUN pnpm install --frozen-lockfile --filter @sexy.pivoine.art/backend --ignore-scripts

# Rebuild native bindings (argon2, sharp)
RUN pnpm rebuild argon2 sharp

COPY packages/types ./packages/types
COPY packages/backend ./packages/backend

RUN pnpm --filter @sexy.pivoine.art/backend build

RUN CI=true pnpm install --frozen-lockfile --filter @sexy.pivoine.art/backend --prod --ignore-scripts

RUN pnpm rebuild argon2 sharp

# ============================================================================
# Runner stage
# ============================================================================
FROM node:22.11.0-slim AS runner

RUN apt-get update && apt-get install -y \
    dumb-init \
    ffmpeg \
    wget \
    && rm -rf /var/lib/apt/lists/*

RUN userdel -r node && \
    groupadd -r -g 1000 node && \
    useradd -r -u 1000 -g node -m -d /home/node -s /bin/bash node

WORKDIR /home/node/app

RUN mkdir -p packages/backend

COPY --from=builder --chown=node:node /app/node_modules ./node_modules
COPY --from=builder --chown=node:node /app/package.json ./package.json
COPY --from=builder --chown=node:node /app/packages/backend/dist ./packages/backend/dist
COPY --from=builder --chown=node:node /app/packages/backend/node_modules ./packages/backend/node_modules
COPY --from=builder --chown=node:node /app/packages/backend/package.json ./packages/backend/package.json
COPY --from=builder --chown=node:node /app/packages/backend/src/migrations ./packages/backend/migrations

RUN mkdir -p /data/uploads && chown node:node /data/uploads

USER node

ENV NODE_ENV=production \
    PORT=4000

EXPOSE 4000

HEALTHCHECK --interval=30s --timeout=5s --start-period=20s --retries=3 \
    CMD wget --no-verbose --tries=1 --spider http://localhost:4000/health

ENTRYPOINT ["dumb-init", "--"]
CMD ["node", "packages/backend/dist/index.js"]
feat: replace Directus with custom Node.js GraphQL backend Removes Directus 11 and replaces it with a lean, purpose-built backend: - packages/backend/: Fastify v5 + GraphQL Yoga v5 + Pothos (code-first) with Drizzle ORM, Redis sessions (session_token cookie), argon2 auth, Nodemailer, fluent-ffmpeg, and full gamification system ported from bundle - Frontend: @directus/sdk replaced by graphql-request v7; services.ts fully rewritten with identical signatures; directus.ts now re-exports from api.ts - Cookie renamed directus_session_token → session_token - Dev proxy target updated 8055 → 4000 - compose.yml: Directus service removed, backend service added (port 4000) - Dockerfile.backend: new multi-stage image with ffmpeg - Dockerfile: bundle build step and ffmpeg removed from frontend image - data-migration.ts: one-time script to migrate all Directus/sexy_ tables Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-04 18:07:18 +01:00			`# syntax=docker/dockerfile:1`

			`# ============================================================================`
			`# Builder stage`
			`# ============================================================================`
			`FROM node:22.11.0-slim AS builder`

			`RUN npm install -g corepack@latest && corepack enable`

			`WORKDIR /app`

fix: skip buttplug Rust build in backend Dockerfile via --ignore-scripts Copy all workspace package.json files so pnpm can resolve the lockfile, but install with --ignore-scripts to prevent buttplug's Rust/WASM build from running. Only explicitly rebuild argon2 native bindings. Also restore the missing migrations COPY line. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-04 19:08:48 +01:00			`# Copy all package manifests so pnpm can resolve the workspace lockfile,`
			`# but use --ignore-scripts to skip buttplug's Rust/WASM build entirely.`
feat: replace Directus with custom Node.js GraphQL backend Removes Directus 11 and replaces it with a lean, purpose-built backend: - packages/backend/: Fastify v5 + GraphQL Yoga v5 + Pothos (code-first) with Drizzle ORM, Redis sessions (session_token cookie), argon2 auth, Nodemailer, fluent-ffmpeg, and full gamification system ported from bundle - Frontend: @directus/sdk replaced by graphql-request v7; services.ts fully rewritten with identical signatures; directus.ts now re-exports from api.ts - Cookie renamed directus_session_token → session_token - Dev proxy target updated 8055 → 4000 - compose.yml: Directus service removed, backend service added (port 4000) - Dockerfile.backend: new multi-stage image with ffmpeg - Dockerfile: bundle build step and ffmpeg removed from frontend image - data-migration.ts: one-time script to migrate all Directus/sexy_ tables Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-04 18:07:18 +01:00			`COPY pnpm-workspace.yaml package.json pnpm-lock.yaml ./`
			`COPY packages/backend/package.json ./packages/backend/package.json`
fix: skip buttplug Rust build in backend Dockerfile via --ignore-scripts Copy all workspace package.json files so pnpm can resolve the lockfile, but install with --ignore-scripts to prevent buttplug's Rust/WASM build from running. Only explicitly rebuild argon2 native bindings. Also restore the missing migrations COPY line. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-04 19:08:48 +01:00			`COPY packages/frontend/package.json ./packages/frontend/package.json`
			`COPY packages/buttplug/package.json ./packages/buttplug/package.json`
fix: copy packages/types into backend Docker build Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-05 12:51:52 +01:00			`COPY packages/types/package.json ./packages/types/package.json`
feat: replace Directus with custom Node.js GraphQL backend Removes Directus 11 and replaces it with a lean, purpose-built backend: - packages/backend/: Fastify v5 + GraphQL Yoga v5 + Pothos (code-first) with Drizzle ORM, Redis sessions (session_token cookie), argon2 auth, Nodemailer, fluent-ffmpeg, and full gamification system ported from bundle - Frontend: @directus/sdk replaced by graphql-request v7; services.ts fully rewritten with identical signatures; directus.ts now re-exports from api.ts - Cookie renamed directus_session_token → session_token - Dev proxy target updated 8055 → 4000 - compose.yml: Directus service removed, backend service added (port 4000) - Dockerfile.backend: new multi-stage image with ffmpeg - Dockerfile: bundle build step and ffmpeg removed from frontend image - data-migration.ts: one-time script to migrate all Directus/sexy_ tables Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-04 18:07:18 +01:00
fix: skip buttplug Rust build in backend Dockerfile via --ignore-scripts Copy all workspace package.json files so pnpm can resolve the lockfile, but install with --ignore-scripts to prevent buttplug's Rust/WASM build from running. Only explicitly rebuild argon2 native bindings. Also restore the missing migrations COPY line. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-04 19:08:48 +01:00			`RUN pnpm install --frozen-lockfile --filter @sexy.pivoine.art/backend --ignore-scripts`
feat: replace Directus with custom Node.js GraphQL backend Removes Directus 11 and replaces it with a lean, purpose-built backend: - packages/backend/: Fastify v5 + GraphQL Yoga v5 + Pothos (code-first) with Drizzle ORM, Redis sessions (session_token cookie), argon2 auth, Nodemailer, fluent-ffmpeg, and full gamification system ported from bundle - Frontend: @directus/sdk replaced by graphql-request v7; services.ts fully rewritten with identical signatures; directus.ts now re-exports from api.ts - Cookie renamed directus_session_token → session_token - Dev proxy target updated 8055 → 4000 - compose.yml: Directus service removed, backend service added (port 4000) - Dockerfile.backend: new multi-stage image with ffmpeg - Dockerfile: bundle build step and ffmpeg removed from frontend image - data-migration.ts: one-time script to migrate all Directus/sexy_ tables Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-04 18:07:18 +01:00
fix: image transforms via Sharp, model photos crash, video duration - Backend: add Sharp image transform endpoint (/assets/:id?transform=X) with presets: mini(64), thumbnail(200), preview(480), medium(960), banner(1280) Transformed images are cached as webp next to originals - Frontend: fix model photos crash (p.directus_files_id → p) - Frontend: fix model banner URL (data.model.banner.id → data.model.banner) - Frontend: fix video duration display (video.movie.duration → video.movie_file?.duration) across models/[slug], videos, videos/[slug], and home pages Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-04 20:56:33 +01:00			`# Rebuild native bindings (argon2, sharp)`
			`RUN pnpm rebuild argon2 sharp`
fix: resolve pnpm frozen-lockfile error and argon2 native build - Run pnpm install to update lockfile with packages/backend dependencies - Add argon2 to root onlyBuiltDependencies (pnpm-workspace.yaml + package.json) - Add explicit `pnpm rebuild argon2` in Dockerfile.backend to ensure native bindings compile regardless of pnpm v10 build approval state - Remove pnpm.onlyBuiltDependencies from packages/backend/package.json (ineffective in workspace packages, warned by pnpm) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-04 18:19:52 +01:00
fix: copy packages/types into backend Docker build Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-05 12:51:52 +01:00			`COPY packages/types ./packages/types`
feat: replace Directus with custom Node.js GraphQL backend Removes Directus 11 and replaces it with a lean, purpose-built backend: - packages/backend/: Fastify v5 + GraphQL Yoga v5 + Pothos (code-first) with Drizzle ORM, Redis sessions (session_token cookie), argon2 auth, Nodemailer, fluent-ffmpeg, and full gamification system ported from bundle - Frontend: @directus/sdk replaced by graphql-request v7; services.ts fully rewritten with identical signatures; directus.ts now re-exports from api.ts - Cookie renamed directus_session_token → session_token - Dev proxy target updated 8055 → 4000 - compose.yml: Directus service removed, backend service added (port 4000) - Dockerfile.backend: new multi-stage image with ffmpeg - Dockerfile: bundle build step and ffmpeg removed from frontend image - data-migration.ts: one-time script to migrate all Directus/sexy_ tables Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-04 18:07:18 +01:00			`COPY packages/backend ./packages/backend`

			`RUN pnpm --filter @sexy.pivoine.art/backend build`

fix: set CI=true for pnpm install in backend Dockerfile Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-04 19:26:25 +01:00			`RUN CI=true pnpm install --frozen-lockfile --filter @sexy.pivoine.art/backend --prod --ignore-scripts`
fix: skip buttplug Rust build in backend Dockerfile via --ignore-scripts Copy all workspace package.json files so pnpm can resolve the lockfile, but install with --ignore-scripts to prevent buttplug's Rust/WASM build from running. Only explicitly rebuild argon2 native bindings. Also restore the missing migrations COPY line. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-04 19:08:48 +01:00
fix: image transforms via Sharp, model photos crash, video duration - Backend: add Sharp image transform endpoint (/assets/:id?transform=X) with presets: mini(64), thumbnail(200), preview(480), medium(960), banner(1280) Transformed images are cached as webp next to originals - Frontend: fix model photos crash (p.directus_files_id → p) - Frontend: fix model banner URL (data.model.banner.id → data.model.banner) - Frontend: fix video duration display (video.movie.duration → video.movie_file?.duration) across models/[slug], videos, videos/[slug], and home pages Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-04 20:56:33 +01:00			`RUN pnpm rebuild argon2 sharp`
feat: replace Directus with custom Node.js GraphQL backend Removes Directus 11 and replaces it with a lean, purpose-built backend: - packages/backend/: Fastify v5 + GraphQL Yoga v5 + Pothos (code-first) with Drizzle ORM, Redis sessions (session_token cookie), argon2 auth, Nodemailer, fluent-ffmpeg, and full gamification system ported from bundle - Frontend: @directus/sdk replaced by graphql-request v7; services.ts fully rewritten with identical signatures; directus.ts now re-exports from api.ts - Cookie renamed directus_session_token → session_token - Dev proxy target updated 8055 → 4000 - compose.yml: Directus service removed, backend service added (port 4000) - Dockerfile.backend: new multi-stage image with ffmpeg - Dockerfile: bundle build step and ffmpeg removed from frontend image - data-migration.ts: one-time script to migrate all Directus/sexy_ tables Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-04 18:07:18 +01:00
			`# ============================================================================`
			`# Runner stage`
			`# ============================================================================`
			`FROM node:22.11.0-slim AS runner`

			`RUN apt-get update && apt-get install -y \`
			`dumb-init \`
			`ffmpeg \`
			`wget \`
			`&& rm -rf /var/lib/apt/lists/*`

			`RUN userdel -r node && \`
			`groupadd -r -g 1000 node && \`
			`useradd -r -u 1000 -g node -m -d /home/node -s /bin/bash node`

			`WORKDIR /home/node/app`

			`RUN mkdir -p packages/backend`

fix: copy root node_modules to runner stage in backend Dockerfile pnpm hoists workspace dependencies to the root node_modules. Without copying it, modules like pg are not found at runtime. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-04 19:29:36 +01:00			`COPY --from=builder --chown=node:node /app/node_modules ./node_modules`
			`COPY --from=builder --chown=node:node /app/package.json ./package.json`
feat: replace Directus with custom Node.js GraphQL backend Removes Directus 11 and replaces it with a lean, purpose-built backend: - packages/backend/: Fastify v5 + GraphQL Yoga v5 + Pothos (code-first) with Drizzle ORM, Redis sessions (session_token cookie), argon2 auth, Nodemailer, fluent-ffmpeg, and full gamification system ported from bundle - Frontend: @directus/sdk replaced by graphql-request v7; services.ts fully rewritten with identical signatures; directus.ts now re-exports from api.ts - Cookie renamed directus_session_token → session_token - Dev proxy target updated 8055 → 4000 - compose.yml: Directus service removed, backend service added (port 4000) - Dockerfile.backend: new multi-stage image with ffmpeg - Dockerfile: bundle build step and ffmpeg removed from frontend image - data-migration.ts: one-time script to migrate all Directus/sexy_ tables Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-04 18:07:18 +01:00			`COPY --from=builder --chown=node:node /app/packages/backend/dist ./packages/backend/dist`
			`COPY --from=builder --chown=node:node /app/packages/backend/node_modules ./packages/backend/node_modules`
			`COPY --from=builder --chown=node:node /app/packages/backend/package.json ./packages/backend/package.json`
fix: switch backend to CommonJS, generate Drizzle migrations, add migrate script - Remove "type": "module" and switch tsconfig to CommonJS/Node resolution to fix drizzle-kit ESM/CJS incompatibility - Strip .js extensions from all backend TypeScript imports - Fix gamification resolver: combine two .where() calls using and() - Fix index.ts: wrap top-level awaits in async main(), fix Fastify+yoga request handling via handleNodeRequestAndResponse - Generate initial Drizzle SQL migration (0000_pale_hellion.sql) for all 15 tables - Add src/scripts/migrate.ts: programmatic Drizzle migrator for production - Copy migrations folder into Docker image (Dockerfile.backend) - Add schema:migrate npm script Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-04 18:42:58 +01:00			`COPY --from=builder --chown=node:node /app/packages/backend/src/migrations ./packages/backend/migrations`
feat: replace Directus with custom Node.js GraphQL backend Removes Directus 11 and replaces it with a lean, purpose-built backend: - packages/backend/: Fastify v5 + GraphQL Yoga v5 + Pothos (code-first) with Drizzle ORM, Redis sessions (session_token cookie), argon2 auth, Nodemailer, fluent-ffmpeg, and full gamification system ported from bundle - Frontend: @directus/sdk replaced by graphql-request v7; services.ts fully rewritten with identical signatures; directus.ts now re-exports from api.ts - Cookie renamed directus_session_token → session_token - Dev proxy target updated 8055 → 4000 - compose.yml: Directus service removed, backend service added (port 4000) - Dockerfile.backend: new multi-stage image with ffmpeg - Dockerfile: bundle build step and ffmpeg removed from frontend image - data-migration.ts: one-time script to migrate all Directus/sexy_ tables Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-04 18:07:18 +01:00
			`RUN mkdir -p /data/uploads && chown node:node /data/uploads`

			`USER node`

			`ENV NODE_ENV=production \`
			`PORT=4000`

			`EXPOSE 4000`

			`HEALTHCHECK --interval=30s --timeout=5s --start-period=20s --retries=3 \`
			`CMD wget --no-verbose --tries=1 --spider http://localhost:4000/health`

			`ENTRYPOINT ["dumb-init", "--"]`
			`CMD ["node", "packages/backend/dist/index.js"]`