feat: 增强SaaS后端功能与安全性
refactor: 重构数据库连接使用PostgreSQL替代SQLite feat(auth): 增加JWT验证的audience和issuer检查 feat(crypto): 添加AES-256-GCM字段加密支持 feat(api): 集成utoipa实现OpenAPI文档 fix(admin): 修复配置项表单验证逻辑 style: 统一代码格式与类型定义 docs: 更新技术栈文档说明PostgreSQL
This commit is contained in:
iven
83
Dockerfile
Normal file
83
Dockerfile
Normal file
@@ -0,0 +1,83 @@
|
||||
# ============================================================
|
||||
# ZCLAW SaaS Backend - Multi-stage Docker Build
|
||||
# ============================================================
|
||||
|
||||
# ---- Stage 1: Builder ----
|
||||
FROM rust:1.75-bookworm AS builder
|
||||
|
||||
# Install build dependencies for sqlx (postgres) and libsqlite3-sys (bundled)
|
||||
RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||
pkg-config \
|
||||
libssl-dev \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
WORKDIR /app
|
||||
|
||||
# Copy workspace manifests first to leverage Docker layer caching
|
||||
COPY Cargo.toml Cargo.lock ./
|
||||
|
||||
# Create stub source files so cargo can resolve and cache dependencies
|
||||
# This avoids rebuilding dependencies when only application code changes
|
||||
RUN mkdir -p crates/zclaw-saas/src \
|
||||
&& echo 'fn main() {}' > crates/zclaw-saas/src/main.rs \
|
||||
&& for crate in zclaw-types zclaw-memory zclaw-runtime zclaw-kernel \
|
||||
zclaw-skills zclaw-hands zclaw-channels zclaw-protocols \
|
||||
zclaw-pipeline zclaw-growth; do \
|
||||
mkdir -p crates/$crate/src && echo '' > crates/$crate/src/lib.rs; \
|
||||
done \
|
||||
&& mkdir -p desktop/src-tauri/src && echo 'fn main() {}' > desktop/src-tauri/src/main.rs
|
||||
|
||||
# Pre-build dependencies (release profile with caching)
|
||||
RUN cargo build --release --package zclaw-saas 2>/dev/null || true
|
||||
|
||||
# Copy actual source code (invalidates stubs, triggers recompile of app code only)
|
||||
COPY crates/ crates/
|
||||
COPY desktop/ desktop/
|
||||
|
||||
# Touch source files to invalidate the stub timestamps
|
||||
RUN touch crates/zclaw-saas/src/main.rs \
|
||||
&& for crate in zclaw-types zclaw-memory zclaw-runtime zclaw-kernel \
|
||||
zclaw-skills zclaw-hands zclaw-channels zclaw-protocols \
|
||||
zclaw-pipeline zclaw-growth; do \
|
||||
touch crates/$crate/src/lib.rs 2>/dev/null || true; \
|
||||
done \
|
||||
&& touch desktop/src-tauri/src/main.rs 2>/dev/null || true
|
||||
|
||||
# Build the actual binary
|
||||
RUN cargo build --release --package zclaw-saas
|
||||
|
||||
# ---- Stage 2: Runtime ----
|
||||
FROM debian:bookworm-slim AS runtime
|
||||
|
||||
# Install runtime dependencies (ca-certificates for HTTPS, libgcc for Rust runtime)
|
||||
RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||
ca-certificates \
|
||||
libgcc-s \
|
||||
&& rm -rf /var/lib/apt/lists/* \
|
||||
&& update-ca-certificates
|
||||
|
||||
# Create non-root user for security
|
||||
RUN groupadd --gid 1000 zclaw \
|
||||
&& useradd --uid 1000 --gid zclaw --shell /bin/false zclaw
|
||||
|
||||
WORKDIR /app
|
||||
|
||||
# Copy binary from builder
|
||||
COPY --from=builder /app/target/release/zclaw-saas /app/zclaw-saas
|
||||
|
||||
# Copy configuration file
|
||||
COPY saas-config.toml /app/saas-config.toml
|
||||
|
||||
# Ensure the non-root user owns the application files
|
||||
RUN chown -R zclaw:zclaw /app
|
||||
|
||||
USER zclaw
|
||||
|
||||
# Expose the SaaS API port
|
||||
EXPOSE 8080
|
||||
|
||||
# Health check endpoint (matches the saas-config.toml port)
|
||||
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
|
||||
CMD ["/app/zclaw-saas", "--healthcheck"] || exit 1
|
||||
|
||||
ENTRYPOINT ["/app/zclaw-saas"]
|
||||
Reference in New Issue
Block a user