maxbirkin/gooseek
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: auth service + security audit fixes + cleanup legacy services

Browse Source 
Major changes:
- Add auth-svc: JWT auth, register/login/refresh, password reset
- Add auth UI: modals, pages (/login, /register, /forgot-password)
- Add usage tracking (usage_metrics table, daily limits)
- Add tiered rate limiting (free/pro/business)
- Add LLM usage limits per tier

Security fixes:
- All repos now require userID for Update/Delete operations
- JWT middleware in chat-svc, llm-svc, agent-svc, discover-svc
- ErrNotFound/ErrForbidden errors for proper access control

Cleanup:
- Remove legacy TypeScript services/ directory
- Remove computer-svc (to be reimplemented)
- Remove old deploy/docker configs

New files:
- backend/cmd/auth-svc/main.go
- backend/internal/auth/{types,repository}.go
- backend/internal/usage/{types,repository}.go
- backend/pkg/middleware/{llm_limits,ratelimit_tiered}.go
- backend/webui/src/components/auth/*
- backend/webui/src/app/(auth)/*

Made-with: Cursor
This commit is contained in:
home
2026-02-28 01:33:49 +03:00
parent 120fbbaafb
commit a0e3748dde
523 changed files with 10776 additions and 59630 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
backend/deploy/docker/Dockerfile.all
View File

@@ -1,5 +1,5 @@
# Multi-service Dockerfile - builds all services
FROM golang:1.22-alpine AS builder
FROM golang:1.24-alpine AS builder
RUN apk add --no-cache git ca-certificates
@@ -21,17 +21,17 @@ RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -o /bin/discover-svc ./cm
RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -o /bin/collection-svc ./cmd/collection-svc
RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -o /bin/file-svc ./cmd/file-svc
RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -o /bin/thread-svc ./cmd/thread-svc
RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -o /bin/computer-svc ./cmd/computer-svc
RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -o /bin/finance-heatmap-svc ./cmd/finance-heatmap-svc
RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -o /bin/learning-svc ./cmd/learning-svc
RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -o /bin/labs-svc ./cmd/labs-svc
RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -o /bin/podcast-svc ./cmd/podcast-svc
RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -o /bin/browser-svc ./cmd/browser-svc
RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -o /bin/admin-svc ./cmd/admin-svc
# Runtime stage
FROM alpine:3.19
RUN apk add --no-cache ca-certificates tzdata
RUN apk add --no-cache ca-certificates tzdata docker-cli python3 py3-pip && \
pip3 install --break-system-packages openpyxl python-docx reportlab pillow pandas
WORKDIR /app
@@ -41,7 +41,7 @@ COPY --from=builder /bin/* /app/
ENV SERVICE=api-gateway
ENV PORT=3015
EXPOSE 3015 3018 3005 3001 3020 3021 3002 3025 3026 3027 3030
EXPOSE 3015 3018 3005 3001 3020 3021 3002 3025 3026 3027 3040
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
CMD wget --no-verbose --tries=1 --spider http://localhost:${PORT}/health || exit 1

32
backend/deploy/docker/Dockerfile.computer-svc
View File

@@ -1,32 +0,0 @@
# Dockerfile for computer-svc only
FROM golang:1.22-alpine AS builder
RUN apk add --no-cache git ca-certificates
WORKDIR /app
COPY go.mod go.sum ./
RUN go mod download
COPY . .
# Build only computer-svc
RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -o /bin/computer-svc ./cmd/computer-svc
# Runtime stage
FROM alpine:3.19
RUN apk add --no-cache ca-certificates tzdata docker-cli
WORKDIR /app
COPY --from=builder /bin/computer-svc /app/computer-svc
ENV PORT=3030
EXPOSE 3030
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
CMD wget --no-verbose --tries=1 --spider http://localhost:3030/health || exit 1
CMD ["/app/computer-svc"]

125
backend/deploy/docker/docker-compose.yml
View File

@@ -1,6 +1,27 @@
version: '3.8'
services:
auth-svc:
build:
context: ../..
dockerfile: deploy/docker/Dockerfile.all
environment:
- SERVICE=auth-svc
- PORT=3050
- DATABASE_URL=postgres://gooseek:gooseek@postgres:5432/gooseek?sslmode=disable
- JWT_SECRET=${JWT_SECRET}
ports:
- "3050:3050"
depends_on:
- postgres
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3050/health"]
interval: 30s
timeout: 10s
retries: 3
networks:
- gooseek
api-gateway:
build:
context: ../..
@@ -8,23 +29,26 @@ services:
environment:
- SERVICE=api-gateway
- PORT=3015
- AUTH_SVC_URL=http://auth-svc:3050
- CHAT_SVC_URL=http://chat-svc:3005
- MASTER_AGENTS_SVC_URL=http://agent-svc:3018
- SEARCH_SVC_URL=http://search-svc:3001
- LLM_SVC_URL=http://llm-svc:3020
- SCRAPER_SVC_URL=http://scraper-svc:3021
- THREAD_SVC_URL=http://thread-svc:3027
- COMPUTER_SVC_URL=http://computer-svc:3030
- DISCOVER_SVC_URL=http://discover-svc:3002
- FINANCE_HEATMAP_SVC_URL=http://finance-heatmap-svc:3033
- LEARNING_SVC_URL=http://learning-svc:3034
- ADMIN_SVC_URL=http://admin-svc:3040
- JWT_SECRET=${JWT_SECRET}
ports:
- "3015:3015"
depends_on:
- auth-svc
- chat-svc
- agent-svc
- thread-svc
- computer-svc
- admin-svc
networks:
- gooseek
@@ -187,53 +211,6 @@ services:
networks:
- gooseek
computer-svc:
build:
context: ../..
dockerfile: deploy/docker/Dockerfile.all
environment:
- SERVICE=computer-svc
- PORT=3030
- COMPUTER_SVC_PORT=3030
- DATABASE_URL=postgres://gooseek:gooseek@postgres:5432/gooseek?sslmode=disable
- REDIS_URL=redis://redis:6379
- OPENAI_API_KEY=${OPENAI_API_KEY}
- ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}
- GEMINI_API_KEY=${GEMINI_API_KEY}
- TIMEWEB_API_BASE_URL=${TIMEWEB_API_BASE_URL}
- TIMEWEB_AGENT_ACCESS_ID=${TIMEWEB_AGENT_ACCESS_ID}
- TIMEWEB_API_KEY=${TIMEWEB_API_KEY}
- TELEGRAM_BOT_TOKEN=${TELEGRAM_BOT_TOKEN}
- SANDBOX_IMAGE=python:3.11-slim
- BROWSER_SVC_URL=http://browser-svc:3050
ports:
- "3030:3030"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- checkpoints:/data/checkpoints
depends_on:
- postgres
- redis
- browser-svc
networks:
- gooseek
browser-svc:
build:
context: ../..
dockerfile: deploy/docker/Dockerfile.all
environment:
- SERVICE=browser-svc
- PORT=3050
- BROWSER_SVC_PORT=3050
ports:
- "3050:3050"
volumes:
- screenshots:/tmp/gooseek-screenshots
- recordings:/tmp/gooseek-recordings
networks:
- gooseek
labs-svc:
build:
context: ../..
@@ -304,14 +281,60 @@ services:
networks:
- gooseek
admin-svc:
build:
context: ../..
dockerfile: deploy/docker/Dockerfile.all
environment:
- SERVICE=admin-svc
- PORT=3040
- ADMIN_SVC_PORT=3040
- DATABASE_URL=postgres://gooseek:gooseek@postgres:5432/gooseek?sslmode=disable
- JWT_SECRET=${JWT_SECRET}
- AUTH_SVC_URL=${AUTH_SVC_URL}
- MINIO_ENDPOINT=minio:9000
- MINIO_ACCESS_KEY=minioadmin
- MINIO_SECRET_KEY=minioadmin
- MINIO_BUCKET=gooseek
- MINIO_USE_SSL=false
ports:
- "3040:3040"
depends_on:
- postgres
- minio
networks:
- gooseek
minio:
image: minio/minio:latest
command: server /data --console-address ":9001"
environment:
- MINIO_ROOT_USER=minioadmin
- MINIO_ROOT_PASSWORD=minioadmin
volumes:
- minio-data:/data
ports:
- "9000:9000"
- "9001:9001"
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
interval: 30s
timeout: 10s
retries: 3
networks:
- gooseek
webui:
build:
context: ../../webui
dockerfile: Dockerfile
args:
- NEXT_PUBLIC_DISABLED_ROUTES=${NEXT_PUBLIC_DISABLED_ROUTES:-/travel,/medicine,/finance,/learning,/spaces,/history}
environment:
- NODE_ENV=production
- API_URL=http://api-gateway:3015
- NEXT_PUBLIC_API_URL=
- NEXT_PUBLIC_DISABLED_ROUTES=${NEXT_PUBLIC_DISABLED_ROUTES:-/travel,/medicine,/finance,/learning,/spaces,/history}
ports:
- "3000:3000"
depends_on:
@@ -379,7 +402,5 @@ volumes:
postgres-data:
redis-data:
file-storage:
checkpoints:
screenshots:
recordings:
podcasts:
minio-data: