maxbirkin/gooseek
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a0e3748dde3a8f0f6b4861ec7294152fcd499c73
gooseek/backend/deploy/docker/docker-compose.yml
home a0e3748dde feat: auth service + security audit fixes + cleanup legacy services 
Major changes:
- Add auth-svc: JWT auth, register/login/refresh, password reset
- Add auth UI: modals, pages (/login, /register, /forgot-password)
- Add usage tracking (usage_metrics table, daily limits)
- Add tiered rate limiting (free/pro/business)
- Add LLM usage limits per tier

Security fixes:
- All repos now require userID for Update/Delete operations
- JWT middleware in chat-svc, llm-svc, agent-svc, discover-svc
- ErrNotFound/ErrForbidden errors for proper access control

Cleanup:
- Remove legacy TypeScript services/ directory
- Remove computer-svc (to be reimplemented)
- Remove old deploy/docker configs

New files:
- backend/cmd/auth-svc/main.go
- backend/internal/auth/{types,repository}.go
- backend/internal/usage/{types,repository}.go
- backend/pkg/middleware/{llm_limits,ratelimit_tiered}.go
- backend/webui/src/components/auth/*
- backend/webui/src/app/(auth)/*

Made-with: Cursor
2026-02-28 01:33:49 +03:00

407 lines
9.6 KiB
YAML
Raw Blame History

version: '3.8'
services:
auth-svc:
build:
context: ../..
dockerfile: deploy/docker/Dockerfile.all
environment:
- SERVICE=auth-svc
- PORT=3050
- DATABASE_URL=postgres://gooseek:gooseek@postgres:5432/gooseek?sslmode=disable
- JWT_SECRET=${JWT_SECRET}
ports:
- "3050:3050"
depends_on:
- postgres
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3050/health"]
interval: 30s
timeout: 10s
retries: 3
networks:
- gooseek
api-gateway:
build:
context: ../..
dockerfile: deploy/docker/Dockerfile.all
environment:
- SERVICE=api-gateway
- PORT=3015
- AUTH_SVC_URL=http://auth-svc:3050
- CHAT_SVC_URL=http://chat-svc:3005
- MASTER_AGENTS_SVC_URL=http://agent-svc:3018
- SEARCH_SVC_URL=http://search-svc:3001
- LLM_SVC_URL=http://llm-svc:3020
- SCRAPER_SVC_URL=http://scraper-svc:3021
- THREAD_SVC_URL=http://thread-svc:3027
- DISCOVER_SVC_URL=http://discover-svc:3002
- FINANCE_HEATMAP_SVC_URL=http://finance-heatmap-svc:3033
- LEARNING_SVC_URL=http://learning-svc:3034
- ADMIN_SVC_URL=http://admin-svc:3040
- JWT_SECRET=${JWT_SECRET}
ports:
- "3015:3015"
depends_on:
- auth-svc
- chat-svc
- agent-svc
- thread-svc
- admin-svc
networks:
- gooseek
chat-svc:
build:
context: ../..
dockerfile: deploy/docker/Dockerfile.chat-svc
environment:
- SERVICE=chat-svc
- PORT=3005
- MASTER_AGENTS_SVC_URL=http://agent-svc:3018
- DISCOVER_SVC_URL=http://discover-svc:3002
ports:
- "3005:3005"
depends_on:
- agent-svc
- discover-svc
networks:
- gooseek
agent-svc:
build:
context: ../..
dockerfile: deploy/docker/Dockerfile.agent-svc
environment:
- SERVICE=agent-svc
- PORT=3018
- SEARXNG_URL=http://searxng:8080
- DISCOVER_SVC_URL=http://discover-svc:3002
- CRAWL4AI_URL=http://crawl4ai:11235
- OPENAI_API_KEY=${OPENAI_API_KEY}
- ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}
- GEMINI_API_KEY=${GEMINI_API_KEY}
- TIMEWEB_API_BASE_URL=${TIMEWEB_API_BASE_URL}
- TIMEWEB_AGENT_ACCESS_ID=${TIMEWEB_AGENT_ACCESS_ID}
- TIMEWEB_API_KEY=${TIMEWEB_API_KEY}
ports:
- "3018:3018"
depends_on:
- search-svc
- discover-svc
networks:
- gooseek
search-svc:
build:
context: ../..
dockerfile: deploy/docker/Dockerfile.search-svc
environment:
- SERVICE=search-svc
- PORT=3001
- SEARXNG_URL=http://searxng:8080
ports:
- "3001:3001"
depends_on:
- searxng
networks:
- gooseek
llm-svc:
build:
context: ../..
dockerfile: deploy/docker/Dockerfile.all
environment:
- SERVICE=llm-svc
- PORT=3020
- OPENAI_API_KEY=${OPENAI_API_KEY}
- ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}
- GEMINI_API_KEY=${GEMINI_API_KEY}
ports:
- "3020:3020"
networks:
- gooseek
scraper-svc:
build:
context: ../..
dockerfile: deploy/docker/Dockerfile.all
environment:
- SERVICE=scraper-svc
- PORT=3021
- CRAWL4AI_URL=http://crawl4ai:11235
ports:
- "3021:3021"
networks:
- gooseek
discover-svc:
build:
context: ../..
dockerfile: deploy/docker/Dockerfile.discover-svc
environment:
- SERVICE=discover-svc
- PORT=3002
- SEARXNG_URL=http://searxng:8080
- REDIS_URL=redis://redis:6379
- DATABASE_URL=postgres://gooseek:gooseek@postgres:5432/gooseek?sslmode=disable
ports:
- "3002:3002"
depends_on:
- searxng
- postgres
- redis
networks:
- gooseek
collection-svc:
build:
context: ../..
dockerfile: deploy/docker/Dockerfile.all
environment:
- SERVICE=collection-svc
- PORT=3025
- DATABASE_URL=postgres://gooseek:gooseek@postgres:5432/gooseek?sslmode=disable
- JWT_SECRET=${JWT_SECRET}
- AUTH_SVC_URL=${AUTH_SVC_URL}
ports:
- "3025:3025"
depends_on:
- postgres
networks:
- gooseek
file-svc:
build:
context: ../..
dockerfile: deploy/docker/Dockerfile.all
environment:
- SERVICE=file-svc
- PORT=3026
- DATABASE_URL=postgres://gooseek:gooseek@postgres:5432/gooseek?sslmode=disable
- OPENAI_API_KEY=${OPENAI_API_KEY}
- ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}
- JWT_SECRET=${JWT_SECRET}
- FILE_STORAGE_PATH=/data/files
ports:
- "3026:3026"
volumes:
- file-storage:/data/files
depends_on:
- postgres
networks:
- gooseek
thread-svc:
build:
context: ../..
dockerfile: deploy/docker/Dockerfile.all
environment:
- SERVICE=thread-svc
- PORT=3027
- DATABASE_URL=postgres://gooseek:gooseek@postgres:5432/gooseek?sslmode=disable
- OPENAI_API_KEY=${OPENAI_API_KEY}
- JWT_SECRET=${JWT_SECRET}
- AUTH_SVC_URL=${AUTH_SVC_URL}
ports:
- "3027:3027"
depends_on:
- postgres
networks:
- gooseek
labs-svc:
build:
context: ../..
dockerfile: deploy/docker/Dockerfile.all
environment:
- SERVICE=labs-svc
- PORT=3031
- LABS_SVC_PORT=3031
- OPENAI_API_KEY=${OPENAI_API_KEY}
- ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}
ports:
- "3031:3031"
networks:
- gooseek
podcast-svc:
build:
context: ../..
dockerfile: deploy/docker/Dockerfile.all
environment:
- SERVICE=podcast-svc
- PORT=3032
- PODCAST_SVC_PORT=3032
- OPENAI_API_KEY=${OPENAI_API_KEY}
- ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}
- ELEVENLABS_API_KEY=${ELEVENLABS_API_KEY}
ports:
- "3032:3032"
volumes:
- podcasts:/data/podcasts
networks:
- gooseek
finance-heatmap-svc:
build:
context: ../..
dockerfile: deploy/docker/Dockerfile.all
environment:
- SERVICE=finance-heatmap-svc
- PORT=3033
- REDIS_URL=redis://redis:6379
ports:
- "3033:3033"
depends_on:
- redis
networks:
- gooseek
learning-svc:
build:
context: ../..
dockerfile: deploy/docker/Dockerfile.all
environment:
- SERVICE=learning-svc
- PORT=3034
- LEARNING_SVC_PORT=3034
- TIMEWEB_API_BASE_URL=${TIMEWEB_API_BASE_URL}
- TIMEWEB_AGENT_ACCESS_ID=${TIMEWEB_AGENT_ACCESS_ID}
- TIMEWEB_API_KEY=${TIMEWEB_API_KEY}
- DEFAULT_LLM_MODEL=${DEFAULT_LLM_MODEL:-gpt-4o-mini}
- OPENAI_API_KEY=${OPENAI_API_KEY}
- ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}
- DATABASE_URL=postgres://gooseek:gooseek@postgres:5432/gooseek?sslmode=disable
ports:
- "3034:3034"
depends_on:
- postgres
networks:
- gooseek
admin-svc:
build:
context: ../..
dockerfile: deploy/docker/Dockerfile.all
environment:
- SERVICE=admin-svc
- PORT=3040
- ADMIN_SVC_PORT=3040
- DATABASE_URL=postgres://gooseek:gooseek@postgres:5432/gooseek?sslmode=disable
- JWT_SECRET=${JWT_SECRET}
- AUTH_SVC_URL=${AUTH_SVC_URL}
- MINIO_ENDPOINT=minio:9000
- MINIO_ACCESS_KEY=minioadmin
- MINIO_SECRET_KEY=minioadmin
- MINIO_BUCKET=gooseek
- MINIO_USE_SSL=false
ports:
- "3040:3040"
depends_on:
- postgres
- minio
networks:
- gooseek
minio:
image: minio/minio:latest
command: server /data --console-address ":9001"
environment:
- MINIO_ROOT_USER=minioadmin
- MINIO_ROOT_PASSWORD=minioadmin
volumes:
- minio-data:/data
ports:
- "9000:9000"
- "9001:9001"
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
interval: 30s
timeout: 10s
retries: 3
networks:
- gooseek
webui:
build:
context: ../../webui
dockerfile: Dockerfile
args:
- NEXT_PUBLIC_DISABLED_ROUTES=${NEXT_PUBLIC_DISABLED_ROUTES:-/travel,/medicine,/finance,/learning,/spaces,/history}
environment:
- NODE_ENV=production
- API_URL=http://api-gateway:3015
- NEXT_PUBLIC_API_URL=
- NEXT_PUBLIC_DISABLED_ROUTES=${NEXT_PUBLIC_DISABLED_ROUTES:-/travel,/medicine,/finance,/learning,/spaces,/history}
ports:
- "3000:3000"
depends_on:
- api-gateway
networks:
- gooseek
restart: unless-stopped
postgres:
image: postgres:16-alpine
environment:
- POSTGRES_USER=gooseek
- POSTGRES_PASSWORD=gooseek
- POSTGRES_DB=gooseek
volumes:
- postgres-data:/var/lib/postgresql/data
ports:
- "5432:5432"
healthcheck:
test: ["CMD-SHELL", "pg_isready -U gooseek"]
interval: 10s
timeout: 5s
retries: 5
networks:
- gooseek
redis:
image: redis:7-alpine
command: redis-server --appendonly yes --maxmemory 256mb --maxmemory-policy allkeys-lru
volumes:
- redis-data:/data
ports:
- "6379:6379"
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 5s
retries: 5
networks:
- gooseek
searxng:
image: searxng/searxng:latest
volumes:
- ../../../deploy/docker/searxng:/etc/searxng:ro
environment:
- SEARXNG_BASE_URL=http://localhost:8080
ports:
- "8080:8080"
networks:
- gooseek
crawl4ai:
image: unclecode/crawl4ai:latest
ports:
- "11235:11235"
networks:
- gooseek
networks:
gooseek:
driver: bridge
volumes:
postgres-data:
redis-data:
file-storage:
podcasts:
minio-data:
Reference in New Issue View Git Blame Copy Permalink