Enhance Docker and backend configurations for improved deployment

- Updated docker-compose.yml to include environment variable support for services, enhancing flexibility in configuration. - Refactored Dockerfile to utilize build arguments for VITE environment variables, allowing for better customization during builds. - Improved Nginx configuration to handle larger video uploads by increasing client_max_body_size to 5GB. - Enhanced backend Dockerfile to include wget for health checks and improved startup logging for database migrations. - Added validation for critical environment variables in the backend to ensure necessary configurations are present before application startup. - Updated content streaming logic to support direct HLS URL construction, improving streaming reliability and user experience. - Refactored various components and services to streamline access checks and improve error handling during content playback.
2026-02-13 12:35:03 +00:00
parent 7e9a35a963
commit 3ca43b62e4
23 changed files with 799 additions and 244 deletions
--- a/backend/src/auth/auth.module.ts
+++ b/backend/src/auth/auth.module.ts
@@ -10,6 +10,7 @@ import { NostrAuthModule } from 'src/nostr-auth/nostr-auth.module';
 import { JwtAuthGuard } from './guards/jwt.guard';
 import { TokenAuthGuard } from './guards/token.guard';
 import { HybridAuthGuard } from './guards/hybrid-auth.guard';
+import { OptionalHybridAuthGuard } from './guards/optional-hybrid-auth.guard';
 import { NostrSessionService } from './nostr-session.service';
 import { NostrSessionJwtGuard } from './guards/nostr-session-jwt.guard';
 import { UsersModule } from 'src/users/users.module';
@@ -30,6 +31,7 @@ import { UsersModule } from 'src/users/users.module';
    JwtAuthGuard,
    TokenAuthGuard,
    HybridAuthGuard,
+    OptionalHybridAuthGuard,
    NostrSessionService,
    NostrSessionJwtGuard,
  ],
@@ -39,6 +41,7 @@ import { UsersModule } from 'src/users/users.module';
    JwtAuthGuard,
    TokenAuthGuard,
    HybridAuthGuard,
+    OptionalHybridAuthGuard,
    NostrSessionService,
    NostrSessionJwtGuard,
  ],
--- a/backend/src/auth/guards/optional-hybrid-auth.guard.ts
+++ b/backend/src/auth/guards/optional-hybrid-auth.guard.ts
@@ -0,0 +1,30 @@
+import { CanActivate, ExecutionContext, Injectable } from '@nestjs/common';
+import { HybridAuthGuard } from './hybrid-auth.guard';
+
+/**
+ * Optional version of HybridAuthGuard.
+ *
+ * Tries all authentication strategies (Nostr, NostrSessionJwt, Jwt).
+ * If any succeeds, `request.user` is populated as normal.
+ * If all fail, the request proceeds anyway with `request.user = undefined`.
+ *
+ * Use this for endpoints that should work for both authenticated and
+ * anonymous users (e.g. streaming free content without login).
+ */
+@Injectable()
+export class OptionalHybridAuthGuard implements CanActivate {
+  constructor(private readonly hybridAuthGuard: HybridAuthGuard) {}
+
+  async canActivate(context: ExecutionContext): Promise<boolean> {
+    try {
+      await this.hybridAuthGuard.canActivate(context);
+    } catch {
+      // Auth failed — that's OK for optional auth.
+      // Ensure request.user is explicitly undefined so downstream
+      // code can check whether the user is authenticated.
+      const request = context.switchToHttp().getRequest();
+      request.user = undefined;
+    }
+    return true;
+  }
+}