feat(deploy): CI/CD Gitea Actions + stack Docker prod pour xip.kerboul.me

- docker-compose.prod.yml: postgres + redis + backend (bun) + web (nginx single-origin) - backend/Dockerfile + entrypoint: prisma migrate deploy + seed idempotent au boot - frontend/Dockerfile: build Vite (VITE_API_URL=https://xip.kerboul.me) servi par nginx - deploy/nginx.conf: proxy /api + /ws vers le backend, SPA fallback - .gitea/workflows/deploy.yml: auto-deploy SSH sur push main (runner CT121 -> CT502) - scripts/deploy.sh: pull + rebuild de la stack - mode open-bar (XIP_OPEN_BAR): paywall off pour tous en prod, via isFree() centralise Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-31 15:14:36 +02:00
parent 02bba16285
commit 024909b162
17 changed files with 318 additions and 12 deletions
--- a/backend/src/routes/uploads.ts
+++ b/backend/src/routes/uploads.ts
@@ -1,7 +1,7 @@
 import { Hono } from "hono";
 import { randomUUID } from "node:crypto";
 import { prisma } from "../lib/prisma";
-import { getClientIp, isLocalhost } from "../lib/ip";
+import { getClientIp, isFree } from "../lib/ip";
 import { storeFile, absolutePathFor } from "../lib/storage";

 const uploads = new Hono();
@@ -10,7 +10,7 @@ const FREE_LIMIT = 1_000_000; // 1 Mo for the free tier (README)
 const ABSOLUTE_MAX = 50_000_000; // hard cap even for paid, to protect the dev box

 async function ownsNoFileLimit(ip: string): Promise<boolean> {
-  if (isLocalhost(ip)) return true;
+  if (isFree(ip)) return true;
  const rows = await prisma.entitlement.findMany({
    where: { ip, kind: "no-file-limit", active: true },
  });