Skip to content

Change image. add debug #259

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
a-nomad merged 3 commits into from
Mar 19, 2026
Merged

Change image. add debug #259

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
de4fc29
fix
a-nomad Mar 19, 2026
bc3db62
update dockerfile
a-nomad Mar 19, 2026
40c32c7
fix lint
a-nomad Mar 19, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 5 additions & 4 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
FROM node:24-slim as build
FROM node:24-alpine as build

# Set build arguments with defaults
ARG NODE_ENV=production
ARG NPM_INSTALL_FLAGS=
Expand All @@ -15,10 +16,10 @@ RUN npm ci $NPM_INSTALL_FLAGS
# Copy website files
COPY website/ ./

FROM node:24-slim
FROM node:24-alpine

# Create a non-root user and group
RUN addgroup --system appgroup && adduser --system --ingroup appgroup appuser
# Create a non-root user and group
RUN addgroup -S appgroup && adduser -S -G appgroup appuser

# Copy layer wfrom build image
Copy link
Contributor

@coderabbitai coderabbitai bot Mar 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Typo in comment.

wfromfrom

-# Copy layer wfrom build image
+# Copy layer from build image
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
# Copy layer wfrom build image
# Copy layer from build image
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@Dockerfile` at line 24, Typo in the Dockerfile comment: change the word
"wfrom" to "from" in the comment line that reads "Copy layer wfrom build image"
so it becomes "Copy layer from build image"; locate this in the Dockerfile
comment and correct the spelling.

COPY --chown=appuser:appgroup --from=build /app /app
Expand Down
10 changes: 10 additions & 0 deletions website/modules/@apostrophecms/express/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
const { getEnv } = require('../../../utils/env');
const morgan = require('morgan');

module.exports = {
options: {
Expand All @@ -7,4 +8,13 @@ module.exports = {
secret: getEnv('SESSION_SECRET'),
},
},
middleware(_self) {
return {
logRequests: {
middleware: morgan(
':date[iso] :method :url :status :response-time ms - :remote-addr - :user-agent',
),
},
};
},
Comment on lines +11 to +19
Copy link
Contributor

@coderabbitai coderabbitai bot Mar 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick | 🔵 Trivial

Consider making request logging environment-aware.

The morgan middleware is unconditionally enabled for all environments. In production, verbose request logging can:

  • Generate significant log volume
  • Potentially impact performance on high-traffic endpoints
  • Log sensitive URL parameters

Consider gating logging or adjusting the format based on environment:

♻️ Suggested approach 
+const { getEnv } = require('../../../utils/env');
+
 module.exports = {
   options: {
     session: {
       secret: getEnv('SESSION_SECRET'),
     },
   },
   middleware(_self) {
+    const nodeEnv = getEnv('NODE_ENV') || 'development';
+    const format = nodeEnv === 'production'
+      ? 'combined'
+      : ':date[iso] :method :url :status :response-time ms - :remote-addr - :user-agent';
     return {
       logRequests: {
-        middleware: morgan(
-          ':date[iso] :method :url :status :response-time ms - :remote-addr - :user-agent',
-        ),
+        middleware: morgan(format),
       },
     };
   },
 };
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@website/modules/`@apostrophecms/express/index.js around lines 11 - 19, The
request-logging middleware (middleware -> logRequests -> middleware) uses morgan
unconditionally; make it environment-aware by checking NODE_ENV or an equivalent
runtime config and only registering or using the verbose morgan format in
non-production (or when a config flag like ENABLE_REQUEST_LOGGING is true).
Modify the middleware factory to read process.env.NODE_ENV (or the module's
options) and conditionally return the logRequests entry (or swap to a
compact/obfuscated format) so production avoids the current verbose
morgan(':date[iso] :method :url :status :response-time ms - :remote-addr -
:user-agent') while dev/test keep it.

};
71 changes: 71 additions & 0 deletions website/package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions website/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@
"lodash": "^4.17.21",
"lozad": "^1.16.0",
"mongodb": "^6.17.0",
"morgan": "^1.10.0",
"node-fetch": "^2.6.7",
"normalize.css": "^8.0.1",
"pm2-runtime": "^5.4.1",
Expand Down
Loading