warrenchen/kneron_model_converter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
kneron_model_converter/apps/task-scheduler/.dockerignore
jim800121chen 4d381c0b50 feat(task-scheduler): Phase 1 — modularize server + add OAuth/JWKS + /api/v1/* routes 
Refactor server.js (647 → 99 lines) into 30+ modules under src/:
- auth/: JWKS validation, JWT middleware, OAuth client_credentials
- routes/v1/: jobs (POST/GET/:id) + promote with input validation
- routes/legacy.js: existing /jobs multipart path (backward compatible)
- services/: jobService, healthService, sseService, statusMapper,
  doneListener
- middleware/: requestId, errorHandler, perClientRateLimit,
  uploadConcurrency, upload (multer + storage)
- redis/: Lua scripts for atomic claim/release_active_job
- storage/: local + minio adapters; fileAccessAgent/: PUT promote client
- config.js: env var validation with fail-fast

Phase 1 features (T1–T11):
- T1 Auth middleware + JWKS (Member Center OAuth2 resource server)
- T2 OAuth client (Member Center client_credentials, Basic auth)
- T3 /api/v1/* router skeleton
- T4 server.js refactor (legacy endpoints fully preserved, real-Redis
  regression verified — existing worker consumer group untouched)
- T5 POST /api/v1/jobs (multipart, OWASP-audited, 2 Critical / 6 Major
  fixed; Risk-A/B documented as accepted)
- T6 GET /api/v1/jobs + GET /:id (cursor pagination, ETag, IDOR-safe)
- T7 POST /jobs/:id/promote (FAA PUT with own service token, 300s
  timeout, fail-fast on missing FAA URL)
- T8 /health upgrade (healthy/degraded/unhealthy + 30s background cache)
- T9 stage_timings (release_active_job in terminal states)
- T10 env + Docker integration (MULTIPART_* + concurrency limiter)
- T11 README (498 lines) + OpenAPI 3.0 spec (1588 lines)

Tests: 630 pass across 29 suites. Updated Dockerfile + .dockerignore +
docker-compose.yml env passthrough (no hardcoded secrets, fail-fast on
missing required vars).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-01 10:55:05 +08:00

62 lines
1.0 KiB
Plaintext
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# T10Docker build 時排除以下檔案,避免進 production image
#
# 重點:
# 1. .env / *.env — secret 不該進 image由 docker-compose / secret manager 注入
# 2. node_modules — Dockerfile 的 `npm ci` 會在 image 內重新安裝production-only
# 3. tests / fixtures — 測試檔不該進 production image減少 attack surface 與 image size
# 4. IDE / VCS — .vscode, .idea, .git 都是開發工具產物
# 5. Coverage / 暫存 — 任何 build artifact
# === 環境變數 / 密鑰 ===
.env
.env.*
!env.example
# === Node ===
node_modules
npm-debug.log*
yarn-debug.log*
yarn-error.log*
.npm
.pnpm-store
# === 測試 ===
**/__tests__
**/*.test.js
**/*.spec.js
coverage
.nyc_output
jest.config.js
# === IDE / OS ===
.vscode
.idea
.DS_Store
*.swp
*.swo
*~
# === Git ===
.git
.gitignore
.gitattributes
# === Docker避免遞迴===
Dockerfile*
.dockerignore
docker-compose*.yml
# === 文件(不需進 image===
README.md
CHANGELOG.md
LICENSE
docs
# === 暫存 / build artifact ===
*.log
*.pid
*.seed
dist
build
tmp
Reference in New Issue View Git Blame Copy Permalink