Security: - Add auth + file type/size validation to upload API - Add admin auth to /api/admin/ endpoints - Add SSRF protection to scrape action - Whitelist fields in PUT /api/notes/[id] to prevent mass assignment - Protect /lab, /agents, /chat, /canvas, /notebooks routes in middleware AI provider fixes: - Add deepseek/openrouter to factory ProviderType (was silently falling back to ollama) - Fix title-suggestion.service.ts to use factory instead of hardcoded OpenAI - Fix getAIProvider→getChatProvider in memory-echo, notebook-summary, agent-executor - Fix getAIProvider→getTagsProvider in notebook-suggestion, title-suggestions, transform-markdown Functional bugs: - Fix ALLOW_REGISTRATION AND→OR logic - Fix note-editor.tsx passing stale props to useAutoTagging instead of local state - Fix stale Note.embedding type (migrated to NoteEmbedding table) - Remove hardcoded SQLite path from prisma.ts Frontend: - Add AbortController to useAutoTagging and useTitleSuggestions hooks - Add error rollback to optimistic UI in note-inline-editor - Remove stale closure over notebookId/language in useAutoTagging Cleanup: - Rename docker-compose from keepnotes→memento - Remove unused unstable_cache import from config.ts - Remove dead useUndoRedo hook - Fix TagSuggestion type (add isNewLabel, reasoning) - Remove dead AIConfig/AIProviderType types - Fix ghost-tags unused isEmpty var and as any cast - Fix note-editor titleSuggestions typed as any[] Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
111 lines
2.6 KiB
YAML
111 lines
2.6 KiB
YAML
version: '3.8'
|
|
|
|
services:
|
|
postgres:
|
|
image: postgres:16-alpine
|
|
container_name: memento-postgres
|
|
restart: unless-stopped
|
|
environment:
|
|
POSTGRES_USER: memento
|
|
POSTGRES_PASSWORD: memento
|
|
POSTGRES_DB: memento
|
|
volumes:
|
|
- postgres-data:/var/lib/postgresql/data
|
|
ports:
|
|
- "5432:5432"
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U memento"]
|
|
interval: 5s
|
|
timeout: 5s
|
|
retries: 5
|
|
networks:
|
|
- memento-network
|
|
|
|
memento-note:
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile
|
|
image: memento-note:latest
|
|
container_name: memento-note
|
|
restart: unless-stopped
|
|
ports:
|
|
- "3000:3000"
|
|
environment:
|
|
# Database
|
|
- DATABASE_URL=postgresql://memento:memento@postgres:5432/memento
|
|
- NODE_ENV=production
|
|
|
|
# Application (IMPORTANT: Change these!)
|
|
- NEXTAUTH_URL=http://your-domain.com:3000
|
|
- NEXTAUTH_SECRET=change-this-to-a-random-secret-string
|
|
|
|
# Disable Next.js telemetry
|
|
- NEXT_TELEMETRY_DISABLED=1
|
|
|
|
# AI Provider (Optional - for OpenAI)
|
|
# - OPENAI_API_KEY=your-openai-api-key-here
|
|
|
|
# AI Provider (Optional - for Ollama)
|
|
# - OLLAMA_BASE_URL=http://ollama:11434
|
|
# - OLLAMA_MODEL=granite4:latest
|
|
volumes:
|
|
# Persist uploaded images and files
|
|
- keep-uploads:/app/public/uploads
|
|
|
|
# Optional: Mount custom SSL certificates
|
|
# - ./certs:/app/certs:ro
|
|
depends_on:
|
|
postgres:
|
|
condition: service_healthy
|
|
networks:
|
|
- memento-network
|
|
# Optional: Resource limits for Proxmox VM
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: '2'
|
|
memory: 2G
|
|
reservations:
|
|
cpus: '0.5'
|
|
memory: 512M
|
|
# Health check for automatic restart
|
|
healthcheck:
|
|
test: ["CMD", "wget", "--spider", "-q", "http://localhost:3000"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 40s
|
|
|
|
# Optional: Ollama for local AI models
|
|
# Uncomment this section if you want to use local AI models
|
|
# ollama:
|
|
# image: ollama/ollama:latest
|
|
# container_name: keep-ollama
|
|
# restart: unless-stopped
|
|
# ports:
|
|
# - "11434:11434"
|
|
# volumes:
|
|
# - ollama-data:/root/.ollama
|
|
# networks:
|
|
# - memento-network
|
|
# deploy:
|
|
# resources:
|
|
# limits:
|
|
# cpus: '4'
|
|
# memory: 8G
|
|
# reservations:
|
|
# cpus: '2'
|
|
# memory: 4G
|
|
|
|
networks:
|
|
memento-network:
|
|
driver: bridge
|
|
|
|
volumes:
|
|
postgres-data:
|
|
driver: local
|
|
keep-uploads:
|
|
driver: local
|
|
# ollama-data:
|
|
# driver: local
|