- Dockerfile: create /app/data owned by nextjs before USER switch so fresh
deployments work without manual chown. Existing servers need:
sudo chown -R 1001:1001 estore/data
- nav.js: fix footer legal links to point to /shop/privacy|terms|refund
(pages live in estore, not main site)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
NODE_ENV=production sets Secure:true but the container may sit behind
an HTTP-only reverse proxy, causing browsers to reject the cookie.
COOKIE_SECURE=false in .env overrides the flag without changing NODE_ENV.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The osrm-backend image is too minimal to run any health probe.
Drop the healthcheck entirely and use a plain depends_on so the
shop starts after OSRM, without blocking on a health condition
that can never pass.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
/dev/tcp is bash-only and fails in the container's default sh.
Switch to a real HTTP check against the OSRM API root, and add a
30s start_period so Docker doesn't fail the check before the road
data finishes loading.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
catalog-cache.json and item-overrides.json are written at runtime by the
admin panel — they should not be in version control.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Security:
- Replace raw password cookie with HMAC-derived session token + constant-time compare
- Add rate limiting (5 attempts / 15 min) to admin login
- Atomic JSON writes via file-utils to prevent corruption on crash
- Tighten CSP headers; add Square CDN to style-src and font-src
- WebP conversion + 20 MB limit on admin image uploads
Checkout reliability:
- Delayed capture flow: pre-auth → calendar write → capture (never charge without booking)
- Derive payment idempotency key from SHA-256(nonce) to prevent nonce/key mismatch on retry
- Idempotency key persisted in localStorage; auto-retry on network failure
- Idempotent CalDAV writes using orderId-based UIDs; treat 412 as success
- User-friendly Square error messages instead of raw API detail strings
UX:
- Welcome modal + 5-step guided tour with spotlight and scroll-into-view
- Balloon release agreement checkbox required before payment
- 24-hour lead time enforced server-side in both delivery and pickup slot generators
- Fix Square card form race condition with double-rAF before attach()
- Tour hides Bulma modal-background for bright, unobscured modal steps
Notifications:
- Improved SMTP error logging; re-throw on failure so callers see it
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add libheif-dev to backend Dockerfile to support HEIC/HEIF image uploads via sharp.
- Update backend URL in frontend to use 'photobackend.beachpartyballoons.com'.
- Update CORS whitelist to include the new backend hostname.
- Stage user's change to docker-compose.yml exposing port 5001.
This commit reflects an intentional reorganization of the project.
- Deletes obsolete root-level files.
- Restructures the admin and gallery components.
- Tracks previously untracked application modules.
This commit includes the following changes:
Gallery Page (gallery.html):
- Moved inline CSS to gallery.css for better organization and caching.
- Implemented a skeleton loader to improve perceived loading performance.
- Added a 'No results' message when search/filter yields no photos.
- Enhanced responsive image handling in the modal to load full-resolution images.
Admin Page (admin/index.html):
- Moved inline CSS to admin.css for better organization and caching.
- Fixed an aesthetic issue with the hover style on the 'Clear selection' button.
- Introduced a confirmation modal for bulk delete operations to prevent accidental data loss.
- Implemented a progress bar for file uploads, providing better user feedback.
This commit introduces a `docker-compose.yml` file to simplify the
process of building, running, and managing the application.
- Defines the `bpb-website` service with build context, port mapping,
and environment variables.
- Mounts a volume for `update.json` to ensure data persistence across
container restarts.
- Sets `restart: always` to ensure the service is automatically
restarted if it goes down.
This commit introduces Docker support for the application to ensure a consistent
and reproducible environment across different deployment targets.
- Added for building a Docker image of the application.
- Added to exclude unnecessary files from the Docker image.
- Improved error handling in to provide more descriptive messages
when the server returns an unexpected response, aiding in debugging.
- Included changes, likely from local testing.
Changed the request URL in from an absolute path
() to a relative path
().
This ensures that the API request is always sent to the same domain
that the admin page is loaded from, resolving CORS and NetworkError
issues when accessing the UI from a production FQDN or a live server
with a different port. This change relies on a correctly configured
reverse proxy in the production environment.
This commit refactors the Node.js server to be production-ready.
- **Strict Production Environment:** The server now checks for . If it is set, the server will refuse to start unless a secure is provided as an environment variable. This prevents running with the insecure default password in production.
- **Logging:** Added basic logging for successful status updates and failed login attempts.
- **NPM Scripts:** Added a script to for starting the server in production mode ().
This commit introduces a web-based admin UI to manage the store's status, backed by a simple Node.js/Express server for file writing.
Key features:
- **Admin UI (, ):** A form to update the scrolling message and closed status. It provides a user-friendly experience with loading states, in-page feedback, and change detection.
- **Node.js Backend ():** A simple Express server that serves the static site and provides a endpoint. This endpoint receives data from the admin UI, authenticates it, and writes it to .
- **Enhanced Security:** The password is no longer hardcoded in the client-side JavaScript. Authentication is handled server-side, and the password is read from a file for local development or an environment variable in production.
- **Project Setup (, ):** The project is now a formal Node.js project with dependencies (, , ) and a file to exclude .
This commit introduces functionality to display the store's open/closed status based on a schedule, with an override mechanism for holidays or emergencies.
Changes include:
- : Added IDs to hours paragraphs for easier manipulation.
- : Refactored to be more robust and moved its logic to to prevent race conditions. Removed for status updates from . Fixed lightbox navigation.
- : Added (boolean) and (string) fields to allow overriding the default status.
- : Consolidated all status logic. It now acts as a gatekeeper:
- If in is , it displays and ensures hours are visible.
- If is , it runs the scheduled open/closed logic (originally from ) and updates the status every minute, ensuring hours are always visible.
- : Reverted accidental changes and ensured only necessary status-related styles were added.
This ensures:
- The store's current open/closed status is always displayed.
- An override message can be shown for special closures.
- Store hours are always visible.
