fix: resolve backend docker build errors

Reviewed-on: #5

.env.example

@@ -1,12 +1,14 @@
 # ==========================================
 #  Database
 # ==========================================
-POSTGRES_USER=wishlist
-POSTGRES_PASSWORD=change_me
-POSTGRES_DB=family_wishlist
-# DATABASE_URL uses the docker-compose service name `postgres`.
-# When running backend outside docker against docker-postgres use localhost:5432.
-DATABASE_URL=postgresql://wishlist:change_me@postgres:5432/family_wishlist
+DB_HOST=postgres_budget
+DB_PORT=5432
+DB_NAME=db_family
+DB_USER=
+DB_PASSWORD=
+# Fill DATABASE_URL explicitly; .env files do not expand ${...} automatically for the app.
+# For local host-based development, point it to localhost:5432 instead of postgres_budget.
+DATABASE_URL=postgresql://<db_user>:<db_password>@postgres_budget:5432/db_family
 
 # ==========================================
 #  Users (two fixed accounts)

README.md

@@ -5,7 +5,7 @@ A small, private wishlist app for two users. Each user has their own profile, sl
 - **Backend**: Node.js 20, Fastify 4, Prisma 5, PostgreSQL 16
 - **Frontend**: React 18, Vite 5, Tailwind CSS, TanStack Query, React Hook Form + Zod
 - **Monorepo**: pnpm workspaces
-- **Deploy**: Docker Compose (Postgres + backend + nginx-served frontend)
+- **Deploy**: Docker Compose (shared Postgres + backend + nginx-served frontend)
 
 ---
 
@@ -32,7 +32,7 @@ apps/
 packages/
   shared/     zod schemas + DTO types shared between backend and frontend
 docker/       Dockerfiles + nginx.conf
-docker-compose.yml        prod stack (postgres + backend + frontend)
+docker-compose.yml        prod stack (shared postgres + backend + frontend)
 docker-compose.dev.yml    dev helper (postgres only)
 .env.example  full env template
 ```
@@ -127,10 +127,11 @@ Review the rest of `.env`:
 
 - `USER1_USERNAME`, `USER1_SLUG`, `USER1_DISPLAY_NAME`
 - `USER2_USERNAME`, `USER2_SLUG`, `USER2_DISPLAY_NAME`
-- `POSTGRES_*` (used by Docker)
+- `DB_HOST=postgres_budget`, `DB_PORT=5432`, `DB_NAME=db_family`
+- `DB_USER`, `DB_PASSWORD`, `DATABASE_URL` (sensitive values stay only in `.env`)
 - `PUBLIC_APP_URL` (used for CORS in production)
 
-### 3. Run everything via Docker
+### 3. Run the shared Docker stack
 
 ```bash
 docker compose up --build
@@ -139,12 +140,18 @@ docker compose up --build
 Opens:
 
 - Frontend: http://localhost:8080
-- Backend API: http://localhost:8080/api (proxied by nginx) or http://localhost:3000 if you map `backend`
-- Postgres: internal only
+- Backend API: http://localhost:8080/api (proxied by nginx) or http://localhost:3000 if you map `family-wishlist-backend`
+
+Before first start, create a dedicated database and user for this project in the existing Postgres host:
+
+- host: `postgres_budget`
+- port: `5432`
+- database: `db_family`
+- user/password: set only in `.env` and do not commit them
 
 On first start, the backend:
 
-1. Runs `prisma db push` against the Postgres service (creates tables from `schema.prisma`; idempotent).
+1. Runs `prisma db push` against the configured shared Postgres database (creates tables from `schema.prisma`; idempotent).
 2. Seeds/upserts both users from env (public fields only — password hash stays in env).
 3. Starts Fastify on port 3000.
 4. Registers the daily trash-purge cron (runs at 03:17 UTC, also once on startup).
@@ -159,7 +166,7 @@ Run Postgres in a container, apps on the host:
 ```bash
 docker compose -f docker-compose.dev.yml up -d
 # Override DATABASE_URL to point to localhost:
-# DATABASE_URL=postgresql://wishlist:change_me@localhost:5432/family_wishlist
+# DATABASE_URL=postgresql://<DB_USER>:<DB_PASSWORD>@localhost:5432/db_family
 
 pnpm --filter @family-wishlist/backend prisma:push    # apply schema (first time and on schema changes)
 pnpm --filter @family-wishlist/backend seed           # upsert two users from env into DB
@@ -170,6 +177,9 @@ This starts both apps in parallel:
 
 - Frontend: http://localhost:5173 (proxying `/api` and `/uploads` to http://localhost:3000)
 - Backend: http://localhost:3000
+- Dev Postgres: `localhost:5432` for local-only development data
+
+The dev compose file stays isolated from the shared `postgres_budget` instance. Keep production credentials and local credentials in `.env`, and never hardcode them in compose files or source code.
 
 ### 5. Useful scripts
 

apps/backend/package.json

@@ -31,6 +31,7 @@
     "@prisma/client": "^5.19.1",
     "bcryptjs": "^2.4.3",
     "fastify": "^4.28.1",
+    "fastify-plugin": "^4.5.1",
     "fastify-type-provider-zod": "^2.0.0",
     "nanoid": "^5.0.7",
     "node-cron": "^3.0.3",

apps/backend/src/modules/images/og.service.ts

@@ -16,6 +16,13 @@ interface DownloadResult {
   contentType: string;
 }
 
+function getOgImageUrl(ogImage: unknown): string | undefined {
+  const entry = Array.isArray(ogImage) ? ogImage[0] : ogImage;
+  if (!entry || typeof entry !== 'object') return undefined;
+  const { url } = entry as { url?: unknown };
+  return typeof url === 'string' ? url : undefined;
+}
+
 async function downloadImage(url: string): Promise<DownloadResult | null> {
   try {
     const controller = new AbortController();
@@ -27,7 +34,7 @@ async function downloadImage(url: string): Promise<DownloadResult | null> {
         headers: { 'user-agent': 'FamilyWishlistBot/1.0 (+image-fetch)' },
       });
       if (res.statusCode >= 400) return null;
-      const contentType = (res.headers['content-type']?.toString() ?? '').split(';')[0].trim();
+      const contentType = ((res.headers['content-type']?.toString() ?? '').split(';')[0] ?? '').trim();
       if (!ALLOWED_MIME.has(contentType)) return null;
       const chunks: Buffer[] = [];
       let total = 0;
@@ -60,8 +67,7 @@ export async function fetchOgImageForWish(
   try {
     const parsed = await ogs({ url: pageUrl, timeout: FETCH_TIMEOUT_MS });
     if (parsed.error || !parsed.result) return;
-    const imageEntry = parsed.result.ogImage;
-    const imageUrl = Array.isArray(imageEntry) ? imageEntry[0]?.url : imageEntry?.url;
+    const imageUrl = getOgImageUrl(parsed.result.ogImage);
     if (!imageUrl) return;
 
     const absolute = new URL(imageUrl, pageUrl).toString();

apps/backend/src/plugins/auth.ts

@@ -1,6 +1,7 @@
 import fp from 'fastify-plugin';
 import fastifyJwt from '@fastify/jwt';
 import fastifyCookie from '@fastify/cookie';
+import type { FastifyReply } from 'fastify';
 import { env } from '../config/env.js';
 import { UnauthorizedError } from '../utils/errors.js';
 
@@ -28,7 +29,7 @@ export default fp(async (app) => {
   });
 
   // helpers for routes
-  app.decorate('setAuthCookie', ((reply, token) => {
+  app.decorate('setAuthCookie', ((reply: FastifyReply, token: string) => {
     reply.setCookie(AUTH_COOKIE, token, {
       httpOnly: true,
       secure: env.NODE_ENV === 'production',
@@ -38,7 +39,7 @@ export default fp(async (app) => {
     });
   }) as never);
 
-  app.decorate('clearAuthCookie', ((reply) => {
+  app.decorate('clearAuthCookie', ((reply: FastifyReply) => {
     reply.clearCookie(AUTH_COOKIE, { path: '/' });
   }) as never);
 });

docker-compose.dev.yml

@@ -1,11 +1,12 @@
 services:
   postgres:
     image: postgres:16-alpine
+    container_name: family-wishlist-postgres-dev
     restart: unless-stopped
     environment:
-      POSTGRES_USER: ${POSTGRES_USER}
-      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
-      POSTGRES_DB: ${POSTGRES_DB}
+      POSTGRES_USER: ${DB_USER}
+      POSTGRES_PASSWORD: ${DB_PASSWORD}
+      POSTGRES_DB: ${DB_NAME}
     ports:
       - "5432:5432"
     volumes:

docker-compose.yml

@@ -1,33 +1,16 @@
 services:
-  postgres:
-    image: postgres:16-alpine
-    restart: unless-stopped
-    environment:
-      POSTGRES_USER: ${POSTGRES_USER}
-      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
-      POSTGRES_DB: ${POSTGRES_DB}
-    volumes:
-      - pgdata:/var/lib/postgresql/data
-    healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"]
-      interval: 10s
-      timeout: 5s
-      retries: 10
-
-  backend:
+  family-wishlist-backend:
     build:
       context: .
       dockerfile: docker/backend.Dockerfile
+    container_name: family-wishlist-backend
     restart: unless-stopped
     env_file: .env
     environment:
       NODE_ENV: production
       UPLOADS_DIR: /app/apps/backend/uploads
       BACKEND_PORT: 3000
-      DATABASE_URL: postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB}
-    depends_on:
-      postgres:
-        condition: service_healthy
+      DATABASE_URL: postgresql://${DB_USER}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/${DB_NAME}
     volumes:
       - uploads:/app/apps/backend/uploads
     healthcheck:
@@ -42,18 +25,26 @@ services:
       timeout: 5s
       retries: 5
       start_period: 20s
+    networks:
+      - postgres_default
 
   frontend:
     build:
       context: .
       dockerfile: docker/frontend.Dockerfile
+    container_name: family-wishlist-frontend
     restart: unless-stopped
     depends_on:
-      backend:
-        condition: service_started
+      family-wishlist-backend:
+        condition: service_healthy
     ports:
       - "8080:80"
+    networks:
+      - postgres_default
 
 volumes:
-  pgdata:
   uploads:
+
+networks:
+  postgres_default:
+    external: true

docker/nginx.conf

@@ -13,7 +13,7 @@ server {
 
     # API proxy
     location /api/ {
-        proxy_pass http://backend:3000/api/;
+        proxy_pass http://family-wishlist-backend:3000/api/;
         proxy_http_version 1.1;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
@@ -25,7 +25,7 @@ server {
 
     # Uploaded files (images)
     location /uploads/ {
-        proxy_pass http://backend:3000/uploads/;
+        proxy_pass http://family-wishlist-backend:3000/uploads/;
         proxy_http_version 1.1;
         proxy_set_header Host $host;
         proxy_cache_valid 200 1h;