fix: API key save network error — add ENCRYPTION_KEY env and auto-migrate

The "Netzwerkfehler beim Speichern des Schlüssels" was caused by two issues: 1. ENCRYPTION_KEY env var was not passed to the Docker container, so AES-256-GCM encrypt() threw at runtime on every POST/PATCH. 2. The 0003_tenant_api_keys migration was not in the drizzle journal and no migration runner existed in the Docker image. Changes: - docker-compose.yml: pass ENCRYPTION_KEY to app container - .env.example: document ENCRYPTION_KEY with generation command - .gitignore: allow .env.example to be tracked - Dockerfile: include drizzle/ migrations and entrypoint script - entrypoint.sh: run migrations before starting the app - migrate.mjs: runtime migration script using drizzle-orm migrator - drizzle journal: register 0003_tenant_api_keys migration Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-09 14:28:19 +00:00
parent 2a7db07d46
commit b22bdd8425
7 changed files with 61 additions and 1 deletions
--- a/migrate.mjs
+++ b/migrate.mjs
@@ -0,0 +1,20 @@
+// Runtime migration script — runs drizzle SQL migrations against the database.
+// Used by the Docker entrypoint before starting the app.
+
+import { drizzle } from 'drizzle-orm/node-postgres';
+import { migrate } from 'drizzle-orm/node-postgres/migrator';
+import pg from 'pg';
+
+const pool = new pg.Pool({ connectionString: process.env.DATABASE_URL });
+
+try {
+  const db = drizzle(pool);
+  console.log('Running database migrations...');
+  await migrate(db, { migrationsFolder: './drizzle' });
+  console.log('Migrations complete.');
+} catch (err) {
+  console.error('Migration failed:', err);
+  process.exit(1);
+} finally {
+  await pool.end();
+}