remove migrations

innungsapp/apps/admin/Dockerfile

@@ -76,6 +76,9 @@ COPY --from=builder /app/apps/admin/.next/standalone ./
 COPY --from=builder /app/apps/admin/.next/static ./apps/admin/.next/static
 COPY --from=builder /app/apps/admin/public ./apps/admin/public
 
+# Fix permissions so nextjs user can write to .next/cache at runtime
+RUN chown -R nextjs:nodejs /app/apps/admin/.next
+
 # Copy Prisma schema + migrations for runtime migrations
 COPY --from=builder /app/packages/shared/prisma ./packages/shared/prisma
 

innungsapp/apps/admin/docker-entrypoint.sh

@@ -43,14 +43,14 @@ run_with_retries() {
 }
 
 # Prefer migration-based deploys. Fall back to db push when no migrations exist yet.
-set -- "$MIGRATIONS_DIR"/*/migration.sql
-if [ -f "$1" ]; then
-  echo "Applying Prisma migrations..."
-  run_with_retries npx prisma migrate deploy --schema=./packages/shared/prisma/schema.prisma
-else
-  echo "No Prisma migrations found. Syncing schema with db push..."
-  run_with_retries npx prisma db push --skip-generate --schema=./packages/shared/prisma/schema.prisma
-fi
+# set -- "$MIGRATIONS_DIR"/*/migration.sql
+# if [ -f "$1" ]; then
+#   echo "Applying Prisma migrations..."
+#   run_with_retries npx prisma migrate deploy --schema=./packages/shared/prisma/schema.prisma
+# else
+#   echo "No Prisma migrations found. Syncing schema with db push..."
+#   run_with_retries npx prisma db push --skip-generate --schema=./packages/shared/prisma/schema.prisma
+# fi
 
 echo "Starting Next.js server..."
 exec node apps/admin/server.js

innungsapp/apps/admin/middleware.ts

@@ -97,7 +97,8 @@ export function middleware(request: NextRequest) {
       // We don't want to redirect /login, /api, etc.
       const SHARED_PATHS = ['login', 'api', 'superadmin', 'dashboard', 'registrierung', 'impressum', 'datenschutz', '_next', 'uploads', 'favicon.ico', 'passwort-aendern']
       const isStaticAsset = /\.(png|jpg|jpeg|gif|svg|webp|ico|txt|xml)$/i.test(potentialSlug)
-      if (potentialSlug && !SHARED_PATHS.includes(potentialSlug) && !isStaticAsset) {
+      const isValidSlug = /^[a-z0-9][a-z0-9-]*$/.test(potentialSlug)
+      if (potentialSlug && !SHARED_PATHS.includes(potentialSlug) && !isStaticAsset && isValidSlug) {
         // This looks like a tenant path being accessed from the root domain.
         // Redirect to subdomain.
         const baseHost = hostname.split('.').slice(-2).join('.') // Simplistic, assumes domain.tld or localhost

innungsapp/docker-compose.yml

@@ -7,10 +7,10 @@ services:
       POSTGRES_DB: "${POSTGRES_DB:-innungsapp}"
       POSTGRES_USER: "${POSTGRES_USER:-innungsapp}"
       POSTGRES_PASSWORD: "${POSTGRES_PASSWORD:-innungsapp}"
-    ports:
-      - "5432:5432"
     volumes:
       - pg_data:/var/lib/postgresql/data
+    networks:
+          - bizmatch  # <-- NEU      
     healthcheck:
       test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-innungsapp} -d ${POSTGRES_DB:-innungsapp}"]
       interval: 10s
@@ -32,8 +32,6 @@ services:
     depends_on:
       postgres:
         condition: service_healthy
-    ports:
-      - "3010:3000"
     environment:
       # Database — PostgreSQL
       DATABASE_URL: "${DATABASE_URL:-postgresql://innungsapp:innungsapp@postgres:5432/innungsapp?schema=public}"
@@ -71,7 +69,9 @@ services:
       nproc: 65535
     volumes:
       # Uploaded files — persists across restarts
-      - uploads_data:/app/uploads
+      - ./uploads:/app/uploads
+    networks:
+          - bizmatch  # <-- NEU         
     healthcheck:
       test: ["CMD-SHELL", "wget -qO- http://localhost:3000/api/health | grep -q '\"status\":\"ok\"'"]
       interval: 30s
@@ -81,4 +81,7 @@ services:
 
 volumes:
   pg_data:
-  uploads_data:
+
+networks:
+  bizmatch:
+    external: true