Add Coolify Wrapper API integration

This enables deployment via apps.startanaicompany.com instead of direct Coolify access. New files: - deploy-to-apps.example.sh: Deployment script using Wrapper API - DEPLOYMENT_GUIDE.md: Comprehensive deployment documentation Updated files: - README.md: Updated deployment steps to use Wrapper API - .gitignore: Added deploy-to-apps.sh to exclusions Benefits: - Users no longer need master Coolify token - Each user gets their own API key - Automatic resource isolation - Rate limiting and audit logging - Simpler deployment process The old deploy-to-coolify.example.sh remains for reference but new deployments should use the wrapper API. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2026-01-24 08:08:11 +01:00
parent 547948c98c
commit 338d4243bb
4 changed files with 576 additions and 12 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -14,4 +14,5 @@ deploy_key
 deploy_key*
 deploy.sh
 deploy-to-coolify.sh
 deploy-to-apps.sh
 deployment-info.txt
--- a/DEPLOYMENT_GUIDE.md
+++ b/DEPLOYMENT_GUIDE.md
@@ -0,0 +1,330 @@
 # Deployment Guide - Using Wrapper API
 This guide explains how to deploy your recruitment site using the Coolify Wrapper API at `apps.startanaicompany.com`.
 ## What is the Wrapper API?
 The Wrapper API is a secure gateway that allows you to deploy applications to our Coolify infrastructure without needing direct access to Coolify. Each user gets their own API key and can only manage their own applications.
 **Benefits:**
 - ✅ No need for master Coolify credentials
 - ✅ Automatic isolation - you can only see/manage your apps
 - ✅ Rate limiting prevents abuse
 - ✅ Audit logging for security
 - ✅ Automatic webhooks for continuous deployment
 ## Quick Start (3 Steps)
 ### Step 1: Register for API Key
 Register once to get your unique API key:
 ```bash
 curl -X POST https://apps.startanaicompany.com/api/v1/register \
  -H "Content-Type: application/json" \
  -d '{
    "email": "your@email.com",
    "gitea_username": "your-gitea-username"
  }'
 ```
 **Response:**
 ```json
 {
  "user_id": "uuid",
  "email": "your@email.com",
  "api_key": "cw_abc123xyz789...",
  "message": "Save your API key securely. It will not be shown again."
 }
 ```
 ⚠️ **IMPORTANT**: Save this API key! It will only be shown once.
 **Save it to your environment:**
 ```bash
 export WRAPPER_API_KEY="cw_abc123xyz789..."
 # Add to your shell profile for persistence
 echo 'export WRAPPER_API_KEY="cw_abc123xyz789..."' >> ~/.bashrc
 # or for zsh:
 echo 'export WRAPPER_API_KEY="cw_abc123xyz789..."' >> ~/.zshrc
 ```
 ### Step 2: Customize Your Site
 ```bash
 # Copy environment template
 cp .env.example .env
 # Edit with your company information
 nano .env
 ```
 **Minimum required in `.env`:**
 ```bash
 # Company Information
 COMPANY_NAME="Your Recruitment Firm"
 COMPANY_TAGLINE="Your Tagline Here"
 COMPANY_DESCRIPTION="Your company description"
 # Branding
 PRIMARY_COLOR=#2563EB
 ACCENT_COLOR=#059669
 DARK_COLOR=#1E293B
 # Contact
 CONTACT_EMAIL=info@yourcompany.com
 CONTACT_PHONE=+1 (555) 123-4567
 CONTACT_ADDRESS=123 Business St, City, State 12345
 # Deployment
 SUBDOMAIN=yourname
 GITEA_USERNAME=your-gitea-username
 GITEA_REPO_NAME=your-recruit-site
 ```
 ### Step 3: Deploy
 ```bash
 # Copy the deployment script
 cp deploy-to-apps.example.sh deploy-to-apps.sh
 chmod +x deploy-to-apps.sh
 # Run deployment
 ./deploy-to-apps.sh
 ```
 The script will:
 1. Create your application on Coolify
 2. Configure domain (`{subdomain}recruit.startanaicompany.com`)
 3. Set up automatic deployments via webhook
 4. Trigger initial build
 **Your site will be live in 2-3 minutes!**
 ## Advanced Usage
 ### List Your Applications
 ```bash
 curl -H "X-API-Key: $WRAPPER_API_KEY" \
  https://apps.startanaicompany.com/api/v1/applications
 ```
 ### View Application Details
 ```bash
 curl -H "X-API-Key: $WRAPPER_API_KEY" \
  https://apps.startanaicompany.com/api/v1/applications/YOUR_APP_UUID
 ```
 ### View Deployment Logs
 ```bash
 curl -H "X-API-Key: $WRAPPER_API_KEY" \
  "https://apps.startanaicompany.com/api/v1/applications/YOUR_APP_UUID/logs?tail=100"
 ```
 ### Trigger Manual Deployment
 ```bash
 curl -X POST \
  -H "X-API-Key: $WRAPPER_API_KEY" \
  https://apps.startanaicompany.com/api/v1/applications/YOUR_APP_UUID/deploy
 ```
 ### Update Environment Variables
 ```bash
 curl -X PATCH \
  -H "X-API-Key: $WRAPPER_API_KEY" \
  -H "Content-Type: application/json" \
  https://apps.startanaicompany.com/api/v1/applications/YOUR_APP_UUID/env \
  -d '{
    "variables": {
      "COMPANY_NAME": "New Company Name",
      "PRIMARY_COLOR": "#FF0000"
    }
  }'
 ```
 After updating env vars, redeploy:
 ```bash
 curl -X POST \
  -H "X-API-Key: $WRAPPER_API_KEY" \
  https://apps.startanaicompany.com/api/v1/applications/YOUR_APP_UUID/deploy
 ```
 ### Delete Application
 ```bash
 curl -X DELETE \
  -H "X-API-Key: $WRAPPER_API_KEY" \
  https://apps.startanaicompany.com/api/v1/applications/YOUR_APP_UUID
 ```
 ⚠️ **Warning**: This permanently deletes the application and all its data!
 ## Automatic Deployments
 Once deployed, every push to your repository's `master` branch will automatically:
 1. Trigger webhook to Wrapper API
 2. Wrapper authenticates with your API key
 3. Wrapper tells Coolify to redeploy
 4. Your site updates in 2-3 minutes
 **No manual intervention needed!**
 ## DNS Configuration
 After deployment, configure DNS in Cloudflare:
 1. Go to Cloudflare DNS settings for `startanaicompany.com`
 2. Add CNAME record:
   - **Name**: `{your-subdomain}recruit` (e.g., `annarecruit`)
   - **Target**: `app.coolify.io`
   - **Proxy status**: Proxied (orange cloud)
 3. Save
 DNS propagation takes 2-5 minutes.
 ## Troubleshooting
 ### "API key required" Error
 Make sure you've exported your API key:
 ```bash
 echo $WRAPPER_API_KEY
 # Should show: cw_abc123xyz...
 ```
 If empty, export it again:
 ```bash
 export WRAPPER_API_KEY="your_api_key_here"
 ```
 ### "Application limit reached" Error
 You've hit your quota (default: 50 apps). Delete unused apps:
 ```bash
 # List your apps
 curl -H "X-API-Key: $WRAPPER_API_KEY" \
  https://apps.startanaicompany.com/api/v1/applications
 # Delete an app
 curl -X DELETE -H "X-API-Key: $WRAPPER_API_KEY" \
  https://apps.startanaicompany.com/api/v1/applications/APP_UUID
 ```
 ### "Rate limit exceeded" Error
 You're making too many requests. Wait and try again:
 - General API: 100 requests / 15 minutes
 - App creation: 10 / hour
 - Deployments: 30 / hour
 ### Deployment Logs Show Errors
 Check logs for specific errors:
 ```bash
 curl -H "X-API-Key: $WRAPPER_API_KEY" \
  "https://apps.startanaicompany.com/api/v1/applications/YOUR_APP_UUID/logs?tail=200"
 ```
 Common issues:
 - **Database migration failed**: Check migration SQL syntax
 - **Port 3000 already in use**: Normal, Coolify handles this
 - **Git clone failed**: Check repository URL and permissions
 ### Site Not Loading
 1. **Check deployment status**:
   ```bash
   curl -H "X-API-Key: $WRAPPER_API_KEY" \
     https://apps.startanaicompany.com/api/v1/applications/YOUR_APP_UUID
   ```
 2. **Check DNS**:
   ```bash
   dig {subdomain}recruit.startanaicompany.com
   ```
   Should point to Cloudflare or Coolify server.
 3. **Wait**: Initial deployment takes 2-3 minutes.
 4. **Check Cloudflare**: Ensure CNAME record is correct and proxied.
 ### Lost API Key
 If you lost your API key, regenerate it:
 ```bash
 curl -X POST \
  -H "X-API-Key: $OLD_WRAPPER_API_KEY" \
  https://apps.startanaicompany.com/api/v1/users/regenerate-key
 ```
 ⚠️ **Warning**: Old API key will be immediately revoked!
 If you can't access the old key, contact support.
 ## Security Best Practices
 1. **Never commit API keys to git**
   - The `.env` file is gitignored
   - deployment-info.txt is gitignored
   - Keep API keys in environment variables only
 2. **Use environment variables**
   ```bash
   # Good
   export WRAPPER_API_KEY="cw_..."
   # Bad - don't hardcode in scripts
   WRAPPER_API_KEY="cw_..." ./deploy.sh
   ```
 3. **Rotate keys periodically**
   - Regenerate your API key every 3-6 months
   - Update all environments where it's used
 4. **Don't share API keys**
   - Each user should have their own API key
   - Don't share deployment-info.txt files
 ## Rate Limits
 To prevent abuse, the API has rate limits:
 | Operation | Limit |
 |-----------|-------|
 | General API calls | 100 / 15 min |
 | User registration | 5 / hour |
 | Application creation | 10 / hour |
 | Deployments | 30 / hour |
 | Log access | 200 / 15 min |
 **Rate limit headers in responses:**
 ```
 X-RateLimit-Limit: 100
 X-RateLimit-Remaining: 95
 X-RateLimit-Reset: 1643040000
 ```
 If you hit a rate limit, wait for the reset time before retrying.
 ## Support
 **Documentation:**
 - Template README: [README.md](README.md)
 - Wrapper API docs: Coming soon
 **Issues:**
 - Template issues: https://git.startanaicompany.com/StartanAICompany/ai-recruit-site-template/issues
 - Wrapper issues: https://git.startanaicompany.com/mikael.westoo/coolifywrapper/issues
 **Contact:**
 - Email: info@startanaicompany.com
 ---
 **Ready to deploy?** Follow the [Quick Start](#quick-start-3-steps) above!
--- a/README.md
+++ b/README.md
@@ -40,11 +40,10 @@ This repository is marked as a template. You can create your own recruitment sit
 ### Prerequisites
 - Gitea account at git.startanaicompany.com
- Gitea API token
+- Wrapper API key (get from apps.startanaicompany.com)
 - Coolify instance with API token
 - Basic command line knowledge
-**New to Coolify?** See [COOLIFY_SETUP.md](COOLIFY_SETUP.md) for detailed setup instructions.
+**📖 Detailed Guide:** See [DEPLOYMENT_GUIDE.md](DEPLOYMENT_GUIDE.md) for complete instructions.
 ### Step 1: Create Your Copy
@@ -90,28 +89,40 @@ GITEA_USERNAME=your-gitea-username
 GITEA_REPO_NAME=my-recruit-site
 ```
-### Step 3: Deploy to Coolify
+### Step 3: Register for API Key
 Register once to get your deployment API key:
 ```bash
-# Set API tokens as environment variables (NOT in .env)
+curl -X POST https://apps.startanaicompany.com/api/v1/register \
-export COOLIFY_API_TOKEN="your-coolify-token"
+  -H "Content-Type: application/json" \
-export GITEA_API_TOKEN="your-gitea-token"
+  -d '{"email":"your@email.com","gitea_username":"'${GITEA_USERNAME}'"}'
 ```
 Save the returned API key:
 ```bash
 export WRAPPER_API_KEY="cw_your_api_key_here"
 ```
 ### Step 4: Deploy
 ```bash
 # Copy and run the deployment script
-cp deploy-to-coolify.example.sh deploy-to-coolify.sh
+cp deploy-to-apps.example.sh deploy-to-apps.sh
-chmod +x deploy-to-coolify.sh
+chmod +x deploy-to-apps.sh
-./deploy-to-coolify.sh
+./deploy-to-apps.sh
 ```
 The script will:
- Create a Coolify application
+- Create a Coolify application via Wrapper API
 - Configure domain (yournamerecruit.startanaicompany.com)
 - Set up webhooks for automatic deployments
 - Generate database and session secrets
 - Trigger initial deployment
 **Your site will be live in 2-3 minutes!**
 **See [DEPLOYMENT_GUIDE.md](DEPLOYMENT_GUIDE.md) for detailed instructions and troubleshooting.**
 ## 🎨 Customization Guide
 ### Company Information
--- a/deploy-to-apps.example.sh
+++ b/deploy-to-apps.example.sh
@@ -0,0 +1,222 @@
 #!/bin/bash
 # ========================================
 # AI Recruitment Site - Wrapper API Deployment Script
 # ========================================
 # This script deploys your recruitment site via the Coolify Wrapper API
 # at apps.startanaicompany.com
 #
 # IMPORTANT: Copy this file to deploy-to-apps.sh and customize it
 # DO NOT commit deploy-to-apps.sh to git (it's in .gitignore)
 #
 # Prerequisites:
 # 1. Register for API key at: https://apps.startanaicompany.com/api/v1/register
 # 2. Set WRAPPER_API_KEY environment variable
 # 3. Set GITEA_API_TOKEN environment variable (optional, for webhooks)
 # 4. Customize your .env file with company information
 set -e  # Exit on error
 # Load environment variables from .env
 if [ ! -f .env ]; then
    echo "❌ Error: .env file not found. Copy .env.example to .env and customize it."
    exit 1
 fi
 source .env
 # Check required environment variables
 if [ -z "$WRAPPER_API_KEY" ]; then
    echo "❌ Error: WRAPPER_API_KEY environment variable not set"
    echo ""
    echo "To get your API key:"
    echo "1. Register at: curl -X POST https://apps.startanaicompany.com/api/v1/register \\"
    echo "     -H 'Content-Type: application/json' \\"
    echo "     -d '{\"email\":\"your@email.com\",\"gitea_username\":\"${GITEA_USERNAME}\"}'"
    echo ""
    echo "2. Save the returned API key"
    echo "3. Export it: export WRAPPER_API_KEY='your_api_key_here'"
    echo ""
    exit 1
 fi
 # Check required .env variables
 if [ -z "$COMPANY_NAME" ]; then
    echo "❌ Error: COMPANY_NAME not set in .env"
    exit 1
 fi
 if [ -z "$SUBDOMAIN" ]; then
    echo "❌ Error: SUBDOMAIN not set in .env"
    exit 1
 fi
 if [ -z "$GITEA_USERNAME" ]; then
    echo "❌ Error: GITEA_USERNAME not set in .env"
    exit 1
 fi
 if [ -z "$GITEA_REPO_NAME" ]; then
    echo "❌ Error: GITEA_REPO_NAME not set in .env"
    exit 1
 fi
 # Wrapper API configuration
 WRAPPER_API="https://apps.startanaicompany.com/api/v1"
 # Repository URL (HTTPS for Coolify to clone)
 REPO_URL="https://git.startanaicompany.com/${GITEA_USERNAME}/${GITEA_REPO_NAME}.git"
 # Domain (e.g., annarecruit.startanaicompany.com or johnrecruit.startanaicompany.com)
 FULL_DOMAIN="${SUBDOMAIN}recruit.startanaicompany.com"
 echo "========================================="
 echo "  AI Recruitment Site Deployment"
 echo "========================================="
 echo "📦 Configuration:"
 echo "  Company: $COMPANY_NAME"
 echo "  Repository: $REPO_URL"
 echo "  Domain: https://$FULL_DOMAIN"
 echo ""
 # Create Coolify application via wrapper API
 echo "📝 Creating application via Wrapper API..."
 APP_RESPONSE=$(curl -s -X POST "${WRAPPER_API}/applications" \
  -H "X-API-Key: ${WRAPPER_API_KEY}" \
  -H "Content-Type: application/json" \
  -d "{
    \"name\": \"${SUBDOMAIN}-recruit\",
    \"subdomain\": \"${SUBDOMAIN}\",
    \"domain_suffix\": \"recruit.startanaicompany.com\",
    \"git_repository\": \"${REPO_URL}\",
    \"git_branch\": \"master\",
    \"template_type\": \"recruitment\",
    \"environment_variables\": {
      \"COMPANY_NAME\": \"${COMPANY_NAME}\",
      \"COMPANY_TAGLINE\": \"${COMPANY_TAGLINE}\",
      \"COMPANY_DESCRIPTION\": \"${COMPANY_DESCRIPTION}\",
      \"PRIMARY_COLOR\": \"${PRIMARY_COLOR}\",
      \"ACCENT_COLOR\": \"${ACCENT_COLOR}\",
      \"DARK_COLOR\": \"${DARK_COLOR}\",
      \"CONTACT_EMAIL\": \"${CONTACT_EMAIL}\",
      \"CONTACT_PHONE\": \"${CONTACT_PHONE}\",
      \"CONTACT_ADDRESS\": \"${CONTACT_ADDRESS}\"
    }
  }")
 # Check for errors
 if echo "$APP_RESPONSE" | grep -q "error"; then
    echo "❌ Deployment failed:"
    echo "$APP_RESPONSE" | jq '.' 2>/dev/null || echo "$APP_RESPONSE"
    exit 1
 fi
 # Extract application details
 APP_UUID=$(echo "$APP_RESPONSE" | jq -r '.application_uuid' 2>/dev/null)
 DOMAIN=$(echo "$APP_RESPONSE" | jq -r '.domain' 2>/dev/null)
 WEBHOOK_URL=$(echo "$APP_RESPONSE" | jq -r '.webhook_url' 2>/dev/null)
 if [ "$APP_UUID" == "null" ] || [ -z "$APP_UUID" ]; then
    echo "❌ Failed to create application"
    echo "Response: $APP_RESPONSE"
    exit 1
 fi
 echo "✅ Application created!"
 echo "   Application UUID: $APP_UUID"
 echo "   Domain: $DOMAIN"
 echo ""
 # Configure webhook for automatic deployments
 echo "🪝 Setting up deployment webhook..."
 if [ -z "$GITEA_API_TOKEN" ]; then
    echo "⚠️  Warning: GITEA_API_TOKEN not set"
    echo "   Skipping webhook setup. You can configure it manually later."
    echo "   Webhook URL: $WEBHOOK_URL"
 else
    # Create webhook in Gitea
    GITEA_API="https://git.startanaicompany.com/api/v1"
    WEBHOOK_RESPONSE=$(curl -s -X POST "${GITEA_API}/repos/${GITEA_USERNAME}/${GITEA_REPO_NAME}/hooks" \
      -H "Authorization: token ${GITEA_API_TOKEN}" \
      -H "Content-Type: application/json" \
      -d "{
        \"type\": \"gitea\",
        \"config\": {
          \"url\": \"${WEBHOOK_URL}\",
          \"content_type\": \"json\",
          \"http_method\": \"GET\"
        },
        \"events\": [\"push\"],
        \"authorization_header\": \"Bearer ${WRAPPER_API_KEY}\",
        \"active\": true
      }")
    WEBHOOK_ID=$(echo "$WEBHOOK_RESPONSE" | jq -r '.id' 2>/dev/null)
    if [ "$WEBHOOK_ID" == "null" ] || [ -z "$WEBHOOK_ID" ]; then
        echo "⚠️  Warning: Failed to create Gitea webhook (may already exist)"
    else
        echo "✅ Webhook configured for automatic deployments"
    fi
 fi
 echo ""
 echo "========================================="
 echo "  Deployment Complete!"
 echo "========================================="
 echo ""
 echo "📋 Deployment Details:"
 echo "  Application UUID: $APP_UUID"
 echo "  Domain: $DOMAIN"
 echo ""
 echo "⏳ Your site will be available in 2-3 minutes at:"
 echo "   $DOMAIN"
 echo ""
 echo "📝 Next Steps:"
 echo "  1. Configure Cloudflare DNS (if not already done):"
 echo "     - Add CNAME record:"
 echo "     - Name: ${SUBDOMAIN}recruit"
 echo "     - Target: app.coolify.io"
 echo "     - Proxy: Enabled"
 echo ""
 echo "  2. Wait 2-3 minutes for deployment to complete"
 echo ""
 echo "  3. Visit your site:"
 echo "     $DOMAIN"
 echo ""
 echo "  4. Create your first admin account via the login page:"
 echo "     ${DOMAIN}/admin/login"
 echo ""
 echo "🔍 Monitor deployment:"
 echo "   View logs:"
 echo "   curl -H \"X-API-Key: \$WRAPPER_API_KEY\" \\"
 echo "     ${WRAPPER_API}/applications/${APP_UUID}/logs"
 echo ""
 echo "   List your applications:"
 echo "   curl -H \"X-API-Key: \$WRAPPER_API_KEY\" \\"
 echo "     ${WRAPPER_API}/applications"
 echo ""
 # Save deployment info
 cat > deployment-info.txt <<DEPLOYMENT_INFO
 Deployment Information
 ======================
 Date: $(date)
 Company: $COMPANY_NAME
 Domain: $DOMAIN
 Application UUID: $APP_UUID
 Repository: $REPO_URL
 Wrapper API: ${WRAPPER_API}
 Your API Key: ${WRAPPER_API_KEY}
 Monitor deployment:
  curl -H "X-API-Key: \$WRAPPER_API_KEY" ${WRAPPER_API}/applications/${APP_UUID}/logs
 Trigger manual deployment:
  curl -X POST -H "X-API-Key: \$WRAPPER_API_KEY" ${WRAPPER_API}/applications/${APP_UUID}/deploy
 DEPLOYMENT_INFO
 echo "💾 Deployment information saved to deployment-info.txt"
 echo "   ⚠️  Keep this file secure - it contains your API key!"