psumaps · ijo42 · Sep 29, 2025 · Feb 4, 2026 · Feb 4, 2026 · Feb 4, 2026
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,64 @@
+# Dependencies
+node_modules
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# Testing
+coverage
+tests
+
+# IDE
+.vscode
+.idea
+*.swp
+*.swo
+*~
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Git
+.git
+.gitignore
+.gitattributes
+
+# CI/CD
+.github
+
+# Documentation
+*.md
+LICENSE.txt
+
+# Build artifacts (будут созданы внутри контейнера)
+dist
+build
+*.log
+
+# Config files (не нужны в образе)
+.prettierrc.js
+.prettierignore
+.eslintignore
+.lintstagedrc.json
+eslint.config.js
+tsconfig*.json
-tsconfig*.json
-tsconfig*.json
+vite.config.ts
-vite.config.ts
-vite.config.ts
+
+# Native app (не нужно в web образе)
+native
+
+# Storybook
+.storybook
+*.stories.tsx
+
+# Environment (будет встроено в build)
+.env.local
+.env.development
+.env.production
+
+# Husky
+.husky
+
+# Misc
+*.iml
diff --git a/.env b/.env
@@ -1,14 +1,11 @@
 IJO42_URL = ijo42.ru
 
-VITE_MAPTILES_STYLE_KEY = 1XfSivF5uaaJV0EiuRS1
-
 VITE_URL_IJO42_TILES = martin://tiles2.$IJO42_URL/
 VITE_URL_MAP_ASSETS = https://res.$IJO42_URL/
 VITE_URL_IJO42_MAPI = https://mapi.$IJO42_URL/v2
 VITE_URL_PSU_TOOLS_API = https://events.$IJO42_URL
 VITE_URL_ICAL_ENDPOINT = https://ical.psu.ru/calendars/
 
-VITE_URL_MAPTILER_STYLE = https://api.maptiler.com/maps/streets/style.json
 VITE_URL_BIND_ETIS = https://student.psu.ru/
 VITE_URL_TG_GROUP = https://t.me/psumaps
 VITE_URL_SUPPORT = https://t.me/psumaps_sbot?start=vkmapp

diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml
@@ -0,0 +1,86 @@
+name: Build and Push Docker Image
+
+on:
+  push:
+    branches:
+      - master
+    tags:
+      - 'v*'
+  pull_request:
+    branches:
+      - master
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: psumaps/mini-app
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Load environment variables from .env
+        id: dotenv
+        run: |
+          # Parse .env file and create build-args
+          echo "build_args<<EOF" >> $GITHUB_OUTPUT
+
+          # First, extract IJO42_URL for variable expansion
+          IJO42_URL=$(grep "^IJO42_URL" .env | cut -d= -f2 | xargs)
+          export IJO42_URL
+
+          # Process all VITE_* variables
+          grep "^VITE_" .env | while IFS= read -r line; do
+            key=$(echo "$line" | cut -d= -f1 | xargs)
+            value=$(echo "$line" | cut -d= -f2- | xargs)
+
+            # Expand variables (like $IJO42_URL)
+            expanded_value=$(eval echo "$value")
+            echo "$key=$expanded_value" >> $GITHUB_OUTPUT
+          done
+
+          echo "EOF" >> $GITHUB_OUTPUT
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GitHub Container Registry
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels)
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=sha,prefix=sha-
+            type=raw,value=latest,enable={{is_default_branch}}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: ${{ steps.dotenv.outputs.build_args }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Image digest
+        run: echo ${{ steps.build.outputs.digest }}
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,56 @@
+FROM node:20-alpine AS builder
+
+WORKDIR /app
+
+# Copy package files
+COPY package*.json ./
+COPY shared/package*.json ./shared/
+COPY web/package*.json ./web/
+
+# Install dependencies
+RUN npm ci && \
+    npm ci --prefix shared && \
+    npm ci --prefix web
+
+# Copy source code
+COPY . .
+
+# Build arguments for environment variables
+ARG VITE_URL_IJO42_TILES
+ARG VITE_URL_MAP_ASSETS
+ARG VITE_URL_IJO42_MAPI
+ARG VITE_URL_PSU_TOOLS_API
+ARG VITE_URL_ICAL_ENDPOINT
+ARG VITE_URL_BIND_ETIS
+ARG VITE_URL_TG_GROUP
+ARG VITE_URL_SUPPORT
+ARG VITE_URL_VK_APP
+
+# Set environment variables for build
+ENV VITE_URL_IJO42_TILES=${VITE_URL_IJO42_TILES}
+ENV VITE_URL_MAP_ASSETS=${VITE_URL_MAP_ASSETS}
+ENV VITE_URL_IJO42_MAPI=${VITE_URL_IJO42_MAPI}
+ENV VITE_URL_PSU_TOOLS_API=${VITE_URL_PSU_TOOLS_API}
+ENV VITE_URL_ICAL_ENDPOINT=${VITE_URL_ICAL_ENDPOINT}
+ENV VITE_URL_BIND_ETIS=${VITE_URL_BIND_ETIS}
+ENV VITE_URL_TG_GROUP=${VITE_URL_TG_GROUP}
+ENV VITE_URL_SUPPORT=${VITE_URL_SUPPORT}
+ENV VITE_URL_VK_APP=${VITE_URL_VK_APP}
+
+# Build the web application
+RUN npm run build --prefix web
+
+FROM nginxinc/nginx-unprivileged:alpine
+
+# Copy custom nginx configuration
+COPY nginx.conf /etc/nginx/conf.d/default.conf
+
+# Copy built assets from builder stage
+COPY --from=builder /app/web/dist /usr/share/nginx/html
+
+# nginx-unprivileged runs on port 8080 by default
+EXPOSE 8080
+
+# Health check
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
+    CMD wget --no-verbose --tries=1 --spider http://localhost:8080/health || exit 1
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -0,0 +1,23 @@
+services:
+  psumaps-web:
+    build:
+      context: .
+      dockerfile: Dockerfile
+      args:
+        VITE_URL_IJO42_TILES: martin://tiles2.ijo42.ru/
+        VITE_URL_MAP_ASSETS: https://res.ijo42.ru/
+        VITE_URL_IJO42_MAPI: https://mapi.ijo42.ru/v2
+        VITE_URL_ICAL_ENDPOINT: https://ical.psu.ru/calendars/
+        VITE_URL_BIND_ETIS: https://student.psu.ru/
+        VITE_URL_TG_GROUP: https://t.me/psumaps
+        VITE_URL_SUPPORT: https://t.me/psumaps_sbot?start=vkmapp
+        VITE_URL_VK_APP: https://m.vk.com/app51764300
-        VITE_URL_VK_APP: https://m.vk.com/app51764300
+        VITE_URL_VK_APP: https://m.vk.com/app51764300
+        VITE_URL_PSU_TOOLS_API: ${VITE_URL_PSU_TOOLS_API}
+        VITE_PSU_TOOLS_KEY: ${VITE_PSU_TOOLS_KEY}
-        VITE_URL_VK_APP: https://m.vk.com/app51764300
+        VITE_URL_VK_APP: https://m.vk.com/app51764300
+        VITE_URL_PSU_TOOLS_API: ${VITE_URL_PSU_TOOLS_API}
+        VITE_PSU_TOOLS_KEY: ${VITE_PSU_TOOLS_KEY}
+    ports:
+      - "8080:8080"
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8080/health"]
+      interval: 30s
+      timeout: 3s
+      retries: 3
+      start_period: 5s
diff --git a/nginx.conf b/nginx.conf
@@ -0,0 +1,53 @@
+server {
+    listen 8080;
+    server_name localhost;
+    root /usr/share/nginx/html;
+    index index.html;
+
+    # SPA routing - always serve index.html for client-side routing
+    location / {
+        try_files $uri $uri/ /index.html;
+    }
+
+    # Cache static assets
+    location ~* \.(js|css|png|jpg|jpeg|gif|svg|ico|woff|woff2|ttf|eot)$ {
+        expires 1y;
+        add_header Cache-Control "public, immutable";
+    }
+
+    # Disable caching for index.html to ensure users get latest version
+    location = /index.html {
+        add_header Cache-Control "no-cache, no-store, must-revalidate";
+        expires 0;
+    }
+
+    # Security headers
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
-    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';" always;
-    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';" always;
+
+    # Gzip compression
+    gzip on;
+    gzip_vary on;
+    gzip_min_length 1024;
+    gzip_comp_level 6;
+    gzip_types
+        text/plain
+        text/css
+        text/xml
+        text/javascript
+        application/json
+        application/javascript
+        application/xml
+        application/xml+rss
+        application/x-javascript
+        image/svg+xml;
+
+    # Health check endpoint for k8s probes
+    location /health {
+        access_log off;
+        return 200 "OK\n";
+        add_header Content-Type text/plain;
+    }
+}
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "psumaps-frontend",
-  "version": "1.1.1",
+  "version": "1.2.0",
   "description": "Client applications of PSU Maps",
   "type": "module",
   "scripts": {

diff --git a/shared/.storybook/preview.js b/shared/.storybook/preview.js
@@ -1,4 +1,4 @@
-import {withThemeByClassName} from '@storybook/addon-themes';
+import { withThemeByClassName } from '@storybook/addon-themes';
 import '../../web/src/tw.css';
 
 /** @type { import('@storybook/react').Preview } */

diff --git a/shared/src/components/map/searchPopUp/search/index.tsx b/shared/src/components/map/searchPopUp/search/index.tsx
@@ -23,7 +23,7 @@ const SEARCH_DEBOUNCE_MS = 500;
 const Search = () => {
   const { data: animEnabled } = useAnimEnabled();
   const queryClient = useQueryClient();
-  const { token } = useIcalToken();
+  const { jwtToken } = useIcalToken();
   const storage = useContext(StorageContext);
 
   const { search, popupState, setPopupState, selectedPoi } =
@@ -45,22 +45,22 @@ const Search = () => {
   const searchQuery = useQuery(
     {
       queryKey: ['search', debouncedSearch],
-      queryFn: async () => httpClient.mapi.search(debouncedSearch, token!),
+      queryFn: async () => httpClient.mapi.search(debouncedSearch, jwtToken!),
       enabled: !!debouncedSearch && popupState === 'opened',
       ...queryOptions,
     },
     queryClient,
   );
   const amenities = useQuery({
     queryKey: ['amenities'],
-    queryFn: async () => httpClient.mapi.getAmenityList(token!),
+    queryFn: async () => httpClient.mapi.getAmenityList(jwtToken!),
     ...queryOptions,
     enabled: popupState === 'opened',
   });
   const amenityPois = useQuery({
     queryKey: ['amenity-pois', selectedAmenity],
     queryFn: async () =>
-      httpClient.mapi.getPoiByAmenity(selectedAmenity!, token!),
+      httpClient.mapi.getPoiByAmenity(selectedAmenity!, jwtToken!),
     enabled: !!selectedAmenity && popupState === 'opened',
     ...queryOptions,
   });