switch to debian in docker

Reviewed-on: #1

.env.example

@@ -37,13 +37,26 @@ EXPOSE_PORT=8785
 # Baza danych
 # ================================
 
-# Adres SQLAlchemy
-#
+# Wybór silnika bazy
+# Dozwolone:
+# - sqlite
+# - pgsql
+# - mysql
+DB_ENGINE=sqlite
+
+# Baza danych - dane
+DB_HOST=postgres
+DB_PORT=5432
+DB_NAME=ksef
+DB_USER=ksef
+DB_PASSWORD=ksef
+
+# Jeśli ustawisz DATABASE_URL ręcznie, ma priorytet nad DB_ENGINE/DB_*
 # Przykłady:
 # sqlite:///instance/app.db
-# postgresql://user:pass@localhost/dbname
-DATABASE_URL=sqlite:///instance/app.db
-
+# postgresql+psycopg://ksef:ksef@postgres:5432/ksef
+# mysql+pymysql://ksef:ksef@mysql:3306/ksef
+DATABASE_URL=sqlite:///db/sqlite/app.db
 
 # ================================
 # Redis / Cache / Rate limit

.gitignore

@@ -26,3 +26,4 @@ storage/*
 backups/*
 certs/*
 pdf/*
+db/*

Dockerfile

@@ -1,30 +1,32 @@
-FROM python:3.14-alpine
+FROM python:3.14-slim
 
 ENV PYTHONDONTWRITEBYTECODE=1
 ENV PYTHONUNBUFFERED=1
 
 WORKDIR /app
 
-RUN apk add --no-cache \
-    gcc musl-dev python3-dev \
-    \
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    gcc \
+    build-essential \
+    python3-dev \
     libffi-dev \
-    jpeg-dev \
-    zlib-dev \
-    \
-    cairo-dev \
-    pango-dev \
-    gdk-pixbuf-dev \
-    glib-dev \
-    freetype-dev \
-    fontconfig-dev \
-    \
-    pkgconfig
+    libjpeg62-turbo-dev \
+    zlib1g-dev \
+    libcairo2-dev \
+    libpango1.0-dev \
+    libgdk-pixbuf-2.0-dev \
+    libglib2.0-dev \
+    libfreetype6-dev \
+    libfontconfig1-dev \
+    pkg-config \
+    libpq-dev \
+    default-libmysqlclient-dev \
+    && rm -rf /var/lib/apt/lists/*
 
 COPY requirements.txt .
 RUN pip install --no-cache-dir -r requirements.txt
 
 COPY . .
-RUN mkdir -p instance storage/archive storage/pdf storage/backups
+RUN mkdir -p db storage/archive storage/pdf storage/backups
 
-CMD ["gunicorn", "-w", "1", "-k", "gthread", "--threads", "8", "-b", "0.0.0.0:5000", "run:app"]
+CMD ["gunicorn", "-w", "1", "-k", "gthread", "--threads", "8", "-b", "0.0.0.0:5000", "run:app"]

app/dashboard/routes.py

@@ -137,7 +137,8 @@ def index():
 @bp.route('/switch-company/<int:company_id>')
 @login_required
 def switch_company(company_id):
-    CompanyService.set_active_company(company_id)
+    if not CompanyService.switch_company(company_id):
+        abort(403)
     return redirect(url_for('dashboard.index'))
 
 

app/services/company_service.py

@@ -54,3 +54,7 @@ class CompanyService:
                 session['current_company_id'] = company.id
             except RuntimeError:
                 pass
+
+    @staticmethod
+    def set_active_company(company_id, user=None):
+        return CompanyService.switch_company(company_id, user=user)

app/templates/auth/login.html

@@ -12,11 +12,10 @@
   <div class="row min-vh-100">
     <div class="col-lg-6 login-hero d-none d-lg-flex">
       <div class="login-hero-card">
-        <span class="brand-icon mb-4"><i class="fa-solid fa-file-invoice-dollar"></i></span>
         <h1 class="mt-4 mb-3">KSeF Manager</h1>
-        <p class="lead text-secondary">Logowanie do panelu faktur, KSeF, powiadomień i konfiguracji administracyjnej.</p>
+        <p class="lead text-secondary">Logowanie do systemu <strong>KsEF Manager</strong>.</p>
         <div class="login-feature-list">
-          <div><i class="fa-solid fa-check text-primary me-2"></i>Zarządzj fakturami w jednym miejscu</div>
+          <div><i class="fa-solid fa-check text-primary me-2"></i>Wystawiaj / odbieraj faktury w jednym meisjcu</div>
         </div>
       </div>
     </div>

app/templates/base.html

@@ -13,7 +13,7 @@
   <aside class="sidebar bg-body-tertiary border-end p-3">
     <div class="mb-4">
       <div class="d-flex align-items-center gap-2 mb-1">
-        <span class="brand-icon"><i class="fa-solid fa-file-invoice-dollar"></i></span>
+        <span class="brand-icon"><i class="fa-solid fa-file-invoice-invoice"></i></span>
         <div>
           <h5 class="mb-0">{{ app_name }}</h5>
           <div class="small text-secondary">Panel KSeF i archiwum</div>

config.py

@@ -1,18 +1,42 @@
 import os
 from pathlib import Path
+from urllib.parse import quote_plus
 from dotenv import load_dotenv
 
 BASE_DIR = Path(__file__).resolve().parent
 load_dotenv(BASE_DIR / '.env')
 
 
-def _normalize_sqlalchemy_db_url(raw: str | None) -> str:
-    if not raw:
-        return f"sqlite:///{(BASE_DIR / 'instance' / 'app.db').resolve()}"
-    if raw.startswith('sqlite:///') and not raw.startswith('sqlite:////'):
-        rel = raw.replace('sqlite:///', '', 1)
-        return f"sqlite:///{(BASE_DIR / rel).resolve()}"
-    return raw
+def _q(value: str) -> str:
+    return quote_plus(value or '')
+
+
+def _build_db_url() -> str:
+    db_engine = os.getenv('DB_ENGINE', 'sqlite').strip().lower()
+    db_host = os.getenv('DB_HOST', 'localhost').strip()
+    db_port = os.getenv('DB_PORT', '').strip()
+    db_name = os.getenv('DB_NAME', 'ksef').strip()
+    db_user = os.getenv('DB_USER', '').strip()
+    db_password = os.getenv('DB_PASSWORD', '').strip()
+
+    if db_engine == 'sqlite':
+        return f"sqlite:///{(BASE_DIR / 'db' / 'sqlite' / 'app.db').resolve()}"
+
+    if db_engine in ('pgsql', 'postgres', 'postgresql'):
+        port = db_port or '5432'
+        return (
+            f"postgresql+psycopg://{_q(db_user)}:{_q(db_password)}"
+            f"@{db_host}:{port}/{_q(db_name)}"
+        )
+
+    if db_engine == 'mysql':
+        port = db_port or '3306'
+        return (
+            f"mysql+pymysql://{_q(db_user)}:{_q(db_password)}"
+            f"@{db_host}:{port}/{_q(db_name)}"
+        )
+
+    raise ValueError(f"Nieobsługiwany DB_ENGINE: {db_engine}")
 
 
 def _path_from_env(name: str, default: Path) -> Path:
@@ -35,7 +59,7 @@ def _normalize_redis_url(raw: str | None) -> str:
 class Config:
     SECRET_KEY = os.getenv('SECRET_KEY', 'change-me-please')
     APP_MASTER_KEY = os.getenv('APP_MASTER_KEY', SECRET_KEY)
-    SQLALCHEMY_DATABASE_URI = _normalize_sqlalchemy_db_url(os.getenv('DATABASE_URL'))
+    SQLALCHEMY_DATABASE_URI = _build_db_url()
     SQLALCHEMY_TRACK_MODIFICATIONS = False
     ARCHIVE_PATH = _path_from_env('ARCHIVE_PATH', BASE_DIR / 'storage' / 'archive')
     PDF_PATH = _path_from_env('PDF_PATH', BASE_DIR / 'storage' / 'pdf')
@@ -55,8 +79,6 @@ class Config:
     SESSION_COOKIE_HTTPONLY = True
     REMEMBER_COOKIE_HTTPONLY = True
     SESSION_COOKIE_SAMESITE = 'Lax'
-    #CEIDG_API_URL = os.getenv('CEIDG_API_URL', 'https://dane.biznes.gov.pl/api/ceidg/v2/firmy')
-    #CEIDG_TEST_API_URL = os.getenv('CEIDG_TEST_API_URL', 'https://test-dane.biznes.gov.pl/api/ceidg/v2/firmy')
     APP_FOOTER_TEXT = 'KSeF Manager · linuxiarz.pl · Mateusz Gruszczyński'
 
 
@@ -65,4 +87,4 @@ class TestConfig(Config):
     WTF_CSRF_ENABLED = False
     SQLALCHEMY_DATABASE_URI = 'sqlite:///:memory:'
     REDIS_URL = 'memory://'
-    RATELIMIT_STORAGE_URI = 'memory://'
+    RATELIMIT_STORAGE_URI = 'memory://'

deploy_docker.sh

@@ -1,10 +1,22 @@
 #!/usr/bin/env sh
 set -eu
 
+DB_TARGET="${1:-sqlite}"
+
 STACK_NAME="${STACK_NAME:-ksef_app}"
 COMPOSE_FILE="${COMPOSE_FILE:-docker-compose.yml}"
 SSL_DIR="${SSL_DIR:-./deploy/caddy/ssl}"
+
+if [ -f .env ]; then
+  set -a
+  . ./.env
+  set +a
+fi
+
 APP_DOMAIN="${APP_DOMAIN:-localhost}"
+APP_EXTERNAL_SCHEME="${APP_EXTERNAL_SCHEME:-https}"
+EXPOSE_PORT="${EXPOSE_PORT:-8785}"
+
 CERT_FILE="${CERT_FILE:-${SSL_DIR}/server.crt}"
 KEY_FILE="${KEY_FILE:-${SSL_DIR}/server.key}"
 
@@ -24,6 +36,38 @@ need_cmd openssl
 
 mkdir -p "$SSL_DIR"
 
+case "$DB_TARGET" in
+  sqlite)
+    export DB_ENGINE=sqlite
+    export DB_HOST=""
+    export DB_PORT=""
+    COMPOSE_PROFILES=""
+    mkdir -p ./db/sqlite
+    DB_PATH_INFO="./db/sqlite/app.db"
+    ;;
+  pgsql|postgres|postgresql)
+    export DB_ENGINE=pgsql
+    export DB_HOST="${DB_HOST:-postgres}"
+    export DB_PORT="${DB_PORT:-5432}"
+    COMPOSE_PROFILES="pgsql"
+    mkdir -p ./db/pgsql
+    DB_PATH_INFO="./db/pgsql"
+    ;;
+  mysql)
+    export DB_ENGINE=mysql
+    export DB_HOST="${DB_HOST:-mysql}"
+    export DB_PORT="${DB_PORT:-3306}"
+    COMPOSE_PROFILES="mysql"
+    mkdir -p ./db/mysql
+    DB_PATH_INFO="./db/mysql"
+    ;;
+  *)
+    printf 'Nieznany typ bazy: %s\n' "$DB_TARGET" >&2
+    printf 'Użycie: ./deploy_docker.sh [sqlite|pgsql|mysql]\n' >&2
+    exit 1
+    ;;
+esac
+
 if [ ! -f "$CERT_FILE" ] || [ ! -f "$KEY_FILE" ]; then
   log "Nie znaleziono certyfikatu SSL w katalogu ${SSL_DIR}, tworzę self-signed cert..."
   rm -f "$CERT_FILE" "$KEY_FILE"
@@ -38,22 +82,38 @@ else
   log "Znaleziono istniejący certyfikat SSL w katalogu ${SSL_DIR}."
 fi
 
-log "Pobieram najnowsze obrazy bazowe..."
-docker compose -f "$COMPOSE_FILE" pull
+log "Wybrany silnik bazy: ${DB_ENGINE}"
 
-log "Buduję obraz bez cache..."
-docker compose -f "$COMPOSE_FILE" build --no-cache
+if [ -n "$COMPOSE_PROFILES" ]; then
+  export COMPOSE_PROFILES
+  log "Aktywne profile Compose: ${COMPOSE_PROFILES}"
+else
+  unset COMPOSE_PROFILES || true
+  log "Brak aktywnych profili Compose"
+fi
 
-log "Zatrzymuję aktualny stack..."
+log "Pobieram najnowsze obrazy dla projektu ${STACK_NAME}..."
+docker compose -p "$STACK_NAME" -f "$COMPOSE_FILE" pull
+
+log "Zatrzymuję aktualny stack projektu ${STACK_NAME}..."
 docker compose -p "$STACK_NAME" -f "$COMPOSE_FILE" stop || true
 
-log "Usuwam osierocone kontenery i stare nieużywane obrazy..."
+log "Usuwam kontenery i osierocone zasoby tylko dla projektu ${STACK_NAME}..."
 docker compose -p "$STACK_NAME" -f "$COMPOSE_FILE" down --remove-orphans || true
-docker image prune -af || true
-docker builder prune -af || true
 
-authoritative_stack="${STACK_NAME}"
-log "Uruchamiam stack ${authoritative_stack}..."
+log "Buduję obrazy projektu ${STACK_NAME} bez cache..."
+docker compose -p "$STACK_NAME" -f "$COMPOSE_FILE" build --no-cache
+
+log "Uruchamiam stack ${STACK_NAME}..."
 docker compose -p "$STACK_NAME" -f "$COMPOSE_FILE" up -d
 
-log "Deployment zakończony. Aplikacja powinna być dostępna pod https://${APP_DOMAIN}"
+APP_URL="${APP_EXTERNAL_SCHEME}://${APP_DOMAIN}"
+if [ -n "${EXPOSE_PORT:-}" ]; then
+  APP_URL="${APP_URL}:${EXPOSE_PORT}"
+fi
+
+log "Deployment zakończony."
+log "Adres aplikacji: ${APP_URL}"
+log "Port zewnętrzny: ${EXPOSE_PORT}"
+log "Silnik bazy: ${DB_ENGINE}"
+log "Ścieżka danych bazy: ${DB_PATH_INFO}"

docker-compose.yml

@@ -3,14 +3,16 @@ services:
     build: .
     env_file: [.env]
     environment:
-      APP_PORT: 5000
-      APP_EXTERNAL_SCHEME: https
+      APP_PORT: ${APP_PORT:-5000}
+      APP_EXTERNAL_SCHEME: ${APP_EXTERNAL_SCHEME:-https}
       APP_EXTERNAL_HOST: ${APP_DOMAIN:-localhost}
       APP_EXTERNAL_PORT: ${EXPOSE_PORT:-8785}
       TZ: ${APP_TIMEZONE:-Europe/Warsaw}
     volumes:
       - ./:/app
-    depends_on: [redis]
+      - ./db/sqlite:/app/db/sqlite
+    depends_on:
+      - redis
     restart: unless-stopped
 
   redis:
@@ -19,6 +21,36 @@ services:
       - "6379:6379"
     restart: unless-stopped
 
+  postgres:
+    image: postgres:18-alpine
+    profiles: ["pgsql"]
+    environment:
+      POSTGRES_DB: ${DB_NAME:-ksef}
+      POSTGRES_USER: ${DB_USER:-ksef}
+      POSTGRES_PASSWORD: ${DB_PASSWORD:-ksef}
+      TZ: ${APP_TIMEZONE:-Europe/Warsaw}
+    volumes:
+      - ./db/pgsql:/var/lib/postgresql/data
+    ports:
+      - "${DB_PORT:-5432}:5432"
+    restart: unless-stopped
+
+  mysql:
+    image: mysql:8.4
+    profiles: ["mysql"]
+    command: --default-authentication-plugin=mysql_native_password
+    environment:
+      MYSQL_DATABASE: ${DB_NAME:-ksef}
+      MYSQL_USER: ${DB_USER:-ksef}
+      MYSQL_PASSWORD: ${DB_PASSWORD:-ksef}
+      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD:-root}
+      TZ: ${APP_TIMEZONE:-Europe/Warsaw}
+    volumes:
+      - ./db/mysql:/var/lib/mysql
+    ports:
+      - "${DB_PORT:-3306}:3306"
+    restart: unless-stopped
+
   caddy:
     image: caddy:2-alpine
     env_file: [.env]
@@ -33,9 +65,10 @@ services:
       - ./deploy/caddy/ssl:/certs:ro
       - caddy_data:/data
       - caddy_config:/config
-    depends_on: [web]
+    depends_on:
+      - web
     restart: unless-stopped
 
 volumes:
   caddy_data:
-  caddy_config:
+  caddy_config:

requirements.txt

@@ -22,3 +22,4 @@ cryptography==45.0.0
 xhtml2pdf==0.2.17
 psutil
 gunicorn==23.0.0
+PyMySQL==1.1.1