From 3f7234aa911ab4aba9aabb268cc5b81173f3a14b Mon Sep 17 00:00:00 2001
From: shaw <shaw-wei@foxmail.com>
Date: Sat, 19 Jul 2025 02:39:18 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=B8=80=E6=AC=A1=E6=80=A7=E8=A7=A3?=
 =?UTF-8?q?=E5=86=B3=E6=89=80=E6=9C=89=E6=9D=83=E9=99=90=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 设置/app目录为775权限，解决sed临时文件创建问题
- 替换sed为awk进行文件内容修改，避免权限问题
- 使用/tmp目录作为临时文件存储位置
- 确保claude用户对所有必要目录和文件都有完整读写权限
- 彻底解决"couldn't open temporary file"和"permission denied"错误

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 Dockerfile           |  6 +++---
 docker-entrypoint.sh | 30 +++++++++++++++++++++++++-----
 2 files changed, 28 insertions(+), 8 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index eec8736d..c4b0e70d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -34,10 +34,10 @@ COPY --chown=claude:nodejs . .
 COPY --chown=claude:nodejs docker-entrypoint.sh /usr/local/bin/
 RUN chmod +x /usr/local/bin/docker-entrypoint.sh
 
-# 📁 创建必要目录并设置权限 - 先创建目录，再设置所有者
+# 📁 创建必要目录并设置权限 - 一次性解决所有权限问题
 RUN mkdir -p logs data temp && \
-    chown -R claude:nodejs /app/logs /app/data /app/temp /app/config && \
-    chmod 755 /app && \
+    chown -R claude:nodejs /app && \
+    chmod 775 /app && \
     chmod 775 /app/logs /app/data /app/temp /app/config
 
 # 🔧 预先创建配置文件避免权限问题
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
index 03c327e0..f1409cea 100644
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -44,12 +44,32 @@ if [ -f "/app/.env" ]; then
     fi
   fi
   
-  # 更新 .env 文件中的密钥
-  sed -i "s/JWT_SECRET=.*/JWT_SECRET=${JWT_SECRET}/" /app/.env
-  sed -i "s/ENCRYPTION_KEY=.*/ENCRYPTION_KEY=${ENCRYPTION_KEY}/" /app/.env
+  # 使用更安全的方式更新 .env 文件 - 创建临时文件避免sed权限问题
+  ENV_TEMP="/tmp/env_temp_$$"
   
-  # 设置 Redis 配置以连接到容器内的 Redis
-  sed -i "s/REDIS_HOST=.*/REDIS_HOST=redis/" /app/.env
+  # 替换JWT_SECRET
+  awk -v new_secret="$JWT_SECRET" '
+    /^JWT_SECRET=/ { print "JWT_SECRET=" new_secret; next }
+    { print }
+  ' /app/.env > "$ENV_TEMP"
+  
+  # 替换ENCRYPTION_KEY
+  awk -v new_key="$ENCRYPTION_KEY" '
+    /^ENCRYPTION_KEY=/ { print "ENCRYPTION_KEY=" new_key; next }
+    { print }
+  ' "$ENV_TEMP" > "$ENV_TEMP.2"
+  
+  # 替换REDIS_HOST
+  awk '
+    /^REDIS_HOST=/ { print "REDIS_HOST=redis"; next }
+    { print }
+  ' "$ENV_TEMP.2" > "$ENV_TEMP.3"
+  
+  # 复制回原文件
+  cp "$ENV_TEMP.3" /app/.env
+  
+  # 清理临时文件
+  rm -f "$ENV_TEMP" "$ENV_TEMP.2" "$ENV_TEMP.3"
   
   echo "✅ .env 已配置"
 else