Refactor deployment script to handle symlinking of public data conditionally based on git tracking status, improving error handling for uncommitted changes. Update PM2 configuration to directly start the Node server for Nuxt 4 production builds in both harheimertc.config.cjs and harheimertc.simple.cjs. Modify user ID handling in registration options to use Uint8Array for compatibility with @simplewebauthn/server.

deploy-production.sh

@@ -48,9 +48,24 @@ ensure_symlink_dir() {
   echo "   Linked $src -> $target"
 }
 
+has_tracked_files_under() {
+  local prefix="$1" # e.g. public/data
+  # If any file is tracked under this path, symlinking the directory will break git operations
+  git ls-files "$prefix" | head -n 1 | grep -q .
+}
+
 echo "0. Ensuring persistent data directories (recommended)..."
 ensure_symlink_dir "server/data" "$DATA_ROOT/server-data"
-ensure_symlink_dir "public/data" "$DATA_ROOT/public-data"
+
+# IMPORTANT: Only symlink public/data if it's not tracked by git.
+# Otherwise git will error with "path is beyond a symbolic link".
+if has_tracked_files_under "public/data"; then
+  echo "   Skipping symlink for public/data (tracked files detected in git)."
+  echo "   Recommendation: remove public/data/*.csv from git history and keep them only as production data."
+else
+  ensure_symlink_dir "public/data" "$DATA_ROOT/public-data"
+fi
+
 ensure_symlink_dir "public/uploads" "$DATA_ROOT/public-uploads"
 echo ""
 
@@ -89,9 +104,13 @@ if [ -n "$(git status --porcelain | grep '^UU\|^AA\|^DD')" ]; then
   git reset --hard HEAD
 fi
 
-# Stash any local changes (including production data)
+# Ensure a clean working tree (we avoid git stash because it breaks with symlinked data paths)
-echo "   Stashing local changes..."
+if [ -n "$(git status --porcelain)" ]; then
-git stash push -m "Production deployment stash $(date)" || true
+  echo "ERROR: Working tree is not clean. Please commit/revert changes before deployment."
+  echo "Hint: If this is caused by tracked production data files, remove them from git tracking."
+  git status --porcelain
+  exit 1
+fi
 
 # Pull latest changes
 echo "   Pulling latest changes..."
@@ -144,12 +163,9 @@ if [ ! -s server/data/users.json ]; then
   exit 1
 fi
 
-# 7. Cleanup stash (Backups werden bewusst behalten)
+# 7. Cleanup (Backups werden bewusst behalten)
 echo ""
-echo "7. Cleaning up stash (keeping backups in $BACKUP_ROOT)..."
+echo "7. Keeping backups in $BACKUP_ROOT (no git stash used)."
-# Clear the deployment stash (keep other stashes)
-echo "   Clearing deployment stash..."
-git stash list | grep "Production deployment stash" | head -1 | cut -d: -f1 | xargs -r git stash drop
 
 # 8. Restart PM2
 echo ""

harheimertc.config.cjs

@@ -9,8 +9,9 @@ try {
 module.exports = {
   apps: [{
     name: 'harheimertc',
-    script: 'npm',
+    // Nuxt 4 production build: direkt den Node-Server starten (kein "preview mode")
-    args: 'run start',
+    script: 'node',
+    args: '.output/server/index.mjs',
     cwd: '/var/www/harheimertc',
     instances: 1,
     autorestart: true,

harheimertc.simple.cjs

@@ -9,8 +9,8 @@ try {
 module.exports = {
   apps: [{
     name: 'harheimertc',
-    script: 'npm',
+    script: 'node',
-    args: 'run start',
+    args: '.output/server/index.mjs',
     instances: 1,
     autorestart: true,
     watch: false,

server/api/auth/passkeys/registration-options.post.js

@@ -31,7 +31,8 @@ export default defineEventHandler(async (event) => {
   const options = await generateRegistrationOptions({
     rpName,
     rpID: rpId,
-    userID: String(user.id),
+    // @simplewebauthn/server erwartet inzwischen Uint8Array/Buffer statt String
+    userID: new TextEncoder().encode(String(user.id)),
     userName: user.email,
     // Keine Attestation-Daten speichern
     attestationType: 'none',