feat: implement observability

Author: Bulletdev

.env.example

@@ -110,6 +110,14 @@ PHOENIX_EVENTS_ENABLED=false
 PHOENIX_EVENTS_URL=http://localhost:4000
 INTERNAL_JWT_SECRET=
 
+# ===========================================
+# Sidekiq Web UI (production access)
+# ===========================================
+# Password for /sidekiq dashboard. Protected by HTTP Basic Auth (user: prostaff).
+# Leave blank to keep the UI inaccessible (safe default).
+# Set a strong random value in production (e.g. openssl rand -hex 32).
+SIDEKIQ_WEB_PASSWORD=
+
 # ===========================================
 # HashID Configuration (for public URL obfuscation)
 # ===========================================

CHANGELOG.md

@@ -0,0 +1,2 @@
+- `POST /api/v1/support/uploads` — authenticated file upload endpoint
+- Supabase S3-compatible storage via `aws-sdk-s3`

config/routes.rb

@@ -500,9 +500,12 @@
     end
   end
 
-  # Mount Sidekiq web UI in development
-  if Rails.env.development?
-    require 'sidekiq/web'
-    mount Sidekiq::Web => '/sidekiq'
+  require 'sidekiq/web'
+  Sidekiq::Web.use(Rack::Auth::Basic) do |user, password|
+    user == 'prostaff' && ActiveSupport::SecurityUtils.secure_compare(
+      ::Digest::SHA256.hexdigest(password),
+      ::Digest::SHA256.hexdigest(ENV.fetch('SIDEKIQ_WEB_PASSWORD', ''))
+    )
   end
+  mount Sidekiq::Web => '/sidekiq'
 end

infra/filebeat/docker-compose.yml

@@ -0,0 +1,21 @@
+services:
+  filebeat:
+    image: docker.elastic.co/beats/filebeat:8.19.0
+    user: root
+    restart: unless-stopped
+    volumes:
+      - /var/lib/docker/containers:/var/lib/docker/containers:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ./filebeat.yml:/usr/share/filebeat/filebeat.yml:ro
+    networks:
+      - vcgokoow00g0ggs0wwg4so4o
+      - coolify
+    mem_limit: 100m
+    labels:
+      - coolify.managed=true
+
+networks:
+  vcgokoow00g0ggs0wwg4so4o:
+    external: true
+  coolify:
+    external: true

infra/filebeat/filebeat.yml

@@ -0,0 +1,62 @@
+filebeat.autodiscover:
+  providers:
+    - type: docker
+      hints.enabled: true
+      templates:
+        - condition:
+            contains:
+              docker.container.name: "api"
+          config:
+            - type: container
+              paths:
+                - /var/lib/docker/containers/${data.docker.container.id}/*.log
+              json.keys_under_root: false
+              fields:
+                service: api
+        - condition:
+            contains:
+              docker.container.name: "sidekiq"
+          config:
+            - type: container
+              paths:
+                - /var/lib/docker/containers/${data.docker.container.id}/*.log
+              fields:
+                service: sidekiq
+        - condition:
+            contains:
+              docker.container.name: "events"
+          config:
+            - type: container
+              paths:
+                - /var/lib/docker/containers/${data.docker.container.id}/*.log
+              fields:
+                service: events
+        - condition:
+            contains:
+              docker.container.name: "scraper"
+          config:
+            - type: container
+              paths:
+                - /var/lib/docker/containers/${data.docker.container.id}/*.log
+              fields:
+                service: scraper
+        - condition:
+            contains:
+              docker.container.name: "enrichment"
+          config:
+            - type: container
+              paths:
+                - /var/lib/docker/containers/${data.docker.container.id}/*.log
+              fields:
+                service: enrichment
+
+output.elasticsearch:
+  hosts: ["http://elasticsearch-vcgokoow00g0ggs0wwg4so4o:9200"]
+  index: "prostaff-logs-%{+yyyy.MM.dd}"
+
+setup.kibana:
+  host: "http://kibana-fccsw00gc0oo4g0gwk0kcw4w:5601"
+
+setup.ilm.enabled: false
+setup.template.name: "prostaff-logs"
+setup.template.pattern: "prostaff-logs-*"