From 7cb61d4242595f49613b7956075996b94f3a1f55 Mon Sep 17 00:00:00 2001
From: shop <shop@localhost>
Date: Sun, 17 May 2026 14:48:33 +0300
Subject: [PATCH] =?UTF-8?q?fix:=20=D0=BF=D1=80=D0=B0=D0=B2=D0=B0=20www-dat?=
 =?UTF-8?q?a=20=D0=BF=D0=BE=D1=81=D0=BB=D0=B5=20git=20pull=20=D0=B8=20npm?=
 =?UTF-8?q?=20install?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Cursor <cursoragent@cursor.com>
---
 .env.example                    |  1 +
 scripts/admin-web-update.sh     | 15 ++++++++++++-
 scripts/fix-shop-permissions.sh | 37 +++++++++++++++++++++++++++++++++
 scripts/server-update.sh        |  8 ++++++-
 wiki/Troubleshooting.md         |  2 ++
 5 files changed, 61 insertions(+), 2 deletions(-)
 create mode 100644 scripts/fix-shop-permissions.sh

diff --git a/.env.example b/.env.example
index 9c91138..0570af9 100644
--- a/.env.example
+++ b/.env.example
@@ -39,6 +39,7 @@ SMTP_FROM=shop@example.com
 # ADMIN_UPDATE_ENABLED=1
 # ADMIN_UPDATE_USE_SUDO=1
 # SHOP_GIT_USER=root
+# SHOP_SERVICE_USER=www-data
 
 # PostgreSQL 17 (одна строка или отдельные переменные)
 DATABASE_URL=postgresql://shop:shop@127.0.0.1:5432/shop
diff --git a/scripts/admin-web-update.sh b/scripts/admin-web-update.sh
index 00001d4..f2f6d73 100644
--- a/scripts/admin-web-update.sh
+++ b/scripts/admin-web-update.sh
@@ -10,6 +10,7 @@ source "$SCRIPT_DIR/shop-root.sh"
 
 PORT="${PORT:-3000}"
 REPO_OWNER="${SHOP_GIT_USER:-$(stat -c '%U' "$SHOP_ROOT/.git" 2>/dev/null || stat -c '%U' "$SHOP_ROOT" 2>/dev/null || echo root)}"
+SHOP_SERVICE_USER="${SHOP_SERVICE_USER:-www-data}"
 
 ensure_git_safe() {
   local user="$1"
@@ -52,7 +53,19 @@ run_as_owner "bash scripts/git-sync.sh"
 
 echo ""
 echo "--- npm install ---"
-run_as_owner "npm install --omit=dev"
+if [ "$(id -u)" -eq 0 ]; then
+  npm install --omit=dev
+else
+  run_as_owner "npm install --omit=dev"
+fi
+
+echo ""
+echo "--- права для службы shop ($SHOP_SERVICE_USER) ---"
+if [ "$(id -u)" -eq 0 ]; then
+  bash "$SCRIPT_DIR/fix-shop-permissions.sh"
+else
+  echo "WARN: запустите от root: sudo bash scripts/fix-shop-permissions.sh"
+fi
 
 echo ""
 echo "Новая версия:"
diff --git a/scripts/fix-shop-permissions.sh b/scripts/fix-shop-permissions.sh
new file mode 100644
index 0000000..5d973cf
--- /dev/null
+++ b/scripts/fix-shop-permissions.sh
@@ -0,0 +1,37 @@
+#!/bin/bash
+# Права на каталог магазина для пользователя systemd (www-data)
+#   sudo bash "$SHOP_ROOT/scripts/fix-shop-permissions.sh"
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+# shellcheck source=shop-root.sh
+source "$SCRIPT_DIR/shop-root.sh"
+
+SHOP_SERVICE_USER="${SHOP_SERVICE_USER:-www-data}"
+
+if [ "$(id -u)" -ne 0 ]; then
+  echo "Запустите от root: sudo bash $0"
+  exit 1
+fi
+
+if ! id "$SHOP_SERVICE_USER" &>/dev/null; then
+  echo "Ошибка: пользователь $SHOP_SERVICE_USER не найден"
+  exit 1
+fi
+
+echo "=== Права Shop: $SHOP_ROOT → $SHOP_SERVICE_USER ==="
+
+chown -R "$SHOP_SERVICE_USER:$SHOP_SERVICE_USER" "$SHOP_ROOT"
+
+# npm cache/logs для www-data
+for dir in /var/www/.npm /var/www/.cache; do
+  mkdir -p "$dir"
+  chown -R "$SHOP_SERVICE_USER:$SHOP_SERVICE_USER" "$dir"
+done
+
+if [ -f "$SHOP_ROOT/.env" ]; then
+  chmod 640 "$SHOP_ROOT/.env"
+  chown "$SHOP_SERVICE_USER:$SHOP_SERVICE_USER" "$SHOP_ROOT/.env"
+fi
+
+echo "OK: владелец $SHOP_SERVICE_USER, можно: systemctl restart shop"
diff --git a/scripts/server-update.sh b/scripts/server-update.sh
index 6a6dd99..8ead950 100644
--- a/scripts/server-update.sh
+++ b/scripts/server-update.sh
@@ -20,7 +20,13 @@ fi
 
 bash "$SCRIPT_DIR/git-sync.sh"
 
-npm install --omit=dev
+if [ "$(id -u)" -eq 0 ]; then
+  npm install --omit=dev
+  bash "$SCRIPT_DIR/fix-shop-permissions.sh"
+else
+  npm install --omit=dev
+  echo "ВНИМАНИЕ: для прав www-data выполните: sudo bash $SCRIPT_DIR/fix-shop-permissions.sh"
+fi
 
 if [ -f .env ] && ! grep -q '^DATABASE_URL=' .env; then
   echo "ВНИМАНИЕ: добавьте DATABASE_URL в .env (см. .env.example)"
diff --git a/wiki/Troubleshooting.md b/wiki/Troubleshooting.md
index 3bf3c6d..0980ae2 100644
--- a/wiki/Troubleshooting.md
+++ b/wiki/Troubleshooting.md
@@ -38,6 +38,8 @@ journalctl -u shop -n 50 --no-pager
 | Placeholder / `URL_РЕПОЗИТОРИЯ` | `git clone <ваш-url> "$SHOP_ROOT"` — не копировать шаблоны как команды |
 | Нет `package.json` | `find /opt -name package.json`; `cd` в найденный каталог |
 | detached HEAD | `bash scripts/git-sync.sh` |
+| `EACCES` на `package-lock.json`, npm от www-data | `sudo bash scripts/fix-shop-permissions.sh` затем `sudo npm install --omit=dev` и снова `fix-shop-permissions` |
+| `shop.service` failed после обновления | `sudo bash scripts/fix-shop-permissions.sh` && `sudo systemctl restart shop` |
 | Нет `scripts/...` | `bash "$SHOP_ROOT/scripts/server-update.sh"` |
 | Unit shop not found | `sudo bash scripts/install-shop-service.sh` |
 | shop exit-code / auto-restart | `sudo bash scripts/free-port-3000.sh`; `systemctl restart shop` |