Security fixes: non-root user, signup rate limiting, differentiated CORS, persistent usage tracking
This commit is contained in:
parent
6a38ba4adc
commit
73bb041513
5 changed files with 108 additions and 17 deletions
14
Dockerfile
14
Dockerfile
|
|
@ -1,19 +1,31 @@
|
|||
FROM node:22-bookworm-slim
|
||||
|
||||
# Install Chromium (works on ARM and x86)
|
||||
# Install Chromium and dependencies as root
|
||||
RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||
chromium fonts-liberation \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Create non-root user
|
||||
RUN groupadd --gid 1001 docfast \
|
||||
&& useradd --uid 1001 --gid docfast --shell /bin/bash --create-home docfast
|
||||
|
||||
# Set environment variables
|
||||
ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true
|
||||
ENV PUPPETEER_EXECUTABLE_PATH=/usr/bin/chromium
|
||||
|
||||
WORKDIR /app
|
||||
COPY package*.json ./
|
||||
RUN npm ci --omit=dev
|
||||
|
||||
COPY dist/ dist/
|
||||
COPY public/ public/
|
||||
|
||||
# Create data directory and set ownership to docfast user
|
||||
RUN mkdir -p /app/data && chown -R docfast:docfast /app
|
||||
|
||||
# Switch to non-root user
|
||||
USER docfast
|
||||
|
||||
ENV PORT=3100
|
||||
EXPOSE 3100
|
||||
CMD ["node", "dist/index.js"]
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue