Harden auth, redaction, upload size checks, and compose token requirements

2026-02-21 13:48:55 -03:00
parent 5792586a90
commit 3cbad053cc
21 changed files with 1168 additions and 85 deletions
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -12,6 +12,11 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 COPY requirements.txt /app/requirements.txt
 RUN pip install --no-cache-dir -r /app/requirements.txt

-COPY app /app/app
+RUN addgroup --system appgroup && adduser --system --ingroup appgroup --uid 10001 appuser
+RUN mkdir -p /data/storage && chown -R appuser:appgroup /app /data
+
+COPY --chown=appuser:appgroup app /app/app
+
+USER appuser

 CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"]