c7a0a53fe8
Deploy Dashboard / deploy (push) Successful in 3m37s
Remove SSH private keys from git, add SECRET_KEY validation, move WS auth from query string to first message, add session limits/idle timeout, PBKDF2 Fernet key, refresh token rotation, TOTP replay protection, file upload size limit + filename sanitization, symlink safety check, restrict CORS methods, IP-gate OpenClaw token, run container as non-root, rate-limit refresh/passkey endpoints, sanitize Gitea path params. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
21 lines
720 B
Docker
21 lines
720 B
Docker
# Stage 1: Build frontend
|
|
FROM node:20-alpine AS frontend
|
|
WORKDIR /build
|
|
COPY frontend/package.json frontend/package-lock.json* ./
|
|
COPY frontend/ ./
|
|
RUN npm install --registry=https://registry.npmmirror.com && npm run build
|
|
|
|
# Stage 2: Python runtime
|
|
FROM python:3.12-slim
|
|
RUN apt-get update && apt-get install -y --no-install-recommends openssh-client && rm -rf /var/lib/apt/lists/*
|
|
RUN adduser --disabled-password --no-create-home --gecos "" app
|
|
WORKDIR /app
|
|
COPY backend/requirements.txt .
|
|
RUN pip install --no-cache-dir -r requirements.txt
|
|
COPY backend/ ./
|
|
COPY --from=frontend /build/dist /app/static
|
|
RUN chown -R app:app /app
|
|
USER app
|
|
EXPOSE 4000
|
|
CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "4000"]
|