Mireya Cueto Garrido
af1b8e9956
- Updated Dockerfile to improve security with a non-root user and added health checks. - Modified docker-compose.yml to set containers as read-only, restrict ports to localhost, and implement health checks. - Enhanced .env.example with additional environment variables for security and configuration. - Improved FastAPI application with middleware for security headers, CORS, and body size limits. - Refactored authentication flow in auth.py to include state validation and improved error handling. - Added rate limiting to various endpoints to prevent abuse. - Updated researcher and publication handling to ensure better validation and error management.
37 lines
846 B
Docker
37 lines
846 B
Docker
FROM python:3.12-slim AS base
|
|
|
|
ENV PYTHONDONTWRITEBYTECODE=1 \
|
|
PYTHONUNBUFFERED=1 \
|
|
PIP_NO_CACHE_DIR=1 \
|
|
PIP_DISABLE_PIP_VERSION_CHECK=1
|
|
|
|
RUN apt-get update \
|
|
&& apt-get install -y --no-install-recommends curl \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
RUN groupadd --system --gid 1001 app \
|
|
&& useradd --system --uid 1001 --gid app --home /app --shell /usr/sbin/nologin app
|
|
|
|
WORKDIR /app
|
|
|
|
COPY requirements.txt ./
|
|
RUN pip install --no-cache-dir -r requirements.txt
|
|
|
|
COPY app ./app
|
|
|
|
RUN chown -R app:app /app
|
|
|
|
USER app
|
|
|
|
EXPOSE 8000
|
|
|
|
HEALTHCHECK --interval=30s --timeout=5s --start-period=15s --retries=3 \
|
|
CMD curl -fsS http://127.0.0.1:8000/health || exit 1
|
|
|
|
CMD ["uvicorn", "app.main:app", \
|
|
"--host", "0.0.0.0", \
|
|
"--port", "8000", \
|
|
"--proxy-headers", \
|
|
"--forwarded-allow-ips", "*", \
|
|
"--no-server-header"]
|