archetecture security fix
This commit is contained in:
Executable
+13
@@ -0,0 +1,13 @@
|
||||
#!/usr/bin/env sh
|
||||
set -eu
|
||||
|
||||
# Start as root only long enough to prepare writable runtime mounts, then drop
|
||||
# to the unprivileged app user before running Node/NPM. If chown is blocked by
|
||||
# a hardened runtime, continue and let the app fail loudly on write attempts.
|
||||
if [ "$(id -u)" = "0" ]; then
|
||||
mkdir -p /var/lib/rentaldrivego/storage/public /var/lib/rentaldrivego/storage/private /tmp/rentaldrivego
|
||||
chown -R app:app /var/lib/rentaldrivego /tmp/rentaldrivego 2>/dev/null || true
|
||||
exec su app -s /bin/sh -c 'exec "$@"' -- "$@"
|
||||
fi
|
||||
|
||||
exec "$@"
|
||||
@@ -1,24 +0,0 @@
|
||||
server {
|
||||
listen 80;
|
||||
server_name _;
|
||||
root /var/www/html/public;
|
||||
|
||||
index index.php index.html;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php?$query_string;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
try_files $uri =404;
|
||||
fastcgi_pass app:9000;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
}
|
||||
|
||||
location ~ /\.ht {
|
||||
deny all;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,13 @@
|
||||
{
|
||||
"Servers": {
|
||||
"1": {
|
||||
"Name": "RentalDriveGo Dev DB",
|
||||
"Group": "Development",
|
||||
"Host": "postgres",
|
||||
"Port": 5432,
|
||||
"MaintenanceDB": "rentaldrivego",
|
||||
"Username": "postgres",
|
||||
"SSLMode": "prefer"
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,6 @@
|
||||
CSRF_TRUSTED_ORIGINS = ["https://pgmanage.rentaldrivego.ma"]
|
||||
ALLOWED_HOSTS = ["pgmanage.rentaldrivego.ma"]
|
||||
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
|
||||
USE_X_FORWARDED_HOST = True
|
||||
SESSION_COOKIE_SECURE = True
|
||||
CSRF_COOKIE_SECURE = True
|
||||
@@ -0,0 +1,35 @@
|
||||
#!/bin/sh
|
||||
set -eu
|
||||
|
||||
STATE_DIR="/state"
|
||||
MARKER_FILE="$STATE_DIR/dev-bootstrap-complete"
|
||||
|
||||
mkdir -p "$STATE_DIR"
|
||||
|
||||
echo "[migrate] Generating database client"
|
||||
npm run db:generate
|
||||
|
||||
STORAGE_ROOT="${FILE_STORAGE_ROOT:-}"
|
||||
LEGACY_STORAGE_ROOT="${LEGACY_STORAGE_ROOT:-/app/apps/api/src/lib/storage}"
|
||||
|
||||
if [ -n "$STORAGE_ROOT" ]; then
|
||||
mkdir -p "$STORAGE_ROOT"
|
||||
if [ -d "$LEGACY_STORAGE_ROOT" ]; then
|
||||
echo "[migrate] Syncing legacy uploads into the dev storage volume"
|
||||
cp -Rn "$LEGACY_STORAGE_ROOT"/. "$STORAGE_ROOT"/ 2>/dev/null || true
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "[migrate] Applying pending migrations"
|
||||
npm run db:deploy
|
||||
|
||||
if [ -f "$MARKER_FILE" ]; then
|
||||
echo "[migrate] Existing dev database detected; skipping seed"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
echo "[migrate] First dev bootstrap; seeding data"
|
||||
npm run db:seed
|
||||
|
||||
touch "$MARKER_FILE"
|
||||
echo "[migrate] Dev bootstrap complete"
|
||||
@@ -0,0 +1,10 @@
|
||||
#!/bin/sh
|
||||
set -eu
|
||||
|
||||
REAL_NPM="/usr/local/bin/npm"
|
||||
|
||||
if [ "${1-}" = "config" ] && [ "${2-}" = "get" ] && [ "${3-}" = "registry" ]; then
|
||||
exec "$REAL_NPM" --prefix "$PWD" "$@"
|
||||
fi
|
||||
|
||||
exec "$REAL_NPM" "$@"
|
||||
Reference in New Issue
Block a user