#7 Transport Security: - Removed legacy _ssl_ctx alias from config.py - proxy.py now uses _internal_ssl_ctx directly (explicitly scoped) - No global TLS bypass remains #10 Deployment Hardening: - Inventory Dockerfile: non-root (node user), health check, production deps - Budget Dockerfile: non-root (node user), health check, npm ci, multi-stage ready - Frontend-v2 Dockerfile: multi-stage build, non-root (node user), health check - Added /health endpoints to inventory and budget (before auth middleware) - All 6 containers now run as non-root with health checks All services verified: gateway, trips, fitness, inventory, budget, frontend
This commit is contained in:
Yusuf Suleman
@@ -27,6 +27,9 @@ app.use(express.json());
|
||||
// Allow form-encoded payloads from NocoDB webhook buttons
|
||||
app.use(express.urlencoded({ extended: true }));
|
||||
|
||||
// Health check (before auth middleware)
|
||||
app.get('/health', (req, res) => res.json({ status: 'ok' }));
|
||||
|
||||
// API key auth middleware — require X-API-Key header on all routes
|
||||
const SERVICE_API_KEY = process.env.SERVICE_API_KEY || '';
|
||||
if (SERVICE_API_KEY) {
|
||||
|
||||
Reference in New Issue
Block a user