GT AI OS Community Edition v2.0.33

Security hardening release addressing CodeQL and Dependabot alerts: - Fix stack trace exposure in error responses - Add SSRF protection with DNS resolution checking - Implement proper URL hostname validation (replaces substring matching) - Add centralized path sanitization to prevent path traversal - Fix ReDoS vulnerability in email validation regex - Improve HTML sanitization in validation utilities - Fix capability wildcard matching in auth utilities - Update glob dependency to address CVE - Add CodeQL suppression comments for verified false positives 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-12 17:04:45 -05:00
commit b9dfb86260
746 changed files with 232071 additions and 0 deletions
--- a/scripts/postgresql/admin-entrypoint-wrapper.sh
+++ b/scripts/postgresql/admin-entrypoint-wrapper.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+# GT 2.0 Admin PostgreSQL Custom Entrypoint
+# Ensures postgres user password is synced from environment variable on every startup
+
+set -e
+
+echo "🔧 GT 2.0 Admin PostgreSQL Startup..."
+
+# Function to update postgres user password from environment variable
+update_postgres_password() {
+    echo "🔐 Syncing postgres user password from environment..."
+
+    # Update postgres superuser password if POSTGRES_PASSWORD is set
+    if [ -n "$POSTGRES_PASSWORD" ]; then
+        psql -U postgres -d gt2_admin -c "ALTER USER postgres WITH PASSWORD '$POSTGRES_PASSWORD';" >/dev/null 2>&1 && \
+            echo "✅ Updated postgres user password" || \
+            echo "⚠️  Could not update postgres password (database may not be ready yet)"
+    fi
+
+    # Also update gt2_admin if it exists and ADMIN_USER_PASSWORD is set
+    if [ -n "$ADMIN_USER_PASSWORD" ]; then
+        psql -U postgres -d gt2_admin -c "ALTER USER gt2_admin WITH PASSWORD '$ADMIN_USER_PASSWORD';" >/dev/null 2>&1 && \
+            echo "✅ Updated gt2_admin user password" || \
+            echo "⚠️  Could not update gt2_admin password (user may not exist yet)"
+    fi
+}
+
+# Function to configure after PostgreSQL starts
+configure_after_start() {
+    sleep 5  # Wait for PostgreSQL to fully start
+
+    # Update passwords from environment variables if PostgreSQL is running
+    if pg_isready -U postgres >/dev/null 2>&1; then
+        update_postgres_password
+    fi
+}
+
+# Configure after PostgreSQL starts (in background)
+configure_after_start &
+
+echo "🚀 Starting Admin PostgreSQL..."
+
+# Call the original PostgreSQL entrypoint
+exec docker-entrypoint.sh "$@"