GTEdgeAI/gt-ai-os-community
3
0
Fork 0
Code Issues Packages Releases Wiki Activity
Files
a90b1dbb5dab8775e97e11105ef1ef1d254d167a
gt-ai-os-community/apps/control-panel-frontend/Dockerfile
HackWeasel b9dfb86260 GT AI OS Community Edition v2.0.33 
Security hardening release addressing CodeQL and Dependabot alerts:

- Fix stack trace exposure in error responses
- Add SSRF protection with DNS resolution checking
- Implement proper URL hostname validation (replaces substring matching)
- Add centralized path sanitization to prevent path traversal
- Fix ReDoS vulnerability in email validation regex
- Improve HTML sanitization in validation utilities
- Fix capability wildcard matching in auth utilities
- Update glob dependency to address CVE
- Add CodeQL suppression comments for verified false positives

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-12 17:04:45 -05:00

62 lines
1.4 KiB
Docker
Raw Blame History

# Control Panel Frontend Dockerfile
FROM node:18-alpine AS builder
WORKDIR /app
# Accept build args for Docker internal URLs
ARG INTERNAL_API_URL
ARG NEXT_PUBLIC_API_URL
ARG NEXT_PUBLIC_WS_URL
# Set as env vars so next.config.js can use them during build
ENV INTERNAL_API_URL=$INTERNAL_API_URL
ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL
ENV NEXT_PUBLIC_WS_URL=$NEXT_PUBLIC_WS_URL
# Copy package files
COPY package*.json ./
# Install dependencies (including devDependencies needed for build)
RUN npm install
# Copy application code
COPY . .
# Set NODE_ENV to production AFTER install, BEFORE build
# This enables Next.js production optimizations without breaking npm install
ENV NODE_ENV=production
# Build the application (next.config.js will use env vars above)
RUN npm run build
# Production stage
FROM node:18-alpine
WORKDIR /app
# Set environment to production
ENV NODE_ENV=production
ENV PORT=3000
# Copy built application
COPY --from=builder /app/.next ./.next
COPY --from=builder /app/package*.json ./
COPY --from=builder /app/next.config.js ./
# Copy public directory if it exists
RUN mkdir -p ./public
# Install production dependencies only
RUN npm install --only=production
# Create non-root user
RUN addgroup -g 1001 -S nodejs && \
adduser -S nextjs -u 1001 && \
chown -R nextjs:nodejs /app
USER nextjs
# Expose port
EXPOSE 3000
# Run the application with npm start (uses PORT env var)
CMD ["npm", "start"]
View Git Blame Copy Permalink