Security hardening: secrets, validation, Docker, and error handling
- Add root .gitignore to prevent btc_wallet.py (with RPC credentials) from being committed - Load JWT SECRET_KEY from environment variable instead of hardcoded value - Restrict CORS to explicit methods/headers instead of wildcards - Add Pydantic Field validation (gt=0) to purchase amounts and user credentials - Add logging to all silent exception handlers in btc.py - Run backend and frontend Docker containers as non-root appuser - Add .dockerignore for both backend and frontend - Pass SECRET_KEY env var through docker-compose; add healthchecks to both services - Update bcrypt from pinned 3.2.2 to >=4.0.0 - Capture error objects in frontend catch blocks; check admin delete response Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -1,6 +1,6 @@
|
||||
from fastapi import APIRouter, Depends, HTTPException, status
|
||||
from sqlalchemy.orm import Session
|
||||
from pydantic import BaseModel
|
||||
from pydantic import BaseModel, Field
|
||||
|
||||
from ..database import get_db
|
||||
from .. import models
|
||||
@@ -10,8 +10,8 @@ router = APIRouter()
|
||||
|
||||
|
||||
class UserCreate(BaseModel):
|
||||
username: str
|
||||
password: str
|
||||
username: str = Field(min_length=3, max_length=50)
|
||||
password: str = Field(min_length=8)
|
||||
|
||||
|
||||
class Token(BaseModel):
|
||||
|
||||
Reference in New Issue
Block a user