Jonathan/BTC-Portfolio
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Security hardening: secrets, validation, Docker, and error handling

Browse Source 
- Add root .gitignore to prevent btc_wallet.py (with RPC credentials) from being committed
- Load JWT SECRET_KEY from environment variable instead of hardcoded value
- Restrict CORS to explicit methods/headers instead of wildcards
- Add Pydantic Field validation (gt=0) to purchase amounts and user credentials
- Add logging to all silent exception handlers in btc.py
- Run backend and frontend Docker containers as non-root appuser
- Add .dockerignore for both backend and frontend
- Pass SECRET_KEY env var through docker-compose; add healthchecks to both services
- Update bcrypt from pinned 3.2.2 to >=4.0.0
- Capture error objects in frontend catch blocks; check admin delete response

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Jonathan
2026-03-26 18:40:41 +01:00
parent a0692501b3
commit 85455f3271
16 changed files with 70 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files
btc-portfolio/frontend/.dockerignore
+6
View File
@@ -0,0 +1,6 @@
.git
node_modules
build
.env
.env.local
npm-debug.log
btc-portfolio/frontend/Dockerfile
+3
View File
@@ -10,7 +10,10 @@ RUN npm run build
FROM node:18-alpine
RUN npm install -g serve
RUN addgroup -S appgroup && adduser -S appuser -G appgroup
WORKDIR /app
COPY --from=build /app/build ./build
RUN chown -R appuser:appgroup /app
USER appuser
EXPOSE 3001
CMD ["serve", "-s", "build", "-l", "3001"]
btc-portfolio/frontend/src/components/AddPurchase.js
+2 -1
View File
@@ -39,7 +39,8 @@ export default function AddPurchase({ onAdded }) {
setAmountEur('');
setPriceEur('');
onAdded();
} catch {
} catch (err) {
console.error('AddPurchase network error:', err);
setError('Network error');
}
};
btc-portfolio/frontend/src/pages/AdminPage.js
+6 -1
View File
@@ -66,7 +66,12 @@ export default function AdminPage() {
const handleDelete = async (id, name) => {
if (!window.confirm(`Delete user "${name}"? This also deletes all their purchases.`)) return;
await fetch(`${API}/admin/users/${id}`, { method: 'DELETE', headers: authHeaders() });
const res = await fetch(`${API}/admin/users/${id}`, { method: 'DELETE', headers: authHeaders() });
if (!res.ok) {
const data = await res.json().catch(() => ({}));
setError(data.detail || 'Failed to delete user');
return;
}
fetchUsers();
};
btc-portfolio/frontend/src/pages/Login.js
+2 -1
View File
@@ -37,7 +37,8 @@ export default function Login() {
localStorage.setItem('token', data.access_token);
localStorage.setItem('is_admin', data.is_admin ? 'true' : 'false');
navigate('/');
} catch {
} catch (err) {
console.error('Login network error:', err);
setError('Network error');
}
};
btc-portfolio/frontend/src/pages/Register.js
+2 -1
View File
@@ -38,7 +38,8 @@ export default function Register() {
}
setSuccess('Account created! Redirecting...');
setTimeout(() => navigate('/login'), 1500);
} catch {
} catch (err) {
console.error('Register network error:', err);
setError('Network error');
}
};