BTC-Portfolio

Jonathan/BTC-Portfolio

Fork 0

Commit Graph

Author	SHA1	Message	Date
Jonathan	11b020907d	Revert backend Dockerfile to run as root Non-root appuser can't write to the host-mounted SQLite data volume — chown in the image layer doesn't carry over to runtime volume mounts. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-26 18:45:41 +01:00
Jonathan	85455f3271	Security hardening: secrets, validation, Docker, and error handling - Add root .gitignore to prevent btc_wallet.py (with RPC credentials) from being committed - Load JWT SECRET_KEY from environment variable instead of hardcoded value - Restrict CORS to explicit methods/headers instead of wildcards - Add Pydantic Field validation (gt=0) to purchase amounts and user credentials - Add logging to all silent exception handlers in btc.py - Run backend and frontend Docker containers as non-root appuser - Add .dockerignore for both backend and frontend - Pass SECRET_KEY env var through docker-compose; add healthchecks to both services - Update bcrypt from pinned 3.2.2 to >=4.0.0 - Capture error objects in frontend catch blocks; check admin delete response Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-26 18:40:41 +01:00
Jonathan	3907414742	Add full-stack BTC portfolio web app Multi-user FastAPI + React app with JWT auth, SQLite storage, and CoinGecko price integration. Dockerized with docker-compose. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-23 22:15:40 +01:00

Author

SHA1

Message

Date

Jonathan

11b020907d

Revert backend Dockerfile to run as root

Non-root appuser can't write to the host-mounted SQLite data volume —
chown in the image layer doesn't carry over to runtime volume mounts.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-26 18:45:41 +01:00

Jonathan

85455f3271

Security hardening: secrets, validation, Docker, and error handling

- Add root .gitignore to prevent btc_wallet.py (with RPC credentials) from being committed
- Load JWT SECRET_KEY from environment variable instead of hardcoded value
- Restrict CORS to explicit methods/headers instead of wildcards
- Add Pydantic Field validation (gt=0) to purchase amounts and user credentials
- Add logging to all silent exception handlers in btc.py
- Run backend and frontend Docker containers as non-root appuser
- Add .dockerignore for both backend and frontend
- Pass SECRET_KEY env var through docker-compose; add healthchecks to both services
- Update bcrypt from pinned 3.2.2 to >=4.0.0
- Capture error objects in frontend catch blocks; check admin delete response

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-26 18:40:41 +01:00

Jonathan

3907414742

Add full-stack BTC portfolio web app

Multi-user FastAPI + React app with JWT auth, SQLite storage, and
CoinGecko price integration. Dockerized with docker-compose.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-23 22:15:40 +01:00

3 Commits