damanukyan/cryptowallet
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: security audit fixes

Browse Source
This commit is contained in:
ZOMBIIIIIII
2026-05-13 00:17:32 +03:00
parent e87d178d71
commit 1498ed3431
31 changed files with 2198 additions and 339 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
Dockerfile
View File

@@ -1,24 +1,33 @@
# ──────────────────────────────────────────────────────────────────
# Production Dockerfile — multi-stage build для shippable image.
# Финальный image: только compiled dist + prod deps + tini, runs as uid 1001.
# ──────────────────────────────────────────────────────────────────
FROM node:20-alpine AS base
RUN corepack enable && corepack prepare pnpm@10.28.2 --activate \
&& apk add --no-cache python3 make g++
WORKDIR /app
# ── Stage 1: install ALL deps (incl. devDeps) для build ──
FROM base AS deps
COPY pnpm-lock.yaml pnpm-workspace.yaml package.json ./
COPY apps/api/package.json apps/api/
RUN pnpm install --frozen-lockfile --prod=false
# ── Stage 2: TypeScript compile ──
FROM base AS build
COPY --from=deps /app/node_modules ./node_modules
COPY --from=deps /app/apps/api/node_modules ./apps/api/node_modules
COPY . .
RUN cd apps/api && pnpm build
# ── Stage 3: prod-only deps (без devDeps, меньше image) ──
FROM base AS prod-deps
COPY pnpm-lock.yaml pnpm-workspace.yaml package.json ./
COPY apps/api/package.json apps/api/
RUN pnpm install --frozen-lockfile --prod
# ── Stage 4: runtime image — minimal surface ──
FROM node:20-alpine AS runtime
RUN apk add --no-cache tini wget \
&& addgroup -S app -g 1001 \
@@ -26,13 +35,11 @@ RUN apk add --no-cache tini wget \
WORKDIR /app/apps/api
COPY --from=prod-deps --chown=app:app /app/node_modules /app/node_modules
COPY --from=prod-deps --chown=app:app /app/apps/api/node_modules ./node_modules
COPY --from=build --chown=app:app /app/apps/api/dist ./dist
COPY --from=build --chown=app:app /app/apps/api/swagger.json ./swagger.json
COPY --from=build --chown=app:app /app/apps/api/package.json ./package.json
RUN mkdir -p /app/logs && chown -R app:app /app/logs
COPY --from=prod-deps --chown=app:app /app/node_modules /app/node_modules
COPY --from=prod-deps --chown=app:app /app/apps/api/node_modules ./node_modules
COPY --from=build --chown=app:app /app/apps/api/dist ./dist
COPY --from=build --chown=app:app /app/apps/api/swagger.json ./swagger.json
COPY --from=build --chown=app:app /app/apps/api/package.json ./package.json
USER app
EXPOSE 3001