π§ Security hardening fixes #1319
Conversation
github-actions
bot
changed the title
There was a problem hiding this comment.
@aymankanso review all comments please and provide updates / do changes in all.
.gitignore
Outdated
| tests/cypress/screenshots/ | ||
| /venv-libratom/ |
There was a problem hiding this comment.
@aymankanso this is a change needed for your local only, please remove the changes you did in .gitignore file from this commit.
Procfile
Outdated
| @@ -1,3 +1,3 @@ | |||
| web: cd backend && gunicorn --workers 1 --threads 256 --worker-class eventlet manage:app | |||
| web: cd backend && FLASK_ENV=production FORCE_HTTPS=true gunicorn --workers 4 --threads 256 --worker-class eventlet --access-logfile - --error-logfile - --log-level info manage:app | |||
There was a problem hiding this comment.
@aymankanso why workers are changed to 4? what is the impact in Heroku for this? why FLASK_ENV=proeduction was added here?
backend/.env.example
Outdated
| @@ -0,0 +1,37 @@ | |||
| # Environment Variables Template | |||
There was a problem hiding this comment.
@aymankanso remove this file, why it was committed?
backend/Dockerfile
Outdated
| @@ -1,16 +1,35 @@ | |||
| # this dockerfile is used for product deployments | |||
| FROM python:3.9 | |||
| FROM python:3.9.18-slim | |||
There was a problem hiding this comment.
@aymankanso why version change?
backend/Dockerfile
Outdated
| RUN apt-get update -y && \ | ||
| apt-get install -y python3-dev python3-pkg-resources python3-setuptools python3-wheel python3-pip && \ | ||
| apt-get clean && \ | ||
| rm -rf /var/lib/apt/lists/* |
There was a problem hiding this comment.
@aymankanso what are these two new lines added for?
apt-get clean &&
rm -rf /var/lib/apt/lists/*
pyproject.toml
Outdated
There was a problem hiding this comment.
@aymankanso why is this file needed? what is the impact in server heroku?
| @@ -1,7 +1,7 @@ | |||
| alembic==1.9.4 ; python_version >= "3.8" and python_version < "4.0" | |||
| apscheduler==3.11.0 ; python_version >= "3.8" and python_version < "4.0" | |||
| authlib==1.3.0 ; python_version >= "3.8" and python_version < "4.0" | |||
| backports-zoneinfo==0.2.1 ; python_version >= "3.8" and python_version < "3.9" | |||
| backports-zoneinfo==0.2.1 ; python_version == "3.8" | |||
| @@ -55,7 +53,7 @@ h11==0.14.0 ; python_version >= "3.8" and python_version < "4.0" | |||
| httplib2==0.21.0 ; python_version >= "3.8" and python_version < "4.0" | |||
| idna==2.10 ; python_version >= "3.8" and python_version < "4.0" | |||
| importlib-metadata==6.0.0 ; python_version >= "3.8" and python_version < "4.0" | |||
| importlib-resources==6.4.5 ; python_version >= "3.8" and python_version < "3.9" | |||
| importlib-resources==6.4.5 ; python_version == "3.8" | |||
| @@ -16,7 +16,6 @@ deprecated==1.2.13 ; python_version >= "3.8" and python_version < "4.0" | |||
| dill==0.2.9 ; python_version >= "3.8" and python_version < "4.0" | |||
| dnspython==1.16.0 ; python_version >= "3.8" and python_version < "4.0" | |||
| email-validator==1.3.1 ; python_version >= "3.8" and python_version < "4.0" | |||
| eventlet==0.30.2 ; python_version >= "3.8" and python_version < "4.0" | |||
There was a problem hiding this comment.
@aymankanso why removed? no longer needed?
| @@ -33,7 +32,6 @@ gcloud==0.18.3 ; python_version >= "3.8" and python_version < "4.0" | |||
| gevent-websocket==0.10.1 ; python_version >= "3.8" and python_version < "4.0" | |||
| gevent==22.10.2 ; python_version >= "3.8" and python_version < "4.0" | |||
| google-api-core==2.11.0 ; python_version >= "3.8" and python_version < "4.0" | |||
| google-api-core[grpc]==2.11.0 ; python_version >= "3.8" and python_version < "4.0" | |||
There was a problem hiding this comment.
@aymankanso why removed? no longer needed?
Status:
Description π
Fixes #number
TODOs β