Pin versions, add resource limits, and harden config

- Pin all Docker image tags (mysql 8.0.40, python 3.12.13-slim, node 20.20.1-alpine, nginx 1.29.6-alpine) - Pin all frontend npm dependencies to exact versions (remove ^ ranges) - Add mem_limit and cpus resource limits to all three containers - Add non-root appuser to backend Dockerfile - Migrate JWT from python-jose to PyJWT - Remove default admin_password in config.py — must be explicitly set in .env - Add DOCS_ENABLED flag to config and .env.example (default false) - Add indexes on session_date, is_active, event_type in session models - Add limit/offset pagination to all log endpoints Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-22 00:01:32 -07:00
parent 3022bc328b
commit 663b506868
9 changed files with 45 additions and 21 deletions
--- a/backend/app/config.py
+++ b/backend/app/config.py
@@ -10,7 +10,8 @@ class Settings(BaseSettings):
    refresh_token_expire_days: int = 30
    cors_origins: str = "http://localhost:8054"
    admin_username: str = "admin"
-    admin_password: str = "change_me_admin_password"
+    admin_password: str  # no default — must be explicitly set in .env
+    docs_enabled: bool = False

    @property
    def cors_origins_list(self) -> list[str]: