Extended the API security, added api documentation, added delete endpoint, more secure docker image.

2026-02-04 05:22:02 +00:00 · 2025-02-15 20:57:24 +01:00
parent 40ab25987c
commit 0d908ccfe8
70 changed files with 2945 additions and 2082 deletions
--- a/127
+++ b/127
@@ -1,73 +1,56 @@
+# --- Stage 1: Builder Stage ---
+    FROM rust:1.75-slim-bookworm AS builder

-        # syntax=docker/dockerfile:1
-
-        # Comments are provided throughout this file to help you get started.
-        # If you need more help, visit the Dockerfile reference guide at
-        # https://docs.docker.com/engine/reference/builder/
-        
-        ################################################################################
-        # Create a stage for building the application.
-        
-        ARG RUST_VERSION=1.78.0
-        ARG APP_NAME=backend
-        FROM rust:${RUST_VERSION}-slim-bullseye AS build
-        ARG APP_NAME
-        WORKDIR /app
-        
-        # Build the application.
-        # Leverage a cache mount to /usr/local/cargo/registry/
-        # for downloaded dependencies and a cache mount to /app/target/ for 
-        # compiled dependencies which will speed up subsequent builds.
-        # Leverage a bind mount to the src directory to avoid having to copy the
-        # source code into the container. Once built, copy the executable to an
-        # output directory before the cache mounted /app/target is unmounted.
-        RUN --mount=type=bind,source=src,target=src \
-            # --mount=type=bind,source=configuration.yaml,target=configuration.yaml \
-            --mount=type=bind,source=Cargo.toml,target=Cargo.toml \
-            --mount=type=bind,source=Cargo.lock,target=Cargo.lock \
-            --mount=type=cache,target=/app/target/ \
-            --mount=type=cache,target=/usr/local/cargo/registry/ \
-            <<EOF
-        set -e
-        cargo build --locked --release
-        cp ./target/release/$APP_NAME /bin/server
-        EOF
-        
-        # COPY  /src/web /bin/web
-        ################################################################################
-        # Create a new stage for running the application that contains the minimal
-        # runtime dependencies for the application. This often uses a different base
-        # image from the build stage where the necessary files are copied from the build
-        # stage.
-        #
-        # The example below uses the debian bullseye image as the foundation for running the app.
-        # By specifying the "bullseye-slim" tag, it will also use whatever happens to be the
-        # most recent version of that tag when you build your Dockerfile. If
-        # reproducability is important, consider using a digest
-        # (e.g., debian@sha256:ac707220fbd7b67fc19b112cee8170b41a9e97f703f588b2cdbbcdcecdd8af57).
-        FROM debian:bullseye-slim AS final
-        
-        # Create a non-privileged user that the app will run under.
-        # See https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user
-        ARG UID=10001
-        RUN adduser \
-            --disabled-password \
-            --gecos "" \
-            --home "/nonexistent" \
-            --shell "/sbin/nologin" \
-            --no-create-home \
-            --uid "${UID}" \
-            appuser
-        USER appuser
-        
-        # Copy the executable from the "build" stage.
-        COPY --from=build /bin/server /bin/
-        
-        # Expose the port that the application listens on.
-        EXPOSE 80
-        
-        # What the container should run when it is started.
-        CMD ["/bin/server"]
-        
-
-        
+    WORKDIR /app
+    
+    # Install required build dependencies
+    RUN apt-get update && apt-get install -y --no-install-recommends \
+        pkg-config \
+        libssl-dev \
+        && rm -rf /var/lib/apt/lists/*
+    
+    # Cache dependencies
+    COPY Cargo.toml Cargo.lock ./
+    RUN cargo fetch --locked
+    
+    # Copy source code
+    COPY src src/
+    COPY build.rs build.rs
+    
+    # Build the application in release mode
+    RUN cargo build --release --locked
+    
+    # Strip debug symbols to reduce binary size
+    RUN strip /app/target/release/Axium
+    
+    
+    # --- Stage 2: Runtime Stage ---
+    FROM debian:bookworm-slim
+    
+    # Install runtime dependencies only
+    RUN apt-get update && apt-get install -y --no-install-recommends \
+        ca-certificates \
+        openssl \
+        && rm -rf /var/lib/apt/lists/*
+    
+    # Create non-root user
+    RUN useradd --no-log-init -r -m -u 1001 appuser
+    
+    WORKDIR /app
+    
+    # Copy built binary from builder stage
+    COPY --from=builder /app/target/release/Axium .
+    
+    # Copy environment file (consider secrets management for production)
+    COPY .env .env
+    
+    # Change ownership to non-root user
+    RUN chown -R appuser:appuser /app
+    
+    USER appuser
+    
+    # Expose the application port
+    EXPOSE 3000
+    
+    # Run the application
+    CMD ["./Axium"]