monoadmin/remotelink-docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
27673daa63684e9cd1a28bc10555f0cca041e674
remotelink-docker/docker-compose.yml
monoadmin 27673daa63 Fix critical and high security issues 
- exec_script: relay now enforces admin role before forwarding to agent
- relay CORS: restrict allow_origins via ALLOWED_ORIGINS env var (docker-compose passes app URL)
- session-code: replace Math.random() with crypto.randomInt, add per-key rate limit (10 req/min)
- sessions GET: fix IDOR — users can only read their own sessions (admins see all)
- signal API: validate session ownership on create; enforce ownerUserId on all subsequent actions

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-10 23:38:03 -07:00

62 lines
1.8 KiB
YAML
Raw Blame History

name: remotelink
services:
postgres:
image: postgres:17-alpine
container_name: remotelink-db
restart: unless-stopped
environment:
POSTGRES_USER: ${POSTGRES_USER:-remotelink}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_DB: ${POSTGRES_DB:-remotelink}
volumes:
- postgres_data:/var/lib/postgresql/data
- ./db/migrations/0001_initial.sql:/docker-entrypoint-initdb.d/0001_initial.sql:ro
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-remotelink}"]
interval: 10s
timeout: 5s
retries: 5
app:
build:
context: .
dockerfile: Dockerfile
args:
NEXT_PUBLIC_APP_URL: ${NEXT_PUBLIC_APP_URL:-http://localhost:3000}
NEXT_PUBLIC_RELAY_URL: ${NEXT_PUBLIC_RELAY_URL:-localhost:8765}
image: remotelink:latest
container_name: remotelink-app
restart: unless-stopped
ports:
- "3000:3000"
environment:
DATABASE_URL: postgresql://${POSTGRES_USER:-remotelink}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB:-remotelink}
AUTH_SECRET: ${AUTH_SECRET}
NEXT_PUBLIC_APP_URL: ${NEXT_PUBLIC_APP_URL:-http://localhost:3000}
NEXT_PUBLIC_RELAY_URL: ${NEXT_PUBLIC_RELAY_URL:-localhost:8765}
env_file:
- .env
depends_on:
postgres:
condition: service_healthy
relay:
build:
context: ./relay
dockerfile: Dockerfile
image: remotelink-relay:latest
container_name: remotelink-relay
restart: unless-stopped
ports:
- "8765:8765"
environment:
DATABASE_URL: postgresql://${POSTGRES_USER:-remotelink}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB:-remotelink}
ALLOWED_ORIGINS: ${NEXT_PUBLIC_APP_URL:-http://localhost:3000}
depends_on:
postgres:
condition: service_healthy
volumes:
postgres_data:
Reference in New Issue View Git Blame Copy Permalink