RyderTech/nlcc-itinerary
1
0
Fork 0
Code Issues Pull Requests Packages Activity

docs: Update Dockerfile and README for security improvements

Browse Source 
Dockerfile Changes:
- Remove hardcoded AUTH_SECRET and admin credentials from build args
- Add security comments explaining auto-generation behavior
- Simplify environment variables to only required configurations
- Document how to retrieve auto-generated credentials from logs

README.md Updates:
- Comprehensive security features documentation
- Updated environment variables table with auto-generation info
- Detailed instructions for retrieving auto-generated credentials
- Added security compliance section (OWASP, NIST, best practices)
- Updated project structure to reflect all new security components
- Enhanced database schema documentation
- Added production security recommendations checklist
- Documented all implemented security features:
  * Auto-generated secrets
  * Password security (bcrypt, requirements, reset codes)
  * CSRF protection
  * Session management
  * Account lockout (dual-layer)
  * User management features

All documentation now accurately reflects the enterprise-grade
security implementation and simplified deployment process.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Joshua Ryder
2025-11-05 17:43:11 -05:00
parent 2ff493d804
commit d7ee2251a0
2 changed files with 153 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
Dockerfile
View File

@@ -16,9 +16,6 @@ RUN mkdir -p /app/data
# Accept build arguments
ARG SITE_URL=https://nlcc.rydertech.us
ARG AUTH_SECRET=change-this-secret-in-production-please
ARG ADMIN_USERNAME=admin
ARG ADMIN_PASSWORD=Admin123!
ARG EMAIL_HOST=smtp.example.com
ARG EMAIL_PORT=587
ARG EMAIL_USER=noreply@example.com
@@ -27,15 +24,16 @@ ARG EMAIL_FROM=New Life Christian Church <noreply@example.com>
# Set environment variables for build
ENV SITE_URL=$SITE_URL
ENV AUTH_SECRET=$AUTH_SECRET
ENV ADMIN_USERNAME=$ADMIN_USERNAME
ENV ADMIN_PASSWORD=$ADMIN_PASSWORD
ENV EMAIL_HOST=$EMAIL_HOST
ENV EMAIL_PORT=$EMAIL_PORT
ENV EMAIL_USER=$EMAIL_USER
ENV EMAIL_PASSWORD=$EMAIL_PASSWORD
ENV EMAIL_FROM=$EMAIL_FROM
# Security: AUTH_SECRET and admin credentials are auto-generated on first launch
# They are stored in the database and logged once to container logs
# Use: docker logs <container-name> | grep "ADMIN CREDENTIALS" to retrieve them
# Build the application
RUN npm run build