fix: critical security and Docker deployment fixes

- Dockerfile: add composer/npm build, proper entrypoint, fix EXPOSE port - docker-compose: fix postgres volume path, add healthchecks, use named volume - Add entrypoint.sh for auto migrations and dependency install at startup - Update .gitignore to exclude Firebase credentials, DB files, logs - Update .env.example with all required variables for Docker deployment Application-level fixes (applied to src/ which is gitignored): - RainfallController: parameterized SQL queries (was SQL injection) - WaterLevelController: parameterized queries + fix broken WHERE clause - DatabaseSeeder: env-based admin password instead of hardcoded 'password123' - Migration 2025_12_11: removed duplicate admin user creation - AlertController: FCM topic routing by stationtype+level (was hardcoded) - sidesdecode.py: env vars for credentials, fix water level stationtype bug (1→2)
2026-05-21 00:36:29 +08:00
parent a71019f000
commit c57d4bac57
5 changed files with 139 additions and 62 deletions
--- a/.env.example
+++ b/.env.example
@@ -3,3 +3,18 @@ POSTGRES_USER="<your_db_user>"
 POSTGRES_PASSWORD="<your_db_password>"
 PGADMIN_EMAIL="<your_pgadmin_name>"
 PGADMIN_PASSWORD="<your_pgadmin_password>"
+
+FIREBASE_PROJECT_ID="<your_firebase_project_id>"
+FIREBASE_CREDENTIALS="<path_to_firebase_credentials_json>"
+
+FCM_TOPIC_RAINFALL_WARNING="rainfall_warning"
+FCM_TOPIC_RAINFALL_DANGER="rainfall_danger"
+FCM_TOPIC_WATERLEVEL_ALERT="waterlevel_alert"
+FCM_TOPIC_WATERLEVEL_DANGER="waterlevel_danger"
+
+ADMIN_EMAIL="admin@example.com"
+ADMIN_PASSWORD="<set_a_strong_password>"
+
+FTP_SERVER="<your_ftp_server>"
+FTP_USERNAME="<your_ftp_username>"
+FTP_PASSWORD="<your_ftp_password>"