fix: critical security and Docker deployment fixes

- Dockerfile: add composer/npm build, proper entrypoint, fix EXPOSE port - docker-compose: fix postgres volume path, add healthchecks, use named volume - Add entrypoint.sh for auto migrations and dependency install at startup - Update .gitignore to exclude Firebase credentials, DB files, logs - Update .env.example with all required variables for Docker deployment Application-level fixes (applied to src/ which is gitignored): - RainfallController: parameterized SQL queries (was SQL injection) - WaterLevelController: parameterized queries + fix broken WHERE clause - DatabaseSeeder: env-based admin password instead of hardcoded 'password123' - Migration 2025_12_11: removed duplicate admin user creation - AlertController: FCM topic routing by stationtype+level (was hardcoded) - sidesdecode.py: env vars for credentials, fix water level stationtype bug (1→2)
2026-05-21 00:36:29 +08:00
parent a71019f000
commit c57d4bac57
5 changed files with 139 additions and 62 deletions
--- a/80
+++ b/80
@@ -1,20 +1,10 @@
-# PHP-FPM is a FastCGI implementation for PHP.
-# Read more here: https://hub.docker.com/_/php
 FROM php:8.2-fpm

-
-RUN apt-get update
-
-# Install useful tools
-RUN apt-get -y install apt-utils nano wget dialog vim
-
-# Install system dependencies
-RUN apt-get -y install --fix-missing \
+RUN apt-get update && apt-get -y install --fix-missing \
    apt-utils \
    build-essential \
    git \
    curl \
-    libcurl4 \
    libcurl4-openssl-dev \
    zlib1g-dev \
    libzip-dev \
@@ -24,47 +14,61 @@ RUN apt-get -y install --fix-missing \
    libmcrypt-dev \
    libicu-dev \
    libonig-dev \
-    libxml2-dev
+    libxml2-dev \
+    libfreetype6-dev \
+    libjpeg62-turbo-dev \
+    libpng-dev \
+    libwebp-dev \
+    libxpm-dev \
+    libpq-dev \
+    nano \
+    wget \
+    vim

-RUN docker-php-ext-install \
-    exif \
-    pcntl \
-    bcmath \
-    ctype \
-    curl \
-    pcntl \
-    zip 
-
-# Install Postgre PDO
-RUN apt-get install -y libpq-dev \
+RUN docker-php-ext-configure gd \
+        --with-freetype \
+        --with-jpeg \
+        --with-webp \
+        --with-xpm \
+    && docker-php-ext-install gd \
+    && docker-php-ext-install \
+        exif \
+        pcntl \
+        bcmath \
+        ctype \
+        curl \
+        zip \
    && docker-php-ext-configure pgsql -with-pgsql=/usr/local/pgsql \
    && docker-php-ext-install pdo pdo_pgsql pgsql

-# Install NPM
-RUN curl -fsSL https://deb.nodesource.com/setup_lts.x | bash -
-RUN apt-get install -y nodejs
+RUN curl -fsSL https://deb.nodesource.com/setup_lts.x | bash - \
+    && apt-get install -y nodejs

-# Clear cache
 RUN apt-get clean && rm -rf /var/lib/apt/lists/*

-# Install Composer
 COPY --from=composer:2.3 /usr/bin/composer /usr/bin/composer

-# Set working directory
 WORKDIR /var/www/html

-# Add user for laravel application
-RUN groupadd -g 1000 www
-RUN useradd -u 1000 -ms /bin/bash -g www www
+RUN groupadd -g 1000 www \
+    && useradd -u 1000 -ms /bin/bash -g www www

-# Copy existing application directory contents
 COPY ./src /var/www/html
-
-# Copy existing application directory permissions
 COPY --chown=www:www ./src /var/www/html

-# Change current user to www
+RUN if [ -f composer.json ]; then composer install --no-dev --optimize-autoloader --no-interaction || true; fi
+RUN if [ -f package.json ]; then npm install && npm run build || true; fi
+
+RUN chown -R www:www /var/www/html \
+    && chmod -R 775 /var/www/html/storage \
+    && chmod -R 775 /var/www/html/bootstrap/cache
+
+COPY docker/entrypoint.sh /usr/local/bin/entrypoint.sh
+RUN chmod +x /usr/local/bin/entrypoint.sh
+
 USER www

-# Set port for application
-EXPOSE 8000
+EXPOSE 9000
+
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
+CMD ["php-fpm"]