fix: critical security and Docker deployment fixes

- Dockerfile: add composer/npm build, proper entrypoint, fix EXPOSE port - docker-compose: fix postgres volume path, add healthchecks, use named volume - Add entrypoint.sh for auto migrations and dependency install at startup - Update .gitignore to exclude Firebase credentials, DB files, logs - Update .env.example with all required variables for Docker deployment Application-level fixes (applied to src/ which is gitignored): - RainfallController: parameterized SQL queries (was SQL injection) - WaterLevelController: parameterized queries + fix broken WHERE clause - DatabaseSeeder: env-based admin password instead of hardcoded 'password123' - Migration 2025_12_11: removed duplicate admin user creation - AlertController: FCM topic routing by stationtype+level (was hardcoded) - sidesdecode.py: env vars for credentials, fix water level stationtype bug (1→2)
2026-05-21 00:36:29 +08:00
parent a71019f000
commit c57d4bac57
5 changed files with 139 additions and 62 deletions
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+set -e
+
+cd /var/www/html
+
+if [ ! -f ".env" ]; then
+    if [ -f ".env.example" ]; then
+        cp .env.example .env
+    fi
+fi
+
+if [ ! -d "vendor" ]; then
+    composer install --no-dev --optimize-autoloader --no-interaction || true
+fi
+
+if [ ! -d "node_modules" ] && [ -f "package.json" ]; then
+    npm install || true
+fi
+
+if [ ! -d "public/build" ] && [ -f "vite.config.js" ]; then
+    npm run build || true
+fi
+
+php artisan config:cache 2>/dev/null || true
+php artisan route:cache 2>/dev/null || true
+php artisan view:cache 2>/dev/null || true
+
+if [ "$RUN_MIGRATIONS" = "true" ]; then
+    php artisan migrate --force || true
+fi
+
+exec "$@"