knee-cola/evidencija-rezija
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: delegate security to CloudFlare and clean up mailgun-webhook

Browse Source 
Remove application-level CORS and IP whitelisting as security is now handled at CloudFlare edge. CORS is not applicable for backend webhook service, and IP whitelisting is more effectively managed at infrastructure layer. Also translate Dockerfile comments to English and add registry URL to build script.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
Nikola Derežić
2026-01-07 12:47:07 +01:00
parent d081386b9f
commit 45d5507bf9
4 changed files with 13 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
mailgun-webhook/Dockerfile
View File

@@ -16,7 +16,7 @@ COPY ./src ./src
RUN npm run build
#--------------------------------------------
# Stage: instaliram produkcijski node_modules
# Stage: installing production node_modules
#--------------------------------------------
FROM node:20 AS package-stage
@@ -24,11 +24,11 @@ WORKDIR /app
COPY ./package*.json ./
# instaliram SAMO produkcijske
# install ONLY production dependencies
RUN npm i --omit=dev && npm cache clean --force
#--------------------------------------------
# Stage: priprema finalnog image-a
# Stage: preparing final image
#--------------------------------------------
FROM gcr.io/distroless/nodejs:20 AS assembly-stage
@@ -45,30 +45,22 @@ ENV PROMETHEUS_APP_LABEL=${PROMETHEUS_APP_LABEL}=${PROMETHEUS_APP_LABEL}
ARG PROMETHEUS_HISTOGRAM_BUCKETS
ENV PROMETHEUS_HISTOGRAM_BUCKETS=${PROMETHEUS_HISTOGRAM_BUCKETS}=${PROMETHEUS_HISTOGRAM_BUCKETS}
# CORS settings: kojim domenama dopuštam pristup slikama
ARG CORS_ALLOWED_ORIGINS
ENV CORS_ALLOWED_ORIGINS=${CORS_ALLOWED_ORIGINS}
# (optional) IP Address whitelist za metrics i prtg router
ARG METRICS_ALLOWED_IP_ADDRESSES
ENV METRICS_ALLOWED_IP_ADDRESSES=${METRICS_ALLOWED_IP_ADDRESSES}
# (optional) uključuje logging u stdout
# (optional) enables logging to stdout
ARG DEBUG
ENV DEBUG=${DEBUG}
# kopiram node-modules
# copying node_modules
COPY --from=package-stage /app/package*.json ./
COPY --from=package-stage /app/node_modules ./node_modules
# kopiram buildane datoteke
# copying built files
COPY --from=build-stage /app/build ./server
# server vrtim pod ograničenim "nobody" korisnikom
# running the server under limited "nobody" user
USER nobody:nobody
HEALTHCHECK --interval=30s --timeout=3s --start-period=10s \
CMD ["/nodejs/bin/node", "./server/healthcheck.js"]
# pokrećem server
# starting the server
CMD ["./server/entry.js"]