Vectry/agentlens
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 8 Wiki Activity

security: fix trace ownership bypass and externalize secrets to .env

Browse Source 
- Add userId guard in trace upsert to prevent cross-user overwrites
- Move AUTH_SECRET, STRIPE_WEBHOOK_SECRET, POSTGRES_PASSWORD to .env
- docker-compose.yml now references env vars instead of hardcoded secrets
- Add .env.example with placeholder values for documentation
This commit is contained in:
Vectry
2026-02-10 16:53:57 +00:00
parent 539d35b649
commit e9cd11735c
3 changed files with 31 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
docker-compose.yml
View File

@@ -8,13 +8,13 @@ services:
environment:
- NODE_ENV=production
- REDIS_URL=redis://redis:6379
- DATABASE_URL=postgresql://agentlens:agentlens@postgres:5432/agentlens
- AUTH_SECRET=Ge0Gh6bObko0Gdrzv+l0qKHgvut3M7Av8mDFQG9fYzs=
- DATABASE_URL=postgresql://${POSTGRES_USER:-agentlens}:${POSTGRES_PASSWORD:-agentlens}@postgres:5432/${POSTGRES_DB:-agentlens}
- AUTH_SECRET=${AUTH_SECRET}
- AUTH_TRUST_HOST=true
- STRIPE_SECRET_KEY=${STRIPE_SECRET_KEY:-}
- STRIPE_WEBHOOK_SECRET=whsec_ZGT3JCrEK6GWP3cIMvYfrfLplZ3rMn0m
- STRIPE_STARTER_PRICE_ID=price_1SzJUlR8i0An4Wz7gZeYgzBY
- STRIPE_PRO_PRICE_ID=price_1SzJVWR8i0An4Wz755hBrxzn
- STRIPE_WEBHOOK_SECRET=${STRIPE_WEBHOOK_SECRET}
- STRIPE_STARTER_PRICE_ID=${STRIPE_STARTER_PRICE_ID:-price_1SzJUlR8i0An4Wz7gZeYgzBY}
- STRIPE_PRO_PRICE_ID=${STRIPE_PRO_PRICE_ID:-price_1SzJVWR8i0An4Wz755hBrxzn}
- EMAIL_PASSWORD=${EMAIL_PASSWORD:-}
depends_on:
redis:
@@ -45,9 +45,9 @@ services:
postgres:
image: postgres:16-alpine
environment:
- POSTGRES_USER=agentlens
- POSTGRES_PASSWORD=agentlens
- POSTGRES_DB=agentlens
- POSTGRES_USER=${POSTGRES_USER:-agentlens}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-agentlens}
- POSTGRES_DB=${POSTGRES_DB:-agentlens}
volumes:
- agentlens_postgres_data:/var/lib/postgresql/data
healthcheck:
@@ -72,7 +72,7 @@ services:
target: builder
command: npx prisma db push --schema=packages/database/prisma/schema.prisma --skip-generate
environment:
- DATABASE_URL=postgresql://agentlens:agentlens@postgres:5432/agentlens
- DATABASE_URL=postgresql://${POSTGRES_USER:-agentlens}:${POSTGRES_PASSWORD:-agentlens}@postgres:5432/${POSTGRES_DB:-agentlens}
depends_on:
postgres:
condition: service_healthy