7ce430cc1d
- auth: first registered user becomes superadmin (active immediately) - entrypoint: no longer seeds demo data in prod (opt-in via RUN_SEED=1) - config: refuse to boot in prod with weak/placeholder SECRET_KEY (<32 chars) - main: restrict CORS to FRONTEND_URL only in prod (localhost dev-only) - seed_db: block prod seeding, read passwords from env, stop printing them - login: remove demo account credentials from UI Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
18 lines
593 B
Bash
Executable File
18 lines
593 B
Bash
Executable File
#!/bin/bash
|
|
set -e
|
|
|
|
# Database tables are created automatically on application startup
|
|
# (app/main.py runs Base.metadata.create_all). The first user to register
|
|
# becomes the superadmin (the instance owner), so no admin seeding is needed.
|
|
#
|
|
# The demo seed (seed_db.py) plants sample accounts and content for LOCAL
|
|
# DEVELOPMENT only. It is opt-in: set RUN_SEED=1 to enable it. Never set
|
|
# RUN_SEED=1 in production.
|
|
if [ "${RUN_SEED}" = "1" ]; then
|
|
echo "[entrypoint] RUN_SEED=1 -> running demo database seed..."
|
|
python seed_db.py
|
|
fi
|
|
|
|
echo "[entrypoint] Starting application..."
|
|
exec "$@"
|