diff --git a/backend/.dockerignore b/backend/.dockerignore new file mode 100644 index 0000000..8ba2e00 --- /dev/null +++ b/backend/.dockerignore @@ -0,0 +1,6 @@ +.git +__pycache__ +*.pyc +.env +.env.* +*.md diff --git a/deployer/.dockerignore b/deployer/.dockerignore new file mode 100644 index 0000000..8ba2e00 --- /dev/null +++ b/deployer/.dockerignore @@ -0,0 +1,6 @@ +.git +__pycache__ +*.pyc +.env +.env.* +*.md diff --git a/deployer/app.py b/deployer/app.py index 4e1c741..92dcc60 100644 --- a/deployer/app.py +++ b/deployer/app.py @@ -32,6 +32,10 @@ def run_deploy_script(): except Exception as e: logger.exception(f"Exception during deployment: {e}") +@app.get("/health") +def health(): + return {"status": "healthy", "service": "deployer"} + @app.post("/webhook") async def webhook(req: Request, background_tasks: BackgroundTasks): body = await req.body() diff --git a/music-lab/.dockerignore b/music-lab/.dockerignore new file mode 100644 index 0000000..8ba2e00 --- /dev/null +++ b/music-lab/.dockerignore @@ -0,0 +1,6 @@ +.git +__pycache__ +*.pyc +.env +.env.* +*.md diff --git a/music-lab/app/main.py b/music-lab/app/main.py index e36a1a8..aa933ed 100644 --- a/music-lab/app/main.py +++ b/music-lab/app/main.py @@ -16,11 +16,13 @@ from .db import ( app = FastAPI() +_cors_origins = os.getenv("CORS_ALLOW_ORIGINS", "http://localhost:3007,http://localhost:8080").split(",") app.add_middleware( CORSMiddleware, - allow_origins=["*"], - allow_methods=["*"], - allow_headers=["*"], + allow_origins=[o.strip() for o in _cors_origins], + allow_credentials=False, + allow_methods=["GET", "POST", "PUT", "DELETE", "OPTIONS"], + allow_headers=["Content-Type"], ) MUSIC_AI_SERVER_URL = os.getenv("MUSIC_AI_SERVER_URL", "") diff --git a/stock-lab/.dockerignore b/stock-lab/.dockerignore new file mode 100644 index 0000000..8ba2e00 --- /dev/null +++ b/stock-lab/.dockerignore @@ -0,0 +1,6 @@ +.git +__pycache__ +*.pyc +.env +.env.* +*.md diff --git a/stock-lab/app/main.py b/stock-lab/app/main.py index 42249cc..78f6bf4 100644 --- a/stock-lab/app/main.py +++ b/stock-lab/app/main.py @@ -23,12 +23,13 @@ from .price_fetcher import get_current_prices app = FastAPI() # CORS 설정 (프론트엔드 접근 허용) +_cors_origins = os.getenv("CORS_ALLOW_ORIGINS", "http://localhost:3007,http://localhost:8080").split(",") app.add_middleware( CORSMiddleware, - allow_origins=["*"], # 운영 시에는 구체적인 도메인으로 제한하는 것이 좋음 - allow_credentials=True, - allow_methods=["*"], - allow_headers=["*"], + allow_origins=[o.strip() for o in _cors_origins], + allow_credentials=False, + allow_methods=["GET", "POST", "PUT", "DELETE", "OPTIONS"], + allow_headers=["Content-Type"], ) scheduler = BackgroundScheduler(timezone=os.getenv("TZ", "Asia/Seoul")) diff --git a/travel-proxy/.dockerignore b/travel-proxy/.dockerignore new file mode 100644 index 0000000..8ba2e00 --- /dev/null +++ b/travel-proxy/.dockerignore @@ -0,0 +1,6 @@ +.git +__pycache__ +*.pyc +.env +.env.* +*.md diff --git a/travel-proxy/app/main.py b/travel-proxy/app/main.py index 83f3d7b..7b12c3f 100644 --- a/travel-proxy/app/main.py +++ b/travel-proxy/app/main.py @@ -168,6 +168,10 @@ def scan_album(album: str) -> List[Dict[str, Any]]: # ----------------------------- # Routes # ----------------------------- +@app.get("/health") +def health(): + return {"status": "healthy", "service": "travel-proxy"} + @app.get("/api/travel/regions") def regions(): _meta_changed_invalidate_cache() @@ -239,12 +243,18 @@ def photos( @app.get("/media/travel/.thumb/{album}/{filename}") def get_thumb(album: str, filename: str): + if ".." in album or ".." in filename: + raise HTTPException(400, "Invalid path") + src = (ROOT / album / filename).resolve() + if not str(src).startswith(str(ROOT)): + raise HTTPException(403, "Access denied") + if not src.exists() or not src.is_file(): + raise HTTPException(404, "Source not found") + + p = ensure_thumb(src, album) if not p.exists() or not p.is_file(): raise HTTPException(404, "Thumbnail not found") - - # src로부터 thumb 생성/확인 (원본 확장자 유지) - p = ensure_thumb(src, album) return FileResponse(str(p)) @app.get("/api/version")