curo1305
5349f21752
New FastAPI microservice (port 8020) providing unified blob storage via PUT/GET/DELETE/LIST HTTP API. Local filesystem backend is the default (zero extra deps). S3-compatible and WebDAV backends are built in. Backend is switchable at runtime via POST /migrate, which copies all objects to the new backend, verifies each one, atomically switches, then cleans up the old backend. WebDAV XML parsing uses defusedxml to prevent XXE attacks. Wired into docker-compose (storage_data volume) and registered in the backend service-health poller as 'storage-service'. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
33 lines
1.0 KiB
Docker
33 lines
1.0 KiB
Docker
# ── Stage 1: dependency installation ─────────────────────────────────────────
|
|
FROM python:3.12-slim AS builder
|
|
|
|
WORKDIR /app
|
|
|
|
RUN pip install --upgrade pip
|
|
|
|
COPY pyproject.toml .
|
|
RUN pip install --prefix=/install .
|
|
|
|
# ── Stage 2: runtime ──────────────────────────────────────────────────────────
|
|
FROM python:3.12-slim
|
|
|
|
# Create non-root user (UID/GID 1001)
|
|
RUN groupadd --gid 1001 appuser && \
|
|
useradd --uid 1001 --gid 1001 --no-create-home --shell /bin/sh appuser
|
|
|
|
# Pre-create data dir with correct ownership.
|
|
# Named volume mounted over this path will inherit ownership on first creation.
|
|
RUN mkdir -p /data/storage && chown -R appuser:appuser /data
|
|
|
|
WORKDIR /app
|
|
|
|
COPY --from=builder /install /usr/local
|
|
COPY --chown=appuser:appuser app ./app
|
|
COPY --chown=appuser:appuser scripts ./scripts
|
|
|
|
USER appuser
|
|
|
|
EXPOSE 8020
|
|
|
|
CMD ["sh", "scripts/start.sh"]
|