lisone/ds2api
1
0
Fork 0
mirror of https://github.com/CJackHwang/ds2api.git synced 2026-05-01 23:15:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

build: improve Docker robustness and fix potential security issues

Browse Source
This commit is contained in:
RinZ27
2026-04-28 23:49:54 +07:00
parent 27eb73d48b
commit 0c782407f5
3 changed files with 40 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
Dockerfile
View File

@@ -28,6 +28,8 @@ FROM debian:bookworm-slim AS runtime-base
WORKDIR /app
RUN apt-get update \
&& apt-get install -y --no-install-recommends ca-certificates \
&& groupadd -r ds2api && useradd -r -g ds2api -d /app -s /sbin/nologin ds2api \
&& mkdir -p /app/data && chown -R ds2api:ds2api /app \
&& rm -rf /var/lib/apt/lists/*
COPY --from=busybox-tools /bin/busybox /usr/local/bin/busybox
EXPOSE 5001
@@ -36,8 +38,9 @@ CMD ["/usr/local/bin/ds2api"]
FROM runtime-base AS runtime-from-source
COPY --from=go-builder /out/ds2api /usr/local/bin/ds2api
COPY --from=go-builder /app/config.example.json /app/config.example.json
COPY --from=webui-builder /app/static/admin /app/static/admin
COPY --from=go-builder --chown=ds2api:ds2api /app/config.example.json /app/config.example.json
COPY --from=webui-builder --chown=ds2api:ds2api /app/static/admin /app/static/admin
USER ds2api
FROM busybox-tools AS dist-extract
ARG TARGETARCH
@@ -60,7 +63,8 @@ RUN set -eux; \
FROM runtime-base AS runtime-from-dist
COPY --from=dist-extract /out/ds2api /usr/local/bin/ds2api
COPY --from=dist-extract /out/config.example.json /app/config.example.json
COPY --from=dist-extract /out/static/admin /app/static/admin
COPY --from=dist-extract --chown=ds2api:ds2api /out/config.example.json /app/config.example.json
COPY --from=dist-extract --chown=ds2api:ds2api /out/static/admin /app/static/admin
USER ds2api
FROM runtime-from-source AS final

1
cmd/ds2api/main.go
View File

@@ -37,6 +37,7 @@ func main() {
srv := &http.Server{
Addr: "0.0.0.0:" + port,
Handler: app.Router,
ReadHeaderTimeout: 5 * time.Second,
}
localURL := fmt.Sprintf("http://127.0.0.1:%s", port)
lanIP := detectLANIPv4()

18
start.mjs
View File

@@ -126,9 +126,12 @@ function binaryExists() {
// 查找占用端口的进程 PID
function findPidByPort(port) {
const numericPort = parseInt(port, 10);
if (isNaN(numericPort)) return [];
try {
if (isWindows) {
const output = execSync(`netstat -ano | findstr :${port} | findstr LISTENING`, {
const output = execSync(`netstat -ano | findstr :${numericPort} | findstr LISTENING`, {
encoding: 'utf-8',
shell: true,
stdio: ['pipe', 'pipe', 'ignore'],
@@ -141,7 +144,7 @@ function findPidByPort(port) {
}
return [...pids];
} else {
const output = execSync(`lsof -ti :${port}`, {
const output = execSync(`lsof -ti :${numericPort}`, {
encoding: 'utf-8',
stdio: ['pipe', 'pipe', 'ignore'],
});
@@ -217,7 +220,7 @@ async function installFrontendDeps() {
const proc = spawn('npm', ['ci', '--registry', MIRRORS.npm], {
cwd: CONFIG.webuiDir,
stdio: 'inherit',
shell: true,
shell: isWindows,
});
proc.on('close', code => code === 0 ? resolve() : reject(new Error('前端依赖安装失败')));
});
@@ -239,7 +242,7 @@ async function buildBackend() {
const proc = spawn('go', ['build', '-o', BINARY, './cmd/ds2api'], {
cwd: __dirname,
stdio: 'inherit',
shell: true,
shell: isWindows,
env: { ...process.env, GOPROXY: MIRRORS.goproxy },
});
proc.on('close', code => code === 0 ? resolve() : reject(new Error('后端编译失败')));
@@ -257,7 +260,7 @@ async function buildWebui() {
return new Promise((resolve, reject) => {
const proc = spawn(
'npm', ['run', 'build', '--', '--outDir', CONFIG.staticAdminDir, '--emptyOutDir'],
{ cwd: CONFIG.webuiDir, stdio: 'inherit', shell: true }
{ cwd: CONFIG.webuiDir, stdio: 'inherit', shell: isWindows }
);
proc.on('close', code => code === 0 ? resolve() : reject(new Error('前端构建失败')));
});
@@ -270,9 +273,8 @@ async function startBackendDev() {
const proc = spawn('go', ['run', './cmd/ds2api'], {
cwd: __dirname,
stdio: 'inherit',
shell: true,
env: {
...process.env,
shell: isWindows,
env: { ...process.env,
PORT: CONFIG.port,
LOG_LEVEL: CONFIG.logLevel,
DS2API_ADMIN_KEY: CONFIG.adminKey,