From 7caf7c7e936cced1a2645b01170e0b456ef9748a Mon Sep 17 00:00:00 2001 From: workhardbekind Date: Sun, 26 Oct 2025 12:36:23 -0400 Subject: [PATCH] fixes for security --- docker-compose.yml | 36 +++++----------------------- src-frontend/src/pages/StravaLink.js | 2 +- 2 files changed, 7 insertions(+), 31 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index bee5287..424f1a8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,36 +2,16 @@ version: '3.9' services: workoutchallenge: + image: workhardbekind/workout_challenge container_name: workoutchallenge - build: . ports: - "80:80" - "5555:5555" # Celery Flower task monitoring - do not open to public - only for local network for debugging - "9001:9001" # Supervisord process monitoring - do not open to public - only for local network for debugging - "8000:8000" # Django admin space - do not open to public - only for local network for debugging volumes: - - django_data:/workout_challenge/src-backend/data - environment: - - POSTGRES_HOST=workoutchallenge-database - - POSTGRES_DB=workoutchallenge - - POSTGRES_USER=postgres - - POSTGRES_PASSWORD=password - - MAIN_HOST=http://your-url.com - - HOSTS=http://your-url.com,http://localhost,http://127.0.0.1 - - SECRET_KEY= - - TIME_ZONE=Europe/London - - STRAVA_CLIENT_ID=000000 - - STRAVA_CLIENT_SECRET= - - REACT_APP_SENTRY_DSN=https://@/ - - EMAIL_HOST=smtp.gmail.com - - EMAIL_PORT=465 - - EMAIL_HOST_USER=competition@yourdomain.com - - EMAIL_HOST_PASSWORD=password - - EMAIL_USE_SSL=True - - EMAIL_USE_TLS=False - - EMAIL_FROM=competition@yourdomain.com - - EMAIL_REPLY_TO=support@yourdomain.com - - OPENAI_API_KEY= + - /usr/pi/workout_challenge/django:/workout_challenge/src-backend/data + env_file: .env restart: unless-stopped depends_on: database: @@ -45,16 +25,12 @@ services: - POSTGRES_USER=postgres - POSTGRES_PASSWORD=password ports: - - "5432:5432" + - "5434:5432" volumes: - - postgres_data:/var/lib/postgresql/data + - /home/dave/workout/db:/var/lib/postgresql/data restart: unless-stopped healthcheck: test: [ "CMD-SHELL", "pg_isready -U postgres" ] interval: 5s timeout: 5s - retries: 5 - -volumes: - postgres_data: - django_data: \ No newline at end of file + retries: 5 \ No newline at end of file diff --git a/src-frontend/src/pages/StravaLink.js b/src-frontend/src/pages/StravaLink.js index 005813d..3c4e97b 100644 --- a/src-frontend/src/pages/StravaLink.js +++ b/src-frontend/src/pages/StravaLink.js @@ -25,7 +25,7 @@ export function InitStravaLink() { return /iPad|iPhone|iPod/.test(navigator.userAgent) && !window.MSStream; }; - const urlSecondPart = 'client_id=156364&response_type=code&approval_prompt=force&scope=profile:read_all,activity:read_all&redirect_uri=' + encodedBaseUrl; + const urlSecondPart = 'client_id=178748&response_type=code&approval_prompt=force&scope=profile:read_all,activity:read_all&redirect_uri=' + encodedBaseUrl; let urlFirstPart = ''; if (isIOS()) {