Add API anti-abuse hardening: disable docs in prod, origin validator, exception handler

- Disable OpenAPI docs/redoc/openapi.json when APP_ENV=production - Strip uvicorn Server header with --no-server-header in Dockerfile and docker-compose.yml - Add OriginValidatorMiddleware to reject state-changing requests from disallowed origins - Add global exception handler to prevent stack trace leakage on unhandled errors - Add tests for all new security features (OpenAPI, origin validation, exception handler, server header)
2026-02-08 20:06:46 +00:00 · 2026-02-08 20:06:46 +00:00 · 1ace45353a
commit 1ace45353a
parent 162d9a886d
8 changed files with 252 additions and 4 deletions
--- a/2
+++ b/2
@ -42,4 +42,4 @@ ENV PATH="/app/.venv/bin:$PATH"
 COPY . .

 EXPOSE 5001
-CMD ["sh", "-c", "alembic upgrade head && uvicorn api.app:app --host 0.0.0.0 --port 5001"]
+CMD ["sh", "-c", "alembic upgrade head && uvicorn api.app:app --host 0.0.0.0 --port 5001 --no-server-header"]