fix

Dockerfile

@@ -27,6 +27,10 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     make \
     && rm -rf /var/lib/apt/lists/*
 
+# Create non-root user with password
+RUN useradd -r -m -s /bin/bash appuser && \
+    echo "appuser:your_password_here" | chpasswd
+
 # Set environment variables for Poetry
 ENV POETRY_VIRTUALENVS_IN_PROJECT=1 \
     PATH="/app/.venv/bin:$PATH"
@@ -34,22 +38,27 @@ ENV POETRY_VIRTUALENVS_IN_PROJECT=1 \
 # Copy Poetry installation from builder
 COPY --from=builder /app/.venv /app/.venv
 
-# Copy authentication script and entrypoint script
-ENV PASSWORD="supersecret"
-COPY auth.sh entrypoint.sh /app/
-RUN chmod +x /app/auth.sh /app/entrypoint.sh
-
 # Copy application files
 COPY . /app/
 
 # Delete Tests for production
 RUN rm -rf /app/tests/
 
+# Restrict file permissions in /app
+RUN chmod -R o-rwx,g-rwx /app/ && \
+    chown -R appuser:appuser /app/
+
+# Disable root login
+RUN chsh -s /usr/sbin/nologin root
+
 # Expose port for the application
 EXPOSE 3000
 
 # Set the working directory
 WORKDIR /app
 
-# Use our new entrypoint script
+# Switch to non-root user
-CMD ["/app/entrypoint.sh"]
+USER appuser
+
+# Run `make run` as the entry point
+CMD ["make", "run"]

auth.sh

@@ -1,11 +0,0 @@
-#!/bin/bash
-
-# Use the environment variable for the password
-echo -n "Enter password to access container: "
-read -s input_password
-echo ""
-if [ "$input_password" != "$PASSWORD" ]; then
-    echo "Access denied!"
-    exit 1
-fi
-echo "Access granted!"

entrypoint.sh

@@ -1,9 +0,0 @@
-#!/bin/bash
-
-# Run the authentication check first
-/app/auth.sh
-
-# If authentication passes, run the application
-if [ $? -eq 0 ]; then
-    make run
-fi