Skip to content

Fix logic bug in concept tagging and harden Dockerfile security#146

Open
RinZ27 wants to merge 1 commit intonasa:masterfrom
RinZ27:fix/logic-and-docker-hardening
Open

Fix logic bug in concept tagging and harden Dockerfile security#146
RinZ27 wants to merge 1 commit intonasa:masterfrom
RinZ27:fix/logic-and-docker-hardening

Conversation

@RinZ27
Copy link
Copy Markdown

@RinZ27 RinZ27 commented Feb 6, 2026

I noticed a logic bug in the get_concepts function while reviewing the codebase. It was attempting to call a .get() method on a Flask request object, which would cause an immediate crash if the concept tagging feature were enabled. I've switched this to use the requests library correctly and fixed the parameter mapping from fields to params.

Additionally, I've updated the Dockerfile to use a non-root user. Running applications as root inside a container isn't ideal for security, so I added an apod user to handle the process.

These changes should improve the overall stability and security posture of the service. I've left the debug=True in the main block alone as Gunicorn bypasses it in production anyway.

abstract-333 added a commit to abstract-333/apod-api that referenced this pull request Feb 27, 2026
@abstract-333
feat(docker): reduce image size from 351MB to 150MB via multi-stage B…
7ef624f 
…ookworm build

- Implements multi-stage build to exclude build tools
- Maintains Debian Trixie base for glibc compatibility (Pillow support)
- Adds non-root user for security (referenced from nasa#146)
- Integrates uv with Docker cache mounts for faster builds
@abstract-333 abstract-333 mentioned this pull request Feb 27, 2026
Open
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@RinZ27