feat: Enhance security and validation in backend

- Added helmet for security headers and configured content security policy - Implemented CORS with a whitelist for allowed origins - Introduced express-validator for input validation in API endpoints - Set request size limits to prevent DoS attacks - Added global error handling and 404 response - Updated TypeScript configuration to use node16 module resolution - Improved Docker Compose configuration for security and resource limits - Created a comprehensive .env.example for environment configuration - Implemented automated security scans in CI/CD with Trivy - Added cleanup script for debugging ports - Established a detailed security policy document
2025-12-01 08:37:35 +01:00
parent b13e7d1228
commit 4a6b4a0ae8
20 changed files with 1296 additions and 764 deletions
--- a/frontend/Dockerfile.dev
+++ b/frontend/Dockerfile.dev
@@ -1,14 +1,21 @@
 # Frontend Development Dockerfile
+# SICHERHEITS-OPTIMIERT: Non-root User
 FROM node:18-alpine

+# Non-root User erstellen (node-User existiert bereits)
+RUN mkdir -p /app && chown -R node:node /app
+
 WORKDIR /app

+# Wechsle zu non-root User VOR Package-Installation
+USER node
+
 # Package files kopieren
-COPY package*.json ./
+COPY --chown=node:node package*.json ./
 RUN npm ci

 # Source code kopieren
-COPY . .
+COPY --chown=node:node . .

 # Port exposieren
 EXPOSE 3000
--- a/frontend/tsconfig.json
+++ b/frontend/tsconfig.json
@@ -14,7 +14,7 @@
    "forceConsistentCasingInFileNames": true,
    "noFallthroughCasesInSwitch": true,
    "module": "esnext",
-    "moduleResolution": "node",
+    "moduleResolution": "bundler",
    "resolveJsonModule": true,
    "isolatedModules": true,
    "noEmit": true,