From 8b175064d6bb3837fa5acba73cecd5fb6325380b Mon Sep 17 00:00:00 2001
From: Sahib Bhai <lunarwolf01@gmail.com>
Date: Tue, 12 Nov 2024 14:38:00 -0800
Subject: [PATCH] Add non-root user to Dockerfile and update permissions

---
 Dockerfile | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 9de1b1f1..70268b4c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,10 +1,14 @@
 FROM python:3.11-slim
 
+# Set the working directory
 WORKDIR /app
 
 # Switch to root user to install dependencies
 USER root
 
+# Create the nonroot user and set permissions
+RUN adduser --disabled-password --gecos "" nonroot && chown -R nonroot /app
+
 # Copy everything into the working directory
 COPY . /app
 
@@ -17,12 +21,11 @@ RUN uv pip install --system --no-cache-dir -r requirements.txt
 # Switch back to non-root user
 USER nonroot
 
-# Install curl
-#RUN apt-get update && apt-get install -y curl
+# Install curl (if needed, uncomment this line)
+# RUN apt-get update && apt-get install -y curl
 
 # Run the app using gunicorn.
 # Expose the port gunicorn is listening on (80).
 # Set the number of workers to 10.
-# Preload the app to avoid the overhead of loading the app for each worker. See https://www.joelsleppy.com/blog/gunicorn-application-preloading/
-# Set the app to be the server variable in app.py.
-CMD ["gunicorn", "-b", "0.0.0.0:80", "-k", "gevent", "--workers=10", "--preload", "app:server"]
+# Preload the app to avoid the overhead of loading the app for each worker.
+CMD ["gunicorn", "-b", "0.0.0.0:80", "-k", "gevent", "--workers=10", "--preload", "app:server"]
\ No newline at end of file