🔐 Security hardening: auth, rate limiting, brute force protection

- Add comprehensive security package with: - API Key generation and validation (SHA256 hash) - Password policy enforcement (min 12 chars, complexity) - Rate limiting with presets (auth, api, ingest, export) - Brute force protection (5 attempts, 15min lockout) - Security headers middleware - IP whitelisting - Audit logging structure - Secure token generation - Enhanced auth middleware: - JWT + API Key dual authentication - Token revocation via Redis - Scope-based authorization - Role-based access control - Updated installer with: - Interactive setup for client customization - Auto-generated secure credentials - Docker all-in-one image - Agent installer script - Added documentation: - SECURITY.md - Complete security guide - INSTALL.md - Installation guide - .env.example - Configuration reference
2026-02-05 23:02:06 -03:00
parent dbf9f0497f
commit a94809c812
11 changed files with 2637 additions and 444 deletions
--- a/deploy/docker/entrypoint.sh
+++ b/deploy/docker/entrypoint.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+# ═══════════════════════════════════════════════════════════
+# 🐍 OPHION - Entrypoint
+# ═══════════════════════════════════════════════════════════
+
+set -e
+
+MODE=${1:-all}
+
+echo "🐍 OPHION starting in mode: $MODE"
+
+case "$MODE" in
+    server)
+        echo "Starting API server on port ${SERVER_PORT:-8080}..."
+        exec /app/bin/ophion-server
+        ;;
+    agent)
+        echo "Starting agent..."
+        exec /app/bin/ophion-agent -config /app/configs/agent.yaml
+        ;;
+    web)
+        echo "Starting dashboard on port ${DASHBOARD_PORT:-3000}..."
+        cd /app/web
+        exec npm start
+        ;;
+    all)
+        echo "Starting all services with supervisor..."
+        exec supervisord -c /etc/supervisord.conf
+        ;;
+    *)
+        echo "Unknown mode: $MODE"
+        echo "Usage: entrypoint.sh [server|agent|web|all]"
+        exit 1
+        ;;
+esac