From b34d4062a4669915bfb866d73a9f5d71bf8b911f Mon Sep 17 00:00:00 2001
From: DasPoschi <patrick.kr@gmx.net>
Date: Mon, 13 Apr 2026 17:59:08 +0000
Subject: [PATCH] fix(docker): run as non-root user (appuser:1000), use
 requirements.txt

---
 jd-webgui/Dockerfile | 20 +++++++++-----------
 1 file changed, 9 insertions(+), 11 deletions(-)

diff --git a/jd-webgui/Dockerfile b/jd-webgui/Dockerfile
index fc7f542..966c9e2 100644
--- a/jd-webgui/Dockerfile
+++ b/jd-webgui/Dockerfile
@@ -2,19 +2,17 @@ FROM python:3.12-slim
 
 WORKDIR /app
 
-RUN apt-get update \
- && apt-get install -y --no-install-recommends ffmpeg \
- && rm -rf /var/lib/apt/lists/*
+RUN apt-get update  && apt-get install -y --no-install-recommends ffmpeg  && rm -rf /var/lib/apt/lists/*
 
-RUN pip install --no-cache-dir \
-    fastapi \
-    uvicorn \
-    myjdapi \
-    paramiko \
-    python-multipart
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
 
-COPY app.py /app/app.py
-COPY static /app/static
+RUN useradd -m -u 1000 appuser  && chown appuser:appuser /app
+
+USER appuser
+
+COPY --chown=appuser:appuser app.py .
+COPY --chown=appuser:appuser static ./static
 
 EXPOSE 8080
 CMD ["uvicorn", "app:app", "--host", "0.0.0.0", "--port", "8080"]