Skip to content

fix(infra+liquidations): harden Dockerfile and use unambiguous time_ms#4

Merged
Yaugourt merged 1 commit into
mainfrom
fix/lt-audit-2026-05-31
May 31, 2026
Merged

fix(infra+liquidations): harden Dockerfile and use unambiguous time_ms#4
Yaugourt merged 1 commit into
mainfrom
fix/lt-audit-2026-05-31

Conversation

@Yaugourt

Copy link
Copy Markdown
Owner

Summary

Two HIGH findings from the 2026-05-31 LT audit, plus a Dockerfile cleanup pass.

HIGH — Liquidation time parsing TZ-fragile

liq.time is a naive ISO string ("2026-01-08T10:28:36", no Z). new Date(...) of that interprets it as host-local time. Today Railway is UTC so it accidentally works, but any TZ env change silently shifts the persisted time column and invalidates time-bucketed analytics + keyset pagination cursors. Switch to new Date(liq.time_ms) which is the canonical ms-since-epoch already present on the payload. Fix applied in both liquidations.ingestion.service.ts and liquidations.backfill.service.ts.

HIGH — Production container ran as root

No USER in either Dockerfile stage. Container-escape now elevates to node instead of root. Added USER node + --chown=node:node on the production COPYs.

MEDIUM — Dockerfile hygiene

  • Dropped unused ARG DATABASE_URL / ENV DATABASE_URL=$DATABASE_URL (prisma generate doesn't need it; runtime URL is read from env via Railway).
  • Added HEALTHCHECK hitting /api/health/ready.
  • Added .dockerignore so COPY . . stops shipping .git, local .env*, dev tooling and logs into the image.

Test plan

  • CI green
  • Local docker build . succeeds with new .dockerignore
  • After Railway deploy: /api/health/ready returns 200
  • Next batch of ingested liquidations has time = timeMs epoch (sanity check via Prisma Studio)

…s in liquidation ingestion

- Liquidation persistence: `time: new Date(liq.time)` parsed a TZ-naive ISO string
  and silently interpreted it as host local time. Switch both ingestion and backfill
  to `new Date(liq.time_ms)` (already on the payload) to remove TZ ambiguity and
  protect the time-bucketed analytics.
- Dockerfile: drop production root user (add `USER node` + `--chown=node:node` on
  COPY), drop the unused `ARG/ENV DATABASE_URL` (prisma generate does not need it),
  and add a HEALTHCHECK hitting `/api/health/ready`.
- Add `.dockerignore` so `COPY . .` no longer ships `.git`, local `.env*`, dev
  tooling and logs into the production image.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@Yaugourt Yaugourt merged commit 383a858 into main May 31, 2026
1 of 2 checks passed
@Yaugourt Yaugourt deleted the fix/lt-audit-2026-05-31 branch May 31, 2026 13:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant