Oliver/semblance
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
semblance/semblance.service
Vadym Samoilenko 3e1865edbd Apply Jintech security audit remediation (sprint 3) — 87/92 findings fixed 
- Fix missing await on FocusGroup.get_messages() (N-L1)
- Replace time.sleep with asyncio.sleep in key_theme_service and focus_group_service (N-P10)
- Replace flask import with quart in focus_groups.py (N-S3)
- Add logger.error before all 500 returns in focus_groups.py (N-P6)
- Add logging to silent except blocks across routes (N-M10, N-M11)
- Add @rate_limit to 6 remaining AI endpoints (N-H4)
- Add --confirm flag to populate scripts before delete_many (S-H2)
- Remove hardcoded Azure ID fallbacks from msal_service.py and msalConfig.ts (A-M2, F-H4)
- Centralize make_serializable() in utils.py, remove duplicates from 3 route files (N-P7)
- Replace all datetime.utcnow() with datetime.now(timezone.utc) across entire backend (M-L2)
- AuthContext.tsx: only mark token validated on 200 success, not on non-401 errors (F-H2)
- Rename authType → auth_type in auth.py (N-S4)
- Add security_report.md and security_report.pdf with full 92-finding status

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-20 12:51:18 +00:00

42 lines
1.1 KiB
Desktop File
Executable file
Raw Blame History

[Unit]
Description=Semblance back end service
After=network.target
[Service]
Type=exec
User=www-data
Group=www-data
WorkingDirectory=/opt/semblance/backend
EnvironmentFile=/opt/semblance/backend/.env
Environment=PATH=/opt/semblance/backend/venv/bin
ExecStart=/opt/semblance/backend/venv/bin/python /opt/semblance/backend/run.py
Restart=always
RestartSec=5
# Output to journal
StandardOutput=journal
StandardError=journal
SyslogIdentifier=semblance
# Security settings (adjusted for file uploads)
NoNewPrivileges=yes
ProtectSystem=false
ProtectHome=yes
# Allow access to temp directories
PrivateTmp=no
# Writable directories for uploads and temp files
ReadWritePaths=/opt/semblance/backend/uploads
ReadWritePaths=/opt/semblance/backend/temp
ReadWritePaths=/tmp
ReadWritePaths=/var/tmp
# Create necessary directories
ExecStartPre=/bin/mkdir -p /opt/semblance/backend/uploads
ExecStartPre=/bin/mkdir -p /opt/semblance/backend/temp
ExecStartPre=/bin/chown -R www-data:www-data /opt/semblance/backend/uploads
ExecStartPre=/bin/chown -R www-data:www-data /opt/semblance/backend/temp
[Install]
WantedBy=multi-user.target
Reference in a new issue View git blame Copy permalink