From bc0268e252832c0f978b163b77aacdbce97473df Mon Sep 17 00:00:00 2001
From: Felix Delattre <felix@developmentseed.org>
Date: Tue, 16 Dec 2025 10:57:45 +0100
Subject: [PATCH] Made docker image to run as non-root.

---
 Dockerfile | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 0c4e4be2..e96c7298 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -35,6 +35,12 @@ COPY --from=builder /usr/local/bin /usr/local/bin
 # Copy only the source code directory needed at runtime
 COPY --from=builder /app/src/stac_auth_proxy /app/src/stac_auth_proxy
 
+
+RUN useradd -m -u 1001 -s /bin/bash user && \
+    chown -R user:user /app
+
+USER user
+
 ENV PYTHONPATH=/app/src
 
 CMD ["python", "-m", "stac_auth_proxy"]