Harden autoconfig and sanitize input

Dockerfile

@@ -1,10 +1,25 @@
 FROM python:3.11-slim
 
+# Create non-root user for security
+RUN groupadd -r appuser && useradd -r -g appuser appuser
+
 WORKDIR /app
+
+# Copy application files
 COPY app.py ./
 COPY templates/ ./templates/
 
-RUN pip install --no-cache Flask Jinja2 gunicorn
+# Install dependencies as root
+RUN pip install --no-cache-dir Flask Jinja2 gunicorn
 
-# expose port 80
-CMD ["gunicorn", "-b", "0.0.0.0:80", "app:app"]
+# Create necessary directories and set permissions
+RUN mkdir -p /tmp && chown -R appuser:appuser /app /tmp
+
+# Switch to non-root user
+USER appuser
+
+# Expose port 8080 (internal)
+EXPOSE 8080
+
+# Bind to localhost only for security
+CMD ["gunicorn", "-b", "127.0.0.1:8080", "--workers", "2", "--worker-class", "sync", "--worker-connections", "1000", "--max-requests", "1000", "--max-requests-jitter", "100", "--timeout", "30", "--keep-alive", "2", "app:app"]