fix: solve filebeat issue

Bulletdev · Bulletdev · commit 1e599336e259 · 2026-04-23T16:15:53.000-03:00
diff --git a/.env.example b/.env.example
@@ -113,9 +113,10 @@ INTERNAL_JWT_SECRET=
 # ===========================================
 # Sidekiq Web UI (production access)
 # ===========================================
-# Password for /sidekiq dashboard. Protected by HTTP Basic Auth (user: prostaff).
-# Leave blank to keep the UI inaccessible (safe default).
-# Set a strong random value in production (e.g. openssl rand -hex 32).
+# Credentials for /sidekiq dashboard (HTTP Basic Auth).
+# Both must be set — UI stays inaccessible if either is blank (safe default).
+# Generate password: openssl rand -hex 32
+SIDEKIQ_WEB_USER=
 SIDEKIQ_WEB_PASSWORD=
 
 # ===========================================
diff --git a/config/routes.rb b/config/routes.rb
@@ -502,10 +502,18 @@
 
   require 'sidekiq/web'
   Sidekiq::Web.use(Rack::Auth::Basic) do |user, password|
-    user == 'prostaff' && ActiveSupport::SecurityUtils.secure_compare(
+    expected_user     = ENV.fetch('SIDEKIQ_WEB_USER', nil)
+    expected_password = ENV.fetch('SIDEKIQ_WEB_PASSWORD', nil)
+
+    next false if expected_user.blank? || expected_password.blank?
+
+    user_match = ActiveSupport::SecurityUtils.secure_compare(user, expected_user)
+    password_match = ActiveSupport::SecurityUtils.secure_compare(
       ::Digest::SHA256.hexdigest(password),
-      ::Digest::SHA256.hexdigest(ENV.fetch('SIDEKIQ_WEB_PASSWORD', ''))
+      ::Digest::SHA256.hexdigest(expected_password)
     )
+
+    user_match && password_match
   end
   mount Sidekiq::Web => '/sidekiq'
 end
diff --git a/infra/filebeat/docker-compose.yml b/infra/filebeat/docker-compose.yml
@@ -1,7 +1,7 @@
 services:
   filebeat:
     image: docker.elastic.co/beats/filebeat:8.19.0
-    user: root
+    user: root # required to read /var/lib/docker/containers (owned by root on host)
     restart: unless-stopped
     volumes:
       - /var/lib/docker/containers:/var/lib/docker/containers:ro
diff --git a/infra/filebeat/filebeat.yml b/infra/filebeat/filebeat.yml
@@ -10,7 +10,9 @@ filebeat.autodiscover:
             - type: container
               paths:
                 - /var/lib/docker/containers/${data.docker.container.id}/*.log
-              json.keys_under_root: false
+              json.keys_under_root: true
+              json.overwrite_keys: true
+              json.add_error_key: true
               fields:
                 service: api
         - condition:
