# Two services so trainees can diff vulnerable vs. fixed behaviour side by side.
#   vulnerable -> http://localhost:8000   (bypassable)
#   fixed      -> http://localhost:8001   (not bypassable)
services:
  vulnerable:
    build: .
    command: uvicorn app.vulnerable_app:app --host 0.0.0.0 --port 8000
    ports:
      - "8000:8000"

  fixed:
    build: .
    command: uvicorn fixed.fixed_app:app --host 0.0.0.0 --port 8001
    ports:
      - "8001:8001"