mirror of
https://github.com/escalante29/WealthySmart.git
synced 2026-07-17 09:08:46 +02:00
Fail fast on missing or weak auth secrets; 7-day tokens
SECRET_KEY, ADMIN_USERNAME, and ADMIN_PASSWORD no longer have working defaults: the backend refuses to boot if they are unset, default, or weak (SEC-01). Token expiry drops from 30 to 7 days (SEC-05). New COOKIE_SECURE (default true) and CORS_ORIGINS settings. Dev compose now sources credentials from .env with required-var errors instead of hardcoding them (ARCH-14); .env.example documents the template. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
@@ -1,12 +1,19 @@
|
||||
from pydantic import model_validator
|
||||
from pydantic_settings import BaseSettings
|
||||
|
||||
|
||||
class Settings(BaseSettings):
|
||||
DATABASE_URL: str = "postgresql://wealthy_user:wealthy_pass@db:5432/wealthysmart"
|
||||
SECRET_KEY: str = "change-me-in-production"
|
||||
ACCESS_TOKEN_EXPIRE_MINUTES: int = 60 * 24 * 30 # 30 days
|
||||
ADMIN_USERNAME: str = "admin"
|
||||
ADMIN_PASSWORD: str = "admin"
|
||||
# No defaults: the app must refuse to boot without real values (see _reject_weak_secrets).
|
||||
SECRET_KEY: str
|
||||
ADMIN_USERNAME: str
|
||||
ADMIN_PASSWORD: str
|
||||
ACCESS_TOKEN_EXPIRE_MINUTES: int = 60 * 24 * 7 # 7 days
|
||||
COOKIE_SECURE: bool = True # dev compose sets "false"; prod serves over TLS
|
||||
CORS_ORIGINS: str = (
|
||||
"https://wealth.cescalante.dev,"
|
||||
"http://localhost:3000,http://localhost:3001,http://localhost:5175"
|
||||
)
|
||||
BCCR_API_EMAIL: str = ""
|
||||
BCCR_API_TOKEN: str = ""
|
||||
VAPID_PRIVATE_KEY: str = ""
|
||||
@@ -15,6 +22,23 @@ class Settings(BaseSettings):
|
||||
OPENAI_API_KEY: str = ""
|
||||
AGENT_MODEL: str = "gpt-5.4-mini"
|
||||
|
||||
@property
|
||||
def cors_origins_list(self) -> list[str]:
|
||||
return [o.strip() for o in self.CORS_ORIGINS.split(",") if o.strip()]
|
||||
|
||||
@model_validator(mode="after")
|
||||
def _reject_weak_secrets(self) -> "Settings":
|
||||
if len(self.SECRET_KEY) < 32 or self.SECRET_KEY == "change-me-in-production":
|
||||
raise ValueError(
|
||||
"SECRET_KEY must be a random value of at least 32 characters "
|
||||
"(generate one with: openssl rand -hex 32)"
|
||||
)
|
||||
if not self.ADMIN_USERNAME:
|
||||
raise ValueError("ADMIN_USERNAME must be set")
|
||||
if not self.ADMIN_PASSWORD or self.ADMIN_PASSWORD == "admin":
|
||||
raise ValueError("ADMIN_PASSWORD must be set and must not be 'admin'")
|
||||
return self
|
||||
|
||||
class Config:
|
||||
env_file = ".env"
|
||||
|
||||
|
||||
Reference in New Issue
Block a user