mirror of
https://github.com/escalante29/WealthySmart.git
synced 2026-07-17 10:08:46 +02:00
Fail fast on missing or weak auth secrets; 7-day tokens
SECRET_KEY, ADMIN_USERNAME, and ADMIN_PASSWORD no longer have working defaults: the backend refuses to boot if they are unset, default, or weak (SEC-01). Token expiry drops from 30 to 7 days (SEC-05). New COOKIE_SECURE (default true) and CORS_ORIGINS settings. Dev compose now sources credentials from .env with required-var errors instead of hardcoding them (ARCH-14); .env.example documents the template. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
@@ -3,15 +3,15 @@ services:
|
||||
image: postgres:16-alpine
|
||||
container_name: wealthysmart-db-dev
|
||||
environment:
|
||||
POSTGRES_USER: wealthy_user
|
||||
POSTGRES_PASSWORD: wealthy_pass
|
||||
POSTGRES_DB: wealthysmart
|
||||
POSTGRES_USER: ${POSTGRES_USER:?set POSTGRES_USER in .env}
|
||||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?set POSTGRES_PASSWORD in .env}
|
||||
POSTGRES_DB: ${POSTGRES_DB:?set POSTGRES_DB in .env}
|
||||
ports:
|
||||
- "5433:5432"
|
||||
volumes:
|
||||
- postgres_data:/var/lib/postgresql/data
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "pg_isready -U wealthy_user -d wealthysmart"]
|
||||
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}"]
|
||||
interval: 5s
|
||||
timeout: 3s
|
||||
retries: 5
|
||||
@@ -22,7 +22,11 @@ services:
|
||||
dockerfile: Dockerfile
|
||||
container_name: wealthysmart-backend-dev
|
||||
environment:
|
||||
DATABASE_URL: postgresql://wealthy_user:wealthy_pass@db:5432/wealthysmart
|
||||
DATABASE_URL: postgresql://${POSTGRES_USER:?}:${POSTGRES_PASSWORD:?}@db:5432/${POSTGRES_DB:?}
|
||||
SECRET_KEY: ${SECRET_KEY:?set SECRET_KEY in .env (openssl rand -hex 32)}
|
||||
ADMIN_USERNAME: ${ADMIN_USERNAME:?set ADMIN_USERNAME in .env}
|
||||
ADMIN_PASSWORD: ${ADMIN_PASSWORD:?set ADMIN_PASSWORD in .env}
|
||||
COOKIE_SECURE: "false"
|
||||
VAPID_PRIVATE_KEY: ${VAPID_PRIVATE_KEY:-}
|
||||
VAPID_PUBLIC_KEY: ${VAPID_PUBLIC_KEY:-}
|
||||
OPENAI_API_KEY: ${OPENAI_API_KEY:-}
|
||||
|
||||
Reference in New Issue
Block a user