feat(security): harden for production deployment
- auth: first registered user becomes superadmin (active immediately) - entrypoint: no longer seeds demo data in prod (opt-in via RUN_SEED=1) - config: refuse to boot in prod with weak/placeholder SECRET_KEY (<32 chars) - main: restrict CORS to FRONTEND_URL only in prod (localhost dev-only) - seed_db: block prod seeding, read passwords from env, stop printing them - login: remove demo account credentials from UI Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -1,5 +1,7 @@
|
||||
# Application settings
|
||||
APP_NAME="Space Booking API"
|
||||
# DEBUG=true for local dev. In production set DEBUG=false — the app will then
|
||||
# REFUSE to start unless SECRET_KEY is changed from the default below.
|
||||
DEBUG=true
|
||||
|
||||
# Database
|
||||
@@ -26,7 +28,18 @@ GOOGLE_CLIENT_ID=your_google_client_id_here
|
||||
GOOGLE_CLIENT_SECRET=your_google_client_secret_here
|
||||
GOOGLE_REDIRECT_URI=http://localhost:8000/api/integrations/google/callback
|
||||
|
||||
# Demo seed (LOCAL DEV ONLY). The entrypoint runs seed_db.py only when
|
||||
# RUN_SEED=1. It plants weak demo accounts/content — never set this in prod.
|
||||
# RUN_SEED=1
|
||||
# ADMIN_PASSWORD=
|
||||
# MANAGER_PASSWORD=
|
||||
# USER_PASSWORD=
|
||||
|
||||
# === PRODUCTION (Dokploy) ===
|
||||
# Do NOT set RUN_SEED. Tables are auto-created on boot, and the FIRST user to
|
||||
# register becomes the superadmin (instance owner) — register your own account
|
||||
# first, immediately after deploy.
|
||||
# DEBUG=false
|
||||
# SECRET_KEY=<python -c "import secrets; print(secrets.token_hex(32))">
|
||||
# FRONTEND_URL=https://space.roa.romfast.ro
|
||||
# SMTP_ENABLED=true
|
||||
|
||||
Reference in New Issue
Block a user