DAW/furt
2
0
Fork 0
Code Issues 11 Pull requests Projects Releases 3 Packages 1 Wiki Activity Actions
furt/.env.production

51 lines
1.5 KiB
Text
Raw Normal View History

feat(auth): implement complete API-key authentication with modular architecture (#47) - Add comprehensive API-key authentication system with X-API-Key header validation - Implement permission-based access control (mail:send, * for admin) - Add rate-limiting system (60 req/hour per API key, 100 req/hour per IP) - Refactor monolithic 590-line main.lua into 6 modular components (<200 lines each) - Add IP-restriction support with CIDR notation (127.0.0.1, 10.0.0.0/8) - Implement Hugo integration with CORS support for localhost:1313 - Add production-ready configuration with environment variable support - Create comprehensive testing suite (auth, rate-limiting, stress tests) - Add production deployment checklist and cleanup scripts This refactoring transforms the API gateway from a single-file monolith into a biocodie-compliant modular architecture while adding enterprise-grade security features. Performance testing shows 79 RPS concurrent throughput with <100ms latency. Hugo contact form integration tested and working. System is now production-ready for deployment to walter/aitvaras. Resolves #47
2025-06-24 22:01:38 +02:00
# furt-lua/.env.production
# Production Environment Configuration Template
# =====================================
# API KEYS (CHANGE THESE!)
# =====================================
# Generate secure keys: openssl rand -hex 32
HUGO_API_KEY=daw-hugo-$(openssl rand -hex 16)
ADMIN_API_KEY=daw-admin-$(openssl rand -hex 16)
MONITORING_API_KEY=daw-monitor-$(openssl rand -hex 16)
# =====================================
# SMTP CONFIGURATION
# =====================================
SMTP_HOST=mail.dragons-at-work.de
SMTP_PORT=465
SMTP_USERNAME=noreply@dragons-at-work.de
SMTP_PASSWORD=your-secure-smtp-password-here
SMTP_FROM=noreply@dragons-at-work.de
SMTP_TO=michael@dragons-at-work.de
# =====================================
# CORS CONFIGURATION (Production Domains)
# =====================================
CORS_ALLOWED_ORIGINS=https://dragons-at-work.de,https://www.dragons-at-work.de
# =====================================
# GATEWAY CONFIGURATION
# =====================================
GATEWAY_HOST=127.0.0.1
GATEWAY_PORT=8080
GATEWAY_LOG_LEVEL=warn
# =====================================
# SECURITY SETTINGS
# =====================================
# Test endpoint (disable in production)
ENABLE_TEST_ENDPOINT=false
# Rate limiting (production values)
RATE_LIMIT_API_KEY_MAX=60
RATE_LIMIT_IP_MAX=100
RATE_LIMIT_WINDOW=3600
# =====================================
# DEVELOPMENT SETTINGS (Remove in production)
# =====================================
# DEBUG=false
# LOG_REQUESTS=false
Reference in a new issue Copy permalink