michael
5c17c86fd4
- Add RateLimiter:configure() function to accept config-based limits - Integrate security section parameters (rate_limit_api_key_max, ip_max, window) - Add CORS configuration from config file with environment fallback - Replace hardcoded rate limiting defaults with configurable values - Add test endpoint control via config.security.enable_test_endpoint - Update startup logging to show actual configured rate limits - Add configuration validation and detailed startup information Rate limiting now uses values from [security] section instead of hardcoded defaults. CORS origins prioritize config file over environment variables. Related to DAW/furt#89
102 lines
2.8 KiB
Text
102 lines
2.8 KiB
Text
# furt.conf - Multi-Tenant Configuration Example
|
|
# Dragons@Work Digital Sovereignty Project
|
|
|
|
# Server configuration
|
|
[server]
|
|
host = 127.0.0.1
|
|
port = 7811
|
|
log_level = info
|
|
log_requests = true
|
|
client_timeout = 10
|
|
|
|
# CORS configuration
|
|
cors_allowed_origins = http://localhost:1313,http://127.0.0.1:1313,https://dragons-at-work.de,https://www.dragons-at-work.de
|
|
|
|
# Security settings
|
|
[security]
|
|
rate_limit_api_key_max = 60
|
|
rate_limit_ip_max = 100
|
|
rate_limit_window = 3600
|
|
enable_test_endpoint = false
|
|
|
|
# Default SMTP settings (used when API keys don't have custom SMTP)
|
|
[smtp_default]
|
|
host = mail.dragons-at-work.de
|
|
port = 465
|
|
user = noreply@dragons-at-work.de
|
|
password = your-smtp-password-here
|
|
use_ssl = true
|
|
|
|
# Dragons@Work Website
|
|
[api_key "daw-frontend-key"]
|
|
name = "Dragons@Work Website"
|
|
permissions = mail:send
|
|
allowed_ips = 127.0.0.1, 10.0.0.0/8, 192.168.0.0/16
|
|
mail_to = admin@dragons-at-work.de
|
|
mail_from = noreply@dragons-at-work.de
|
|
mail_subject_prefix = "[DAW Contact] "
|
|
|
|
# Biocodie Website (same SMTP, different recipient)
|
|
[api_key "bio-frontend-key"]
|
|
name = "Biocodie Website"
|
|
permissions = mail:send
|
|
allowed_ips = 127.0.0.1, 10.0.0.0/8
|
|
mail_to = contact@biocodie.de
|
|
mail_from = noreply@biocodie.de
|
|
mail_subject_prefix = "[Biocodie] "
|
|
|
|
# Verlag Website
|
|
[api_key "verlag-frontend-key"]
|
|
name = "Verlag Dragons@Work"
|
|
permissions = mail:send
|
|
allowed_ips = 127.0.0.1, 10.0.0.0/8
|
|
mail_to = verlag@dragons-at-work.de
|
|
mail_from = noreply@verlag.dragons-at-work.de
|
|
mail_subject_prefix = "[Verlag] "
|
|
|
|
# Customer with custom SMTP
|
|
[api_key "kunde-x-frontend-key"]
|
|
name = "Kunde X Website"
|
|
permissions = mail:send
|
|
allowed_ips = 1.2.3.4/32, 5.6.7.8/32
|
|
mail_to = info@kunde-x.de
|
|
mail_from = noreply@kunde-x.de
|
|
mail_subject_prefix = "[Kunde X] "
|
|
# Custom SMTP for this customer
|
|
mail_smtp_host = mail.kunde-x.de
|
|
mail_smtp_port = 587
|
|
mail_smtp_user = noreply@kunde-x.de
|
|
mail_smtp_pass = kunde-x-smtp-password
|
|
mail_smtp_ssl = true
|
|
|
|
# Customer with external provider (e.g., Gmail)
|
|
[api_key "kunde-y-frontend-key"]
|
|
name = "Kunde Y Website"
|
|
permissions = mail:send
|
|
allowed_ips = 9.10.11.12/32
|
|
mail_to = support@kunde-y.com
|
|
mail_from = website@kunde-y.com
|
|
mail_subject_prefix = "[Kunde Y Support] "
|
|
# Gmail SMTP example
|
|
mail_smtp_host = smtp.gmail.com
|
|
mail_smtp_port = 587
|
|
mail_smtp_user = website@kunde-y.com
|
|
mail_smtp_pass = gmail-app-password
|
|
mail_smtp_ssl = true
|
|
|
|
# Admin API key (full access for management)
|
|
[api_key "admin-management-key"]
|
|
name = "Admin Access"
|
|
permissions = *, mail:send, auth:status
|
|
allowed_ips = 127.0.0.1, 10.0.0.0/8
|
|
mail_to = admin@dragons-at-work.de
|
|
mail_from = furt-admin@dragons-at-work.de
|
|
mail_subject_prefix = "[Furt Admin] "
|
|
|
|
# Monitoring key (limited access)
|
|
[api_key "monitoring-health-key"]
|
|
name = "Monitoring Service"
|
|
permissions = health:check
|
|
allowed_ips = 127.0.0.1, 10.0.0.0/8, 172.16.0.0/12
|
|
# No mail config needed for monitoring
|
|
|