Kyle Pope
1aaa2b3a74
Backend: - Add rate limiting to login (5 attempts / 5 min window) - Add secure flag to session cookies with helper function - Add PIN min-length validation via Pydantic field_validator - Fix naive datetime usage in todos.py (datetime.now() not UTC) - Disable SQLAlchemy echo in production - Remove auto-commit from get_db to prevent double commits - Add lower bound filter to upcoming events query - Add SECRET_KEY default warning on startup - Remove create_all from lifespan (Alembic handles migrations) Frontend: - Fix ReminderForm remind_at slice for datetime-local input - Add window.confirm() dialogs on all destructive actions - Redirect authenticated users away from login screen - Replace error: any with getErrorMessage helper in LockScreen Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
23 lines
605 B
Python
23 lines
605 B
Python
import sys
|
|
from pydantic_settings import BaseSettings, SettingsConfigDict
|
|
|
|
|
|
class Settings(BaseSettings):
|
|
DATABASE_URL: str = "postgresql+asyncpg://postgres:postgres@localhost:5432/umbra"
|
|
SECRET_KEY: str = "your-secret-key-change-in-production"
|
|
|
|
model_config = SettingsConfigDict(
|
|
env_file=".env",
|
|
env_file_encoding="utf-8",
|
|
case_sensitive=True
|
|
)
|
|
|
|
|
|
settings = Settings()
|
|
|
|
if settings.SECRET_KEY == "your-secret-key-change-in-production":
|
|
print(
|
|
"WARNING: Using default SECRET_KEY. Set SECRET_KEY in .env for production.",
|
|
file=sys.stderr,
|
|
)
|