rohskiddo/UMBRA
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
UMBRA/.env.example
Kyle Pope ab7e4a7c7e Backend pentest remediation (PT-03/05/06/07) 
PT-03: Make UMBRA_URL configurable via env var (default http://localhost).
Replaces hardcoded http://10.0.69.35 in notification dispatch job and
ntfy test endpoint. Add UMBRA_URL to .env.example.

PT-05: Add explicit path="/" to session cookie for clarity.

PT-06: Add concurrent session limit (MAX_SESSIONS_PER_USER, default 10).
When exceeded, oldest sessions are revoked. New login always succeeds.

PT-07: Escape LIKE metacharacters (%, _) in admin audit log action
filter to prevent wildcard abuse.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-02 17:43:27 +08:00

38 lines
1.9 KiB
Plaintext
Raw Blame History

# ──────────────────────────────────────
# Database
# ──────────────────────────────────────
POSTGRES_USER=umbra
POSTGRES_PASSWORD=changeme_in_production
POSTGRES_DB=umbra
DATABASE_URL=postgresql+asyncpg://umbra:changeme_in_production@db:5432/umbra
# ──────────────────────────────────────
# Application
# ──────────────────────────────────────
# Generate with: python3 -c "import secrets; print(secrets.token_hex(32))"
SECRET_KEY=your-secret-key-change-in-production
# development | production — controls Swagger/ReDoc visibility and cookie defaults
ENVIRONMENT=development
# CORS allowed origins (comma-separated, default: http://localhost:5173)
# CORS_ORIGINS=https://umbra.example.com
# Public URL for ntfy notification click links (default: http://localhost)
# UMBRA_URL=https://umbra.example.com
# Timezone (applied to backend + db containers via env_file)
TZ=Australia/Perth
# ──────────────────────────────────────
# Integrations
# ──────────────────────────────────────
OPENWEATHERMAP_API_KEY=your-openweathermap-api-key
# ──────────────────────────────────────
# Overrides (rarely needed)
# ──────────────────────────────────────
# COOKIE_SECURE auto-derives from ENVIRONMENT (production → true).
# Only set explicitly to override, e.g. false for a non-TLS prod behind a proxy.
# COOKIE_SECURE=false
Reference in New Issue View Git Blame Copy Permalink