Kyle Pope
27c65ce40d
Backend: - Add Literal types for status/priority fields (project_task, todo, project schemas) - Add AccentColor Literal validation to prevent CSS injection (settings schema) - Add PIN max-length (72 char bcrypt limit) validation - Fix event date filtering to use correct range overlap logic - Add revocation check to auth_status endpoint for consistency - Config: env-aware SECRET_KEY fail-fast, configurable COOKIE_SECURE Frontend: - Add withCredentials to axios for cross-origin cookie support - Replace .toISOString() with local date formatter in DashboardPage - Replace `as any` casts with proper indexed type access in forms - Nginx: add CSP, Referrer-Policy headers; remove deprecated X-XSS-Protection - Nginx: duplicate security headers in static asset location block Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
33 lines
962 B
Python
33 lines
962 B
Python
import sys
|
|
from pydantic_settings import BaseSettings, SettingsConfigDict
|
|
|
|
|
|
class Settings(BaseSettings):
|
|
DATABASE_URL: str = "postgresql+asyncpg://postgres:postgres@localhost:5432/umbra"
|
|
SECRET_KEY: str = "your-secret-key-change-in-production"
|
|
ENVIRONMENT: str = "development"
|
|
COOKIE_SECURE: bool = False
|
|
|
|
model_config = SettingsConfigDict(
|
|
env_file=".env",
|
|
env_file_encoding="utf-8",
|
|
case_sensitive=True
|
|
)
|
|
|
|
|
|
settings = Settings()
|
|
|
|
if settings.SECRET_KEY == "your-secret-key-change-in-production":
|
|
if settings.ENVIRONMENT != "development":
|
|
print(
|
|
"FATAL: Default SECRET_KEY detected in non-development environment. "
|
|
"Set a unique SECRET_KEY in .env immediately.",
|
|
file=sys.stderr,
|
|
)
|
|
sys.exit(1)
|
|
else:
|
|
print(
|
|
"WARNING: Using default SECRET_KEY. Set SECRET_KEY in .env for production.",
|
|
file=sys.stderr,
|
|
)
|