derekc
663b506868
- Pin all Docker image tags (mysql 8.0.40, python 3.12.13-slim, node 20.20.1-alpine, nginx 1.29.6-alpine) - Pin all frontend npm dependencies to exact versions (remove ^ ranges) - Add mem_limit and cpus resource limits to all three containers - Add non-root appuser to backend Dockerfile - Migrate JWT from python-jose to PyJWT - Remove default admin_password in config.py — must be explicitly set in .env - Add DOCS_ENABLED flag to config and .env.example (default false) - Add indexes on session_date, is_active, event_type in session models - Add limit/offset pagination to all log endpoints Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
23 lines
667 B
Plaintext
23 lines
667 B
Plaintext
# Copy this file to .env and fill in values
|
|
# Generate SECRET_KEY with: openssl rand -hex 32
|
|
|
|
MYSQL_ROOT_PASSWORD=change_me_root
|
|
MYSQL_DATABASE=homeschool
|
|
MYSQL_USER=homeschool
|
|
MYSQL_PASSWORD=change_me_db
|
|
|
|
SECRET_KEY=change_me_generate_with_openssl_rand_hex_32
|
|
ALGORITHM=HS256
|
|
ACCESS_TOKEN_EXPIRE_MINUTES=30
|
|
REFRESH_TOKEN_EXPIRE_DAYS=30
|
|
|
|
# Comma-separated allowed CORS origins (no trailing slash)
|
|
CORS_ORIGINS=http://localhost:8054
|
|
|
|
# Super admin credentials — REQUIRED, no defaults ship with the service
|
|
ADMIN_USERNAME=admin
|
|
ADMIN_PASSWORD=change_me_strong_password_here
|
|
|
|
# Set to true only for local development (exposes /api/docs, /api/redoc)
|
|
DOCS_ENABLED=false
|