security improvements
All checks were successful
Build and Push Docker Image / build-and-push (push) Successful in 1m10s
All checks were successful
Build and Push Docker Image / build-and-push (push) Successful in 1m10s
This commit is contained in:
Tudor
@@ -3,33 +3,41 @@ Application configuration using pydantic-settings.
|
||||
Loads from environment variables and .env file.
|
||||
"""
|
||||
|
||||
import secrets
|
||||
from pathlib import Path
|
||||
from typing import List, Optional
|
||||
from pydantic_settings import BaseSettings
|
||||
import os
|
||||
from pydantic import Field
|
||||
|
||||
|
||||
class Settings(BaseSettings):
|
||||
"""Application settings loaded from environment."""
|
||||
|
||||
|
||||
# Paths
|
||||
data_dir: Path = Path(__file__).parent.parent / "data"
|
||||
frontend_dir: Path = Path(__file__).parent.parent / "frontend"
|
||||
|
||||
|
||||
# Server
|
||||
host: str = "0.0.0.0"
|
||||
port: int = 80
|
||||
|
||||
debug: bool = False # Set to False in production
|
||||
|
||||
# Database
|
||||
database_url: str = "postgresql://schoolcompare:schoolcompare@localhost:5432/schoolcompare"
|
||||
|
||||
# CORS
|
||||
allowed_origins: List[str] = ["https://schoolcompare.co.uk", "http://localhost:8000", "http://localhost:3000"]
|
||||
|
||||
|
||||
# CORS - Production should only allow the actual domain
|
||||
allowed_origins: List[str] = ["https://schoolcompare.co.uk"]
|
||||
|
||||
# API
|
||||
default_page_size: int = 50
|
||||
max_page_size: int = 100
|
||||
|
||||
|
||||
# Security
|
||||
admin_api_key: str = Field(default_factory=lambda: secrets.token_urlsafe(32))
|
||||
rate_limit_per_minute: int = 60 # Requests per minute per IP
|
||||
rate_limit_burst: int = 10 # Allow burst of requests
|
||||
max_request_size: int = 1024 * 1024 # 1MB max request size
|
||||
|
||||
class Config:
|
||||
env_file = ".env"
|
||||
env_file_encoding = "utf-8"
|
||||
|
||||
Reference in New Issue
Block a user