Harden API security: input validation, safe auth extraction, new tests, and deploy config
Comprehensive security hardening from audit findings: - Add validation tags to all DTO request structs (max lengths, ranges, enums) - Replace unsafe type assertions with MustGetAuthUser helper across all handlers - Remove query-param token auth from admin middleware (prevents URL token leakage) - Add request validation calls in handlers that were missing c.Validate() - Remove goroutines in handlers (timezone update now synchronous) - Add sanitize middleware and path traversal protection (path_utils) - Stop resetting admin passwords on migration restart - Warn on well-known default SECRET_KEY - Add ~30 new test files covering security regressions, auth safety, repos, and services - Add deploy/ config, audit digests, and AUDIT_FINDINGS documentation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Trey t
73
deploy/prod.env.example
Normal file
73
deploy/prod.env.example
Normal file
@@ -0,0 +1,73 @@
|
||||
# API service settings
|
||||
DEBUG=false
|
||||
ALLOWED_HOSTS=api.casera.app,casera.app
|
||||
CORS_ALLOWED_ORIGINS=https://casera.app,https://admin.casera.app
|
||||
TIMEZONE=UTC
|
||||
BASE_URL=https://casera.app
|
||||
PORT=8000
|
||||
|
||||
# Admin service settings
|
||||
NEXT_PUBLIC_API_URL=https://api.casera.app
|
||||
ADMIN_PANEL_URL=https://admin.casera.app
|
||||
|
||||
# Database (Neon recommended)
|
||||
DB_HOST=CHANGEME_NEON_HOST
|
||||
DB_PORT=5432
|
||||
POSTGRES_USER=CHANGEME_DB_USER
|
||||
POSTGRES_DB=casera
|
||||
DB_SSLMODE=require
|
||||
DB_MAX_OPEN_CONNS=25
|
||||
DB_MAX_IDLE_CONNS=10
|
||||
DB_MAX_LIFETIME=600s
|
||||
|
||||
# Redis (in stack defaults to redis://redis:6379/0)
|
||||
REDIS_URL=redis://redis:6379/0
|
||||
REDIS_DB=0
|
||||
|
||||
# Email (password goes in deploy/secrets/email_host_password.txt)
|
||||
EMAIL_HOST=smtp.gmail.com
|
||||
EMAIL_PORT=587
|
||||
EMAIL_USE_TLS=true
|
||||
EMAIL_HOST_USER=CHANGEME_EMAIL_USER
|
||||
DEFAULT_FROM_EMAIL=Casera <noreply@casera.app>
|
||||
|
||||
# Push notifications
|
||||
# APNS private key goes in deploy/secrets/apns_auth_key.p8
|
||||
APNS_AUTH_KEY_ID=CHANGEME_APNS_KEY_ID
|
||||
APNS_TEAM_ID=CHANGEME_APNS_TEAM_ID
|
||||
APNS_TOPIC=com.tt.casera
|
||||
APNS_USE_SANDBOX=false
|
||||
APNS_PRODUCTION=true
|
||||
|
||||
# Worker schedules (UTC)
|
||||
TASK_REMINDER_HOUR=14
|
||||
OVERDUE_REMINDER_HOUR=15
|
||||
DAILY_DIGEST_HOUR=3
|
||||
|
||||
# Storage
|
||||
STORAGE_UPLOAD_DIR=/app/uploads
|
||||
STORAGE_BASE_URL=/uploads
|
||||
STORAGE_MAX_FILE_SIZE=10485760
|
||||
STORAGE_ALLOWED_TYPES=image/jpeg,image/png,image/gif,image/webp,application/pdf
|
||||
|
||||
# Feature flags
|
||||
FEATURE_PUSH_ENABLED=true
|
||||
FEATURE_EMAIL_ENABLED=true
|
||||
FEATURE_WEBHOOKS_ENABLED=true
|
||||
FEATURE_ONBOARDING_EMAILS_ENABLED=true
|
||||
FEATURE_PDF_REPORTS_ENABLED=true
|
||||
FEATURE_WORKER_ENABLED=true
|
||||
|
||||
# Optional auth/iap values
|
||||
APPLE_CLIENT_ID=
|
||||
APPLE_TEAM_ID=
|
||||
GOOGLE_CLIENT_ID=
|
||||
GOOGLE_ANDROID_CLIENT_ID=
|
||||
GOOGLE_IOS_CLIENT_ID=
|
||||
APPLE_IAP_KEY_ID=
|
||||
APPLE_IAP_ISSUER_ID=
|
||||
APPLE_IAP_BUNDLE_ID=
|
||||
APPLE_IAP_KEY_PATH=
|
||||
APPLE_IAP_SANDBOX=false
|
||||
GOOGLE_IAP_PACKAGE_NAME=
|
||||
GOOGLE_IAP_SERVICE_ACCOUNT_PATH=
|
||||
Reference in New Issue
Block a user