feat: add share link security environment variables to Docker configs

Changes: - Add SHARE_LINK_SECRET (production secret, 64-char hex) - Add SHARE_TTL_INITIAL_DAYS=10 (days before first tenant visit) - Add SHARE_TTL_AFTER_VISIT_HOURS=1 (hours after tenant visits) - Add UPLOAD_RATE_LIMIT_PER_IP=5 (max uploads per IP) - Add UPLOAD_RATE_LIMIT_WINDOW_MS=3600000 (1 hour rate limit window) Updated both: - docker-compose-standalone.yaml - docker-compose-swarm.yml Production SHARE_LINK_SECRET generated with: openssl rand -hex 32 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-08 01:20:55 +01:00
parent 479df6e0a7
commit 927349e1d2
2 changed files with 14 additions and 0 deletions
--- a/docker-compose-swarm.yml
+++ b/docker-compose-swarm.yml
@@ -29,6 +29,13 @@ services:
      HOSTNAME: rezije.app # IP address at which the server will be listening (0.0.0.0 = listen on all addresses)
      NEXTAUTH_URL: https://rezije.app # URL next-auth will use while redirecting user during authentication (if not set - will use HOSTNAME)
      PORT: ${PORT:-80}
+      # Share link security
+      SHARE_LINK_SECRET: ef68362357315d5decb27d24ff9abdb4a02a3351cd2899f79bf238dce0fe08c5
+      SHARE_TTL_INITIAL_DAYS: 10
+      SHARE_TTL_AFTER_VISIT_HOURS: 1
+      # Upload rate limiting
+      UPLOAD_RATE_LIMIT_PER_IP: 5
+      UPLOAD_RATE_LIMIT_WINDOW_MS: 3600000
    deploy:
      # u slucaju rušenja kontejnera čekamo 5s i dižemo novi kontejner => ako se i on sruši opet ceka 5s i pokusava ponovno (tako 5 puta)
      restart_policy: