knee-cola/evidencija-rezija
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add share link security environment variables to Docker configs

Browse Source 
Changes:
- Add SHARE_LINK_SECRET (production secret, 64-char hex)
- Add SHARE_TTL_INITIAL_DAYS=10 (days before first tenant visit)
- Add SHARE_TTL_AFTER_VISIT_HOURS=1 (hours after tenant visits)
- Add UPLOAD_RATE_LIMIT_PER_IP=5 (max uploads per IP)
- Add UPLOAD_RATE_LIMIT_WINDOW_MS=3600000 (1 hour rate limit window)

Updated both:
- docker-compose-standalone.yaml
- docker-compose-swarm.yml

Production SHARE_LINK_SECRET generated with: openssl rand -hex 32

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
Knee Cola
2025-12-08 01:20:55 +01:00
parent 479df6e0a7
commit 927349e1d2
2 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
docker-compose-standalone.yaml
View File

@@ -29,6 +29,13 @@ services:
HOSTNAME: rezije.app # IP address at which the server will be listening (0.0.0.0 = listen on all addresses)
NEXTAUTH_URL: https://rezije.app # URL next-auth will use while redirecting user during authentication (if not set - will use HOSTNAME)
PORT: ${PORT:-80}
# Share link security
SHARE_LINK_SECRET: ef68362357315d5decb27d24ff9abdb4a02a3351cd2899f79bf238dce0fe08c5
SHARE_TTL_INITIAL_DAYS: 10
SHARE_TTL_AFTER_VISIT_HOURS: 1
# Upload rate limiting
UPLOAD_RATE_LIMIT_PER_IP: 5
UPLOAD_RATE_LIMIT_WINDOW_MS: 3600000
container_name: evidencija-rezija__web-app
restart: unless-stopped # u slučaju rušenja containera pokušavaj ga pokrenuti dok ne uspije = BESKONAČNO
depends_on:

7
docker-compose-swarm.yml
View File

@@ -29,6 +29,13 @@ services:
HOSTNAME: rezije.app # IP address at which the server will be listening (0.0.0.0 = listen on all addresses)
NEXTAUTH_URL: https://rezije.app # URL next-auth will use while redirecting user during authentication (if not set - will use HOSTNAME)
PORT: ${PORT:-80}
# Share link security
SHARE_LINK_SECRET: ef68362357315d5decb27d24ff9abdb4a02a3351cd2899f79bf238dce0fe08c5
SHARE_TTL_INITIAL_DAYS: 10
SHARE_TTL_AFTER_VISIT_HOURS: 1
# Upload rate limiting
UPLOAD_RATE_LIMIT_PER_IP: 5
UPLOAD_RATE_LIMIT_WINDOW_MS: 3600000
deploy:
# u slucaju rušenja kontejnera čekamo 5s i dižemo novi kontejner => ako se i on sruši opet ceka 5s i pokusava ponovno (tako 5 puta)
restart_policy: