kyle/vip-coordinator
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
934464bf8eb6b8ef2bc6486a4c4a3f4832df5ea5
vip-coordinator/backend/.env
kyle 934464bf8e security: add helmet, rate limiting, webhook auth, fix token storage, restrict hard deletes 
- Add helmet for HTTP security headers (CSP, HSTS, X-Frame-Options, etc.)
- Add @nestjs/throttler for rate limiting (100 req/60s per IP)
- Add shared secret validation on Signal webhook endpoint
- Remove JWT token from localStorage, use Auth0 SDK memory cache
  with async getAccessTokenSilently() in API interceptor
- Restrict hard delete (?hard=true) to ADMINISTRATOR role in service layer
- Replace exposed Anthropic API key with placeholder in .env

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-04 18:30:14 +01:00

41 lines
1.4 KiB
Bash
Raw Blame History

# ============================================
# Application Configuration
# ============================================
PORT=3000
NODE_ENV=development
FRONTEND_URL=http://localhost:5173
# ============================================
# Database Configuration
# ============================================
DATABASE_URL="postgresql://postgres:changeme@localhost:5433/vip_coordinator"
# ============================================
# Redis Configuration (Optional)
# ============================================
REDIS_URL="redis://localhost:6379"
# ============================================
# Auth0 Configuration
# ============================================
# Get these from your Auth0 dashboard:
# 1. Create Application (Single Page Application)
# 2. Create API
# 3. Configure callback URLs: http://localhost:5173/callback
AUTH0_DOMAIN="dev-s855cy3bvjjbkljt.us.auth0.com"
AUTH0_AUDIENCE="https://vip-coordinator-api"
AUTH0_ISSUER="https://dev-s855cy3bvjjbkljt.us.auth0.com/"
# ============================================
# Flight Tracking API (Optional)
# ============================================
# Get API key from: https://aviationstack.com/
AVIATIONSTACK_API_KEY="your-aviationstack-api-key"
# ============================================
# AI Copilot Configuration (Optional)
# ============================================
# Get API key from: https://console.anthropic.com/
# Cost: ~$3 per million tokens
ANTHROPIC_API_KEY="your-anthropic-api-key"
Reference in New Issue View Git Blame Copy Permalink