ettore.dreucci/lagomareGates
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix security vulnerabilities. Add logging

Browse Source
This commit is contained in:
Ettore
2026-05-09 17:52:59 +02:00
parent d803e2d7f6
commit 69e4f594de
14 changed files with 226 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
src/core/config.py
View File

@@ -1 +1,45 @@
import logging
import os
from typing import Optional
# ── Paths ─────────────────────────────────────────────────────────────────────
_HERE = os.path.dirname(os.path.abspath(__file__)) # src/core/
_SRC_DIR = os.path.dirname(_HERE) # src/
_PROJECT_ROOT = os.path.dirname(_SRC_DIR) # project root
DATA_DIR: str = os.path.join(_PROJECT_ROOT, "data")
# ── Logging ───────────────────────────────────────────────────────────────────
# LOG_LEVEL: one of DEBUG, INFO, WARNING, ERROR, CRITICAL (default: INFO)
LOG_LEVEL: int = getattr(logging, os.environ.get("LOG_LEVEL", "INFO").upper(), logging.INFO)
# LOG_FILE: set to empty string to disable file logging
LOG_FILE: str = os.environ.get("LOG_FILE", "")
# ── Security ──────────────────────────────────────────────────────────────────
SECRET_KEY: str = os.environ.get("SECRET_KEY") or ""
if not SECRET_KEY:
raise RuntimeError("SECRET_KEY environment variable must be set")
# ── Database ──────────────────────────────────────────────────────────────────
DATABASE_URL: str = os.environ.get(
"DATABASE_URL",
f"sqlite:///{os.path.join(DATA_DIR, 'gates.db')}",
)
# ── CORS ──────────────────────────────────────────────────────────────────────
# Comma-separated list of allowed origins, e.g. "https://example.com,https://app.example.com"
# Default to empty list (no cross-origin requests allowed) when not set.
_cors_env = os.environ.get("CORS_ORIGINS", "")
CORS_ORIGINS: list[str] = [o.strip() for o in _cors_env.split(",") if o.strip()]
# ── Proxy ─────────────────────────────────────────────────────────────────────
# Comma-separated list of trusted reverse-proxy IPs for X-Forwarded-For propagation.
# e.g. "127.0.0.1,10.0.0.1"
_proxy_env = os.environ.get("TRUSTED_PROXY_IPS", "127.0.0.1")
TRUSTED_PROXY_IPS: list[str] = [ip.strip() for ip in _proxy_env.split(",") if ip.strip()]
# ── Admin seed ────────────────────────────────────────────────────────────────
ADMIN_USERNAME: str = os.environ.get("ADMIN_USERNAME", "admin")
ADMIN_PASSWORD: Optional[str] = os.environ.get("ADMIN_PASSWORD") or None
# ── Server ────────────────────────────────────────────────────────────────────
APP_PORT: int = int(os.environ.get("APP_PORT", 8000))