51917bcbaf
Rate limiting: - Shop POST endpoints get per-IP throttles with distinct prefixes so login, register, password-email, and password-reset have separate buckets: login/register/pw-reset = 5/min, pw-email = 3/min - OcrInvoiceService gates per-tenant via RateLimiter (30/hour) so a runaway uploader can't burn Claude Vision spend Health monitor (poor-man's monitoring): - HealthCheckCommand probes DB (SELECT 1), cache write/read, public storage write/read, and most-recent backup age. On any failure, pushes a Telegram alert via HEALTH_ALERT_BOT_TOKEN/HEALTH_ALERT_CHAT_ID. Dedups identical failures within a 30-min window via cache. - Scheduled every 10 min. Pair with external uptime monitoring (UptimeRobot, Better Stack hitting /up) for total-outage coverage. - .env.example documents the two new env vars. VAPID secret hygiene: - credentials.md no longer stores the VAPID_PRIVATE_KEY; the source of truth is the Coolify env on the autocrm app. Doc points to where to read it (UI or API). Mitigates accidental git leak. Tests (4 new): - shop login throttles after 5 attempts (6th = 429); register throttle is independent of login (separate prefix); health command runs clean; dedup cache path exercised Full suite: 138 passed. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
84 lines
1.7 KiB
Bash
84 lines
1.7 KiB
Bash
APP_NAME=AutoCRM
|
|
APP_ENV=production
|
|
APP_KEY=
|
|
APP_DEBUG=false
|
|
APP_TIMEZONE=Europe/Chisinau
|
|
APP_URL=https://service.mir.md
|
|
|
|
# Multi-tenant
|
|
CENTRAL_DOMAIN=service.mir.md
|
|
|
|
APP_LOCALE=ro
|
|
APP_FALLBACK_LOCALE=en
|
|
APP_FAKER_LOCALE=ro_RO
|
|
|
|
APP_MAINTENANCE_DRIVER=file
|
|
|
|
LOG_CHANNEL=stack
|
|
LOG_STACK=daily
|
|
LOG_LEVEL=info
|
|
LOG_DEPRECATIONS_CHANNEL=null
|
|
|
|
# DB — completate la deploy din Coolify
|
|
DB_CONNECTION=mariadb
|
|
DB_HOST=g5au90p05p2grua61up8cz8v
|
|
DB_PORT=3306
|
|
DB_DATABASE=default
|
|
DB_USERNAME=mariadb
|
|
DB_PASSWORD=
|
|
|
|
# Sesiuni / Cache / Queue → Redis
|
|
SESSION_DRIVER=redis
|
|
SESSION_LIFETIME=120
|
|
SESSION_DOMAIN=null
|
|
SESSION_SECURE_COOKIE=true
|
|
SESSION_SAME_SITE=lax
|
|
|
|
CACHE_STORE=redis
|
|
CACHE_PREFIX=autocrm
|
|
|
|
QUEUE_CONNECTION=redis
|
|
|
|
REDIS_CLIENT=phpredis
|
|
REDIS_HOST=z3jdc302kml28j8gjgq8sb74
|
|
REDIS_PORT=6379
|
|
REDIS_PASSWORD=
|
|
REDIS_DB=0
|
|
|
|
# Broadcasting (Reverb — adăugăm la nevoie)
|
|
BROADCAST_CONNECTION=log
|
|
|
|
# Mail — Mailpit intern
|
|
MAIL_MAILER=smtp
|
|
MAIL_HOST=autocrm-mailpit
|
|
MAIL_PORT=1025
|
|
MAIL_USERNAME=null
|
|
MAIL_PASSWORD=null
|
|
MAIL_ENCRYPTION=null
|
|
MAIL_FROM_ADDRESS="noreply@service.mir.md"
|
|
MAIL_FROM_NAME="${APP_NAME}"
|
|
|
|
# Web Push (VAPID) — generate with: php artisan push:vapid
|
|
VAPID_SUBJECT=mailto:admin@service.mir.md
|
|
VAPID_PUBLIC_KEY=
|
|
VAPID_PRIVATE_KEY=
|
|
|
|
# Internal health monitor → Telegram alerts every 10 min on DB/cache/storage/backup failure.
|
|
# Create a separate bot at @BotFather and a private group; put the bot in it
|
|
# and use the group's chat_id (negative number).
|
|
HEALTH_ALERT_BOT_TOKEN=
|
|
HEALTH_ALERT_CHAT_ID=
|
|
|
|
# Storage — local pentru MVP, S3-compatible mai târziu
|
|
FILESYSTEM_DISK=local
|
|
|
|
# Octane
|
|
OCTANE_SERVER=frankenphp
|
|
|
|
# Misc
|
|
BCRYPT_ROUNDS=12
|
|
VITE_APP_NAME="${APP_NAME}"
|
|
|
|
# Boot
|
|
RUN_MIGRATIONS=true
|