wip

2025-03-30 19:57:41 +02:00 · 2025-03-30 19:57:41 +02:00 · 097b3dbf09
commit 097b3dbf09
parent 6dd38036e7
34 changed files with 1719 additions and 520 deletions
--- a/config/settings.py
+++ b/config/settings.py
@ -10,50 +10,56 @@ class Config:
    SESSION_COOKIE_SECURE = True
    SESSION_COOKIE_HTTPONLY = True
    REMEMBER_COOKIE_DURATION = timedelta(days=14)
-    PERMANENT_SESSION_LIFETIME = timedelta(days=1)
+    MAX_CONTENT_LENGTH = 16 * 1024 * 1024  # 16 MB max upload
+    
+    # Security headers
+    SECURITY_HEADERS = {
+        'X-Content-Type-Options': 'nosniff',
+        'X-Frame-Options': 'SAMEORIGIN',
+        'X-XSS-Protection': '1; mode=block',
+        'Content-Security-Policy': "default-src 'self'; script-src 'self' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com 'unsafe-inline'; style-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.gstatic.com data:; img-src 'self' data:;"
+    }
    
    @staticmethod
    def init_app(app):
        pass

 class DevelopmentConfig(Config):
+    """Development config."""
    DEBUG = True
-    SESSION_COOKIE_SECURE = False
    SQLALCHEMY_DATABASE_URI = os.environ.get('DEV_DATABASE_URL') or \
-        'sqlite:///' + os.path.join(basedir, '..', 'instance', 'development.db')
+        'sqlite:///' + os.path.join(basedir, 'app-dev.db')
+    SESSION_COOKIE_SECURE = False

 class TestingConfig(Config):
+    """Testing config."""
    TESTING = True
    SQLALCHEMY_DATABASE_URI = os.environ.get('TEST_DATABASE_URL') or \
-        'sqlite:///' + os.path.join(basedir, '..', 'instance', 'testing.db')
+        'sqlite:///' + os.path.join(basedir, 'app-test.db')
    WTF_CSRF_ENABLED = False
+    SESSION_COOKIE_SECURE = False

 class ProductionConfig(Config):
+    """Production config."""
    SQLALCHEMY_DATABASE_URI = os.environ.get('DATABASE_URL') or \
-        'sqlite:///' + os.path.join(basedir, '..', 'instance', 'production.db')
-    
+        'postgresql://user:password@localhost/production'
+        
    @classmethod
    def init_app(cls, app):
        Config.init_app(app)
        
-        # Production-specific logging
+        # Log to stdout/stderr
        import logging
        from logging.handlers import RotatingFileHandler
-        log_dir = os.path.join(basedir, '..', 'logs')
-        os.makedirs(log_dir, exist_ok=True)
        
-        file_handler = RotatingFileHandler(
-            os.path.join(log_dir, 'app.log'),
-            maxBytes=10485760,  # 10MB
-            backupCount=10
-        )
+        file_handler = RotatingFileHandler('logs/netdocs.log', maxBytes=10240, backupCount=10)
        file_handler.setFormatter(logging.Formatter(
            '%(asctime)s %(levelname)s: %(message)s [in %(pathname)s:%(lineno)d]'
        ))
        file_handler.setLevel(logging.INFO)
        app.logger.addHandler(file_handler)
        app.logger.setLevel(logging.INFO)
-        app.logger.info('App startup')
+        app.logger.info('NetDocs startup')

 config = {
    'development': DevelopmentConfig,