Add SMTP infrastructure + auth rate limiting
Foundation for the upcoming email-based invite and password-reset flows. - IEmailSender abstraction with SmtpEmailSender (MailKit 4.16) and a LoggingEmailSender fallback used automatically when SMTP is unconfigured so local dev works without a real SMTP server. - Fixed-window rate limits keyed by remote IP: 10 / 15 min on /login, 5 / hour on /register. Returns 429 with Retry-After. Bypassed in the Testing environment so the existing integration suite is unaffected. - New env vars (SMTP_*, APP_BASE_URL) plumbed through docker-compose and documented in .env.example.
This commit is contained in:
Josh Rogers
@@ -2,3 +2,16 @@ POSTGRES_PASSWORD=change-me-strong-password
|
||||
JWT_SECRET=change-me-generate-a-random-64-char-string
|
||||
FAMILY_CODE=your-family-invite-phrase
|
||||
DOMAIN=yeschef.yourdomain.com
|
||||
|
||||
# SMTP — required for password reset and email-based invites.
|
||||
# Leave SMTP_HOST empty to fall back to a logging sender (dev only;
|
||||
# emails are logged instead of delivered).
|
||||
SMTP_HOST=
|
||||
SMTP_PORT=587
|
||||
SMTP_USERNAME=
|
||||
SMTP_PASSWORD=
|
||||
SMTP_FROM_ADDRESS=no-reply@yourdomain.com
|
||||
SMTP_FROM_NAME=YesChef
|
||||
|
||||
# Public base URL used to build links in outgoing emails. Defaults to https://${DOMAIN}.
|
||||
APP_BASE_URL=https://yeschef.yourdomain.com
|
||||
|
||||
Reference in New Issue
Block a user