Add SMTP infrastructure + auth rate limiting
Foundation for the upcoming email-based invite and password-reset flows. - IEmailSender abstraction with SmtpEmailSender (MailKit 4.16) and a LoggingEmailSender fallback used automatically when SMTP is unconfigured so local dev works without a real SMTP server. - Fixed-window rate limits keyed by remote IP: 10 / 15 min on /login, 5 / hour on /register. Returns 429 with Retry-After. Bypassed in the Testing environment so the existing integration suite is unaffected. - New env vars (SMTP_*, APP_BASE_URL) plumbed through docker-compose and documented in .env.example.
This commit is contained in:
Josh Rogers
@@ -24,6 +24,13 @@ services:
|
||||
ConnectionStrings__DefaultConnection: "Host=postgres;Database=yeschef;Username=yeschef;Password=${POSTGRES_PASSWORD}"
|
||||
Jwt__Secret: ${JWT_SECRET}
|
||||
FamilyCode: ${FAMILY_CODE}
|
||||
Smtp__Host: ${SMTP_HOST:-}
|
||||
Smtp__Port: ${SMTP_PORT:-587}
|
||||
Smtp__Username: ${SMTP_USERNAME:-}
|
||||
Smtp__Password: ${SMTP_PASSWORD:-}
|
||||
Smtp__FromAddress: ${SMTP_FROM_ADDRESS:-}
|
||||
Smtp__FromName: ${SMTP_FROM_NAME:-YesChef}
|
||||
AppBaseUrl: ${APP_BASE_URL:-https://${DOMAIN}}
|
||||
expose:
|
||||
- "5000"
|
||||
depends_on:
|
||||
|
||||
Reference in New Issue
Block a user