Josh Rogers
a1635218a8
Foundation for the upcoming email-based invite and password-reset flows. - IEmailSender abstraction with SmtpEmailSender (MailKit 4.16) and a LoggingEmailSender fallback used automatically when SMTP is unconfigured so local dev works without a real SMTP server. - Fixed-window rate limits keyed by remote IP: 10 / 15 min on /login, 5 / hour on /register. Returns 429 with Retry-After. Bypassed in the Testing environment so the existing integration suite is unaffected. - New env vars (SMTP_*, APP_BASE_URL) plumbed through docker-compose and documented in .env.example.
18 lines
596 B
Bash
18 lines
596 B
Bash
POSTGRES_PASSWORD=change-me-strong-password
|
|
JWT_SECRET=change-me-generate-a-random-64-char-string
|
|
FAMILY_CODE=your-family-invite-phrase
|
|
DOMAIN=yeschef.yourdomain.com
|
|
|
|
# SMTP — required for password reset and email-based invites.
|
|
# Leave SMTP_HOST empty to fall back to a logging sender (dev only;
|
|
# emails are logged instead of delivered).
|
|
SMTP_HOST=
|
|
SMTP_PORT=587
|
|
SMTP_USERNAME=
|
|
SMTP_PASSWORD=
|
|
SMTP_FROM_ADDRESS=no-reply@yourdomain.com
|
|
SMTP_FROM_NAME=YesChef
|
|
|
|
# Public base URL used to build links in outgoing emails. Defaults to https://${DOMAIN}.
|
|
APP_BASE_URL=https://yeschef.yourdomain.com
|