-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
282 lines (211 loc) · 9.42 KB
/
.env.example
File metadata and controls
282 lines (211 loc) · 9.42 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
# Database Configuration
# ====================
# These environment variables are required for the trackers application
# to connect to the PostgreSQL database.
# Clever Cloud PostgreSQL Addon Variables (Production)
# ====================================================
# These are automatically set by Clever Cloud when you add a PostgreSQL addon
# PostgreSQL server host
POSTGRESQL_ADDON_HOST=localhost
# Database username
POSTGRESQL_ADDON_USER=postgres
# Database password
POSTGRESQL_ADDON_PASSWORD=postgres
# Database name
POSTGRESQL_ADDON_DB=trackers
# Database port
POSTGRESQL_ADDON_PORT=5432
# Alternative Local Development Variables (Fallback)
# ==================================================
# These can be used for local development if you prefer the old format
# The application will use Clever Cloud variables first, then fall back to these
# PostgreSQL server host
# For local development with Docker: localhost
# For Docker Compose services: postgres-test
# DB_HOST=localhost
# Database username
# Default PostgreSQL user in docker-compose.test.yml: postgres
# DB_USER=postgres
# Database password
# Default PostgreSQL password in docker-compose.test.yml: postgres
# DB_PASSWORD=postgres
# Database name
# The application will use this as the base database name
# Test database will automatically append "_test" (e.g., trackers_test)
# DB_NAME=trackers
# Database port (optional, defaults to 5432)
# DB_PORT=5432
# Database SSL mode (optional, defaults to auto)
# Values: disable, allow, prefer, require, verify-ca, verify-full, auto
# - auto: automatically detects production (require) vs development (prefer)
# - disable: no SSL connection
# - prefer: use SSL if available, but don't require it (good for local dev)
# - require: require SSL connection (good for production)
# DB_SSL_MODE=auto
# Flask Application Configuration
# ===============================
# Optional Flask configuration variables
# Flask server host (default: 0.0.0.0)
FLASK_HOST=0.0.0.0
# Flask server port (default: 5000)
FLASK_PORT=5000
# Flask debug mode (default: true)
# Set to false for production
FLASK_DEBUG=true
# Flask environment (development, staging, production)
FLASK_ENV=development
# Google OAuth Configuration
# ===========================
# Configure Google OAuth 2.0 authentication
# Google OAuth Client ID (required)
# Get this from Google Cloud Console > APIs & Services > Credentials
GOOGLE_CLIENT_ID=your-google-client-id.apps.googleusercontent.com
# Google OAuth Client Secret (required)
# Get this from Google Cloud Console > APIs & Services > Credentials
GOOGLE_CLIENT_SECRET=your-google-client-secret
# Google OAuth Redirect URI (required)
# Must match exactly what's configured in Google Cloud Console
# For development: http://localhost:5000/auth/google/callback
# For production: https://your-domain.com/auth/google/callback
GOOGLE_REDIRECT_URI=http://localhost:5000/auth/google/callback
# External API Configuration for Job Scheduling
# ==============================================
# Configure API keys for external data sources used by automated jobs
# Alpha Vantage API Key (for stock price jobs)
# Get this from https://www.alphavantage.co/support/#api-key
# Required for stock job providers to fetch real-time and historical stock data
ALPHA_VANTAGE_API_KEY=your-alpha-vantage-api-key-here
# Other external API keys can be added here as needed
# YAHOO_FINANCE_API_KEY=your-yahoo-finance-key
# IEX_CLOUD_API_KEY=your-iex-cloud-key
# API Key Security Configuration
# ==============================
# Configure API key authentication for the application
# General API keys (comma-separated)
# Use this for development or when not using environment-specific keys
# API_KEYS=your-secret-api-key-here,another-key-here
# Environment-specific API keys (recommended for production)
# These take precedence over general API_KEYS
# API_KEYS_DEVELOPMENT=dev-key-1,dev-key-2
# API_KEYS_STAGING=staging-key-1,staging-key-2
# API_KEYS_PRODUCTION=prod-key-1,prod-key-2
# Alternative environment-specific format
# DEVELOPMENT_API_KEYS=dev-key-1,dev-key-2
# STAGING_API_KEYS=staging-key-1,staging-key-2
# PRODUCTION_API_KEYS=prod-key-1,prod-key-2
# Production Security Settings
# ============================
# Enable automatic API key rotation (default: true)
# Set to false to disable key reloading from environment
ENABLE_API_KEY_ROTATION=true
# Key reload interval in seconds (default: 300 = 5 minutes)
# How often to check for updated API keys in environment variables
API_KEY_RELOAD_INTERVAL=300
# Trust proxy headers for IP extraction (auto-enabled in production/staging)
# Set to true if behind reverse proxy or load balancer
TRUST_PROXY_HEADERS=false
# Require HTTPS connections (auto-enabled in production)
# Set to true to reject HTTP requests
REQUIRE_HTTPS=false
# Maximum API key age in hours (optional)
# Set to enforce key rotation policies
# MAX_API_KEY_AGE_HOURS=168
# Route Protection Configuration
# ==============================
# Custom protected routes (comma-separated patterns)
# Default: /api/*,/trackers/*,/tracker-values/*,/add_tracker
# PROTECTED_ROUTES=/api/*,/custom/*
# Custom public routes (comma-separated patterns)
# Default: /health,/health/*,/status,/ping,/hello
# PUBLIC_ROUTES=/health,/status,/custom-public
# Setup Instructions
# ==================
# 1. Copy this file to .env:
# cp .env.example .env
# 2. Edit .env with your actual database credentials if different from defaults
# 3. Configure API key authentication:
# - For development: Set API_KEYS with comma-separated keys
# - For production: Set environment-specific keys (API_KEYS_PRODUCTION)
# - Generate secure keys using: scripts/generate-api-key.py
# 4. For Clever Cloud deployment:
# - The POSTGRESQL_ADDON_* variables are automatically set by Clever Cloud
# - Set API_KEYS_PRODUCTION in Clever Cloud environment variables
# - FLASK_ENV will be automatically set to "production"
# 5. For local development with Docker Compose:
# docker compose -f docker-compose.test.yml up -d
#
# Or use the helper script:
# ./scripts/test-db.sh start
# 6. Run the Flask application:
# uv run trackers-app
#
# Or alternatively:
# uv run python main.py
# uv run python run.py
# 7. Run tests:
# pytest
# 8. Stop the test database when done:
# docker compose -f docker-compose.test.yml down
#
# Or use the helper script:
# ./scripts/test-db.sh stop
# Test Database Details
# =====================
# The test infrastructure automatically:
# - Creates a test database named {DB_NAME}_test (e.g., trackers_test)
# - Applies all schema definitions from SQLAlchemy models
# - Provides isolated database sessions for each test
# - Rolls back transactions after each test for clean state
# - Preserves the test database after test runs for inspection
# The test database is separate from your development database,
# ensuring tests never interfere with development data.
# Production Deployment Notes
# ===========================
# Environment Detection:
# - The application automatically detects production environments
# - FLASK_ENV=production enables production security features
# - Proxy headers are automatically trusted in production/staging
# Security Features Enabled in Production:
# - HTTPS requirement enforcement
# - Proxy header trust for accurate IP logging
# - Enhanced security metrics logging
# - Automatic key rotation support
# - Production readiness validation
# Load Balancer Compatibility:
# - Supports standard proxy headers (X-Forwarded-For, X-Real-IP, etc.)
# - Handles multiple proxy hops correctly
# - Compatible with Cloudflare, AWS ALB, nginx, Apache
# Horizontal Scaling:
# - Stateless authentication (no server-side sessions)
# - Environment-based configuration (no file dependencies)
# - Thread-safe key reloading
# - Consistent behavior across multiple instances
# Troubleshooting
# ===============
# If you see "MISSING REQUIRED ENVIRONMENT VARIABLES" error:
# - For Clever Cloud: Ensure PostgreSQL addon is properly configured
# - For local development: Ensure you've created a .env file from this template
# - Verify all required variables are set (either POSTGRESQL_ADDON_* or DB_*)
# - Check that the .env file is in the project root directory
# If you see connection errors:
# - For Clever Cloud: Check addon status in Clever Cloud console
# - For local development: Verify PostgreSQL is running
# - Check the database is healthy: docker compose -f docker-compose.test.yml logs
# - Ensure port is not already in use by another PostgreSQL instance
# If you see permission errors:
# - For Clever Cloud: Contact Clever Cloud support
# - For local development: Verify the database user has CREATE DATABASE privileges
# - For Docker setup, the default postgres user has all necessary privileges
# If tests fail with "database already exists" errors:
# - The test infrastructure handles this automatically by dropping and recreating
# - If issues persist, manually clean up: ./scripts/test-db.sh clean
# If API authentication is not working:
# - Check that API_KEYS or environment-specific keys are set
# - Verify keys meet minimum security requirements (16+ characters)
# - Check application logs for security system initialization messages
# - Test with curl: curl -H "Authorization: Bearer your-key" http://localhost:5000/api/trackers
# If behind reverse proxy/load balancer:
# - Set TRUST_PROXY_HEADERS=true
# - Verify proxy is sending correct headers (X-Forwarded-For, etc.)
# - Check logs for accurate IP addresses
# - For production, proxy headers are automatically trusted