denshooter/cloudlense
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
cloudlense/.env.example
T
Dennis 1c545c93b4 feat: production hardening + smart subpage scanning with layout dedup 
Security:
- Add CRON_SECRET auth to /api/cron/* endpoints
- Add admin role verification to /api/admin/* routes
- Add org membership check to /api/billing/usage
- Add security headers (HSTS, X-Frame-Options, CSP, etc.)
- Add env variable validation at startup
- Add rate limiting to backend API (30 req/min per IP)

Infrastructure:
- Multi-stage Dockerfiles with non-root user + healthchecks
- Updated cron workflow to pass CRON_SECRET header
- Updated .env.example with all optional vars

Smart subpage scanning:
- Crawler now computes template_hash (DOM structure without content)
- Scanner scans ALL unique-layout pages, not just main page
- Pages with same layout (e.g. product pages) scanned only once
- Deduplication by template_hash, fallback to content_hash
- Main page always scanned with high priority
- Re-checks subscription limits before each page scan

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-03-06 07:44:32 +01:00

32 lines
1.4 KiB
Bash
Raw Permalink Blame History

# ============================================
# Website Monitoring — Environment Variables
# ============================================
# Copy this file to .env and fill in your values.
# Used by docker-compose and local development.
# ── PostgreSQL ──────────────────────────────
POSTGRES_USER=monitoring
POSTGRES_PASSWORD=monitoring_pass
POSTGRES_DB=monitoring
# ── Backend ─────────────────────────────────
PORT=5000
DATABASE_URL=postgresql://monitoring:monitoring_pass@localhost:5432/monitoring
CORS_ORIGIN=http://localhost:3000
# ── Frontend (Supabase) ────────────────────
NEXT_PUBLIC_SUPABASE_URL=https://your-project.supabase.co
NEXT_PUBLIC_SUPABASE_ANON_KEY=your-anon-key
SUPABASE_SERVICE_ROLE_KEY=your-service-role-key
# ── Security ────────────────────────────────
# Required in production: protects /api/cron/* endpoints
CRON_SECRET=generate-a-random-secret-here
# ── Optional Services ───────────────────────
# Email notifications (Resend — free tier: 3000 emails/mo)
RESEND_API_KEY=re_your_resend_key
# Lighthouse backend URL (for automated scans)
LIGHTHOUSE_SERVICE_URL=http://localhost:5000
Reference in New Issue View Git Blame Copy Permalink