Files
chicken_babies_site/.env.example
Phillip Tarrant 9a8506970c feat: phase 4 admin CMS — dashboard, editor, media, CSRF
Head Hen CMS end-to-end: dashboard lists all posts (drafts + published),
Markdown editor with live preview + drag-drop image upload, Pillow media
pipeline re-encoding every upload to JPEG, post CRUD + publish toggle +
hard delete, About page edit, and double-submit CSRF cookie enforced on
every admin mutating endpoint (Phase 3's TODO markers resolved).

Slug auto-generated on create and server-locked once a post has been
published. Unpublish preserves `published_at` so re-publish keeps
original date ordering. Every admin write invalidates the read-side
Post/Page TTL caches and records an `auth_events` audit row.

CSRF middleware is narrow by design — issues/refreshes the `cb_csrf`
cookie only on `GET /admin*`, and mutating endpoints opt in via
`require_csrf_form` or `require_csrf_header` Depends. Public routes,
healthz, and pre-auth login stay untouched.

64 new tests cover slugs, CSRF, media, admin posts/pages services, and
end-to-end CMS routes. Tests never mock the DB — real temp SQLite files
per the CLAUDE.md mandate.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-21 20:42:01 -05:00

59 lines
2.5 KiB
Plaintext

# ---------------------------------------------------------------------------
# Chicken Babies R Us — environment contract
#
# Copy this file to `.env` and fill in the real values locally. The .env file
# is gitignored. This file (.env.example) is the public contract and MUST
# contain only placeholder / safe-default values — never real secrets.
# ---------------------------------------------------------------------------
# --- Runtime mode -----------------------------------------------------------
# development | production
APP_ENV=development
# --- Signing / sessions -----------------------------------------------------
# itsdangerous signer for cookies / CSRF tokens.
# Generate locally with: python -c "import secrets; print(secrets.token_urlsafe(48))"
# The string below is a DEV-ONLY sentinel; the app refuses to start in
# production if SECRET_KEY still matches this value.
SECRET_KEY=dev-insecure-change-me
# --- Database ---------------------------------------------------------------
DATABASE_URL=sqlite:///data/app.db
# --- Media storage ----------------------------------------------------------
# Filesystem directory holding admin-uploaded images. Mounted publicly at
# /media by the app. Relative paths resolve against the process cwd.
MEDIA_ROOT=data/media
# --- Email (Resend) ---------------------------------------------------------
RESEND_API_KEY=
RESEND_FROM=no-reply@chickenbabies.example
# --- Admin allowlist / contact routing --------------------------------------
# Comma-separated list of emails allowed to request admin magic links.
ADMIN_EMAILS=
# Inbox that the public contact form messages get routed to.
ADMIN_CONTACT_EMAIL=
# --- hCaptcha ---------------------------------------------------------------
HCAPTCHA_SITE_KEY=
HCAPTCHA_SECRET=
# --- Reverse proxy / Uvicorn ------------------------------------------------
# Caddy's LAN IP (comma-separated allowed). Only headers from these IPs are
# trusted for X-Forwarded-For / X-Forwarded-Proto.
FORWARDED_ALLOW_IPS=127.0.0.1
# --- Session / auth tuning --------------------------------------------------
SESSION_MAX_DAYS=30
MAGIC_LINK_TTL_MIN=15
# --- Public URL for link construction --------------------------------------
# Absolute base URL (scheme+host+port) used to build outbound links such as
# the magic-link auth email. Override for production.
PUBLIC_BASE_URL=http://127.0.0.1:8000
# --- Build metadata ---------------------------------------------------------
# Injected at Docker build time. Surfaced by /healthz. Optional in dev.
GIT_COMMIT_SHA=unknown