Update README.md
This commit is contained in:
81
README.md
81
README.md
@@ -1,42 +1,43 @@
|
|||||||
Here is dummy ai explanation for you my friend
|
Here is dummy ai explanation for you my friend
|
||||||
|
|
||||||
Stack
|
##Stack
|
||||||
Backend: Node + Fastify + Prisma (Postgres)
|
* Backend: Node + Fastify + Prisma (Postgres)
|
||||||
Frontend: React + Vite
|
* Frontend: React + Vite
|
||||||
Scheduler: separate worker container (cron tasks)
|
* Scheduler: separate worker container (cron tasks)
|
||||||
Reverse proxy (prod)
|
* Reverse proxy (prod)
|
||||||
Default: Nginx (skymoneybudget.com.conf)
|
* Default: Nginx (skymoneybudget.com.conf)
|
||||||
Alternative: Caddy (Caddyfile.prod)
|
* Alternative: Caddy (Caddyfile.prod)
|
||||||
API is under /api path
|
* API is under /api path
|
||||||
Web is static from /var/www/skymoney/dist
|
* Web is static from /var/www/skymoney/dist
|
||||||
HTTPS + HSTS already configured in the prod config
|
* HTTPS + HSTS already configured in the prod config
|
||||||
Required env vars (production)
|
###Required env vars (production)
|
||||||
DATABASE_URL
|
* DATABASE_URL
|
||||||
JWT_SECRET (32+ chars)
|
* JWT_SECRET (32+ chars)
|
||||||
COOKIE_SECRET (32+ chars)
|
* COOKIE_SECRET (32+ chars)
|
||||||
CORS_ORIGIN (set to https://skymoneybudget.com)
|
* CORS_ORIGIN (set to https://skymoneybudget.com)
|
||||||
Optional: COOKIE_DOMAIN=skymoneybudget.com
|
* Optional: COOKIE_DOMAIN=skymoneybudget.com
|
||||||
Cookies + Security
|
* Cookies + Security
|
||||||
HttpOnly + Secure in prod
|
* HttpOnly + Secure in prod
|
||||||
CSRF protection required for non‑GET
|
* CSRF protection required for non‑GET
|
||||||
/auth/logout requires CSRF now
|
### Other Features
|
||||||
Mutation endpoints rate‑limited
|
* /auth/logout requires CSRF now
|
||||||
Cron jobs
|
* Mutation endpoints rate‑limited
|
||||||
rollover worker (6 AM user time)
|
* Cron jobs
|
||||||
auto‑payment worker (9 AM user time)
|
* rollover worker (6 AM user time)
|
||||||
Jobs run every 15 minutes and only process users whose local time has reached the threshold
|
* auto‑payment worker (9 AM user time)
|
||||||
DB / Prisma
|
* Jobs run every 15 minutes and only process users whose local time has reached the threshold
|
||||||
Postgres required
|
* DB / Prisma
|
||||||
Prisma migrations must be applied before running
|
* Postgres required
|
||||||
The app blocks default secrets in prod
|
* Prisma migrations must be applied before running
|
||||||
Build + deploy
|
* The app blocks default secrets in prod
|
||||||
web/ builds to web/dist
|
* Build + deploy
|
||||||
API runs on port 8080 internally (exposed as 8081 in compose)
|
* web/ builds to web/dist
|
||||||
Nginx proxies /api to 127.0.0.1:8081
|
* API runs on port 8080 internally (exposed as 8081 in compose)
|
||||||
Logs
|
* Nginx proxies /api to 127.0.0.1:8081
|
||||||
Prod logs are limited (PII reduced)
|
* Logs
|
||||||
Key logging: job success/failure counts
|
* Prod logs are limited (PII reduced)
|
||||||
Backups
|
* Key logging: job success/failure counts
|
||||||
Scripts exist: backup.sh, restore.sh
|
* Backups
|
||||||
Restore requires admin DB privileges (created DB)
|
* Scripts exist: backup.sh, restore.sh
|
||||||
Optional but recommended to test once
|
* Restore requires admin DB privileges (created DB)
|
||||||
|
* Optional but recommended to test once (tested, backup worked restore failed)
|
||||||
|
|||||||
Reference in New Issue
Block a user