Update README.md

README.md

@@ -1,7 +1,42 @@
-TODO:
+Here is dummy ai explanation for you my friend
-
-UI changes and UX:
-
-onboarding:
-Pressing enter submits and goes to next step
 
+Stack
+Backend: Node + Fastify + Prisma (Postgres)
+Frontend: React + Vite
+Scheduler: separate worker container (cron tasks)
+Reverse proxy (prod)
+Default: Nginx (skymoneybudget.com.conf)
+Alternative: Caddy (Caddyfile.prod)
+API is under /api path
+Web is static from /var/www/skymoney/dist
+HTTPS + HSTS already configured in the prod config
+Required env vars (production)
+DATABASE_URL
+JWT_SECRET (32+ chars)
+COOKIE_SECRET (32+ chars)
+CORS_ORIGIN (set to https://skymoneybudget.com)
+Optional: COOKIE_DOMAIN=skymoneybudget.com
+Cookies + Security
+HttpOnly + Secure in prod
+CSRF protection required for non‑GET
+/auth/logout requires CSRF now
+Mutation endpoints rate‑limited
+Cron jobs
+rollover worker (6 AM user time)
+auto‑payment worker (9 AM user time)
+Jobs run every 15 minutes and only process users whose local time has reached the threshold
+DB / Prisma
+Postgres required
+Prisma migrations must be applied before running
+The app blocks default secrets in prod
+Build + deploy
+web/ builds to web/dist
+API runs on port 8080 internally (exposed as 8081 in compose)
+Nginx proxies /api to 127.0.0.1:8081
+Logs
+Prod logs are limited (PII reduced)
+Key logging: job success/failure counts
+Backups
+Scripts exist: backup.sh, restore.sh
+Restore requires admin DB privileges (created DB)
+Optional but recommended to test once