43 lines
1.3 KiB
Markdown
43 lines
1.3 KiB
Markdown
Here is dummy ai explanation for you my friend
|
||
|
||
Stack
|
||
Backend: Node + Fastify + Prisma (Postgres)
|
||
Frontend: React + Vite
|
||
Scheduler: separate worker container (cron tasks)
|
||
Reverse proxy (prod)
|
||
Default: Nginx (skymoneybudget.com.conf)
|
||
Alternative: Caddy (Caddyfile.prod)
|
||
API is under /api path
|
||
Web is static from /var/www/skymoney/dist
|
||
HTTPS + HSTS already configured in the prod config
|
||
Required env vars (production)
|
||
DATABASE_URL
|
||
JWT_SECRET (32+ chars)
|
||
COOKIE_SECRET (32+ chars)
|
||
CORS_ORIGIN (set to https://skymoneybudget.com)
|
||
Optional: COOKIE_DOMAIN=skymoneybudget.com
|
||
Cookies + Security
|
||
HttpOnly + Secure in prod
|
||
CSRF protection required for non‑GET
|
||
/auth/logout requires CSRF now
|
||
Mutation endpoints rate‑limited
|
||
Cron jobs
|
||
rollover worker (6 AM user time)
|
||
auto‑payment worker (9 AM user time)
|
||
Jobs run every 15 minutes and only process users whose local time has reached the threshold
|
||
DB / Prisma
|
||
Postgres required
|
||
Prisma migrations must be applied before running
|
||
The app blocks default secrets in prod
|
||
Build + deploy
|
||
web/ builds to web/dist
|
||
API runs on port 8080 internally (exposed as 8081 in compose)
|
||
Nginx proxies /api to 127.0.0.1:8081
|
||
Logs
|
||
Prod logs are limited (PII reduced)
|
||
Key logging: job success/failure counts
|
||
Backups
|
||
Scripts exist: backup.sh, restore.sh
|
||
Restore requires admin DB privileges (created DB)
|
||
Optional but recommended to test once
|