44 lines
1.5 KiB
Markdown
44 lines
1.5 KiB
Markdown
Here is dummy ai explanation for you my friend
|
||
|
||
## Stack
|
||
* Backend: Node + Fastify + Prisma (Postgres)
|
||
* Frontend: React + Vite
|
||
* Scheduler: separate worker container (cron tasks)
|
||
* Reverse proxy (prod)
|
||
* Default: Nginx (skymoneybudget.com.conf)
|
||
* Alternative: Caddy (Caddyfile.prod)
|
||
* API is under /api path
|
||
* Web is static from /var/www/skymoney/dist
|
||
* HTTPS + HSTS already configured in the prod config
|
||
### Required env vars (production)
|
||
* DATABASE_URL
|
||
* JWT_SECRET (32+ chars)
|
||
* COOKIE_SECRET (32+ chars)
|
||
* CORS_ORIGIN (set to https://skymoneybudget.com)
|
||
* Optional: COOKIE_DOMAIN=skymoneybudget.com
|
||
* Cookies + Security
|
||
* HttpOnly + Secure in prod
|
||
* CSRF protection required for non‑GET
|
||
### Other Features
|
||
* /auth/logout requires CSRF now
|
||
* Mutation endpoints rate‑limited
|
||
* Cron jobs
|
||
* rollover worker (6 AM user time)
|
||
* auto‑payment worker (9 AM user time)
|
||
* Jobs run every 15 minutes and only process users whose local time has reached the threshold
|
||
* DB / Prisma
|
||
* Postgres required
|
||
* Prisma migrations must be applied before running
|
||
* The app blocks default secrets in prod
|
||
* Build + deploy
|
||
* web/ builds to web/dist
|
||
* API runs on port 8080 internally (exposed as 8081 in compose)
|
||
* Nginx proxies /api to 127.0.0.1:8081
|
||
* Logs
|
||
* Prod logs are limited (PII reduced)
|
||
* Key logging: job success/failure counts
|
||
* Backups
|
||
* Scripts exist: backup.sh, restore.sh
|
||
* Restore requires admin DB privileges (created DB)
|
||
* Optional but recommended to test once (tested, backup worked restore failed)
|