mirror of
https://github.com/DRYTRIX/TimeTracker.git
synced 2026-01-29 07:59:47 -06:00
3b564f83d7
BREAKING CHANGE: Removed legacy license server in favor of Stripe billing Major changes: - Remove license server system (563 lines removed from license_server.py) - Add multi-tenant support with organizations and memberships - Integrate Stripe billing and subscription management - Enhance authentication with 2FA, password reset, and JWT tokens - Add provisioning and onboarding flows for new customers - Implement row-level security (RLS) for data isolation - Add GDPR compliance features and data retention policies - Enhance admin dashboard with billing reconciliation and customer management - Add security scanning tools (Bandit, Gitleaks, GitHub Actions workflow) - Implement rate limiting and enhanced password policies - Update all routes to support organization context - Enhance user model with billing and security fields - Add promo code system for marketing campaigns - Update Docker initialization for better database setup Modified files: - Core: app.py, app/__init__.py, app/config.py - Models: Enhanced user model (+175 lines), updated all models for multi-tenancy - Routes: Enhanced admin routes (+479 lines), updated all routes for org context - Templates: Updated login, admin dashboard, and settings - Docker: Enhanced database initialization scripts - Dependencies: Added stripe, pyotp, pyjwt, and security packages Deleted files: - app/utils/license_server.py - docs/LICENSE_SERVER_*.md (3 files) - templates/admin/license_status.html - test_license_server.py New features: - Organizations and membership management - Stripe billing integration with webhook handling - Enhanced authentication (2FA, password reset, refresh tokens) - GDPR compliance and data export/deletion - Onboarding checklist for new customers - Promo code system - Security enhancements (rate limiting, password policies) - Admin tools for customer and billing management Net change: 46 files changed, 1490 insertions(+), 1968 deletions(-)
79 lines
2.9 KiB
Plaintext
79 lines
2.9 KiB
Plaintext
# ============================================================================
|
|
# Authentication & User Management Configuration
|
|
# ============================================================================
|
|
# Copy this to your .env file and configure for your environment
|
|
|
|
# ----------------------------------------------------------------------------
|
|
# Email Configuration (Required for invitations and password reset)
|
|
# ----------------------------------------------------------------------------
|
|
SMTP_HOST=smtp.gmail.com
|
|
SMTP_PORT=587
|
|
SMTP_USERNAME=your-email@gmail.com
|
|
SMTP_PASSWORD=your-app-password
|
|
SMTP_USE_TLS=true
|
|
SMTP_FROM_EMAIL=noreply@timetracker.com
|
|
SMTP_FROM_NAME=TimeTracker
|
|
|
|
# ----------------------------------------------------------------------------
|
|
# User Registration
|
|
# ----------------------------------------------------------------------------
|
|
# Allow users to self-register (true/false)
|
|
ALLOW_SELF_REGISTER=true
|
|
|
|
# Admin usernames (comma-separated)
|
|
ADMIN_USERNAMES=admin,superuser
|
|
|
|
# ----------------------------------------------------------------------------
|
|
# Session Configuration
|
|
# ----------------------------------------------------------------------------
|
|
# Session lifetime in seconds (default: 86400 = 24 hours)
|
|
PERMANENT_SESSION_LIFETIME=86400
|
|
|
|
# Remember cookie duration in days
|
|
REMEMBER_COOKIE_DAYS=365
|
|
|
|
# Secure cookies (set to true in production with HTTPS)
|
|
SESSION_COOKIE_SECURE=false
|
|
REMEMBER_COOKIE_SECURE=false
|
|
|
|
# ----------------------------------------------------------------------------
|
|
# Security
|
|
# ----------------------------------------------------------------------------
|
|
# IMPORTANT: Generate a strong random secret key for production
|
|
# Example: python -c "import secrets; print(secrets.token_hex(32))"
|
|
SECRET_KEY=dev-secret-key-change-in-production
|
|
|
|
# ----------------------------------------------------------------------------
|
|
# Authentication Method
|
|
# ----------------------------------------------------------------------------
|
|
# Options: local, oidc, both
|
|
AUTH_METHOD=local
|
|
|
|
# ----------------------------------------------------------------------------
|
|
# Rate Limiting
|
|
# ----------------------------------------------------------------------------
|
|
# Format: "count per period" separated by semicolons
|
|
RATELIMIT_DEFAULT=200 per day;50 per hour
|
|
|
|
# Rate limit storage (memory:// for single instance, redis:// for distributed)
|
|
RATELIMIT_STORAGE_URI=memory://
|
|
|
|
# ----------------------------------------------------------------------------
|
|
# Email Configuration Examples
|
|
# ----------------------------------------------------------------------------
|
|
|
|
# Gmail:
|
|
# SMTP_HOST=smtp.gmail.com
|
|
# SMTP_PORT=587
|
|
# SMTP_USERNAME=your-email@gmail.com
|
|
# SMTP_PASSWORD=your-app-password # Generate at https://myaccount.google.com/apppasswords
|
|
# SMTP_USE_TLS=true
|
|
|
|
# SendGrid:
|
|
# SMTP_HOST=smtp.sendgrid.net
|
|
# SMTP_PORT=587
|
|
# SMTP_USERNAME=apikey
|
|
# SMTP_PASSWORD=your-sendgrid-api-key
|
|
# SMTP_USE_TLS=true
|
|
|