mirror of
https://github.com/DRYTRIX/TimeTracker.git
synced 2026-04-24 21:49:51 -05:00
Dries Peeters
3b564f83d7
BREAKING CHANGE: Removed legacy license server in favor of Stripe billing Major changes: - Remove license server system (563 lines removed from license_server.py) - Add multi-tenant support with organizations and memberships - Integrate Stripe billing and subscription management - Enhance authentication with 2FA, password reset, and JWT tokens - Add provisioning and onboarding flows for new customers - Implement row-level security (RLS) for data isolation - Add GDPR compliance features and data retention policies - Enhance admin dashboard with billing reconciliation and customer management - Add security scanning tools (Bandit, Gitleaks, GitHub Actions workflow) - Implement rate limiting and enhanced password policies - Update all routes to support organization context - Enhance user model with billing and security fields - Add promo code system for marketing campaigns - Update Docker initialization for better database setup Modified files: - Core: app.py, app/__init__.py, app/config.py - Models: Enhanced user model (+175 lines), updated all models for multi-tenancy - Routes: Enhanced admin routes (+479 lines), updated all routes for org context - Templates: Updated login, admin dashboard, and settings - Docker: Enhanced database initialization scripts - Dependencies: Added stripe, pyotp, pyjwt, and security packages Deleted files: - app/utils/license_server.py - docs/LICENSE_SERVER_*.md (3 files) - templates/admin/license_status.html - test_license_server.py New features: - Organizations and membership management - Stripe billing integration with webhook handling - Enhanced authentication (2FA, password reset, refresh tokens) - GDPR compliance and data export/deletion - Onboarding checklist for new customers - Promo code system - Security enhancements (rate limiting, password policies) - Admin tools for customer and billing management Net change: 46 files changed, 1490 insertions(+), 1968 deletions(-)
167 lines
6.4 KiB
Plaintext
167 lines
6.4 KiB
Plaintext
# ============================================================================
|
|
# TimeTracker Environment Configuration - TESTING
|
|
# ============================================================================
|
|
# Complete environment file for testing the TimeTracker application
|
|
# Fill in the TODO sections with your actual credentials
|
|
# Copy this file to .env before using: cp env.testing .env
|
|
# ============================================================================
|
|
|
|
# ----------------------------------------------------------------------------
|
|
# Flask Settings
|
|
# ----------------------------------------------------------------------------
|
|
SECRET_KEY=dev-test-secret-key-change-in-production-12345678
|
|
FLASK_ENV=development
|
|
FLASK_DEBUG=true
|
|
|
|
# ----------------------------------------------------------------------------
|
|
# Database Settings
|
|
# ----------------------------------------------------------------------------
|
|
DATABASE_URL=postgresql+psycopg2://timetracker:timetracker@db:5432/timetracker
|
|
POSTGRES_DB=timetracker
|
|
POSTGRES_USER=timetracker
|
|
POSTGRES_PASSWORD=timetracker
|
|
POSTGRES_HOST=db
|
|
|
|
# ----------------------------------------------------------------------------
|
|
# Session Settings
|
|
# ----------------------------------------------------------------------------
|
|
SESSION_COOKIE_SECURE=false
|
|
SESSION_COOKIE_HTTPONLY=true
|
|
PERMANENT_SESSION_LIFETIME=86400
|
|
REMEMBER_COOKIE_DAYS=365
|
|
REMEMBER_COOKIE_SECURE=false
|
|
|
|
# ----------------------------------------------------------------------------
|
|
# Application Settings
|
|
# ----------------------------------------------------------------------------
|
|
TZ=Europe/Brussels
|
|
CURRENCY=EUR
|
|
ROUNDING_MINUTES=1
|
|
SINGLE_ACTIVE_TIMER=true
|
|
IDLE_TIMEOUT_MINUTES=30
|
|
|
|
# ----------------------------------------------------------------------------
|
|
# User Management
|
|
# ----------------------------------------------------------------------------
|
|
ALLOW_SELF_REGISTER=true
|
|
ADMIN_USERNAMES=admin
|
|
|
|
# ----------------------------------------------------------------------------
|
|
# Authentication
|
|
# ----------------------------------------------------------------------------
|
|
# Options: local | oidc | both
|
|
AUTH_METHOD=local
|
|
|
|
# ----------------------------------------------------------------------------
|
|
# Rate Limiting
|
|
# ----------------------------------------------------------------------------
|
|
RATELIMIT_DEFAULT=200 per day;50 per hour
|
|
RATELIMIT_STORAGE_URI=memory://
|
|
|
|
# ----------------------------------------------------------------------------
|
|
# Email Configuration (SMTP)
|
|
# ----------------------------------------------------------------------------
|
|
# TODO: Fill in your SMTP credentials for email functionality
|
|
# For Gmail, generate an app password at: https://myaccount.google.com/apppasswords
|
|
SMTP_HOST=smtp.gmail.com
|
|
SMTP_PORT=587
|
|
SMTP_USERNAME=your-email@gmail.com
|
|
SMTP_PASSWORD=your-app-password-here
|
|
SMTP_USE_TLS=true
|
|
SMTP_FROM_EMAIL=noreply@timetracker.com
|
|
SMTP_FROM_NAME=TimeTracker
|
|
|
|
# Alternative SMTP providers:
|
|
# SendGrid:
|
|
# SMTP_HOST=smtp.sendgrid.net
|
|
# SMTP_PORT=587
|
|
# SMTP_USERNAME=apikey
|
|
# SMTP_PASSWORD=your-sendgrid-api-key
|
|
|
|
# ----------------------------------------------------------------------------
|
|
# Stripe Billing Configuration
|
|
# ----------------------------------------------------------------------------
|
|
# TODO: Get your test keys from: https://dashboard.stripe.com/apikeys
|
|
STRIPE_SECRET_KEY=sk_test_YOUR_SECRET_KEY_HERE
|
|
STRIPE_PUBLISHABLE_KEY=pk_test_YOUR_PUBLISHABLE_KEY_HERE
|
|
|
|
# TODO: Get webhook secret from running: stripe listen --forward-to localhost:5000/billing/webhooks/stripe
|
|
STRIPE_WEBHOOK_SECRET=whsec_YOUR_WEBHOOK_SECRET_HERE
|
|
|
|
# TODO: Create products in Stripe Dashboard and paste Price IDs here
|
|
# Single User Plan (€5/month)
|
|
STRIPE_SINGLE_USER_PRICE_ID=price_YOUR_SINGLE_USER_PRICE_ID
|
|
|
|
# Team Plan (€6/user/month)
|
|
STRIPE_TEAM_PRICE_ID=price_YOUR_TEAM_PRICE_ID
|
|
|
|
# Stripe Optional Settings
|
|
STRIPE_ENABLE_TRIALS=true
|
|
STRIPE_TRIAL_DAYS=14
|
|
STRIPE_ENABLE_PRORATION=true
|
|
STRIPE_TAX_BEHAVIOR=exclusive
|
|
|
|
# ----------------------------------------------------------------------------
|
|
# Backup Settings
|
|
# ----------------------------------------------------------------------------
|
|
BACKUP_RETENTION_DAYS=30
|
|
BACKUP_TIME=02:00
|
|
|
|
# ----------------------------------------------------------------------------
|
|
# File Upload Settings
|
|
# ----------------------------------------------------------------------------
|
|
MAX_CONTENT_LENGTH=16777216
|
|
UPLOAD_FOLDER=/data/uploads
|
|
|
|
# ----------------------------------------------------------------------------
|
|
# CSRF Protection
|
|
# ----------------------------------------------------------------------------
|
|
WTF_CSRF_ENABLED=false
|
|
WTF_CSRF_TIME_LIMIT=3600
|
|
|
|
# ----------------------------------------------------------------------------
|
|
# Logging
|
|
# ----------------------------------------------------------------------------
|
|
LOG_LEVEL=INFO
|
|
LOG_FILE=/data/logs/timetracker.log
|
|
|
|
# ============================================================================
|
|
# SETUP CHECKLIST
|
|
# ============================================================================
|
|
#
|
|
# ✅ 1. Database is configured (default PostgreSQL settings)
|
|
# ❌ 2. TODO: Configure SMTP settings (required for invitations/password reset)
|
|
# ❌ 3. TODO: Add Stripe API keys (required for billing)
|
|
# ❌ 4. TODO: Create Stripe products and add Price IDs
|
|
# ❌ 5. TODO: Run Stripe CLI for webhook testing
|
|
# ❌ 6. TODO: Run database migration:
|
|
# psql -U timetracker -d timetracker -f migrations/add_stripe_billing_fields.sql
|
|
#
|
|
# ============================================================================
|
|
# TESTING STRIPE
|
|
# ============================================================================
|
|
#
|
|
# Test Card Numbers (Test Mode Only):
|
|
# - Success: 4242 4242 4242 4242
|
|
# - Decline: 4000 0000 0000 0002
|
|
# - 3D Secure: 4000 0025 0000 3155
|
|
#
|
|
# Use any future expiry date (e.g., 12/34)
|
|
# Use any 3-digit CVC (e.g., 123)
|
|
# Use any ZIP code (e.g., 12345)
|
|
#
|
|
# Start webhook listener:
|
|
# stripe listen --forward-to localhost:5000/billing/webhooks/stripe
|
|
#
|
|
# ============================================================================
|
|
# SECURITY NOTES
|
|
# ============================================================================
|
|
#
|
|
# ⚠️ This is a TESTING configuration - do not use in production
|
|
# ⚠️ Never commit this file with real credentials to version control
|
|
# ⚠️ Generate a strong SECRET_KEY for production
|
|
# ⚠️ Use environment-specific configurations for production
|
|
#
|
|
# ============================================================================
|
|
|