feat: Implement CSRF protection and PostgreSQL support
- Added CSRF protection mechanism in the backend with utility functions for token management. - Introduced a new CSRF route to fetch the active CSRF token for SPA bootstrap flows. - Updated the auth routes to validate CSRF tokens on sensitive operations. - Configured PostgreSQL as a database option in the environment settings and Docker Compose. - Created a new SQLite configuration file for local development. - Enhanced the API client to automatically attach CSRF tokens to requests. - Updated various frontend components to utilize the new site origin utility for SEO purposes. - Modified Nginx configuration to improve redirection and SEO headers. - Added tests for CSRF token handling in the authentication routes.
This commit is contained in:
Your Name
@@ -56,6 +56,9 @@ SENTRY_ENVIRONMENT=production
|
||||
|
||||
# PostgreSQL (production) — leave empty to use SQLite
|
||||
DATABASE_URL=
|
||||
POSTGRES_DB=dociva
|
||||
POSTGRES_USER=dociva
|
||||
POSTGRES_PASSWORD=replace-with-strong-postgres-password
|
||||
|
||||
# Frontend
|
||||
VITE_SITE_DOMAIN=https://dociva.io
|
||||
|
||||
Reference in New Issue
Block a user