feat: Implement service-to-service authentication, centralize environment configuration, and harden Docker security.

2026-01-29 19:41:59 -03:00
parent 5d85dc0714
commit 5075a2440d
6 changed files with 169 additions and 12 deletions
--- a/.env.example
+++ b/.env.example
@@ -0,0 +1,43 @@
+# ===================================================================
+# ControlPatente - Environment Configuration
+# ===================================================================
+# Copy this file to .env and configure the values before starting
+# 
+# IMPORTANT: Never commit .env to version control!
+# ===================================================================
+
+# --- Database Configuration ---
+DB_USER=postgres
+DB_PASSWORD=CHANGE_THIS_PASSWORD
+DB_NAME=controlpatente
+
+# --- Security Configuration (REQUIRED) ---
+
+# JWT Secret - REQUIRED for authentication
+# Generate with: node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
+JWT_SECRET=GENERATE_A_SECURE_64_CHARACTER_HEX_STRING_HERE
+
+# Admin password (optional - if not set, a random password will be generated)
+# ADMIN_PASSWORD=your_secure_admin_password
+
+# Allowed origins for CORS (comma-separated)
+# Default: http://localhost:5173
+ALLOWED_ORIGINS=http://localhost:5173,http://127.0.0.1:5173
+
+# Service-to-service API key (for ALPR -> Backend communication)
+# Generate with: node -e "console.log(require('crypto').randomBytes(24).toString('hex'))"
+SERVICE_API_KEY=GENERATE_A_SECURE_48_CHARACTER_HEX_STRING_HERE
+
+# --- Optional Configuration ---
+
+# Backend port (default: 3000)
+# PORT=3000
+
+# ALPR processing interval in seconds (default: 1.5)
+# PROCESS_INTERVAL=1.5
+
+# Dataset capture cooldown in seconds (default: 60)
+# DATASET_COOLDOWN=60
+
+# Number of OCR worker threads (default: 2)
+# OCR_WORKERS=2