mirror of
https://github.com/johndoe6345789/metabuilder.git
synced 2026-05-02 09:45:00 +00:00
johndoe6345789
df5398a7ee
Complete implementation of enterprise-grade authentication middleware for email service: Features: - JWT token creation/validation with configurable expiration - Bearer token extraction and validation - Multi-tenant isolation enforced at middleware level - Role-based access control (RBAC) with user/admin roles - Row-level security (RLS) for resource access - Automatic request logging with user context and audit trail - CORS configuration for email client frontend - Rate limiting (50 req/min per user with Redis backend) - Comprehensive error handling with proper HTTP status codes Implementation: - Enhanced src/middleware/auth.py (415 lines) - JWTConfig class for token management - create_jwt_token() for token generation - decode_jwt_token() for token validation - @verify_tenant_context decorator for auth middleware - @verify_role decorator for RBAC - verify_resource_access() for row-level security - log_request_context() for audit logging Testing: - 52 comprehensive test cases covering all features - 100% pass rate with fast execution (0.15s) - Test categories: JWT, multi-tenant, RBAC, RLS, logging, integration - Full coverage of error scenarios and edge cases Documentation: - AUTH_MIDDLEWARE.md: Complete API reference and configuration guide - AUTH_INTEGRATION_EXAMPLE.py: Real-world usage examples for 5+ scenarios - PHASE_7_SUMMARY.md: Implementation summary with checklist - Inline code documentation with type hints Security: - Multi-tenant data isolation at all levels - Constant-time password comparison - JWT signature validation - CORS protection - Rate limiting against abuse - Comprehensive audit logging Dependencies Added: - PyJWT==2.8.1 Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
83 lines
3.1 KiB
Plaintext
83 lines
3.1 KiB
Plaintext
# Phase 8: Email Client Docker Compose Environment
|
|
# Copy this file to .env and update with your values
|
|
# WARNING: These are example values - change them in production!
|
|
|
|
# ============================================================================
|
|
# PostgreSQL Configuration
|
|
# ============================================================================
|
|
POSTGRES_USER=emailclient
|
|
POSTGRES_PASSWORD=emailclient_default_password
|
|
POSTGRES_DB=emailclient
|
|
|
|
# ============================================================================
|
|
# Redis Configuration
|
|
# ============================================================================
|
|
REDIS_PASSWORD=emailclient_default_password
|
|
REDIS_MAX_MEMORY=512mb
|
|
|
|
# ============================================================================
|
|
# Email Client Frontend Configuration
|
|
# ============================================================================
|
|
EMAILCLIENT_API_URL=http://localhost
|
|
EMAILCLIENT_WS_URL=ws://localhost
|
|
LOG_LEVEL=info
|
|
SESSION_SECRET=change_me_in_production_long_random_string
|
|
ENCRYPTION_KEY=change_me_in_production_long_random_string
|
|
CORS_ORIGINS=localhost:3000,localhost:80
|
|
|
|
# ============================================================================
|
|
# Email Service Configuration
|
|
# ============================================================================
|
|
FLASK_ENV=production
|
|
FLASK_DEBUG=0
|
|
EMAIL_SERVICE_SECRET=change_me_in_production_long_random_string
|
|
EMAIL_MAX_ATTACHMENT_SIZE=52428800
|
|
EMAIL_SYNC_INTERVAL=300
|
|
EMAIL_RATE_LIMIT=100
|
|
|
|
# ============================================================================
|
|
# Celery Configuration
|
|
# ============================================================================
|
|
CELERY_WORKER_CONCURRENCY=4
|
|
|
|
# ============================================================================
|
|
# Postfix SMTP Configuration
|
|
# ============================================================================
|
|
POSTFIX_ALLOWED_DOMAINS=example.com localhost
|
|
POSTFIX_HOSTNAME=emailclient.local
|
|
POSTFIX_MESSAGE_SIZE_LIMIT=52428800
|
|
POSTFIX_RECIPIENT_LIMIT=10000
|
|
|
|
# Optional: Configure relay through external SMTP (e.g., Gmail, SendGrid)
|
|
POSTFIX_RELAYHOST=
|
|
POSTFIX_RELAYHOST_USERNAME=
|
|
POSTFIX_RELAYHOST_PASSWORD=
|
|
|
|
# ============================================================================
|
|
# Dovecot IMAP/POP3 Configuration
|
|
# ============================================================================
|
|
# Dovecot runs as local mail server for testing/development
|
|
# In production, connect to existing mail servers via email_client schemas
|
|
|
|
# ============================================================================
|
|
# Production Secrets (CHANGE THESE!)
|
|
# ============================================================================
|
|
# Generate secure random values:
|
|
# date +%s | sha256sum | cut -c1-32
|
|
# openssl rand -hex 32
|
|
|
|
# Session secret for Next.js
|
|
# SESSION_SECRET=your_random_32_char_string
|
|
|
|
# Encryption key for sensitive data
|
|
# ENCRYPTION_KEY=your_random_32_char_string
|
|
|
|
# Email service secret for API validation
|
|
# EMAIL_SERVICE_SECRET=your_random_32_char_string
|
|
|
|
# PostgreSQL password
|
|
# POSTGRES_PASSWORD=your_secure_password_here
|
|
|
|
# Redis password
|
|
# REDIS_PASSWORD=your_secure_password_here
|