This commit is contained in:
VPN SaaS Dev
@@ -16,11 +16,16 @@ class Settings(BaseSettings):
|
||||
cors_origins: str = ""
|
||||
internal_api_token: str = ""
|
||||
vapid_public_key: str = ""
|
||||
vapid_private_key: str = ""
|
||||
secret_key: str = ""
|
||||
redis_url: str = ""
|
||||
allow_dev_auth: bool = False
|
||||
ocr_provider: str = "tesseract"
|
||||
ocr_languages: str = "eng+rus+kor"
|
||||
llm_base_url: str = ""
|
||||
llm_model: str = ""
|
||||
admin_telegram_ids: str = ""
|
||||
admin_bootstrap_token: str = ""
|
||||
|
||||
model_config = SettingsConfigDict(env_file=".env", env_file_encoding="utf-8", extra="ignore")
|
||||
|
||||
@@ -36,6 +41,16 @@ class Settings(BaseSettings):
|
||||
def is_production(self) -> bool:
|
||||
return self.app_env.lower() == "production"
|
||||
|
||||
@property
|
||||
def admin_telegram_id_list(self) -> list[int]:
|
||||
values: list[int] = []
|
||||
for item in self.admin_telegram_ids.split(","):
|
||||
item = item.strip()
|
||||
if not item:
|
||||
continue
|
||||
values.append(int(item))
|
||||
return values
|
||||
|
||||
def validate_webapp_url_for_telegram(self) -> None:
|
||||
url = self.effective_webapp_url
|
||||
if self.is_production and not url.startswith("https://"):
|
||||
@@ -44,6 +59,25 @@ class Settings(BaseSettings):
|
||||
if self.is_production and any(item in url for item in forbidden):
|
||||
raise RuntimeError("Telegram Mini App URL must not use localhost, internal IP, or http://")
|
||||
|
||||
def validate_production_settings(self) -> None:
|
||||
if not self.is_production:
|
||||
return
|
||||
if self.allow_dev_auth:
|
||||
raise RuntimeError("ALLOW_DEV_AUTH must be false in production")
|
||||
if not self.bot_token or self.bot_token == "change-me":
|
||||
raise RuntimeError("BOT_TOKEN is required in production")
|
||||
if not self.internal_api_token or self.internal_api_token.startswith("change-"):
|
||||
raise RuntimeError("INTERNAL_API_TOKEN must be a real secret in production")
|
||||
if not self.secret_key or self.secret_key.startswith("change-"):
|
||||
raise RuntimeError("SECRET_KEY must be configured in production")
|
||||
if not self.redis_url:
|
||||
raise RuntimeError("REDIS_URL is required in production for rate limiting and queues")
|
||||
if bool(self.vapid_public_key) != bool(self.vapid_private_key):
|
||||
raise RuntimeError("VAPID_PUBLIC_KEY and VAPID_PRIVATE_KEY must be configured together")
|
||||
if not self.cors_origin_list:
|
||||
raise RuntimeError("CORS_ORIGINS is required in production")
|
||||
self.validate_webapp_url_for_telegram()
|
||||
|
||||
|
||||
@lru_cache
|
||||
def get_settings() -> Settings:
|
||||
|
||||
Reference in New Issue
Block a user