# PostgreSQL Client Authentication Configuration
# Security-hardened for CatLink Production

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             postgres                                peer
local   links_db        links_user                              scram-sha-256

# IPv4 local connections:
host    links_db        links_user      127.0.0.1/32            scram-sha-256

# IPv6 local connections:
host    links_db        links_user      ::1/128                 scram-sha-256

# Docker network connections (текущая сеть links_default: 172.19.0.0/16)
host    links_db        links_user      172.19.0.0/16           scram-sha-256

# Новая защищенная сеть catlink-network: 172.20.0.0/16
host    links_db        links_user      172.20.0.0/16           scram-sha-256

# Deny all other connections
host    all             all             0.0.0.0/0               reject
host    all             all             ::/0                    reject