refactor: backend-authoritative team scope and config/input hardening

This commit is contained in:
zhom
2026-07-07 22:45:07 +04:00
parent 8162ad5a82
commit 78803ab289
6 changed files with 196 additions and 110 deletions
+9 -3
View File
@@ -1,9 +1,15 @@
SYNC_TOKEN=secret-sync-token
# REQUIRED: a long, random shared secret used to authenticate sync clients.
# Generate one, e.g.: openssl rand -hex 32
# The server refuses to start with this placeholder or a value shorter than 24 chars.
SYNC_TOKEN=CHANGE_ME_generate_a_long_random_secret
PORT=12342
# REQUIRED S3 / S3-compatible (e.g. MinIO) connection. No defaults are assumed —
# the server fails to start if endpoint / access key / secret key is missing.
S3_ENDPOINT=http://localhost:8987
S3_REGION=us-east-1
S3_ACCESS_KEY_ID=minioadmin
S3_SECRET_ACCESS_KEY=minioadmin
S3_ACCESS_KEY_ID=CHANGE_ME
S3_SECRET_ACCESS_KEY=CHANGE_ME
S3_BUCKET=donut-sync
S3_FORCE_PATH_STYLE=true