juanatsap
ea6ccf9cdd
Security enhancements: - Implement origin/referer validation middleware - Add rate limiting (3 requests/min per IP) - Default to production domain (juan.andres.morenorub.io) - Verify all protection mechanisms working correctly Documentation updates: - Update README to reflect personal portfolio nature - Remove template encouragement from README - Add verification status to API-PROTECTION.md - Document ALLOWED_ORIGINS configuration in .env.example Cleanup: - Remove templates.backup/ folder - Remove old test screenshots
39 lines
1020 B
Bash
39 lines
1020 B
Bash
# Environment Configuration Example
|
|
# Copy this file to .env and customize as needed
|
|
|
|
# Server Configuration
|
|
PORT=1999
|
|
HOST=localhost
|
|
GO_ENV=development
|
|
|
|
# Template Configuration
|
|
TEMPLATE_DIR=templates
|
|
PARTIALS_DIR=templates/partials
|
|
TEMPLATE_HOT_RELOAD=true
|
|
|
|
# Data Configuration
|
|
DATA_DIR=data
|
|
|
|
# Server Timeouts (seconds)
|
|
READ_TIMEOUT=15
|
|
WRITE_TIMEOUT=15
|
|
|
|
# Security Configuration
|
|
# Allowed origins for API access (comma-separated domains)
|
|
# Prevents external sites from accessing your API/PDF endpoint
|
|
#
|
|
# DEFAULT: If empty, defaults to juan.andres.morenorub.io (the CV site domain)
|
|
# Plus localhost and 127.0.0.1 are always allowed in development
|
|
#
|
|
# For custom domains in production: ALLOWED_ORIGINS=yourdomain.com,www.yourdomain.com
|
|
# Multiple domains: ALLOWED_ORIGINS=domain1.com,domain2.com,www.domain1.com
|
|
ALLOWED_ORIGINS=
|
|
|
|
# Production Settings
|
|
# Uncomment for production:
|
|
# GO_ENV=production
|
|
# TEMPLATE_HOT_RELOAD=false
|
|
# READ_TIMEOUT=30
|
|
# WRITE_TIMEOUT=30
|
|
# ALLOWED_ORIGINS=yourdomain.com,www.yourdomain.com
|