production hardening

2026-03-29 01:51:42 +08:00
parent 3ce15d9762
commit c88bb5d2c4
19 changed files with 706 additions and 141 deletions
--- a/.env.example
+++ b/.env.example
@@ -9,6 +9,9 @@ DATABASE_URL="postgresql://postgres:postgres@localhost:5432/friendolls_dev?schem
 # Redis
 REDIS_HOST=localhost
 REDIS_PORT=6379
+REDIS_REQUIRED=false
+REDIS_CONNECT_TIMEOUT_MS=5000
+REDIS_STARTUP_RETRIES=10

 # JWT Configuration
 JWT_SECRET=replace-with-strong-random-secret
@@ -16,6 +19,11 @@ JWT_ISSUER=friendolls
 JWT_AUDIENCE=friendolls-api
 JWT_EXPIRES_IN_SECONDS=3600

+# Auth cleanup
+AUTH_CLEANUP_ENABLED=true
+AUTH_CLEANUP_INTERVAL_MS=900000
+AUTH_SESSION_REVOKED_RETENTION_DAYS=7
+
 # Google OAuth
 GOOGLE_CLIENT_ID="replace-with-google-client-id"
 GOOGLE_CLIENT_SECRET="replace-with-google-client-secret"