96e6f4ee14
- New POST /api/auth/microsoft endpoint validates Azure ID token via JWKS - Removed POST /api/auth/login and /change-password - Added azure_oid + nullable password_hash to users (migration 0007) - Auto-provisions all @oliver.agency accounts on first SSO login - Case-insensitive email matching links existing vadymsamoilenko@ account - DEV_AUTH_BYPASS flag for local development without MSAL - Frontend: MSAL loginPopup replaces email/password form - Added scripts/grant_admin.py for role management Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
39 lines
1 KiB
Text
39 lines
1 KiB
Text
# Database
|
|
DB_PASSWORD=your_db_password
|
|
|
|
# JWT
|
|
SECRET_KEY=run-openssl-rand-hex-32-to-generate
|
|
|
|
# App
|
|
DEBUG=false
|
|
BASE_PATH=/cc-dashboard
|
|
APP_TITLE=CC Dashboard
|
|
LOG_FORMAT=json
|
|
|
|
# Azure AD SSO (Oliver tenant — shared)
|
|
AZURE_TENANT_ID=e519c2e6-bc6d-4fdf-8d9c-923c2f002385
|
|
AZURE_CLIENT_ID=9079054c-9620-4757-a256-23413042f1ef
|
|
ALLOWED_EMAIL_DOMAIN=oliver.agency
|
|
# Comma-separated emails that auto-receive admin role on first SSO login
|
|
ADMIN_EMAILS=vadymsamoilenko@oliver.agency
|
|
# Local dev only — set to true to skip SSO and auto-login as DEV_USER_EMAIL
|
|
DEV_AUTH_BYPASS=false
|
|
DEV_USER_EMAIL=vadymsamoilenko@oliver.agency
|
|
|
|
# Azure DevOps
|
|
ADO_ORGANIZATION=your-org
|
|
ADO_PROJECT=your-project
|
|
ADO_PAT=your-personal-access-token
|
|
ADO_SYNC_INTERVAL_MINUTES=15
|
|
|
|
# Mailgun
|
|
MAILGUN_API_KEY=your-mailgun-api-key
|
|
MAILGUN_DOMAIN=mg.yourdomain.com
|
|
MAILGUN_FROM=CC Dashboard <noreply@mg.yourdomain.com>
|
|
|
|
# AI Reports (Anthropic Claude)
|
|
ANTHROPIC_API_KEY=sk-ant-...
|
|
REPORT_EMAIL=you@example.com
|
|
DAILY_REPORT_HOUR=20
|
|
WEEKLY_REPORT_DAY=6
|
|
WEEKLY_REPORT_HOUR=21
|