3e1865edbd
- Fix missing await on FocusGroup.get_messages() (N-L1) - Replace time.sleep with asyncio.sleep in key_theme_service and focus_group_service (N-P10) - Replace flask import with quart in focus_groups.py (N-S3) - Add logger.error before all 500 returns in focus_groups.py (N-P6) - Add logging to silent except blocks across routes (N-M10, N-M11) - Add @rate_limit to 6 remaining AI endpoints (N-H4) - Add --confirm flag to populate scripts before delete_many (S-H2) - Remove hardcoded Azure ID fallbacks from msal_service.py and msalConfig.ts (A-M2, F-H4) - Centralize make_serializable() in utils.py, remove duplicates from 3 route files (N-P7) - Replace all datetime.utcnow() with datetime.now(timezone.utc) across entire backend (M-L2) - AuthContext.tsx: only mark token validated on 200 success, not on non-401 errors (F-H2) - Rename authType → auth_type in auth.py (N-S4) - Add security_report.md and security_report.pdf with full 92-finding status Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
20 lines
582 B
Text
Executable file
20 lines
582 B
Text
Executable file
# MongoDB Configuration
|
|
MONGO_URI=mongodb://localhost:27017/semblance_db
|
|
|
|
# MongoDB auth (uncomment if your MongoDB requires authentication)
|
|
# MONGO_USER=admin
|
|
# MONGO_PASS=password
|
|
|
|
# App settings — DEBUG must be 0 in production
|
|
DEBUG=0
|
|
# Generate with: python3 -c "import secrets; print(secrets.token_hex(32))"
|
|
SECRET_KEY=REPLACE_WITH_RANDOM_SECRET
|
|
JWT_SECRET_KEY=REPLACE_WITH_RANDOM_SECRET
|
|
|
|
# AI API Keys
|
|
OPENAI_API_KEY=REPLACE_WITH_KEY
|
|
GEMINI_API_KEY=REPLACE_WITH_KEY
|
|
|
|
# Microsoft Azure (optional, for MS login)
|
|
# MSAL_TENANT_ID=your-tenant-id
|
|
# MSAL_CLIENT_ID=your-client-id
|