Backup before security middleware removal

🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-17 07:24:34 +01:00 · 2025-09-22 11:47:09 +02:00
parent 361c016da4
commit a8fe7d6d29
2 changed files with 152 additions and 0 deletions
--- a/.env
+++ b/.env
@@ -0,0 +1,152 @@
+# ===================================
+# ENCLAVA MINIMAL CONFIGURATION
+# ===================================
+# Only essential environment variables that CANNOT have defaults
+# Other settings should be configurable through the app UI
+
+# ===================================
+# INFRASTRUCTURE (Required)
+# ===================================
+DATABASE_URL=postgresql://enclava_user:enclava_pass@enclava-postgres:5432/enclava_db
+REDIS_URL=redis://enclava-redis:6379
+
+# ===================================
+# SECURITY CRITICAL (Required)
+# ===================================
+JWT_SECRET=your-super-secret-jwt-key-here-change-in-production
+PRIVATEMODE_API_KEY=dfaea90e-df15-48d4-94ff-5ee243b846bb
+
+# Admin user (created on first startup only)
+ADMIN_EMAIL=admin@example.com
+ADMIN_PASSWORD=admin123
+API_RATE_LIMITING_ENABLED=false
+# ===================================
+# ADDITIONAL SECURITY SETTINGS (Optional but recommended)
+# ===================================
+# JWT Algorithm (default: HS256)
+# JWT_ALGORITHM=HS256
+
+# Token expiration times (in minutes)
+# ACCESS_TOKEN_EXPIRE_MINUTES=30
+# REFRESH_TOKEN_EXPIRE_MINUTES=10080
+# SESSION_EXPIRE_MINUTES=1440
+
+# API Key prefix (default: en_)
+# API_KEY_PREFIX=en_
+
+# Security thresholds (0.0-1.0)
+# API_SECURITY_RISK_THRESHOLD=0.8
+# API_SECURITY_WARNING_THRESHOLD=0.6
+# API_SECURITY_ANOMALY_THRESHOLD=0.7
+
+# IP security (comma-separated for multiple IPs)
+# API_BLOCKED_IPS=
+# API_ALLOWED_IPS=
+
+# ===================================
+# APPLICATION BASE URL (Required - derives all URLs and CORS)
+# ===================================
+BASE_URL=localhost
+# Frontend derives: APP_URL=http://localhost, API_URL=http://localhost, WS_URL=ws://localhost  
+# Backend derives: CORS_ORIGINS=["http://localhost"]
+
+# ===================================
+# DOCKER NETWORKING (Required for containers)
+# ===================================
+BACKEND_INTERNAL_PORT=8000
+FRONTEND_INTERNAL_PORT=3000
+# Hosts are fixed: enclava-backend, enclava-frontend
+# Upstreams derive: enclava-backend:8000, enclava-frontend:3000
+
+# ===================================
+# QDRANT (Required for RAG)
+# ===================================
+QDRANT_HOST=enclava-qdrant
+QDRANT_PORT=6333
+QDRANT_URL=http://enclava-qdrant:6333
+
+# ===================================
+# OPTIONAL PRIVATEMODE SETTINGS (Have defaults)
+# ===================================
+# PRIVATEMODE_CACHE_MODE=none  # Optional: defaults to 'none'
+# PRIVATEMODE_CACHE_SALT=      # Optional: defaults to empty
+
+# ===================================
+# OPTIONAL CONFIGURATION (All have sensible defaults)
+# ===================================
+
+# Application Settings
+# APP_NAME=Enclava
+# APP_DEBUG=false
+# APP_LOG_LEVEL=INFO
+# APP_HOST=0.0.0.0
+# APP_PORT=8000
+
+# Security Features
+API_SECURITY_ENABLED=false
+# API_THREAT_DETECTION_ENABLED=true
+# API_IP_REPUTATION_ENABLED=true
+# API_ANOMALY_DETECTION_ENABLED=true
+API_RATE_LIMITING_ENABLED=false
+# API_SECURITY_HEADERS_ENABLED=true
+
+# Content Security Policy
+# API_CSP_HEADER=default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'
+
+# Rate Limiting (requests per minute/hour)
+# API_RATE_LIMIT_AUTHENTICATED_PER_MINUTE=300
+# API_RATE_LIMIT_AUTHENTICATED_PER_HOUR=5000
+# API_RATE_LIMIT_API_KEY_PER_MINUTE=1000
+# API_RATE_LIMIT_API_KEY_PER_HOUR=20000
+# API_RATE_LIMIT_PREMIUM_PER_MINUTE=5000
+# API_RATE_LIMIT_PREMIUM_PER_HOUR=100000
+
+# Request Size Limits (in bytes)
+# API_MAX_REQUEST_BODY_SIZE=10485760  # 10MB
+# API_MAX_REQUEST_BODY_SIZE_PREMIUM=52428800  # 50MB
+# MAX_UPLOAD_SIZE=10485760  # 10MB
+
+# Monitoring
+# PROMETHEUS_ENABLED=true
+# PROMETHEUS_PORT=9090
+
+# Logging
+# LOG_FORMAT=json
+# LOG_LEVEL=INFO
+# LOG_LLM_PROMPTS=false
+
+# Module Configuration
+# MODULES_CONFIG_PATH=config/modules.yaml
+
+# Plugin Configuration
+# PLUGINS_DIR=/plugins
+# PLUGINS_CONFIG_PATH=config/plugins.yaml
+# PLUGIN_REPOSITORY_URL=https://plugins.enclava.com
+# PLUGIN_ENCRYPTION_KEY=
+
+# ===================================
+# RAG EMBEDDING ENHANCED SETTINGS
+# ===================================
+# Enhanced embedding service configuration
+RAG_EMBEDDING_MAX_REQUESTS_PER_MINUTE=60
+RAG_EMBEDDING_BATCH_SIZE=5
+RAG_EMBEDDING_RETRY_COUNT=3
+RAG_EMBEDDING_RETRY_DELAYS=1,2,4,8,16
+RAG_EMBEDDING_DELAY_BETWEEN_BATCHES=0.5
+
+# Fallback embedding behavior
+RAG_ALLOW_FALLBACK_EMBEDDINGS=true
+RAG_WARN_ON_FALLBACK=true
+
+# Processing timeouts (in seconds)
+RAG_DOCUMENT_PROCESSING_TIMEOUT=300
+RAG_EMBEDDING_GENERATION_TIMEOUT=120
+RAG_INDEXING_TIMEOUT=120
+
+# ===================================
+# SUMMARY
+# ===================================
+# Required: DATABASE_URL, REDIS_URL, JWT_SECRET, ADMIN_EMAIL, ADMIN_PASSWORD, BASE_URL
+# Recommended: PRIVATEMODE_API_KEY, QDRANT_HOST, QDRANT_PORT
+# Optional: All other settings have secure defaults
+# ===================================
--- a/backend/.env
+++ b/backend/.env