egg/DashBoard
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
Files
dd520641d1c1c92eba48f74dc4bbb70f4b2ee790
DashBoard/.env.example
beabigegg 858427352c security: 完成安全稽核修復與測試配置更新 
安全性改進:
- 新增 Session Cookie 安全設定 (SECURE, HTTPONLY, SAMESITE)
- 新增登入端點速率限制防止暴力破解攻擊 (5次/5分鐘)
- 將 dashboard_service 和 resource_service 的 print() 轉換為 logger
- 新增 CORS 環境變數配置範例

文件更新:
- README.md 新增使用者操作指南
- .gitignore 新增 Windows 特殊檔案 nul

測試修復:
- 修正壓力測試預設端口 (5000 → 8080)
- 修正壓力測試使用已發布頁面的標籤名稱
- 修正認證測試正確 mock LOCAL_AUTH_ENABLED

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-04 17:25:05 +08:00

153 lines
5.3 KiB
Plaintext
Raw Blame History

# ============================================================
# MES Dashboard Environment Configuration
# ============================================================
# Copy this file to .env and fill in your actual values:
# cp .env.example .env
# nano .env
# ============================================================
# ============================================================
# Database Configuration (REQUIRED)
# ============================================================
# Oracle Database connection settings
DB_HOST=your_database_host
DB_PORT=1521
DB_SERVICE=your_service_name
DB_USER=your_username
DB_PASSWORD=your_password
# Database Pool Settings (optional, has defaults)
# Adjust based on expected load
DB_POOL_SIZE=5 # Default: 5 (dev: 2, prod: 10)
DB_MAX_OVERFLOW=10 # Default: 10 (dev: 3, prod: 20)
# ============================================================
# Flask Configuration
# ============================================================
# Environment mode: development | production | testing
FLASK_ENV=development
# Debug mode: 0 for production, 1 for development
FLASK_DEBUG=0
# Session Security (REQUIRED for production!)
# Generate with: python -c "import secrets; print(secrets.token_hex(32))"
SECRET_KEY=your-secret-key-change-in-production
# Session timeout in seconds (default: 28800 = 8 hours)
SESSION_LIFETIME=28800
# ============================================================
# Authentication Configuration
# ============================================================
# LDAP API endpoint for user authentication
LDAP_API_URL=https://your-ldap-api-endpoint.example.com
# Admin email addresses (comma-separated for multiple)
ADMIN_EMAILS=admin@example.com
# Local Authentication (for development/testing)
# When enabled, uses local credentials instead of LDAP
# Set LOCAL_AUTH_ENABLED=true to bypass LDAP authentication
LOCAL_AUTH_ENABLED=false
LOCAL_AUTH_USERNAME=
LOCAL_AUTH_PASSWORD=
# ============================================================
# Gunicorn Configuration
# ============================================================
# Server bind address and port
GUNICORN_BIND=0.0.0.0:8080
# Number of worker processes (recommend: 2 * CPU cores + 1)
GUNICORN_WORKERS=2
# Threads per worker
GUNICORN_THREADS=4
# ============================================================
# Redis Configuration (for WIP cache)
# ============================================================
# Redis connection URL
REDIS_URL=redis://localhost:6379/0
# Enable/disable Redis cache (set to false to fallback to Oracle)
REDIS_ENABLED=true
# Redis key prefix (to separate from other applications)
REDIS_KEY_PREFIX=mes_wip
# Cache check interval in seconds (default: 600 = 10 minutes)
CACHE_CHECK_INTERVAL=600
# ============================================================
# Resource Cache Configuration
# ============================================================
# Enable/disable Resource cache (DW_MES_RESOURCE)
# When disabled, queries will fallback to Oracle directly
RESOURCE_CACHE_ENABLED=true
# Resource cache sync interval in seconds (default: 14400 = 4 hours)
# The cache will check for updates at this interval using MAX(LASTCHANGEDATE)
RESOURCE_SYNC_INTERVAL=14400
# ============================================================
# Circuit Breaker Configuration
# ============================================================
# Enable/disable circuit breaker for database protection
CIRCUIT_BREAKER_ENABLED=false
# Minimum failures before circuit can open
CIRCUIT_BREAKER_FAILURE_THRESHOLD=5
# Failure rate threshold (0.0 - 1.0)
CIRCUIT_BREAKER_FAILURE_RATE=0.5
# Seconds to wait in OPEN state before trying HALF_OPEN
CIRCUIT_BREAKER_RECOVERY_TIMEOUT=30
# Sliding window size for counting successes/failures
CIRCUIT_BREAKER_WINDOW_SIZE=10
# ============================================================
# Performance Metrics Configuration
# ============================================================
# Slow query threshold in seconds (default: 5.0)
# Note: Real-time Oracle views may take 2-5s per query, set threshold accordingly
SLOW_QUERY_THRESHOLD=5.0
# ============================================================
# SQLite Log Store Configuration
# ============================================================
# Enable/disable SQLite log store for admin dashboard
LOG_STORE_ENABLED=true
# SQLite database path
LOG_SQLITE_PATH=logs/admin_logs.sqlite
# Log retention period in days (default: 7)
LOG_SQLITE_RETENTION_DAYS=7
# Maximum log rows (default: 100000)
LOG_SQLITE_MAX_ROWS=100000
# ============================================================
# Worker Watchdog Configuration
# ============================================================
# Path to restart flag file (watchdog monitors this file)
WATCHDOG_RESTART_FLAG=/tmp/mes_dashboard_restart.flag
# Path to restart state file (stores last restart info)
WATCHDOG_STATE_FILE=/tmp/mes_dashboard_restart_state.json
# Cooldown period between restart requests in seconds (default: 60)
WORKER_RESTART_COOLDOWN=60
# ============================================================
# CORS Configuration
# ============================================================
# Comma-separated list of allowed origins for CORS
# Example: https://example.com,https://app.example.com
# Set to * for development (not recommended for production)
CORS_ALLOWED_ORIGINS=
Reference in New Issue View Git Blame Copy Permalink