bc9e2d3782
All checks were successful
Build and Push Docker Images / docker (push) Successful in 1m22s
CRITICAL SECURITY FIXES: - Add webhook secret validation to prevent signature bypass - Implement idempotency protection across all webhook handlers - Add atomic database updates to prevent race conditions - Improve CORS security with origin validation and logging - Remove .env from git tracking to protect secrets STRIPE INTEGRATION: - Add support for checkout.session.expired webhook event - Add Stripe publishable key to environment configuration - Fix webhook handlers with proper idempotency checks - Update Order model with atomic updatePaymentAndStatus method - Add comprehensive logging for webhook processing DEPLOYMENT ARCHITECTURE: - Split into two Docker images (frontend-latest, backend-latest) - Update CI/CD to build separate frontend and backend images - Configure backend on port 3801 (internal 3001) - Add production-ready docker-compose.yml - Remove redundant docker-compose.portainer.yml - Update nginx configuration for both frontend and backend DOCUMENTATION: - Add PRODUCTION-SETUP.md with complete deployment guide - Add docs/stripe-security-fixes.md with security audit details - Add docs/stripe-checkout-sessions.md with integration docs - Add docs/stripe-webhooks.md with webhook configuration - Update .env.example with all required variables including Stripe publishable key CONFIGURATION: - Consolidate to single .env.example template - Update .gitignore to protect all .env variants - Add server/Dockerfile for backend container - Update DEPLOYMENT.md with new architecture 🔒 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
52 lines
1.6 KiB
Plaintext
52 lines
1.6 KiB
Plaintext
# ========================================
|
|
# ENVIRONMENT VARIABLES TEMPLATE
|
|
# ========================================
|
|
# Copy this file to .env and fill in your actual values
|
|
# NEVER commit .env with real secrets to git!
|
|
|
|
# === Frontend Variables ===
|
|
VITE_API_BASE_URL=https://puffinoffset.com/api
|
|
VITE_WREN_API_TOKEN=your_wren_api_token_here
|
|
VITE_FORMSPREE_CONTACT_ID=your_formspree_contact_id
|
|
VITE_FORMSPREE_OFFSET_ID=your_formspree_offset_id
|
|
VITE_STRIPE_PUBLISHABLE_KEY=your_stripe_publishable_key_here
|
|
|
|
# === Backend Variables ===
|
|
NODE_ENV=production
|
|
PORT=3001
|
|
FRONTEND_URL=https://puffinoffset.com
|
|
|
|
# === Stripe Configuration ===
|
|
# Use sk_test_* keys for testing (no real charges)
|
|
# Use sk_live_* keys for production (real charges)
|
|
STRIPE_SECRET_KEY=your_stripe_secret_key_here
|
|
STRIPE_WEBHOOK_SECRET=your_stripe_webhook_secret_here
|
|
|
|
# === Wren API Configuration ===
|
|
WREN_API_TOKEN=your_wren_api_token_here
|
|
# Set to true for testing (no real offsets purchased)
|
|
# Set to false for production (real offsets purchased)
|
|
WREN_DRY_RUN=true
|
|
|
|
# === Database Configuration ===
|
|
DATABASE_PATH=/app/data/orders.db
|
|
|
|
# ========================================
|
|
# NOTES
|
|
# ========================================
|
|
#
|
|
# STRIPE TEST MODE:
|
|
# - Use sk_test_* and pk_test_* keys
|
|
# - Test card: 4242 4242 4242 4242 (any future date, any CVC)
|
|
# - No real money charged
|
|
#
|
|
# WREN DRY RUN:
|
|
# - WREN_DRY_RUN=true means no real carbon offsets purchased
|
|
# - Switch to false when ready for production
|
|
#
|
|
# PORT MAPPING:
|
|
# - PORT=3001 is the internal container port
|
|
# - Host exposes backend on port 3801 (3801:3001)
|
|
# - Frontend exposed on port 3800
|
|
#
|