phil/Gondulf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d3c3e8dc6bc495befcc7310d9c3a4cf86a6131d8
Gondulf/.env.example
Phil Skentelbery 05b4ff7a6b feat(phase-3): implement token endpoint and OAuth 2.0 flow 
Phase 3 Implementation:
- Token service with secure token generation and validation
- Token endpoint (POST /token) with OAuth 2.0 compliance
- Database migration 003 for tokens table
- Authorization code validation and single-use enforcement

Phase 1 Updates:
- Enhanced CodeStore to support dict values with JSON serialization
- Maintains backward compatibility

Phase 2 Updates:
- Authorization codes now include PKCE fields, used flag, timestamps
- Complete metadata structure for token exchange

Security:
- 256-bit cryptographically secure tokens (secrets.token_urlsafe)
- SHA-256 hashed storage (no plaintext)
- Constant-time comparison for validation
- Single-use code enforcement with replay detection

Testing:
- 226 tests passing (100%)
- 87.27% coverage (exceeds 80% requirement)
- OAuth 2.0 compliance verified

This completes the v1.0.0 MVP with full IndieAuth authorization code flow.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-20 14:24:06 -07:00

39 lines
1.5 KiB
Plaintext
Raw Blame History

# Gondulf IndieAuth Server Configuration
# Copy this file to .env and fill in your values
# REQUIRED - Secret key for cryptographic operations
# Generate with: python -c "import secrets; print(secrets.token_urlsafe(32))"
GONDULF_SECRET_KEY=
# Database Configuration
# Default: sqlite:///./data/gondulf.db (relative to working directory)
# Production example: sqlite:////var/lib/gondulf/gondulf.db
GONDULF_DATABASE_URL=sqlite:///./data/gondulf.db
# SMTP Configuration for Email Verification
# Use port 587 with STARTTLS (most common) or port 465 for implicit TLS
GONDULF_SMTP_HOST=localhost
GONDULF_SMTP_PORT=587
GONDULF_SMTP_USERNAME=
GONDULF_SMTP_PASSWORD=
GONDULF_SMTP_FROM=noreply@example.com
GONDULF_SMTP_USE_TLS=true
# Token and Code Expiry (in seconds)
# GONDULF_TOKEN_EXPIRY: How long access tokens are valid (default: 3600 = 1 hour, min: 300, max: 86400)
# GONDULF_CODE_EXPIRY: How long authorization/verification codes are valid (default: 600 = 10 minutes)
GONDULF_TOKEN_EXPIRY=3600
GONDULF_CODE_EXPIRY=600
# Token Cleanup Configuration (Phase 3)
# GONDULF_TOKEN_CLEANUP_ENABLED: Enable automatic token cleanup (default: false - manual cleanup only in v1.0.0)
# GONDULF_TOKEN_CLEANUP_INTERVAL: Cleanup interval in seconds (default: 3600 = 1 hour, min: 600)
GONDULF_TOKEN_CLEANUP_ENABLED=false
GONDULF_TOKEN_CLEANUP_INTERVAL=3600
# Logging Configuration
# LOG_LEVEL: DEBUG, INFO, WARNING, ERROR, CRITICAL
# DEBUG: Enable debug mode (sets LOG_LEVEL to DEBUG if not specified)
GONDULF_LOG_LEVEL=INFO
GONDULF_DEBUG=false
Reference in New Issue View Git Blame Copy Permalink