feat: production deployment - full update with providers, admin, glossaries, pricing, tests
Major changes across backend, frontend, infrastructure: - Provider system with model selection (Google, DeepL, OpenAI, Ollama, Google Cloud) - Admin panel: user management, pricing, settings - Glossary system with CSV import/export - Subscription and tier quota management - Security hardening (rate limiting, API key auth, path traversal fixes) - Docker compose for dev, prod, and IONOS deployment - Alembic migrations for new tables - Frontend: dashboard, pricing page, landing page, i18n (en/fr) - Test suite and verification scripts Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
@@ -60,10 +60,8 @@ server {
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; connect-src 'self' ws: wss:;" always;
|
||||
|
||||
# API routes - proxy to backend
|
||||
# API routes - proxy to backend (preserve full path so FastAPI receives /api/v1/...)
|
||||
location /api/ {
|
||||
rewrite ^/api/(.*)$ /$1 break;
|
||||
|
||||
limit_req zone=api_limit burst=20 nodelay;
|
||||
limit_conn conn_limit 10;
|
||||
|
||||
@@ -75,10 +73,10 @@ server {
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Connection "";
|
||||
|
||||
# CORS headers for API
|
||||
add_header Access-Control-Allow-Origin $http_origin always;
|
||||
# CORS headers for API (Origin restricted to same-origin/localhost via map in nginx.conf)
|
||||
add_header Access-Control-Allow-Origin $cors_origin always;
|
||||
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
|
||||
add_header Access-Control-Allow-Headers "Authorization, Content-Type, X-Requested-With" always;
|
||||
add_header Access-Control-Allow-Headers "Authorization, Content-Type, X-Requested-With, X-API-Key" always;
|
||||
add_header Access-Control-Allow-Credentials "true" always;
|
||||
|
||||
if ($request_method = 'OPTIONS') {
|
||||
|
||||
@@ -58,6 +58,14 @@ http {
|
||||
limit_req_zone $binary_remote_addr zone=upload_limit:10m rate=2r/s;
|
||||
limit_conn_zone $binary_remote_addr zone=conn_limit:10m;
|
||||
|
||||
# CORS: allow same-origin only (and localhost for dev). Override in conf.d if you need multiple origins.
|
||||
map $http_origin $cors_origin {
|
||||
default "";
|
||||
"~^https?://$host(:[0-9]+)?$" $http_origin;
|
||||
"~^https?://127\.0\.0\.1(:[0-9]+)?$" $http_origin;
|
||||
"~^https?://localhost(:[0-9]+)?$" $http_origin;
|
||||
}
|
||||
|
||||
# Upstream definitions
|
||||
upstream backend {
|
||||
server backend:8000;
|
||||
|
||||
Reference in New Issue
Block a user