2026-06-16 16:55:25 -04:00
2 changed files with 8 additions and 1 deletions
@@ -109,7 +109,7 @@ SLMM feed; every route resolves the client through one swappable
 - Each project's client portal is now gated by a **secure per-project link + shared password** (argon2-hashed). Operators manage it from the project page's **Portal access** panel (enable, generate password, copy link).
 - Per-project session isolation (a session for one project can't read another's data); brute-force lockout (5 tries / 15 min) on the password gate.
 - Retired the interim magic-link / `PORTAL_OPEN_LINKS` open links and the `portal_admin.py mint-link` command.
- **Upgrade:** run `python3 backend/migrate_add_project_portal_auth.py` per DB. Set `COOKIE_SECURE=true` once served over HTTPS.
+- **Upgrade:** new `argon2-cffi` dependency → **rebuild the image**, then run `python3 backend/migrate_add_project_portal_auth.py` per DB (adds the `projects.portal_*` columns). `SECRET_KEY` and `COOKIE_SECURE` are now passed through in `docker-compose.yml` (settable via a `.env` file) — set a real `SECRET_KEY` (and `COOKIE_SECURE=true` once on HTTPS) before the portal faces the internet.
 ---
@@ -11,6 +11,13 @@ services:
      - ENVIRONMENT=production
      - SLMM_BASE_URL=http://host.docker.internal:8100
      - SFM_BASE_URL=http://sfm:8200
      # Client-portal session-cookie signing. Set SECRET_KEY to a real secret (e.g.
      # in a .env file beside this compose) BEFORE the portal faces the internet —
      # the dev default is public/forgeable and logs a warning at boot. Set
      # COOKIE_SECURE=true once served over HTTPS (leave false on plain HTTP, or the
      # browser won't send the cookie and the portal breaks).
      - SECRET_KEY=${SECRET_KEY:-dev-insecure-change-me}
      - COOKIE_SECURE=${COOKIE_SECURE:-false}
      # Display timezone for server logs + any text-rendered timestamps.
      # DB columns are stored UTC regardless; this only affects what
      # operators see.  Override here for non-US-East deployments.