Epic 3: Economy & Billing Engine (Pénzügyi Motor)

2026-03-08 23:15:52 +00:00
parent 8d25f44ec6
commit 4e40af8a08
69 changed files with 3758 additions and 72 deletions
--- a/backend/app/core/config.py
+++ b/backend/app/core/config.py
@@ -31,9 +31,22 @@ class Settings(BaseSettings):
    # --- Security / JWT ---
    SECRET_KEY: str = "NOT_SET_DANGER"
    ALGORITHM: str = "HS256"
-    ACCESS_TOKEN_EXPIRE_MINUTES: int = 30 
+    ACCESS_TOKEN_EXPIRE_MINUTES: int = 30
    REFRESH_TOKEN_EXPIRE_DAYS: int = 7

+    @field_validator('SECRET_KEY')
+    @classmethod
+    def validate_secret_key(cls, v: str, info) -> str:
+        """Ellenőrzi, hogy a SECRET_KEY ne legyen default érték éles környezetben."""
+        if v == "NOT_SET_DANGER" and not info.data.get("DEBUG", True):
+            raise ValueError(
+                "SECRET_KEY must be set in production environment. "
+                "Please set SECRET_KEY in .env file."
+            )
+        if not v or v.strip() == "":
+            raise ValueError("SECRET_KEY cannot be empty.")
+        return v
+
    # --- Initial Admin ---
    INITIAL_ADMIN_EMAIL: str = "admin@servicefinder.hu"
    INITIAL_ADMIN_PASSWORD: str = "Admin123!"
@@ -67,11 +80,39 @@ class Settings(BaseSettings):

    # --- External URLs ---
    FRONTEND_BASE_URL: str = "https://dev.profibot.hu"
-    BACKEND_CORS_ORIGINS: List[str] = [
-        "http://localhost:3001",
-        "https://dev.profibot.hu",
-        "http://192.168.100.10:3001"
-    ]
+    BACKEND_CORS_ORIGINS: List[str] = Field(
+        default=[
+            "http://localhost:3001",
+            "https://dev.profibot.hu"
+        ],
+        description="Comma-separated list of allowed CORS origins. Set via ALLOWED_ORIGINS environment variable."
+    )
+
+    @field_validator('BACKEND_CORS_ORIGINS', mode='before')
+    @classmethod
+    def parse_allowed_origins(cls, v: Any) -> List[str]:
+        """Parse ALLOWED_ORIGINS environment variable from comma-separated string to list."""
+        import os
+        env_val = os.getenv('ALLOWED_ORIGINS')
+        if env_val:
+            # parse environment variable
+            env_val = env_val.strip()
+            if env_val.startswith('"') and env_val.endswith('"'):
+                env_val = env_val[1:-1]
+            if env_val.startswith("'") and env_val.endswith("'"):
+                env_val = env_val[1:-1]
+            parts = [part.strip() for part in env_val.split(',') if part.strip()]
+            return parts
+        # if no env variable, fallback to default or provided value
+        if isinstance(v, str):
+            v = v.strip()
+            if v.startswith('"') and v.endswith('"'):
+                v = v[1:-1]
+            if v.startswith("'") and v.endswith("'"):
+                v = v[1:-1]
+            parts = [part.strip() for part in v.split(',') if part.strip()]
+            return parts
+        return v

    # --- Google OAuth ---
    GOOGLE_CLIENT_ID: str = ""