diff options
Diffstat (limited to 'README')
| -rw-r--r-- | README | 23 |
1 files changed, 10 insertions, 13 deletions
@@ -14,21 +14,18 @@ quick start (assumes POSIX) - python3 server.py - open http://127.0.0.1:8585/app -production configuration (gunicorn) +production service (gunicorn) - gunicorn server:app --bind 0.0.0.0:8585 --workers 4 --threads 8 --timeout 60 --graceful-timeout 30 --keep-alive 5 --access-logfile - --error-logfile - config - - SHIM_APP_NAME: ui/app name (default: shim) - - SHIM_BIND: bind address (default: 0.0.0.0) - - SHIM_PORT: port (default: 8585) - - SHIM_MOJICRYPT_BIN: mojicrypt path (default: ./vendor/mojicrypt) - - SHIM_COOKIE_SECURE: auto|true|false (default: auto) - - SHIM_ENFORCE_APP_REQUEST_GUARDS: false by default (set true only when proxy/host headers are correct) - - SHIM_SQLITE_TIMEOUT_SECONDS (default: 30.0) - - SHIM_SQLITE_BUSY_TIMEOUT_MS (default: 30000) - - SHIM_SQLITE_CACHE_SIZE_KIB (default: 32768) - - SHIM_SQLITE_MMAP_SIZE_BYTES (default: 268435456) - - SHIM_SQLITE_WAL_AUTOCHECKPOINT_PAGES (default: 1000) + - edit values directly in shim_app.py constants + - common constants: APP_NAME, BIND_HOST, PORT + - upload/session limits: SESSION_TTL_SECONDS, MAX_UPLOAD_BYTES, MAX_EXTRACTED_BYTES, MAX_EXTRACTED_FILES, MAX_FORM_MEMORY_SIZE + - sqlite tuning: SQLITE_TIMEOUT_SECONDS, SQLITE_BUSY_TIMEOUT_MS, SQLITE_CACHE_SIZE_KIB, SQLITE_MMAP_SIZE_BYTES, SQLITE_WAL_AUTOCHECKPOINT_PAGES + +env vars + - SECRET_KEY: external secret injection for production + - ENFORCE_APP_REQUEST_GUARDS: optional same-origin/csrf enforcement toggle for authenticated mutating /app/ requests security hardening - archive handling is restricted to common archive suffixes and secure extraction checks (no traversal, no symlinks/devices, file count cap, extracted size cap) @@ -42,7 +39,7 @@ security hardening - app shell responses include nonce-based CSP and additional security headers (frame/referrer/permissions/content-type protections) - sqlite hardening includes foreign key enforcement, extension loading disabled, trusted_schema off, and WAL-based runtime tuning - cookie handling uses httponly + samesite for session and active-site cookies, with secure flag applied automatically on https/proxied-https - - SHIM_ENFORCE_APP_REQUEST_GUARDS behavior + - ENFORCE_APP_REQUEST_GUARDS behavior - this is the only security toggle - when true: authenticated mutating requests under /app/ must pass same-origin verification and csrf token verification - when false: those same-origin/csrf request guards are skipped (useful behind some proxy/kubernetes setups) |