chore: add coverage reporting and improve documentation
All checks were successful
CI / lint-and-test (push) Successful in 19s
All checks were successful
CI / lint-and-test (push) Successful in 19s
- Added `pytest-cov` as a development dependency for coverage reporting. - Configured pytest to include coverage options, ensuring code coverage is reported and enforced. - Updated the README to include contributing guidelines and logging policies, enhancing clarity for developers. - Added a new section in the configuration documentation emphasizing the necessity of serving the application over HTTPS in production for security purposes. - Introduced a new `.coverage` file to track test coverage metrics.
This commit is contained in:
@@ -26,3 +26,7 @@ All configuration is read from the environment (e.g. `.env` via python-dotenv).
|
||||
3. For miniapp access, set `ALLOWED_USERNAMES` and/or `ADMIN_USERNAMES` (and optionally `ALLOWED_PHONES` / `ADMIN_PHONES`).
|
||||
|
||||
For Mini App URL and production deployment notes (reverse proxy, initData), see the [README](../README.md) Setup and Docker sections.
|
||||
|
||||
## Production: HTTPS
|
||||
|
||||
In production the application **must** be served over **HTTPS** (e.g. behind a reverse proxy such as nginx or Caddy with TLS). Without HTTPS, the Telegram Mini App initData and the calendar subscription token are sent in the clear; an attacker on the same network could capture them and gain access to the calendar or impersonate the user. Deploy the HTTP server behind a proxy that terminates TLS and forwards requests to the app.
|
||||
|
||||
Reference in New Issue
Block a user