Arnike/duty-teller
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 14 Wiki Activity
Files
7ba4771501ce0d91545d0dc99a8cef9f66f7c1a5
duty-teller/.env.example
Nikolay Tatarinov 7ba4771501
All checks were successful
CI / lint-and-test (push) Successful in 24s
Details
docs: update environment configuration and API documentation 
- Revised the `.env.example` file to clarify the purpose of the `MINI_APP_SKIP_AUTH` variable, emphasizing its insecure nature and restriction to development use only.
- Updated the `README.md` to reflect changes in API authentication requirements, specifying that unauthenticated access to `/api/duties` and `/api/calendar-events` is only allowed with `MINI_APP_SKIP_AUTH=1`.
- Enhanced `configuration.md` to detail the implications of using `MINI_APP_SKIP_AUTH` for API access without Telegram initData.
- Removed the `_is_private_client` function and its associated tests, streamlining the codebase and focusing on the current authentication model.
- Added logging in `run.py` to warn when `MINI_APP_SKIP_AUTH` is enabled, highlighting the security risks.
2026-02-21 15:13:39 +03:00

33 lines
1.2 KiB
Plaintext
Raw Blame History

BOT_TOKEN=your_bot_token_here
DATABASE_URL=sqlite:///data/duty_teller.db
MINI_APP_BASE_URL=
HTTP_PORT=8080
# Access: roles are assigned in the DB by an admin via /set_role. When a user has no role in DB,
# ADMIN_USERNAMES and ADMIN_PHONES act as fallback for admin only. ALLOWED_* are not used for access.
ALLOWED_USERNAMES=
ADMIN_USERNAMES=admin1,admin2
# Optional: admin fallback by phone (user sets phone via /set_phone). Comma-separated; digits only for comparison.
# ALLOWED_PHONES=
# ADMIN_PHONES=79001111111
# Dev only: set to 1 to allow /api/duties and /api/calendar-events without Telegram initData.
# Insecure — never use in production.
# MINI_APP_SKIP_AUTH=1
# Optional: URL of a public ICS calendar (e.g. holidays). Days from this calendar are highlighted on the duty grid; click "i" for summary.
# EXTERNAL_CALENDAR_ICS_URL=https://example.com/holidays.ics
# Timezone for the pinned duty message in groups (e.g. Europe/Moscow).
# DUTY_DISPLAY_TZ=Europe/Moscow
# Default UI language when user language is unknown: en or ru (default: en).
# DEFAULT_LANGUAGE=en
# Reject Telegram initData older than this (seconds). 0 = do not check (default).
# INIT_DATA_MAX_AGE_SECONDS=0
# Comma-separated CORS origins; leave unset for *.
# CORS_ORIGINS=
Reference in New Issue View Git Blame Copy Permalink