olly/mcma-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
356cd0077264acd95139d92e3a5a20f8d8f1ffff
mcma-backend/.env.example
T
Senko-san 14c1bc16e0
Docker Build & Publish / build (push) Successful in 1m8s
Details
Docker Build & Publish / push (push) Failing after 34s
Details
Docker Build & Publish / Prune old image versions (push) Has been skipped
Details
feat(auth): public self-service registration (ALLOW_REGISTRATION) 
Add POST /auth/register: creates a non-superuser then auto-logs in,
returning the same TokenResponse as login. Gated by the new
allow_registration setting (env ALLOW_REGISTRATION, default true);
when disabled it raises PermissionDeniedError (403). Accounts remain
admin-only for superusers.

Tests cover create+login, duplicate (409), short password (422), and
the disabled (403) path.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-10 14:06:52 +03:00

42 lines
1.5 KiB
Bash
Raw Blame History

# Copy to .env and adjust. Never commit real secrets.
# runtime
ENVIRONMENT=dev # dev | test | prod
LOG_LEVEL=INFO
LOG_JSON=false # true in prod
# database (async driver required)
DATABASE_URL=postgresql+asyncpg://mcma:mcma@localhost:5432/mcma
DB_ECHO=false
# redis (cache + arq broker)
REDIS_URL=redis://localhost:6379/0
# auth — GENERATE a strong secret for prod: `openssl rand -hex 32`
JWT_SECRET=change-me-in-prod
ACCESS_TOKEN_TTL_SECONDS=900
REFRESH_TOKEN_TTL_SECONDS=2592000
# Public self-service sign-up (POST /auth/register). Set to false to make
# accounts admin-only. Registered users are never superusers.
ALLOW_REGISTRATION=true
# subsonic — key that encrypts per-user Subsonic app-passwords at rest.
# GENERATE a strong secret for prod (`openssl rand -hex 32`); rotating it
# invalidates all stored app-passwords. NOTE: /rest must be served over HTTPS.
SUBSONIC_SECRET_KEY=change-me-subsonic-key
# media / storage
MEDIA_PATH=/data/media
TRANSCODE_CACHE_PATH=/data/transcode-cache
MAX_PARALLEL_DOWNLOADS=2
# sources — mounted folder the `local` source indexes (copies into MEDIA_PATH).
# Unset → the local source is not registered. Mount read-only in compose.
# LOCAL_MEDIA_IMPORT_PATH=/import
# external services (all optional — backend degrades gracefully if unset)
# ML_SERVICE_URL=http://ml:9000
# ACOUSTID_API_KEY=
MUSICBRAINZ_USER_AGENT=mcma-backend/0.1.0 ( https://github.com/your/repo )
# YOUTUBE_COOKIES_PATH=/data/cookies.txt
Reference in New Issue View Git Blame Copy Permalink