Implement IP allowlisting for QR generation and enhance .env file handling
All checks were successful
Deploy Production (qr.crewsportswear.app) / deploy (push) Successful in 31s
All checks were successful
Deploy Production (qr.crewsportswear.app) / deploy (push) Successful in 31s
This commit is contained in:
Frank John Begornia
16
README.md
16
README.md
@@ -70,3 +70,19 @@ Notes:
|
||||
- Internal service port is `3000`
|
||||
- TLS uses Traefik Let's Encrypt via `tls.certresolver=le`
|
||||
- Includes HTTP -> HTTPS redirect via Traefik labels
|
||||
|
||||
## Restrict QR generation by IP
|
||||
|
||||
The `/api/qr` endpoints support IP allowlisting via environment variable.
|
||||
|
||||
- `ALLOWED_QR_IPS`: comma-separated list of allowed client IPs
|
||||
- `TRUST_PROXY`: keep this `true` behind Traefik so client IP is read from forwarded headers
|
||||
|
||||
Example `.env` values for production:
|
||||
|
||||
```env
|
||||
ALLOWED_QR_IPS=203.0.113.10,198.51.100.22
|
||||
TRUST_PROXY=true
|
||||
```
|
||||
|
||||
If `ALLOWED_QR_IPS` is empty, IP filtering is disabled.
|
||||
|
||||
Reference in New Issue
Block a user