Lukas
1d91e24a88
Make MaxMind GeoLite2-Country MMDB the primary IP resolver (local, encrypted) and demote ip-api.com to optional fallback only (disabled by default). Changes: - Add geoip_allow_http_fallback config flag (default False) to Settings - Refactor GeoCache.lookup() and lookup_batch() to try MMDB first - Update startup.py to pass config flag and log security warning when HTTP enabled - Update all 49 tests to reflect new MMDB-primary strategy - Add comprehensive geoip configuration section to Backend-Development.md - Update Architekture.md to show MMDB + optional HTTP in system dependencies - Update .env.example with BANGUI_GEOIP_DB_PATH and HTTP fallback flag Security impact: - 99% of IP addresses (successful MMDB lookups) now stay local, encrypted - HTTP-only IPs are cached for 5 minutes to minimize external calls - Operators must explicitly enable HTTP fallback (security-conscious default) - GDPR/CCPA compliance: no PII sent over unencrypted networks by default Fixes TASK-030: Resolved plaintext IP transmission to ip-api.com Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
44 lines
2.0 KiB
Plaintext
44 lines
2.0 KiB
Plaintext
# ──────────────────────────────────────────────────────────────
|
|
# BanGUI — Environment Variables Template
|
|
# Copy this file to .env and fill in the values below
|
|
# ──────────────────────────────────────────────────────────────
|
|
|
|
# Session Secret (REQUIRED)
|
|
# Generate a secure random secret for session tokens.
|
|
# WARNING: Do not use the same secret across different environments.
|
|
# Generate with: python -c 'import secrets; print(secrets.token_hex(32))'
|
|
# Example value: a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
|
|
BANGUI_SESSION_SECRET=
|
|
|
|
# Timezone (optional, defaults to UTC)
|
|
# Use standard timezone names from the IANA Time Zone Database
|
|
# Examples: America/New_York, Europe/London, Asia/Tokyo, UTC
|
|
BANGUI_TIMEZONE=UTC
|
|
|
|
# Backend port (optional, defaults to 8000)
|
|
# When using docker-compose, this is the port on your host machine
|
|
BANGUI_BACKEND_PORT=8000
|
|
|
|
# Frontend port (optional, defaults to 5173)
|
|
# When using docker-compose, this is the port on your host machine
|
|
BANGUI_FRONTEND_PORT=5173
|
|
|
|
# Public port (optional, defaults to 8080)
|
|
# When using production compose, this is the public-facing port
|
|
BANGUI_PORT=8080
|
|
|
|
# IP Geolocation (optional)
|
|
# Path to MaxMind GeoLite2-Country MMDB database file (primary resolver).
|
|
# Download from: https://www.maxmind.com/en/geolite2/signup
|
|
# If not set, geolocation is disabled (or falls back to HTTP if enabled below).
|
|
# Example: /data/GeoLite2-Country.mmdb
|
|
BANGUI_GEOIP_DB_PATH=
|
|
|
|
# IP Geolocation HTTP Fallback (optional, defaults to false)
|
|
# ⚠️ SECURITY WARNING: Only enable if you cannot mount the MaxMind database.
|
|
# When enabled, unresolved IP addresses are sent unencrypted to ip-api.com.
|
|
# This is a privacy and GDPR/CCPA concern. Do NOT enable in production unless necessary.
|
|
# Set to "true" to enable (default is "false" for security).
|
|
BANGUI_GEOIP_ALLOW_HTTP_FALLBACK=false
|
|
|