e691b675cd
- Admin-Endpoint laedt die ZIP einmal von einer URL (z.B. Gitea-Release-Asset), speichert sie lokal; Kunden-Download bleibt token-/lizenzgeschuetzt. - Guards: Produkt/Version/URL-Pruefung, GITEA_BASE_URL-Restriktion, DNS-SSRF-Schutz, optional GITEA_TOKEN fuer private Repos, ZIP-Signatur + 50MB-Limit. - env-Beispiele + README + Tests. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
34 lines
1.3 KiB
Plaintext
34 lines
1.3 KiB
Plaintext
# Copy to .env and fill in. NEVER commit the real .env.
|
|
|
|
# Strong random token the n8n workflow (and you) use for admin endpoints.
|
|
# Generate e.g. with: openssl rand -hex 32
|
|
ADMIN_API_TOKEN=change-me-to-a-long-random-string
|
|
|
|
# Public port on the host (container always listens on 8080 internally).
|
|
PORT=8080
|
|
|
|
# Comma-separated product slugs to seed on boot ("slug:Display Name").
|
|
# Add a new entry here whenever you ship another plugin.
|
|
SEED_PRODUCTS=gdpr-content-blocker:GDPR Content Blocker
|
|
|
|
# Absolute, public base URL of this backend (behind your TLS reverse proxy).
|
|
# Used to build the package download links handed to WordPress.
|
|
PUBLIC_BASE_URL=https://hub.lucas-orth.de
|
|
|
|
# Secret for signing time-limited download tokens. Generate with:
|
|
# openssl rand -hex 32
|
|
# If left empty, ADMIN_API_TOKEN is used as a fallback.
|
|
DOWNLOAD_SECRET=
|
|
|
|
# Optional: for "release from URL" (POST /api/v1/releases/from-url).
|
|
# Restrict which host release ZIPs may be fetched from (recommended):
|
|
GITEA_BASE_URL=https://gitea.lucas-orth.de
|
|
# Token to download release assets from PRIVATE Gitea repos (leave empty if public):
|
|
GITEA_TOKEN=
|
|
|
|
# Name of the existing Docker network that Nginx Proxy Manager runs on, so NPM
|
|
# can reach this container as "license-backend:8080". Find it with:
|
|
# docker network ls
|
|
# Typical values: npm_default, nginxproxymanager_default, proxy
|
|
NPM_NETWORK=npm_default
|