import secrets import sys from os import getenv from pathlib import Path from dotenv import load_dotenv load_dotenv() def _required(key: str) -> str: val = getenv(key) if not val: print(f"missing required env var: {key}", file=sys.stderr) sys.exit(1) return val # --- Auth --- AUTH_USERNAME: str = _required("AUTH_USERNAME") # argon2 hash of the password. Generate via: # python -c "from argon2 import PasswordHasher; print(PasswordHasher().hash(''))" AUTH_PASSWORD_HASH: str = _required("AUTH_PASSWORD_HASH") # Signs session cookies. If missing -> ephemeral random secret (invalidates sessions on restart). SESSION_SECRET: str = getenv("SESSION_SECRET") or secrets.token_urlsafe(48) SESSION_COOKIE_NAME: str = "lazyflat_session" SESSION_MAX_AGE_SECONDS: int = int(getenv("SESSION_MAX_AGE_SECONDS", str(60 * 60 * 24 * 7))) # When behind an HTTPS proxy (Coolify/Traefik) this MUST be true so cookies are Secure. COOKIE_SECURE: bool = getenv("COOKIE_SECURE", "true").lower() in ("true", "1", "yes", "on") # --- Internal service auth --- INTERNAL_API_KEY: str = _required("INTERNAL_API_KEY") # --- Apply service --- APPLY_URL: str = getenv("APPLY_URL", "http://apply:8000") APPLY_TIMEOUT: int = int(getenv("APPLY_TIMEOUT", "600")) # Circuit breaker: disable auto-apply after N consecutive apply failures. APPLY_FAILURE_THRESHOLD: int = int(getenv("APPLY_FAILURE_THRESHOLD", "3")) # --- Storage --- DATA_DIR: Path = Path(getenv("DATA_DIR", "/data")) DATA_DIR.mkdir(parents=True, exist_ok=True) DB_PATH: Path = DATA_DIR / "lazyflat.sqlite" # --- Rate limiting --- LOGIN_RATE_LIMIT: int = int(getenv("LOGIN_RATE_LIMIT", "5")) LOGIN_RATE_WINDOW_SECONDS: int = int(getenv("LOGIN_RATE_WINDOW_SECONDS", "900")) # --- Filter criteria (mirrored from original flat-alert) --- FILTER_ROOMS: list[float] = [float(r) for r in getenv("FILTER_ROOMS", "2.0,2.5").split(",") if r.strip()] FILTER_MAX_RENT: float = float(getenv("FILTER_MAX_RENT", "1500")) FILTER_MAX_MORNING_COMMUTE: float = float(getenv("FILTER_MAX_MORNING_COMMUTE", "50"))