inital

config/__init__.py

@@ -0,0 +1,21 @@
+"""Configuration package."""
+import os
+from config.base import BaseConfig
+from config.development import DevelopmentConfig
+from config.testing import TestingConfig
+from config.production import ProductionConfig
+
+
+config_by_name = {
+    "development": DevelopmentConfig,
+    "testing": TestingConfig,
+    "production": ProductionConfig,
+    "default": DevelopmentConfig,
+}
+
+
+def get_config(config_name=None):
+    """Get configuration object based on environment."""
+    if config_name is None:
+        config_name = os.getenv("FLASK_ENV", "development")
+    return config_by_name.get(config_name, DevelopmentConfig)

config/base.py

@@ -0,0 +1,72 @@
+"""Base configuration for all environments."""
+import os
+from datetime import timedelta
+
+
+class BaseConfig:
+    """Base configuration class with common settings."""
+
+    # Application
+    SECRET_KEY = os.getenv("SECRET_KEY", "dev-secret-key-change-in-production")
+    DEBUG = False
+    TESTING = False
+
+    # Database
+    SQLALCHEMY_DATABASE_URI = os.getenv(
+        "DATABASE_URL", "postgresql://postgres:postgres@localhost:5432/authy2"
+    )
+    SQLALCHEMY_TRACK_MODIFICATIONS = False
+    SQLALCHEMY_ECHO = os.getenv("SQLALCHEMY_ECHO", "False").lower() == "true"
+    SQLALCHEMY_ENGINE_OPTIONS = {
+        "pool_pre_ping": True,
+        "pool_recycle": 300,
+    }
+
+    # Security
+    BCRYPT_LOG_ROUNDS = int(os.getenv("BCRYPT_LOG_ROUNDS", "12"))
+    # Session configuration - deprecated, migrating to Bearer token authentication
+    # SESSION_COOKIE_SECURE = os.getenv("SESSION_COOKIE_SECURE", "True").lower() == "true"
+    # SESSION_COOKIE_HTTPONLY = True
+    # SESSION_COOKIE_SAMESITE = os.getenv("SESSION_COOKIE_SAMESITE", "Lax")
+    # PERMANENT_SESSION_LIFETIME = timedelta(
+    #     seconds=int(os.getenv("MAX_SESSION_DURATION", "86400"))
+    # )
+
+    # CORS
+    CORS_ORIGINS = os.getenv("CORS_ORIGINS", "http://localhost:3000").split(",")
+    CORS_SUPPORTS_CREDENTIALS = True
+
+    # JWT (if using JWT)
+    JWT_SECRET_KEY = os.getenv("JWT_SECRET_KEY", SECRET_KEY)
+    JWT_ACCESS_TOKEN_EXPIRES = timedelta(
+        seconds=int(os.getenv("JWT_ACCESS_TOKEN_EXPIRES", "3600"))
+    )
+    JWT_REFRESH_TOKEN_EXPIRES = timedelta(
+        seconds=int(os.getenv("JWT_REFRESH_TOKEN_EXPIRES", "2592000"))
+    )
+
+    # Redis
+    REDIS_URL = os.getenv("REDIS_URL", "redis://localhost:6379/0")
+    # Flask session configuration - deprecated, migrating to Bearer token authentication
+    # SESSION_TYPE = "redis"
+    # SESSION_REDIS = None  # Will be set at app initialization
+
+    # Rate Limiting
+    RATELIMIT_ENABLED = os.getenv("RATELIMIT_ENABLED", "True").lower() == "true"
+    RATELIMIT_STORAGE_URL = os.getenv("RATELIMIT_STORAGE_URL", "redis://localhost:6379/1")
+    RATELIMIT_DEFAULT = "100/hour"
+
+    # Logging
+    LOG_LEVEL = os.getenv("LOG_LEVEL", "INFO")
+    LOG_TO_STDOUT = os.getenv("LOG_TO_STDOUT", "False").lower() == "true"
+
+    # OIDC
+    OIDC_ISSUER_URL = os.getenv("OIDC_ISSUER_URL", "http://localhost:5000")
+
+    # API Versioning
+    API_VERSION = "1.0.0"
+    ENVELOPE_VERSION = "1.0"
+
+    # Pagination
+    DEFAULT_PAGE_SIZE = 20
+    MAX_PAGE_SIZE = 100

config/development.py

@@ -0,0 +1,17 @@
+"""Development environment configuration."""
+from config.base import BaseConfig
+
+
+class DevelopmentConfig(BaseConfig):
+    """Development configuration."""
+
+    DEBUG = True
+    SQLALCHEMY_ECHO = True
+    SESSION_COOKIE_SECURE = False
+
+    # More verbose logging in development
+    LOG_LEVEL = "DEBUG"
+    LOG_TO_STDOUT = True
+
+    # Reduced bcrypt rounds for faster dev cycles
+    BCRYPT_LOG_ROUNDS = 4

config/production.py

@@ -0,0 +1,29 @@
+"""Production environment configuration."""
+import os
+from config.base import BaseConfig
+
+
+class ProductionConfig(BaseConfig):
+    """Production configuration."""
+
+    DEBUG = False
+    TESTING = False
+
+    # Enforce environment variables in production
+    SECRET_KEY = os.environ["SECRET_KEY"]
+    SQLALCHEMY_DATABASE_URI = os.environ["DATABASE_URL"]
+
+    # Strict security settings
+    SESSION_COOKIE_SECURE = True
+    SESSION_COOKIE_HTTPONLY = True
+    SESSION_COOKIE_SAMESITE = "Strict"
+
+    # Production logging
+    LOG_LEVEL = "WARNING"
+    LOG_TO_STDOUT = True
+
+    # Strong password hashing
+    BCRYPT_LOG_ROUNDS = 13
+
+    # Disable SQL echo in production
+    SQLALCHEMY_ECHO = False

config/testing.py

@@ -0,0 +1,25 @@
+"""Testing environment configuration."""
+from config.base import BaseConfig
+
+
+class TestingConfig(BaseConfig):
+    """Testing configuration."""
+
+    TESTING = True
+    DEBUG = True
+
+    # Use in-memory SQLite for testing
+    SQLALCHEMY_DATABASE_URI = "sqlite:///:memory:"
+    SQLALCHEMY_ECHO = False
+
+    # Disable CSRF for testing
+    WTF_CSRF_ENABLED = False
+
+    # Fast password hashing for tests
+    BCRYPT_LOG_ROUNDS = 4
+
+    # Disable rate limiting in tests
+    RATELIMIT_ENABLED = False
+
+    # Use different Redis DB for testing
+    REDIS_URL = "redis://localhost:6379/15"