Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 0 additions & 2 deletions .env-sample

This file was deleted.

47 changes: 47 additions & 0 deletions apps/server/.env.example
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
# rssCloud hub — environment template.
#
# Copy to apps/server/.env (gitignored) and adjust:
# cp apps/server/.env.example apps/server/.env
#
# The server reads .env from its own directory (apps/server) via dotenv, so this
# file must live here, not at the repo root. `pnpm start` runs from here.
#
# The values below are tuned for LOCAL DEVELOPMENT alongside the client harness
# (apps/client), which serves its feed and WebSub callback on http://localhost:9000.

# --- Hub identity ---------------------------------------------------------
# The client harness hardcodes the hub at http://localhost:5337, so keep these
# matching for local dev. HUB_URL defaults to http://${DOMAIN}:${PORT}${WEBSUB_PATH}.
DOMAIN=localhost
PORT=5337

# --- SSRF egress guard: allow loopback for local dev ----------------------
# The egress guard is ALWAYS ON and refuses loopback/private targets by default.
# For local dev the hub must reach the client on loopback:
# FETCH allowlist -> topic re-fetch on ping (the client's feed)
# CALLBACK allowlist -> WebSub verification GET + delivery, and the rssCloud
# challenge GET / notify sent to the callback
# Covers 127.x (IPv4) and ::1 (IPv6) since `localhost` may resolve to either.
#
# >>> PRODUCTION: delete both lines (or scope them to your real private feed /
# >>> subscriber ranges). Never ship loopback exemptions to a public hub.
WEBSUB_CALLBACK_ALLOW_CIDRS=127.0.0.0/8,::1/128
WEBSUB_FETCH_ALLOW_CIDRS=127.0.0.0/8,::1/128

# --- Optional overrides (defaults shown; uncomment to change) -------------
# HUB_URL=http://localhost:5337/websub # public WebSub hub URL advertised to subscribers
# WEBSUB_PATH=/websub # WebSub front-door mount path
# DATA_FILE_PATH=./data/subscriptions.json
# STATS_FILE_PATH=./data/stats.json
# STATS_INTERVAL_MS=3600000 # stats regeneration cadence
# REQUEST_TIMEOUT=4000 # outbound fetch timeout (ms), SSRF-guarded
# MIN_SECS_BETWEEN_PINGS=0 # per-resource ping throttle (0 = off)
# CT_SECS_RESOURCE_EXPIRE=90000 # rssCloud subscription lifetime (s)
# MAX_CONSECUTIVE_ERRORS=3 # delivery failures tolerated before drop
# MAX_RESOURCE_SIZE=256000 # largest feed body parsed (bytes)
# FEEDS_CHANGED_WINDOW_DAYS=7 # stats + expiry housekeeping window
# WEBSUB_LEASE_DEFAULT_SECS=86400 # lease granted when hub.lease_seconds omitted
# WEBSUB_LEASE_MIN_SECS=300 # lower clamp for a requested lease
# WEBSUB_LEASE_MAX_SECS=864000 # upper clamp for a requested lease
# WEBSUB_SIGNATURE_ALGO=sha256 # X-Hub-Signature HMAC algorithm
# ENABLE_TEST_API=true # mounts /test/* seed/snapshot routes — TEST ONLY
3 changes: 2 additions & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,8 @@
"vite": ">=8.0.16",
"esbuild": ">=0.28.1",
"diff": ">=8.0.3",
"form-data": ">=4.0.6"
"form-data": ">=4.0.6",
"js-yaml": "^4.2.0"
},
"onlyBuiltDependencies": [
"esbuild"
Expand Down
13 changes: 7 additions & 6 deletions pnpm-lock.yaml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading