fix(web): address PR review critical issues for Discord OAuth
PR Checks / test-and-build (pull_request) Successful in 6m6s
PR Checks / test-and-build (pull_request) Successful in 6m6s
- Add V019 migration: rename session_audit_log.actor_telegram_id → actor_external_user_id - Add CSRF protection to Discord OAuth flow (state cookie with HttpOnly/Secure/Strict) - Add Discord OAuth env vars to compose.yaml, deploy.yml, and .env.example - Fix SQL COALESCE for nullable telegram_id in GetGroupManagersAsync and GetSessionParticipantsAsync Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
@@ -14,6 +14,13 @@ TELEGRAM_MINI_APP_URL=
|
||||
# Можно получить в Discord Developer Portal (https://discord.com/developers/applications)
|
||||
DISCORD_BOT_TOKEN=YOUR_DISCORD_BOT_TOKEN_HERE
|
||||
|
||||
# Discord OAuth (для Web Dashboard)
|
||||
# Client ID и Secret из OAuth2 раздела Discord Developer Portal
|
||||
# Redirect URI должен указывать на /auth/discord/callback вашего домена
|
||||
DISCORD_CLIENT_ID=YOUR_DISCORD_CLIENT_ID_HERE
|
||||
DISCORD_CLIENT_SECRET=YOUR_DISCORD_CLIENT_SECRET_HERE
|
||||
DISCORD_REDIRECT_URI=https://your-domain.example/auth/discord/callback
|
||||
|
||||
# Пароль для базы данных PostgreSQL
|
||||
POSTGRES_PASSWORD=StrongPasswordForDatabase
|
||||
|
||||
|
||||
Reference in New Issue
Block a user