security: SECRET_KEY from env, CORS restricted to localhost

- Replace hardcoded secret_key with os.environ.get('SECRET_KEY')
- RuntimeError if SECRET_KEY not set (fail fast)
- Restrict CORS to localhost:8765 origins (was allow all with credentials)
- Add .gitignore excluding db, env, __pycache__, backups

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-07-03 12:55:19 -04:00
commit 235a9abbfe
8 changed files with 7670 additions and 0 deletions
+15
View File
@@ -0,0 +1,15 @@
@echo off
set PID_FILE=%~dp0.server.pid
if not exist "%PID_FILE%" (
echo No hay ninguna instancia de Boat^&Ship-Finder corriendo.
pause
exit /b 0
)
set /p PID=<"%PID_FILE%"
echo Cerrando Boat^&Ship-Finder (PID %PID%)...
taskkill /F /PID %PID% >nul 2>&1
del "%PID_FILE%" >nul 2>&1
echo Servidor cerrado.
pause