Refactor Flask to FastAPI with service inquiry system, API key access control, browser-based config editor, minimal logging, improved auth UX, and comprehensive documentation

.env.example

@@ -0,0 +1,41 @@
+# Application Settings
+# IMPORTANT: Generate a secure SECRET_KEY with: openssl rand -hex 32
+SECRET_KEY=changeme-please-use-a-secure-random-key-in-production
+HOST=0.0.0.0
+PORT=5000
+LOG_LEVEL=INFO
+
+# Debug Mode
+# Set to 'true' for extensive debugging logs (helpful for troubleshooting)
+# 🆕 When enabled, all logs written to /app/logs/debug.log (10MB rotation, 3 backups)
+# Logs include: HTTP requests/responses, exceptions with stack traces, file system info
+# View logs: docker exec m12hosting_backend_dev tail -f /app/logs/debug.log
+# WARNING: DEBUG mode logs sensitive information - only use in development!
+DEBUG=false
+
+# Database
+DATABASE_URL=sqlite:///./data/app.db
+
+# Redis (for sessions)
+REDIS_URL=redis://redis:6379/0
+
+# Session Configuration
+SESSION_EXPIRY_SECONDS=86400
+COOKIE_SECURE=false  # Set to true in production with HTTPS
+
+# Encryption (for panel credentials)
+# Generate with: python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"
+FERNET_KEY=
+
+# Admin Bootstrap (optional)
+# If set, creates this admin user on first startup
+ADMIN_USERNAME=
+ADMIN_PASSWORD=
+
+# Discord Integration
+DISCORD_WEBHOOK_URL=
+DISCORD_INVITE_URL=
+DISCORD_GUILD_ID=
+
+# Panel Configuration
+CONFIG_JSON_URL=

.github/workflows/ci.yml

@@ -0,0 +1,89 @@
+name: CI
+
+on:
+  push:
+    branches: [ "main", "copilot/*" ]
+  pull_request:
+    branches: [ "main" ]
+
+jobs:
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Install dependencies
+        run: |
+          cd backend
+          pip install -r requirements.txt
+
+      - name: Run ruff linter
+        run: |
+          cd backend
+          ruff check app/ || true
+
+  build:
+    name: Build Docker Image
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build backend image
+        uses: docker/build-push-action@v6
+        with:
+          context: ./backend
+          file: ./backend/Dockerfile
+          push: false
+          tags: m12hosting-backend:test
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+  # Optional: push to registry if secrets are configured
+  push:
+    name: Push to Registry
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    needs: [lint, build]
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GHCR
+        if: ${{ github.event_name != 'pull_request' }}
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: ./backend
+          file: ./backend/Dockerfile
+          push: true
+          tags: |
+            ghcr.io/${{ github.repository_owner }}/m12hosting-backend:latest
+            ghcr.io/${{ github.repository_owner }}/m12hosting-backend:${{ github.sha }}
+          platforms: linux/amd64,linux/arm64

.gitignore

@@ -205,3 +205,74 @@ cython_debug/
 marimo/_static/
 marimo/_lsp/
 __marimo__/
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# Virtual environments
+venv/
+ENV/
+env/
+.venv
+
+# Environment variables
+.env
+.env.local
+.env.*.local
+
+# Database
+*.db
+*.sqlite
+*.sqlite3
+backend/data/
+backend_data/
+backend_logs/
+
+# Keep migration files
+!backend/alembic/versions/*.py
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Logs
+*.log
+logs/
+
+# Testing
+.pytest_cache/
+.coverage
+htmlcov/
+
+# Docker
+*.pid
+*.sock
+
+# Alembic bytecode
+backend/alembic/__pycache__/
+backend/alembic/versions/__pycache__/