Matiss/xarticleaudio
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: expand production config and documentation for provider integrations

Browse Source
This commit is contained in:
Codex
2026-02-18 13:35:19 +00:00
parent 74ab63f488
commit 415c9d165a
5 changed files with 217 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
README.md
View File

@@ -326,14 +326,22 @@ This repository now contains a deployable production-style app (single container
- non-owner pay-to-unlock (same credit amount, permanent unlock)
4. Webhook-first ingestion and billing:
- `POST /api/webhooks/x` (HMAC verified)
- `POST /api/webhooks/polar` (HMAC verified)
5. Persistent state across restarts:
- `POST /api/webhooks/polar` (supports Polar standard webhook signatures and legacy HMAC fallback)
5. Real integration adapters implemented:
- X API (`twitter-api-v2`)
- Polar SDK checkout/webhook handling (`@polar-sh/sdk`)
- TTS (`openai`)
- Object storage + signed URLs (`@aws-sdk/client-s3`, `@aws-sdk/s3-request-presigner`)
6. Persistent state across restarts:
- all wallet/job/asset/access state is snapshotted and stored to `STATE_FILE_PATH`
6. Abuse protection:
7. Abuse protection:
- fixed-window rate limiting for webhook, auth, and action routes
7. PWA support:
8. PWA support:
- `manifest.webmanifest`
- `sw.js`
9. Bun-native quality checks:
- `bun test`
- `bun run lint`
### Authentication model
1. Browser flow uses secure-ish HTTP-only cookie session (`xartaudio_user`) via `/auth/dev-login`.
@@ -354,6 +362,8 @@ This repository now contains a deployable production-style app (single container
3. APIs:
- `POST /api/webhooks/x`
- `POST /api/webhooks/polar`
- `POST /api/payments/create-checkout`
- `GET /api/x/mentions`
- `GET /api/me/wallet`
- `GET /api/jobs/:id`
- `POST /api/audio/:id/unlock`
@@ -371,9 +381,26 @@ Use `.env.example` as the source of truth.
1. Runtime:
- `PORT`
- `STATE_FILE_PATH`
- `LOG_LEVEL`
- `APP_BASE_URL`
2. Secrets:
- `X_WEBHOOK_SECRET`
- `POLAR_WEBHOOK_SECRET`
- `X_BEARER_TOKEN`
- `X_BOT_USER_ID`
- `POLAR_ACCESS_TOKEN`
- `POLAR_SERVER`
- `POLAR_PRODUCT_IDS`
- `TTS_API_KEY`
- `TTS_BASE_URL`
- `TTS_MODEL`
- `TTS_VOICE`
- `S3_BUCKET`
- `S3_REGION`
- `S3_ENDPOINT`
- `S3_ACCESS_KEY_ID`
- `S3_SECRET_ACCESS_KEY`
- `S3_SIGNED_URL_TTL_SEC`
3. Credit model:
- `BASE_CREDITS`
- `INCLUDED_CHARS`
@@ -400,6 +427,6 @@ Use `.env.example` as the source of truth.
## Production Checklist
1. Replace dev-login cookie auth with X OAuth before public launch.
2. Connect real TTS generation worker and object storage (S3/R2/GCS).
2. Populate integration keys in Coolify environment for X, Polar, TTS, and S3.
3. Replace local state file with managed database for multi-replica scaling.
4. Add structured logging, tracing, and external alerting.
4. Add tracing and external alerting.