Here is dummy ai explanation for you my friend

Stack

• Backend: Node + Fastify + Prisma (Postgres)
• Frontend: React + Vite
• Scheduler: separate worker container (cron tasks)
• Reverse proxy (prod)
• Default: Nginx (skymoneybudget.com.conf)
• Alternative: Caddy (Caddyfile.prod)
• API is under /api path
• Web is static from /var/www/skymoney/dist
• HTTPS + HSTS already configured in the prod config

Required env vars (production)

• DATABASE_URL
• JWT_SECRET (32+ chars)
• COOKIE_SECRET (32+ chars)
• CORS_ORIGIN (set to https://skymoneybudget.com)
• Optional: COOKIE_DOMAIN=skymoneybudget.com
• Cookies + Security
• HttpOnly + Secure in prod
• CSRF protection required for non‑GET

Other Features

• /auth/logout requires CSRF now
• Mutation endpoints rate‑limited
• Cron jobs
• rollover worker (6 AM user time)
• auto‑payment worker (9 AM user time)
• Jobs run every 15 minutes and only process users whose local time has reached the threshold
• DB / Prisma
• Postgres required
• Prisma migrations must be applied before running
• The app blocks default secrets in prod
• Build + deploy
• web/ builds to web/dist
• API runs on port 8080 internally (exposed as 8081 in compose)
• Nginx proxies /api to 127.0.0.1:8081
• Logs
• Prod logs are limited (PII reduced)
• Key logging: job success/failure counts
• Backups
• Scripts exist: backup.sh, restore.sh
• Restore requires admin DB privileges (created DB)
• Optional but recommended to test once (tested, backup worked restore failed)