227 lines
6.7 KiB
Plaintext
227 lines
6.7 KiB
Plaintext
# Bootstrap App Environment Configuration
|
|
# Copy this file to .env and update the values
|
|
|
|
# =============================================================================
|
|
# CRITICAL SECURITY SETTINGS (REQUIRED)
|
|
# =============================================================================
|
|
# These values MUST be set for the application to work
|
|
# Use the scripts/generate-secrets.* scripts to generate secure values
|
|
|
|
# JWT Secret for token signing (64+ characters, base64 encoded)
|
|
JWT_SECRET=your-generated-jwt-secret-here
|
|
|
|
# Application secrets (32 bytes, hex encoded)
|
|
APP_SECRET=your-generated-app-secret-here
|
|
APP_SECRET_CODE=your-generated-secret-code-here
|
|
|
|
# AES-256 encryption key (exactly 32 characters, hex encoded)
|
|
ENCRYPTION_KEY=your-generated-32-character-hex-key
|
|
|
|
# =============================================================================
|
|
# CORE APPLICATION SETTINGS
|
|
# =============================================================================
|
|
|
|
# Server port
|
|
PORT=3000
|
|
|
|
# Database configuration
|
|
DB_NAME=app.db
|
|
|
|
# CORS configuration (comma-separated for multiple origins)
|
|
CORS_ALLOWED_ORIGIN=http://localhost:5173,http://localhost:3000
|
|
|
|
# =============================================================================
|
|
# AUTHENTICATION & SECURITY
|
|
# =============================================================================
|
|
|
|
# JWT token configuration
|
|
JWT_ACCESS_TTL_HOURS=24
|
|
JWT_REFRESH_TTL_DAYS=7
|
|
JWT_ISSUER=omega-server
|
|
|
|
# Password policy
|
|
PASSWORD_MIN_LENGTH=8
|
|
MAX_LOGIN_ATTEMPTS=5
|
|
LOCKOUT_DURATION_MINUTES=30
|
|
|
|
# Rate limiting
|
|
RATE_LIMIT_REQUESTS=100
|
|
RATE_LIMIT_WINDOW_MINUTES=1
|
|
|
|
# Session timeout
|
|
SESSION_TIMEOUT_MINUTES=60
|
|
|
|
# =============================================================================
|
|
# DEFAULT ADMIN ACCOUNT
|
|
# =============================================================================
|
|
|
|
# Default admin password (CHANGE THIS IMMEDIATELY AFTER FIRST LOGIN)
|
|
DEFAULT_ADMIN_PASSWORD=change-this-password
|
|
|
|
# =============================================================================
|
|
# LOGGING CONFIGURATION
|
|
# =============================================================================
|
|
|
|
# Log level: DEBUG, INFO, WARN, ERROR, PANIC
|
|
LOG_LEVEL=INFO
|
|
|
|
# Enable debug mode (shows detailed error messages)
|
|
DEBUG_MODE=false
|
|
|
|
# Log retention in days
|
|
LOG_RETENTION_DAYS=30
|
|
|
|
# =============================================================================
|
|
# ENVIRONMENT SETTINGS
|
|
# =============================================================================
|
|
|
|
# Environment: development, staging, production
|
|
GO_ENV=development
|
|
|
|
# =============================================================================
|
|
# EMAIL CONFIGURATION (Optional)
|
|
# =============================================================================
|
|
|
|
# SMTP settings for email notifications
|
|
SMTP_HOST=
|
|
SMTP_PORT=587
|
|
SMTP_USERNAME=
|
|
SMTP_PASSWORD=
|
|
SMTP_FROM_EMAIL=noreply@example.com
|
|
SMTP_FROM_NAME=Bootstrap App
|
|
|
|
# Enable TLS for SMTP
|
|
SMTP_USE_TLS=true
|
|
|
|
# =============================================================================
|
|
# FILE UPLOAD SETTINGS
|
|
# =============================================================================
|
|
|
|
# Maximum file upload size in MB
|
|
MAX_FILE_UPLOAD_SIZE_MB=10
|
|
|
|
# Allowed file extensions (comma-separated)
|
|
ALLOWED_FILE_EXTENSIONS=jpg,jpeg,png,gif,pdf,doc,docx,txt
|
|
|
|
# Upload directory
|
|
UPLOAD_DIR=uploads
|
|
|
|
# =============================================================================
|
|
# CACHE CONFIGURATION
|
|
# =============================================================================
|
|
|
|
# Enable caching
|
|
CACHE_ENABLED=true
|
|
|
|
# Cache TTL in minutes
|
|
CACHE_TTL_MINUTES=60
|
|
|
|
# =============================================================================
|
|
# API CONFIGURATION
|
|
# =============================================================================
|
|
|
|
# API rate limiting per endpoint
|
|
API_RATE_LIMIT_REQUESTS=1000
|
|
API_RATE_LIMIT_WINDOW_MINUTES=60
|
|
|
|
# API request timeout in seconds
|
|
API_REQUEST_TIMEOUT_SECONDS=30
|
|
|
|
# =============================================================================
|
|
# MONITORING & HEALTH CHECKS
|
|
# =============================================================================
|
|
|
|
# Enable health check endpoint
|
|
HEALTH_CHECK_ENABLED=true
|
|
|
|
# Health check interval in seconds
|
|
HEALTH_CHECK_INTERVAL_SECONDS=30
|
|
|
|
# =============================================================================
|
|
# DEVELOPMENT SETTINGS
|
|
# =============================================================================
|
|
|
|
# Enable request logging in development
|
|
DEV_LOG_REQUESTS=true
|
|
|
|
# Enable SQL query logging
|
|
DEV_LOG_SQL_QUERIES=false
|
|
|
|
# Enable detailed error responses
|
|
DEV_DETAILED_ERRORS=true
|
|
|
|
# =============================================================================
|
|
# SECURITY HEADERS
|
|
# =============================================================================
|
|
|
|
# Content Security Policy
|
|
CSP_POLICY=default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'
|
|
|
|
# X-Frame-Options
|
|
X_FRAME_OPTIONS=DENY
|
|
|
|
# X-Content-Type-Options
|
|
X_CONTENT_TYPE_OPTIONS=nosniff
|
|
|
|
# Referrer Policy
|
|
REFERRER_POLICY=strict-origin-when-cross-origin
|
|
|
|
# =============================================================================
|
|
# BACKUP SETTINGS
|
|
# =============================================================================
|
|
|
|
# Enable automatic database backups
|
|
BACKUP_ENABLED=true
|
|
|
|
# Backup interval in hours
|
|
BACKUP_INTERVAL_HOURS=24
|
|
|
|
# Backup retention in days
|
|
BACKUP_RETENTION_DAYS=7
|
|
|
|
# Backup directory
|
|
BACKUP_DIR=backups
|
|
|
|
# =============================================================================
|
|
# FEATURE FLAGS
|
|
# =============================================================================
|
|
|
|
# Enable user registration
|
|
ENABLE_USER_REGISTRATION=true
|
|
|
|
# Enable email verification
|
|
ENABLE_EMAIL_VERIFICATION=false
|
|
|
|
# Enable two-factor authentication
|
|
ENABLE_TWO_FACTOR_AUTH=false
|
|
|
|
# Enable audit logging
|
|
ENABLE_AUDIT_LOGGING=true
|
|
|
|
# Enable security event logging
|
|
ENABLE_SECURITY_EVENT_LOGGING=true
|
|
|
|
# =============================================================================
|
|
# EXTERNAL SERVICES (Optional)
|
|
# =============================================================================
|
|
|
|
# Redis configuration (if using Redis for caching/sessions)
|
|
REDIS_HOST=localhost
|
|
REDIS_PORT=6379
|
|
REDIS_PASSWORD=
|
|
REDIS_DB=0
|
|
|
|
# External API keys
|
|
EXTERNAL_API_KEY=
|
|
EXTERNAL_API_SECRET=
|
|
|
|
# =============================================================================
|
|
# NOTES
|
|
# =============================================================================
|
|
|
|
# 1. Never commit this file with real secrets to version control
|
|
# 2. Use the scripts/generate-secrets.* scripts to generate secure secrets
|
|
# 3. Change the DEFAULT_ADMIN_PASSWORD immediately after first setup
|
|
# 4. Review and adjust security settings based on your deployment environment
|
|
# 5. Enable HTTPS in production and update CORS_ALLOWED_ORIGIN accordingly
|