Initial commit: Open sourcing all of the Maple Open Technologies code.

cloud/maplefile-backend/.env.sample

@@ -0,0 +1,140 @@
+# Application
+APP_ENVIRONMENT=development
+APP_VERSION=0.1.0
+APP_DATA_DIRECTORY=./data
+
+# Server
+SERVER_HOST=0.0.0.0
+SERVER_PORT=8000
+SERVER_READ_TIMEOUT=30s
+SERVER_WRITE_TIMEOUT=30s
+SERVER_IDLE_TIMEOUT=60s
+SERVER_SHUTDOWN_TIMEOUT=10s
+
+# ============================================================================
+# Cassandra Database Configuration
+# ============================================================================
+# Default: Docker development (task dev)
+# For running OUTSIDE Docker (./maplefile-backend daemon):
+#   Change to: DATABASE_HOSTS=localhost:9042
+# Note: Uses shared infrastructure at monorepo/cloud/infrastructure/development
+# The shared dev cluster has 3 nodes: cassandra-1, cassandra-2, cassandra-3
+DATABASE_HOSTS=cassandra-1,cassandra-2,cassandra-3
+DATABASE_KEYSPACE=maplefile
+DATABASE_CONSISTENCY=QUORUM
+DATABASE_USERNAME=
+DATABASE_PASSWORD=
+DATABASE_MIGRATIONS_PATH=./migrations
+DATABASE_AUTO_MIGRATE=true
+DATABASE_CONNECT_TIMEOUT=10s
+DATABASE_REQUEST_TIMEOUT=5s
+DATABASE_REPLICATION=3
+DATABASE_MAX_RETRIES=3
+DATABASE_RETRY_DELAY=1s
+
+# ============================================================================
+# Redis Cache Configuration
+# ============================================================================
+# Default: Docker development (task dev)
+# For running OUTSIDE Docker (./maplefile-backend daemon):
+#   Change to: CACHE_HOST=localhost
+# Note: Uses shared infrastructure at monorepo/cloud/infrastructure/development
+CACHE_HOST=redis
+CACHE_PORT=6379
+CACHE_PASSWORD=
+CACHE_DB=0
+
+# ============================================================================
+# S3 Object Storage Configuration (SeaweedFS)
+# ============================================================================
+# Default: Docker development (task dev) with SeaweedFS
+# For running OUTSIDE Docker with SeaweedFS:
+#   Change to: S3_ENDPOINT=http://localhost:8333
+# For AWS S3:
+#   S3_ENDPOINT can be left empty or set to https://s3.amazonaws.com
+# For S3-compatible services (DigitalOcean Spaces, MinIO, etc.):
+#   S3_ENDPOINT should be the service endpoint
+# Note: Uses shared infrastructure at monorepo/cloud/infrastructure/development
+# SeaweedFS development settings (accepts any credentials):
+# Using nginx-s3-proxy on port 8334 for CORS-enabled access from frontend
+S3_ENDPOINT=http://seaweedfs:8333
+S3_PUBLIC_ENDPOINT=http://localhost:8334
+S3_ACCESS_KEY=any
+S3_SECRET_KEY=any
+S3_BUCKET=maplefile
+S3_REGION=us-east-1
+S3_USE_SSL=false
+# S3_USE_PATH_STYLE: true for SeaweedFS/MinIO (dev), false for DigitalOcean Spaces/AWS S3 (prod)
+S3_USE_PATH_STYLE=true
+
+# JWT Authentication
+JWT_SECRET=change-me-in-production
+JWT_ACCESS_TOKEN_DURATION=15m
+# JWT_REFRESH_TOKEN_DURATION: Default 168h (7 days). For enhanced security, consider 24h-48h.
+# Shorter durations require more frequent re-authentication but limit token exposure window.
+JWT_REFRESH_TOKEN_DURATION=168h
+JWT_SESSION_DURATION=24h
+JWT_SESSION_CLEANUP_INTERVAL=1h
+
+# Email (Mailgun)
+MAILGUN_API_KEY=
+MAILGUN_DOMAIN=
+MAILGUN_API_BASE=https://api.mailgun.net/v3
+MAILGUN_FROM_EMAIL=noreply@maplefile.app
+MAILGUN_FROM_NAME=MapleFile
+MAILGUN_FRONTEND_URL=http://localhost:3000
+MAILGUN_MAINTENANCE_EMAIL=your@email_address.com
+MAILGUN_FRONTEND_DOMAIN=127.0.0.1:3000
+MAILGUN_BACKEND_DOMAIN=127.0.0.1:8000
+
+# Observability
+OBSERVABILITY_ENABLED=true
+OBSERVABILITY_PORT=9090
+OBSERVABILITY_HEALTH_TIMEOUT=5s
+OBSERVABILITY_METRICS_ENABLED=true
+OBSERVABILITY_HEALTH_ENABLED=true
+OBSERVABILITY_DETAILED_HEALTH=false
+
+# Logging
+LOG_LEVEL=info
+LOG_FORMAT=json
+LOG_STACKTRACE=false
+LOG_CALLER=true
+
+# Security
+SECURITY_GEOLITE_DB_PATH=./data/GeoLite2-Country.mmdb
+SECURITY_BANNED_COUNTRIES=
+SECURITY_RATE_LIMIT_ENABLED=true
+SECURITY_IP_BLOCK_ENABLED=true
+
+# ============================================================================
+# Leader Election Configuration
+# ============================================================================
+# Enable leader election for multi-instance deployments (load balancer)
+# When enabled, only ONE instance becomes the leader and executes scheduled tasks
+# Uses Redis for distributed coordination (no additional infrastructure needed)
+LEADER_ELECTION_ENABLED=true
+LEADER_ELECTION_LOCK_TTL=10s
+LEADER_ELECTION_HEARTBEAT_INTERVAL=3s
+LEADER_ELECTION_RETRY_INTERVAL=2s
+
+# ============================================================================
+# Invite Email Configuration
+# ============================================================================
+# Maximum invitation emails a user can send per day to non-registered users
+# Conservative limit to protect email domain reputation
+MAPLEFILE_INVITE_MAX_EMAILS_PER_DAY=3
+
+# ============================================================================
+# Login Rate Limiting Configuration
+# ============================================================================
+# Controls brute-force protection for login attempts
+# IP-based: Limits total login attempts from a single IP address
+# Account-based: Limits failed attempts per account before lockout
+#
+# Development: More lenient limits (50 attempts per IP)
+# Production: Consider stricter limits (10-20 attempts per IP)
+LOGIN_RATE_LIMIT_MAX_ATTEMPTS_PER_IP=50
+LOGIN_RATE_LIMIT_IP_WINDOW=15m
+LOGIN_RATE_LIMIT_MAX_FAILED_PER_ACCOUNT=10
+LOGIN_RATE_LIMIT_LOCKOUT_DURATION=30m