140 lines
5.2 KiB
Text
140 lines
5.2 KiB
Text
# Application
|
|
APP_ENVIRONMENT=development
|
|
APP_VERSION=0.1.0
|
|
APP_DATA_DIRECTORY=./data
|
|
|
|
# Server
|
|
SERVER_HOST=0.0.0.0
|
|
SERVER_PORT=8000
|
|
SERVER_READ_TIMEOUT=30s
|
|
SERVER_WRITE_TIMEOUT=30s
|
|
SERVER_IDLE_TIMEOUT=60s
|
|
SERVER_SHUTDOWN_TIMEOUT=10s
|
|
|
|
# ============================================================================
|
|
# Cassandra Database Configuration
|
|
# ============================================================================
|
|
# Default: Docker development (task dev)
|
|
# For running OUTSIDE Docker (./maplefile-backend daemon):
|
|
# Change to: DATABASE_HOSTS=localhost:9042
|
|
# Note: Uses shared infrastructure at monorepo/cloud/infrastructure/development
|
|
# The shared dev cluster has 3 nodes: cassandra-1, cassandra-2, cassandra-3
|
|
DATABASE_HOSTS=cassandra-1,cassandra-2,cassandra-3
|
|
DATABASE_KEYSPACE=maplefile
|
|
DATABASE_CONSISTENCY=QUORUM
|
|
DATABASE_USERNAME=
|
|
DATABASE_PASSWORD=
|
|
DATABASE_MIGRATIONS_PATH=./migrations
|
|
DATABASE_AUTO_MIGRATE=true
|
|
DATABASE_CONNECT_TIMEOUT=10s
|
|
DATABASE_REQUEST_TIMEOUT=5s
|
|
DATABASE_REPLICATION=3
|
|
DATABASE_MAX_RETRIES=3
|
|
DATABASE_RETRY_DELAY=1s
|
|
|
|
# ============================================================================
|
|
# Redis Cache Configuration
|
|
# ============================================================================
|
|
# Default: Docker development (task dev)
|
|
# For running OUTSIDE Docker (./maplefile-backend daemon):
|
|
# Change to: CACHE_HOST=localhost
|
|
# Note: Uses shared infrastructure at monorepo/cloud/infrastructure/development
|
|
CACHE_HOST=redis
|
|
CACHE_PORT=6379
|
|
CACHE_PASSWORD=
|
|
CACHE_DB=0
|
|
|
|
# ============================================================================
|
|
# S3 Object Storage Configuration (SeaweedFS)
|
|
# ============================================================================
|
|
# Default: Docker development (task dev) with SeaweedFS
|
|
# For running OUTSIDE Docker with SeaweedFS:
|
|
# Change to: S3_ENDPOINT=http://localhost:8333
|
|
# For AWS S3:
|
|
# S3_ENDPOINT can be left empty or set to https://s3.amazonaws.com
|
|
# For S3-compatible services (DigitalOcean Spaces, MinIO, etc.):
|
|
# S3_ENDPOINT should be the service endpoint
|
|
# Note: Uses shared infrastructure at monorepo/cloud/infrastructure/development
|
|
# SeaweedFS development settings (accepts any credentials):
|
|
# Using nginx-s3-proxy on port 8334 for CORS-enabled access from frontend
|
|
S3_ENDPOINT=http://seaweedfs:8333
|
|
S3_PUBLIC_ENDPOINT=http://localhost:8334
|
|
S3_ACCESS_KEY=any
|
|
S3_SECRET_KEY=any
|
|
S3_BUCKET=maplefile
|
|
S3_REGION=us-east-1
|
|
S3_USE_SSL=false
|
|
# S3_USE_PATH_STYLE: true for SeaweedFS/MinIO (dev), false for DigitalOcean Spaces/AWS S3 (prod)
|
|
S3_USE_PATH_STYLE=true
|
|
|
|
# JWT Authentication
|
|
JWT_SECRET=change-me-in-production
|
|
JWT_ACCESS_TOKEN_DURATION=15m
|
|
# JWT_REFRESH_TOKEN_DURATION: Default 168h (7 days). For enhanced security, consider 24h-48h.
|
|
# Shorter durations require more frequent re-authentication but limit token exposure window.
|
|
JWT_REFRESH_TOKEN_DURATION=168h
|
|
JWT_SESSION_DURATION=24h
|
|
JWT_SESSION_CLEANUP_INTERVAL=1h
|
|
|
|
# Email (Mailgun)
|
|
MAILGUN_API_KEY=
|
|
MAILGUN_DOMAIN=
|
|
MAILGUN_API_BASE=https://api.mailgun.net/v3
|
|
MAILGUN_FROM_EMAIL=noreply@maplefile.app
|
|
MAILGUN_FROM_NAME=MapleFile
|
|
MAILGUN_FRONTEND_URL=http://localhost:3000
|
|
MAILGUN_MAINTENANCE_EMAIL=your@email_address.com
|
|
MAILGUN_FRONTEND_DOMAIN=127.0.0.1:3000
|
|
MAILGUN_BACKEND_DOMAIN=127.0.0.1:8000
|
|
|
|
# Observability
|
|
OBSERVABILITY_ENABLED=true
|
|
OBSERVABILITY_PORT=9090
|
|
OBSERVABILITY_HEALTH_TIMEOUT=5s
|
|
OBSERVABILITY_METRICS_ENABLED=true
|
|
OBSERVABILITY_HEALTH_ENABLED=true
|
|
OBSERVABILITY_DETAILED_HEALTH=false
|
|
|
|
# Logging
|
|
LOG_LEVEL=info
|
|
LOG_FORMAT=json
|
|
LOG_STACKTRACE=false
|
|
LOG_CALLER=true
|
|
|
|
# Security
|
|
SECURITY_GEOLITE_DB_PATH=./data/GeoLite2-Country.mmdb
|
|
SECURITY_BANNED_COUNTRIES=
|
|
SECURITY_RATE_LIMIT_ENABLED=true
|
|
SECURITY_IP_BLOCK_ENABLED=true
|
|
|
|
# ============================================================================
|
|
# Leader Election Configuration
|
|
# ============================================================================
|
|
# Enable leader election for multi-instance deployments (load balancer)
|
|
# When enabled, only ONE instance becomes the leader and executes scheduled tasks
|
|
# Uses Redis for distributed coordination (no additional infrastructure needed)
|
|
LEADER_ELECTION_ENABLED=true
|
|
LEADER_ELECTION_LOCK_TTL=10s
|
|
LEADER_ELECTION_HEARTBEAT_INTERVAL=3s
|
|
LEADER_ELECTION_RETRY_INTERVAL=2s
|
|
|
|
# ============================================================================
|
|
# Invite Email Configuration
|
|
# ============================================================================
|
|
# Maximum invitation emails a user can send per day to non-registered users
|
|
# Conservative limit to protect email domain reputation
|
|
MAPLEFILE_INVITE_MAX_EMAILS_PER_DAY=3
|
|
|
|
# ============================================================================
|
|
# Login Rate Limiting Configuration
|
|
# ============================================================================
|
|
# Controls brute-force protection for login attempts
|
|
# IP-based: Limits total login attempts from a single IP address
|
|
# Account-based: Limits failed attempts per account before lockout
|
|
#
|
|
# Development: More lenient limits (50 attempts per IP)
|
|
# Production: Consider stricter limits (10-20 attempts per IP)
|
|
LOGIN_RATE_LIMIT_MAX_ATTEMPTS_PER_IP=50
|
|
LOGIN_RATE_LIMIT_IP_WINDOW=15m
|
|
LOGIN_RATE_LIMIT_MAX_FAILED_PER_ACCOUNT=10
|
|
LOGIN_RATE_LIMIT_LOCKOUT_DURATION=30m
|