# The .env configuration file # Please DO NOT share this file, it contains confidential data. # All variables are specified according to this rule: # DESCRIPTION - information about what the variable is responsible for # TYPE - the type of the variable (string, boolean, etc.) # Any additional information # SOME_ENV_CODE=data - default data. If specified, then the variable is optional # General # The path to save the data # string # (optional) # Saving logs (if the full path is not specified), # databases (if Sqlite) and other data that should be saved in a place other than the place where the program is launched. # REQUIRED if the application is inside the container # If you want to change this value, you need to change the values in Settings.json and move the file itself to the desired location. PATH_TO_SAVE= # The actual sub path to the api # string # (optional) # If the specified path ends with "/api", the system will avoid duplicating "api" in the final URL. # This allows flexible API structuring, especially when running behind a reverse proxy or in containerized environments. ACTUAL_SUB_PATH= # The sub path to the swagger # string # (optional) SWAGGER_SUB_PATH=swagger # Internal port configuration # integer # (optional) # Specify the internal port on which the server will listen. INTERNAL_PORT=8080 # Security # JWT signature token # string (UTF8) # This token will be used to create and verify the signature of JWT tokens. # The token must be equal to 64 characters SECURITY_SIGNING_TOKEN= # Token for JWT encryption # string (UTF8) # This token will be used to encrypt and decrypt JWT tokens. # The token must be equal to 32 characters SECURITY_ENCRYPTION_TOKEN= # Time in minutes, which indicates after which time the Refresh Token will become invalid # integer # The token indicates how long after the user is inactive, he will need to log in again SECURITY_LIFE_TIME_RT=1440 # The time in a minute, which indicates that this is exactly what it takes to become a non-state # integer # Do not specify a time that is too long or too short. Optimally 5 > x > 60 SECURITY_LIFE_TIME_JWT=15 # Time in minutes, which indicates after which time the token of the first factor will become invalid # integer # Do not specify a short time. The user must be able to log in using the second factor SECURITY_LIFE_TIME_1_FA=15 # An identifier that points to the server that created the token # string SECURITY_JWT_ISSUER= # ID of the audience for which the token is intended # string SECURITY_JWT_AUDIENCE= ### Hashing # In order to set up hashing correctly, you need to start from the security requirements # You can use the settings that were used in https://github.com/P-H-C/phc-winner-argon2 # These parameters have a STRONG impact on performance # When testing the system, these values were used: # 10 <= SECURITY_HASH_ITERATION <= 25 iterations # 16384 <= SECURITY_HASH_MEMORY <= 32768 KB # 4 <= SECURITY_HASH_PARALLELISM <= 8 lines # If we take all the large values, it will take a little more than 1 second to get the hash. If this time is critical, reduce the parameters # The number of iterations used to hash passwords in the Argon2 algorithm # integer # This parameter determines the number of iterations that the Argon2 algorithm goes through when hashing passwords. # Increasing this value can improve security by increasing the time it takes to calculate the password hash. # The average number of iterations to increase the security level should be set to at least 10. SECURITY_HASH_ITERATION= # The amount of memory used to hash passwords in the Argon2 algorithm # integer # 65536 # This parameter determines the number of kilobytes of memory that will be used for the password hashing process. # Increasing this value may increase security, but it may also require more system resources. SECURITY_HASH_MEMORY= # Parallelism determines how many of the memory fragments divided into strips will be used to generate a hash # integer # This value affects the hash itself, but can be changed to achieve an ideal execution time, taking into account the processor and the number of cores. SECURITY_HASH_PARALLELISM= # The size of the output hash generated by the password hashing algorithm # integer SECURITY_HASH_SIZE=32 # Additional protection for Argon2 # string (BASE64) # (optional) # We recommend installing a token so that even if the data is compromised, an attacker cannot brute force a password without a token SECURITY_HASH_TOKEN= # The size of the salt used to hash passwords # integer # The salt is a random value added to the password before hashing to prevent the use of rainbow hash tables and other attacks. SECURITY_SALT_SIZE=16 ### OAuth2 #### GOOGLE # The client ID for Google OAuth # string # This is the client ID provided by Google when you register your application for OAuth. # It's necessary for enabling Google login functionality. GOOGLE_CLIENT_ID= # The client secret for Google OAuth # string # This is the client secret provided by Google, used alongside the client ID to authenticate your application. # Make sure to keep it confidential. GOOGLE_CLIENT_SECRET= #### Yandex # The client ID for Yandex OAuth # string # This is the client ID provided by Yandex when you register your application for OAuth. # It's required for enabling Yandex login functionality. YANDEX_CLIENT_ID= # The client secret for Yandex OAuth # string # This is the client secret provided by Yandex, used alongside the client ID to authenticate your application. # Keep it confidential to ensure the security of your app. YANDEX_CLIENT_SECRET= #### MailRu # The client ID for MailRu OAuth # string # This is the client ID provided by MailRu (Mail.ru Group) when you register your application for OAuth. # It's necessary for enabling MailRu login functionality. MAILRU_CLIENT_ID= # The client secret for MailRu OAuth # string # This is the client secret provided by MailRu, used alongside the client ID to authenticate your application. # Keep it confidential to ensure the security of your app. MAILRU_CLIENT_SECRET=