164 lines
5.9 KiB
Bash
164 lines
5.9 KiB
Bash
# The .env configuration file
|
|
# Please DO NOT share this file, it contains confidential data.
|
|
|
|
# All variables are specified according to this rule:
|
|
# DESCRIPTION - information about what the variable is responsible for
|
|
# TYPE - the type of the variable (string, boolean, etc.)
|
|
# Any additional information
|
|
# SOME_ENV_CODE=data - default data. If specified, then the variable is optional
|
|
|
|
# General
|
|
|
|
# The path to save the data
|
|
# string
|
|
# (optional)
|
|
# Saving logs (if the full path is not specified),
|
|
# databases (if Sqlite) and other data that should be saved in a place other than the place where the program is launched.
|
|
# REQUIRED if the application is inside the container
|
|
# If you want to change this value, you need to change the values in Settings.json and move the file itself to the desired location.
|
|
PATH_TO_SAVE=
|
|
|
|
# The actual sub path to the api
|
|
# string
|
|
# (optional)
|
|
# If the specified path ends with "/api", the system will avoid duplicating "api" in the final URL.
|
|
# This allows flexible API structuring, especially when running behind a reverse proxy or in containerized environments.
|
|
ACTUAL_SUB_PATH=
|
|
|
|
# The sub path to the swagger
|
|
# string
|
|
# (optional)
|
|
SWAGGER_SUB_PATH=swagger
|
|
|
|
# Internal port configuration
|
|
# integer
|
|
# (optional)
|
|
# Specify the internal port on which the server will listen.
|
|
INTERNAL_PORT=8080
|
|
|
|
# Security
|
|
|
|
# JWT signature token
|
|
# string (UTF8)
|
|
# This token will be used to create and verify the signature of JWT tokens.
|
|
# The token must be equal to 64 characters
|
|
SECURITY_SIGNING_TOKEN=
|
|
|
|
# Token for JWT encryption
|
|
# string (UTF8)
|
|
# This token will be used to encrypt and decrypt JWT tokens.
|
|
# The token must be equal to 32 characters
|
|
SECURITY_ENCRYPTION_TOKEN=
|
|
|
|
# Time in minutes, which indicates after which time the Refresh Token will become invalid
|
|
# integer
|
|
# The token indicates how long after the user is inactive, he will need to log in again
|
|
SECURITY_LIFE_TIME_RT=1440
|
|
|
|
# The time in a minute, which indicates that this is exactly what it takes to become a non-state
|
|
# integer
|
|
# Do not specify a time that is too long or too short. Optimally 5 > x > 60
|
|
SECURITY_LIFE_TIME_JWT=15
|
|
|
|
# Time in minutes, which indicates after which time the token of the first factor will become invalid
|
|
# integer
|
|
# Do not specify a short time. The user must be able to log in using the second factor
|
|
SECURITY_LIFE_TIME_1_FA=15
|
|
|
|
# An identifier that points to the server that created the token
|
|
# string
|
|
SECURITY_JWT_ISSUER=
|
|
|
|
# ID of the audience for which the token is intended
|
|
# string
|
|
SECURITY_JWT_AUDIENCE=
|
|
|
|
### Hashing
|
|
|
|
# In order to set up hashing correctly, you need to start from the security requirements
|
|
# You can use the settings that were used in https://github.com/P-H-C/phc-winner-argon2
|
|
# These parameters have a STRONG impact on performance
|
|
# When testing the system, these values were used:
|
|
# 10 <= SECURITY_HASH_ITERATION <= 25 iterations
|
|
# 16384 <= SECURITY_HASH_MEMORY <= 32768 KB
|
|
# 4 <= SECURITY_HASH_PARALLELISM <= 8 lines
|
|
# If we take all the large values, it will take a little more than 1 second to get the hash. If this time is critical, reduce the parameters
|
|
|
|
# The number of iterations used to hash passwords in the Argon2 algorithm
|
|
# integer
|
|
# This parameter determines the number of iterations that the Argon2 algorithm goes through when hashing passwords.
|
|
# Increasing this value can improve security by increasing the time it takes to calculate the password hash.
|
|
# The average number of iterations to increase the security level should be set to at least 10.
|
|
SECURITY_HASH_ITERATION=
|
|
|
|
# The amount of memory used to hash passwords in the Argon2 algorithm
|
|
# integer
|
|
# 65536
|
|
# This parameter determines the number of kilobytes of memory that will be used for the password hashing process.
|
|
# Increasing this value may increase security, but it may also require more system resources.
|
|
SECURITY_HASH_MEMORY=
|
|
|
|
# Parallelism determines how many of the memory fragments divided into strips will be used to generate a hash
|
|
# integer
|
|
# This value affects the hash itself, but can be changed to achieve an ideal execution time, taking into account the processor and the number of cores.
|
|
SECURITY_HASH_PARALLELISM=
|
|
|
|
# The size of the output hash generated by the password hashing algorithm
|
|
# integer
|
|
SECURITY_HASH_SIZE=32
|
|
|
|
# Additional protection for Argon2
|
|
# string (BASE64)
|
|
# (optional)
|
|
# We recommend installing a token so that even if the data is compromised, an attacker cannot brute force a password without a token
|
|
SECURITY_HASH_TOKEN=
|
|
|
|
# The size of the salt used to hash passwords
|
|
# integer
|
|
# The salt is a random value added to the password before hashing to prevent the use of rainbow hash tables and other attacks.
|
|
SECURITY_SALT_SIZE=16
|
|
|
|
### OAuth2
|
|
|
|
#### GOOGLE
|
|
|
|
# The client ID for Google OAuth
|
|
# string
|
|
# This is the client ID provided by Google when you register your application for OAuth.
|
|
# It's necessary for enabling Google login functionality.
|
|
GOOGLE_CLIENT_ID=
|
|
|
|
# The client secret for Google OAuth
|
|
# string
|
|
# This is the client secret provided by Google, used alongside the client ID to authenticate your application.
|
|
# Make sure to keep it confidential.
|
|
GOOGLE_CLIENT_SECRET=
|
|
|
|
#### Yandex
|
|
|
|
# The client ID for Yandex OAuth
|
|
# string
|
|
# This is the client ID provided by Yandex when you register your application for OAuth.
|
|
# It's required for enabling Yandex login functionality.
|
|
YANDEX_CLIENT_ID=
|
|
|
|
# The client secret for Yandex OAuth
|
|
# string
|
|
# This is the client secret provided by Yandex, used alongside the client ID to authenticate your application.
|
|
# Keep it confidential to ensure the security of your app.
|
|
YANDEX_CLIENT_SECRET=
|
|
|
|
#### MailRu
|
|
|
|
# The client ID for MailRu OAuth
|
|
# string
|
|
# This is the client ID provided by MailRu (Mail.ru Group) when you register your application for OAuth.
|
|
# It's necessary for enabling MailRu login functionality.
|
|
MAILRU_CLIENT_ID=
|
|
|
|
# The client secret for MailRu OAuth
|
|
# string
|
|
# This is the client secret provided by MailRu, used alongside the client ID to authenticate your application.
|
|
# Keep it confidential to ensure the security of your app.
|
|
MAILRU_CLIENT_SECRET=
|