tududi/backend/.env.example

# ==============================================================================
# Tududi Environment Configuration
# ==============================================================================
# Copy this file to .env and update the values for your environment
# ==============================================================================

# ==============================================================================
# Application Configuration
# ==============================================================================

# Environment: production, development, or test
NODE_ENV=development

# Server host and port
HOST=0.0.0.0
PORT=3002

# Frontend URL (for redirects and CORS)
FRONTEND_URL=http://localhost:8080

# ==============================================================================
# User Configuration
# ==============================================================================

# Default user credentials (used during initial setup)
TUDUDI_USER_EMAIL=admin@example.com
TUDUDI_USER_PASSWORD=change-me-to-secure-password

# Session secret (generate with: openssl rand -hex 64)
TUDUDI_SESSION_SECRET=your-random-64-character-hex-string-here

# ==============================================================================
# Database Configuration
# ==============================================================================

# Custom database file location (optional)
# If not set, defaults to backend/db/{environment}.sqlite3
# DB_FILE=/path/to/custom/database.sqlite3

# ==============================================================================
# CORS Configuration
# ==============================================================================

# Comma-separated list of allowed origins for CORS
# If not set, defaults to localhost development URLs
# TUDUDI_ALLOWED_ORIGINS=https://yourdomain.com,http://localhost:8080,http://localhost:9292

# ==============================================================================
# File Upload Configuration
# ==============================================================================

# Custom upload directory path (optional)
# If not set, defaults to backend/uploads
# TUDUDI_UPLOAD_PATH=/path/to/custom/uploads

# ==============================================================================
# Email/SMTP Configuration
# ==============================================================================

# Enable/disable email functionality
ENABLE_EMAIL=false

# SMTP server configuration
EMAIL_SMTP_HOST=smtp.gmail.com
EMAIL_SMTP_PORT=587
EMAIL_SMTP_SECURE=false

# SMTP authentication
EMAIL_SMTP_USERNAME=your-email@example.com
EMAIL_SMTP_PASSWORD=your-app-password

# Email sender information
EMAIL_FROM_ADDRESS=noreply@example.com
EMAIL_FROM_NAME=Tududi

# ==============================================================================
# Task Scheduler Configuration
# ==============================================================================

# Disable the task scheduler (useful for development/testing)
# Set to 'true' to disable recurring task processing
DISABLE_SCHEDULER=false

# ==============================================================================
# Telegram Bot Configuration
# ==============================================================================

# Disable Telegram integration (useful for development/testing)
# Set to 'true' to disable Telegram bot functionality
DISABLE_TELEGRAM=false

# Telegram bot token (get from @BotFather on Telegram)
# TELEGRAM_BOT_TOKEN=your-telegram-bot-token

# ==============================================================================
# API Documentation (Swagger)
# ==============================================================================

# Enable/disable Swagger API documentation
# Default: enabled in all environments, protected by user authentication
# Set to 'false' to disable API documentation
# SWAGGER_ENABLED=true

# ==============================================================================
# API Versioning
# ==============================================================================

# API version (e.g., v1, v2)
# If not set, defaults to 'v1'
# API_VERSION=v1

# ==============================================================================
# Rate Limiting Configuration
# ==============================================================================
# Rate limiting helps prevent abuse and brute force attacks
# All time windows are in milliseconds
# Set RATE_LIMITING_ENABLED=false to completely disable rate limiting

# Enable/disable rate limiting globally
# Automatically disabled in test environment
# RATE_LIMITING_ENABLED=true

# Authentication endpoints (login, register)
# Default: 5 requests per 15 minutes
# RATE_LIMIT_AUTH_WINDOW_MS=900000
# RATE_LIMIT_AUTH_MAX=5

# General API for unauthenticated requests
# Default: 100 requests per 15 minutes
# RATE_LIMIT_API_WINDOW_MS=900000
# RATE_LIMIT_API_MAX=100

# Authenticated API requests
# Default: 1000 requests per 15 minutes
# RATE_LIMIT_AUTH_API_WINDOW_MS=900000
# RATE_LIMIT_AUTH_API_MAX=1000

# Resource creation endpoints (POST requests)
# Default: 50 requests per 15 minutes
# RATE_LIMIT_CREATE_WINDOW_MS=900000
# RATE_LIMIT_CREATE_MAX=50

# API key management endpoints
# Default: 10 requests per hour
# RATE_LIMIT_API_KEY_WINDOW_MS=3600000
# RATE_LIMIT_API_KEY_MAX=10

# ==============================================================================
# Production Security Notes
# ==============================================================================
# When deploying to production, make sure to:
# 1. Change NODE_ENV to 'production'
# 2. Use strong, randomly generated TUDUDI_SESSION_SECRET
# 3. Use strong TUDUDI_USER_PASSWORD
# 4. Set proper TUDUDI_ALLOWED_ORIGINS for your domain
# 5. Enable HTTPS and set EMAIL_SMTP_SECURE=true if using TLS
# 6. Keep email passwords and API tokens secure
# 7. Consider adjusting rate limits based on your traffic patterns
# 8. Regularly update dependencies and review security advisories
# ==============================================================================