forked from steller-secure/Stellar-Insured-Backend
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
174 lines (140 loc) · 4.84 KB
/
Copy path.env.example
File metadata and controls
174 lines (140 loc) · 4.84 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
# Application Configuration
NODE_ENV=development
PORT=4000
APP_NAME=Stellar Insured Backend
APP_VERSION=1.0.0
# Database Configuration
DATABASE_URL=postgresql://user:password@localhost:5432/stellar_insured
DATABASE_HOST=localhost
DATABASE_PORT=5432
DATABASE_USERNAME=user
DATABASE_PASSWORD=password
DATABASE_NAME=stellar_insured
# Database SSL/TLS Configuration
# SSL is enabled by default in production, disabled in development
DATABASE_SSL_ENABLED=false
# Reject unauthorized certificates in production (set to true for security)
DATABASE_SSL_REJECT_UNAUTHORIZED=false
# Optional: Path to CA certificate file
DATABASE_SSL_CA=
# Optional: Path to client certificate file
DATABASE_SSL_CERT=
# Optional: Path to client key file
DATABASE_SSL_KEY=
# Database Connection Pool Configuration
# Minimum number of connections in pool
DATABASE_POOL_MIN=2
# Maximum number of connections in pool
DATABASE_POOL_MAX=10
# Time (ms) before idle connection is removed from pool
DATABASE_POOL_IDLE_TIMEOUT=30000
# Time (ms) to wait for connection from pool before timing out
DATABASE_POOL_CONNECTION_TIMEOUT=2000
# Database Retry Configuration
# Number of retry attempts for initial connection
DATABASE_RETRY_ATTEMPTS=3
# Initial delay (ms) between retry attempts
DATABASE_RETRY_DELAY=1000
# Maximum delay (ms) between retry attempts (exponential backoff cap)
DATABASE_MAX_RETRY_DELAY=30000
# Database Logging Configuration
# Options: true, false, all, or comma-separated list: query,error,schema,warn,info,log,migration
# Production default: error,warn,migration
# Development default: all
DATABASE_LOGGING=all
# Maximum query execution time (ms) before logging a warning
DATABASE_MAX_QUERY_EXECUTION_TIME=1000
# Redis Configuration
REDIS_URL=redis://localhost:6379
REDIS_HOST=localhost
REDIS_PORT=6379
REDIS_PASSWORD=
REDIS_TTL=3600
REDIS_DB=0
# Cache Configuration
CACHE_DEFAULT_TTL=300
CACHE_MAX_ITEMS=10000
CACHE_KEY_PREFIX=app_cache:
# Stellar Network Configuration
STELLAR_NETWORK=testnet
STELLAR_HORIZON_URL=https://horizon-testnet.stellar.org
STELLAR_PASSPHRASE=Test SDF Network ; September 2015
# Security Configuration
JWT_SECRET=your-jwt-secret-key-change-in-production
JWT_REFRESH_SECRET=your-refresh-secret-key-change-in-production
JWT_EXPIRES_IN=24h
JWT_ACCESS_TOKEN_TTL=15m
JWT_REFRESH_TOKEN_TTL=7d
TOKEN_ROTATION_ENABLED=true
BCRYPT_SALT_ROUNDS=12
# Logging Configuration
LOG_LEVEL=debug
LOG_FORMAT=json
# CORS Configuration
CORS_ORIGIN=http://localhost:3000
CORS_CREDENTIALS=true
# Rate Limiting - Global Throttler Configuration
# Default rate limit (100 requests per 15 minutes)
THROTTLE_DEFAULT_TTL=900000
THROTTLE_DEFAULT_LIMIT=100
# Authentication endpoints (5 requests per 15 minutes per IP)
THROTTLE_AUTH_TTL=900000
THROTTLE_AUTH_LIMIT=5
# Public endpoints (50 requests per minute per IP)
THROTTLE_PUBLIC_TTL=60000
THROTTLE_PUBLIC_LIMIT=50
# Admin endpoints (100 requests per minute per authenticated admin)
THROTTLE_ADMIN_TTL=60000
THROTTLE_ADMIN_LIMIT=100
# Claims submission (10 claims per hour per authenticated user)
THROTTLE_CLAIMS_TTL=3600000
THROTTLE_CLAIMS_LIMIT=10
# Advanced Rate Limiting Configuration
# Enable sliding window algorithm
RATE_LIMIT_SLIDING_WINDOW_ENABLED=true
# Enable circuit breaker functionality
RATE_LIMIT_CIRCUIT_BREAKER_ENABLED=true
# Circuit breaker failure threshold (number of failures before opening)
RATE_LIMIT_CIRCUIT_BREAKER_FAILURE_THRESHOLD=10
# Circuit breaker timeout in milliseconds
RATE_LIMIT_CIRCUIT_BREAKER_TIMEOUT_MS=300000
# Circuit breaker success threshold (number of successes to close)
RATE_LIMIT_CIRCUIT_BREAKER_SUCCESS_THRESHOLD=2
# Enable rate limit monitoring
RATE_LIMIT_MONITORING_ENABLED=true
# High-risk endpoints rate limits
# Create claim: 5 requests per hour per user
RATE_LIMIT_CREATE_CLAIM_TTL=3600000
RATE_LIMIT_CREATE_CLAIM_LIMIT=5
# Create policy: 10 requests per hour per user
RATE_LIMIT_CREATE_POLICY_TTL=3600000
RATE_LIMIT_CREATE_POLICY_LIMIT=10
# Authentication endpoints: 5 requests per 15 minutes per IP
RATE_LIMIT_AUTH_TTL=900000
RATE_LIMIT_AUTH_LIMIT=5
# Enable per-user rate limiting
RATE_LIMIT_PER_USER_ENABLED=true
# Enable per-IP rate limiting
RATE_LIMIT_PER_IP_ENABLED=true
# Enable Redis-based rate limiting (recommended for production)
RATE_LIMIT_REDIS_ENABLED=false
# Redis TTL for rate limit data
RATE_LIMIT_REDIS_TTL=3600
# Legacy rate limiting (for backward compatibility)
RATE_LIMIT_TTL=60
RATE_LIMIT_MAX=100
# Encryption and Key Management
# Format: KEY_ID1:base64_32byte_key,KEY_ID2:base64_32byte_key2
# Generate a 32-byte key: openssl rand -base64 32
ENCRYPTION_KEYS=v1:YOUR_BASE64_ENCRYPTION_KEY_HERE
# HTTPS / TLS Configuration (Optional for development)
# Load certificates from these paths if provided
# HTTPS_KEY_PATH=./path/to/key.pem
# HTTPS_CERT_PATH=./path/to/cert.pem
# IPFS Configuration
IPFS_HOST=localhost
IPFS_PORT=5001
IPFS_PROTOCOL=https
# Swagger Documentation
SWAGGER_ENABLED=true
SWAGGER_PATH=/api/docs