.env.example

# Port to run the server on, use 80 for HTTP
PORT = 8080

# These URLs (including domain) are used for links in emails
BASE_URL = "http://localhost:8080" # This server's full URL
FRONTEND_URL = "http://localhost:3000" # URL for Staart UI

# Secret keys for encryption
JWT_SECRET = "staart"
JWT_ISSUER = "staart"
SERVICE_2FA = "staart"
HASH_IDS = "staart"

# MySQL/MariaDB connection
DB_HOST = "localhost"
DB_PORT = 3306
DB_USERNAME = "root"
DB_PASSWORD = ""
DB_DATABASE = "database-name"
DB_TABLE_PREFIX = "staart-"

# Sending emails via AWS SES
SES_EMAIL = "staart@o15y.com"
SES_REGION = "eu-west-2"
SES_ACCESS = "aws-access-key-xxxxxxxxxx"
SES_SECRET = "aws-secret-key-xxxxxxxxxx"

# Caching
REDIS_URL = "redis://127.0.0.1:6379"
CACHE_TTL = 600                  #     10 mins
CACHE_CHECK_PERIOD = 1000        #        1k s

# Billing via Stripe
STRIPE_SECRET_KEY = "stripe-test-api-key"
STRIPE_PRODUCT_ID = "stripe-product-id"

# ElasticSearch event tracking and server logs (more below)
ELASTIC_LOGS_PREFIX = "staart-logs-"
ELASTIC_EVENTS_PREFIX = "staart-events-"

##################################
# Optional environment variables #
##################################

# ElasticSearch

## ES using AWS managed ES
AWS_ELASTIC_ACCESS_KEY = "aws-access-key-xxxxxxxxxx"
AWS_ELASTIC_SECRET_KEY = "aws-secret-key-xxxxxxxxxx"
AWS_ELASTIC_HOST = "https://name.region.es.amazonaws.com"
AWS_ELASTIC_REGION = "eu-west-2"

## OR, custom ES service
ELASTIC_HOST = "localhost:9200"
ELASTIC_LOG = "trace"
ELASTIC_API_VERSION = "7.2"

# Limits for brute force and rate limiting

## Brute force is used for auth endpoints
BRUTE_FREE_RETRIES = 50          # 50 requests
BRUTE_LIFETIME = 300000          #   in 5 mins

## Public limits
PUBLIC_RATE_LIMIT_MAX = 60       # 60 requests
PUBLIC_RATE_LIMIT_TIME = 60000   #    in 1 min
SPEED_LIMIT_COUNT = 1000         # 1k requests
SPEED_LIMIT_TIME = 600000        #    in 1 min
SPEED_LIMIT_DELAY = 100          # delay 100ms

## Limits when using an API key
RATE_LIMIT_MAX = 1000            # 1k requests
RATE_LIMIT_TIME = 60000          #    in 1 min

# JWT expiry durations
TOKEN_EXPIRY_EMAIL_VERIFICATION = "7d"
TOKEN_EXPIRY_PASSWORD_RESET = "1d"
TOKEN_EXPIRY_LOGIN = "15m"
TOKEN_EXPIRY_APPROVE_LOCATION = "10m"
TOKEN_EXPIRY_REFRESH = "30d"

# 2299-12-31 is the default maximum expiry (also what Microsoft uses)
TOKEN_EXPIRY_API_KEY_MAX = 10413685800000

# Remove CORS headers without API key
DISALLOW_OPEN_CORS = false

# Allow users with disposable emails to sign up
ALLOW_DISPOSABLE_EMAILS = false

# Error tracking using Sentry
SENTRY_DSN = "https://<key>@sentry.io/<project>"

# OAuth2 credentials for "Login with [service]"

## Google
GOOGLE_CLIENT_ID = "google-oauth2-client-id"
GOOGLE_CLIENT_SECRET = "oauth2-client-secret"

## GitHub
GITHUB_CLIENT_ID = "github-oauth2-client-id"
GITHUB_CLIENT_SECRET = "oauth2-client-secret"

## Microsoft
MICROSOFT_CLIENT_ID = "microsoft-oauth2-client-id"
MICROSOFT_CLIENT_SECRET = "oauth2-client-secret"

## Facebook
FACEBOOK_CLIENT_ID = "facebook-oauth2-client-id"
FACEBOOK_CLIENT_SECRET = "oauth2-client-secret"

## Salesforce
SALESFORCE_CLIENT_ID = "salesforce-oauth2-client-id"
SALESFORCE_CLIENT_SECRET = "oauth2-client-secret"