-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathenvironment.example
More file actions
87 lines (73 loc) · 3.06 KB
/
environment.example
File metadata and controls
87 lines (73 loc) · 3.06 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
# ==============================================
# DYNAPI - Environment Configuration
# Copy this file to .env and update with your actual values
# ==============================================
# -------------------------
# Application Settings
# -------------------------
# Environment: development, production, test
NODE_ENV=development
# Port the server will run on
PORT=4000
# -------------------------
# Database Configuration
# -------------------------
# PostgreSQL database connection settings
DB_HOST=localhost
DB_PORT=5432
DB_USERNAME=your_postgres_username
DB_PASSWORD=your_postgres_password
DB_DATABASE=your_database
DB_SSL=false
# -------------------------
# Security Configuration
# -------------------------
# API Keys for authentication (JSON format with embedded permissions)
# Generate strong, unique keys for each environment: openssl rand -hex 32
API_KEYS=[{"key":"admin-key-replace-me","permissions":{"allowedTables":["*"],"allowedOperations":["CREATE","UPDATE","DELETE"],"maxRecordsPerOperation":100,"rateLimitOverride":{"ttl":60000,"limit":200}}}]
# Allowed Origins for CORS (comma-separated)
# Add all domains that will access your API
ALLOWED_ORIGINS=http://localhost:4000,http://localhost:4001,https://yourdomain.com
# Rate Limiting Configuration
# THROTTLE_TTL: Time window in milliseconds (default: 900000 = 15 minutes)
# THROTTLE_LIMIT: Maximum requests per time window (default: 1000)
THROTTLE_TTL=900000
THROTTLE_LIMIT=1000
# -------------------------
# Optional Configuration
# -------------------------
# Enable detailed error messages (set to false in production)
DETAILED_ERRORS=true
# -------------------------
# Production Example Values
# -------------------------
# Uncomment and modify for production deployment:
# NODE_ENV=production
# PORT=4000
# DB_HOST=your-production-db-host.com
# DB_PORT=5432
# DB_USERNAME=production_user
# DB_PASSWORD=secure_production_password
# DB_DATABASE=your_prod_database
# DB_SSL=true
# API_KEYS=[{"key":"secure-prod-admin","permissions":{"allowedTables":["*"],"allowedOperations":["CREATE","UPDATE","DELETE"],"maxRecordsPerOperation":100}}]
# ALLOWED_ORIGINS=https://yourapp.com,https://admin.yourapp.com
# DETAILED_ERRORS=false
# Rate limiting for production (more restrictive)
# THROTTLE_TTL=900000 # 15 minutes
# THROTTLE_LIMIT=500 # 500 requests per 15 minutes
# Rate limiting for development (more permissive)
# THROTTLE_TTL=300000 # 5 minutes
# THROTTLE_LIMIT=2000 # 2000 requests per 5 minutes
# -------------------------
# Security Notes
# -------------------------
# 1. Never commit your actual .env file to version control
# 2. Generate strong API keys using: openssl rand -hex 32
# 3. Use different API keys for development and production
# 4. Enable SSL (DB_SSL=true) for production databases
# 5. Restrict ALLOWED_ORIGINS to your actual domains in production
# 6. Adjust rate limiting based on your expected traffic:
# - Production: Lower limits (e.g., 500 requests per 15 minutes)
# - Development: Higher limits (e.g., 2000 requests per 5 minutes)
# - High-traffic APIs: Consider shorter TTL with higher limits