84 lines
3.4 KiB
Plaintext
84 lines
3.4 KiB
Plaintext
# ============================================================================
|
|
# K-Template Configuration
|
|
# ============================================================================
|
|
# Copy this file to .env and adjust values for your environment.
|
|
# All values shown are defaults or examples.
|
|
|
|
# ============================================================================
|
|
# Server Configuration
|
|
# ============================================================================
|
|
HOST=127.0.0.1
|
|
PORT=3000
|
|
|
|
# ============================================================================
|
|
# Database Configuration
|
|
# ============================================================================
|
|
# SQLite (default)
|
|
DATABASE_URL=sqlite:data.db?mode=rwc
|
|
|
|
# PostgreSQL (alternative - requires postgres feature)
|
|
# DATABASE_URL=postgres://user:password@localhost:5432/mydb
|
|
|
|
# Connection pool settings
|
|
DB_MAX_CONNECTIONS=5
|
|
DB_MIN_CONNECTIONS=1
|
|
|
|
# ============================================================================
|
|
# Authentication Mode
|
|
# ============================================================================
|
|
# Options: session, jwt, both
|
|
# - session: Cookie-based sessions (requires auth-axum-login feature)
|
|
# - jwt: Bearer token authentication (requires auth-jwt feature)
|
|
# - both: Support both methods (try JWT first, fall back to session)
|
|
AUTH_MODE=jwt
|
|
|
|
# ============================================================================
|
|
# Session Configuration (for session/both modes)
|
|
# ============================================================================
|
|
# Must be at least 64 characters in production
|
|
SESSION_SECRET=your-super-secret-key-must-be-at-least-64-characters-long-for-security
|
|
|
|
# Set to true in production for HTTPS-only cookies
|
|
SECURE_COOKIE=false
|
|
|
|
# ============================================================================
|
|
# JWT Configuration (for jwt/both modes)
|
|
# ============================================================================
|
|
# Must be at least 32 characters in production
|
|
JWT_SECRET=your-jwt-secret-key-at-least-32-chars
|
|
|
|
# Optional: JWT issuer and audience for token validation
|
|
JWT_ISSUER=your-app-name
|
|
JWT_AUDIENCE=your-app-audience
|
|
|
|
# Token expiry in hours (default: 24)
|
|
JWT_EXPIRY_HOURS=24
|
|
|
|
# ============================================================================
|
|
# OIDC Configuration (optional - requires auth-oidc feature)
|
|
# ============================================================================
|
|
# Your OIDC provider's issuer URL (e.g., Keycloak, Auth0, Zitadel)
|
|
OIDC_ISSUER=https://your-oidc-provider.com
|
|
|
|
# Client credentials from your OIDC provider
|
|
OIDC_CLIENT_ID=your-client-id
|
|
OIDC_CLIENT_SECRET=your-client-secret
|
|
|
|
# Callback URL (must match what's configured in your OIDC provider)
|
|
OIDC_REDIRECT_URL=http://localhost:3000/api/v1/auth/callback
|
|
|
|
# Optional: Resource ID for audience verification
|
|
# OIDC_RESOURCE_ID=your-resource-id
|
|
|
|
# ============================================================================
|
|
# CORS Configuration
|
|
# ============================================================================
|
|
# Comma-separated list of allowed origins
|
|
CORS_ALLOWED_ORIGINS=http://localhost:5173,http://localhost:3000
|
|
|
|
# ============================================================================
|
|
# Production Mode
|
|
# ============================================================================
|
|
# Set to true/production/1 to enable production checks (secret length, etc.)
|
|
PRODUCTION=false
|