phantom-api.dev/.env.example at master · Salnika/phantom-api.dev · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
# Phantom API Environment Configuration
# Copy this file to .env and update the values for your environment

# =============================================================================
# SERVER CONFIGURATION
# =============================================================================
NODE_ENV=production
PORT=3000

# =============================================================================
# SECURITY CONFIGURATION
# =============================================================================
# JWT Secret - MUST be at least 48 characters long in production
# Generate a secure secret: openssl rand -base64 48
JWT_SECRET=CHANGE_THIS_IN_PRODUCTION_USE_OPENSSL_RAND_BASE64_48

# Cookie secret for session management
# Generate with: openssl rand -base64 32
COOKIE_SECRET=CHANGE_THIS_IN_PRODUCTION_USE_OPENSSL_RAND_BASE64_32

# =============================================================================
# DATABASE CONFIGURATION
# =============================================================================
# Database type: "sqlite" or "postgresql"
DATABASE_TYPE=sqlite

# SQLite Configuration (used when DATABASE_TYPE=sqlite)
# Database file path (will be created automatically)
# For Docker: use /app/data/phantom.db
# For local development: use ./data/phantom.db
DB_PATH=./data/phantom.db

# PostgreSQL Configuration (used when DATABASE_TYPE=postgresql)
POSTGRES_HOST=localhost
POSTGRES_PORT=5432
POSTGRES_DB=phantom_api
POSTGRES_USER=phantom_user
POSTGRES_PASSWORD=phantom_password
POSTGRES_SSL=false
POSTGRES_POOL_SIZE=10

# =============================================================================
# ADMIN CONFIGURATION
# =============================================================================
# DEPRECATED: Hardcoded admin credentials have been removed for security
# Use the /setup endpoint or admin interface to create the first admin user
# ADMIN_EMAIL=your-admin@example.com
# ADMIN_PASSWORD=your-secure-password

# =============================================================================
# REDIS CACHING CONFIGURATION
# =============================================================================
# Enable Redis caching (true/false)
REDIS_ENABLED=false
# Redis connection settings
REDIS_HOST=localhost
REDIS_PORT=6379
REDIS_PASSWORD=
REDIS_DB=0
# Cache TTL in seconds (default: 300 = 5 minutes)
CACHE_TTL=300

# =============================================================================
# CORS CONFIGURATION
# =============================================================================
# Allowed origins for CORS (comma-separated)
CORS_ORIGIN=http://localhost:5173,http://localhost:5174,http://localhost:5175

# =============================================================================
# DOCKER CONFIGURATION
# =============================================================================
# Container name prefix
COMPOSE_PROJECT_NAME=phantom-api

# =============================================================================
# DEVELOPMENT OVERRIDES
# =============================================================================
# Uncomment these for development mode:
# NODE_ENV=development
# PORT=3000
# DB_PATH=./data/phantom.db

# =============================================================================
# PRODUCTION SECURITY NOTES
# =============================================================================
# 1. Change JWT_SECRET to a secure random string (32+ characters)
# 2. Update ADMIN_EMAIL and ADMIN_PASSWORD with secure values
# 3. Consider using Docker secrets for sensitive values in production
# 4. Enable HTTPS in production with a reverse proxy (nginx, traefik)
# 5. Use strong passwords and consider disabling default admin account
# 6. Review CORS_ORIGIN settings for production domains