132 lines
5.5 KiB
Plaintext
132 lines
5.5 KiB
Plaintext
# =============================================================================
|
|
# 🔐 Siro Project - Secure Environment Configuration
|
|
# =============================================================================
|
|
# ⚠️ CRITICAL: NEVER commit this file to Git!
|
|
# Add .env to .gitignore immediately
|
|
# =============================================================================
|
|
|
|
# =============================================================================
|
|
# Database Configuration - MAIN DATABASE
|
|
# =============================================================================
|
|
DB_HOST=localhost
|
|
DB_PORT=3306
|
|
DB_NAME=siro_main
|
|
DB_USER=siro_user
|
|
DB_PASS=<CHANGE_ME_STRONG_PASSWORD>
|
|
|
|
# =============================================================================
|
|
# Encryption Configuration - CRITICAL FOR SECURITY
|
|
# =============================================================================
|
|
# 🔐 Generate 32-character hex key: openssl rand -hex 16
|
|
ENC_KEY=<CHANGE_ME_32_BYTE_HEX_KEY>
|
|
ENCRYPTION_KEY_PATH=/home/siro-api/env/.encryption_key
|
|
|
|
# =============================================================================
|
|
# JWT Configuration
|
|
# =============================================================================
|
|
JWT_SECRET=<CHANGE_ME_LONG_RANDOM_STRING>
|
|
JWT_ALGORITHM=HS256
|
|
JWT_EXPIRY=3600
|
|
JWT_REFRESH_EXPIRY=86400
|
|
|
|
# =============================================================================
|
|
# Redis Configuration
|
|
# =============================================================================
|
|
REDIS_HOST=localhost
|
|
REDIS_PORT=6379
|
|
REDIS_AUTH=<CHANGE_ME_REDIS_PASSWORD>
|
|
REDIS_DB=0
|
|
|
|
# =============================================================================
|
|
# Rate Limiter Configuration
|
|
# =============================================================================
|
|
RATE_LIMIT_LOGIN_ATTEMPTS=5
|
|
RATE_LIMIT_LOGIN_WINDOW=300
|
|
RATE_LIMIT_API_REQUESTS=100
|
|
RATE_LIMIT_API_WINDOW=60
|
|
|
|
# =============================================================================
|
|
# Wallet Configuration - S2S API
|
|
# =============================================================================
|
|
WALLET_API_URL=https://walletintaleq.intaleq.xyz/v2/main/
|
|
# 🔐 Generate HMAC secret: openssl rand -base64 32
|
|
WALLET_HMAC_SECRET=<CHANGE_ME_LONG_HMAC_SECRET>
|
|
BACKEND_ID=siromove-backend-01
|
|
ALLOWED_BACKEND_IDS=siromove-backend-01,siromove-backend-02
|
|
|
|
# =============================================================================
|
|
# Socket/Location Server Configuration
|
|
# =============================================================================
|
|
ALLOWED_SOCKET_URLS=https://location.siromove.com,https://socket.siromove.com
|
|
SOCKET_API_TIMEOUT=10
|
|
SOCKET_INTERNAL_KEY=<CHANGE_ME_INTERNAL_KEY>
|
|
|
|
# =============================================================================
|
|
# CORS Configuration
|
|
# =============================================================================
|
|
CORS_ALLOWED_ORIGINS=https://siromove.com,https://www.siromove.com
|
|
CORS_ALLOWED_METHODS=GET,POST,PUT,DELETE,OPTIONS
|
|
CORS_ALLOWED_HEADERS=Content-Type,Authorization
|
|
|
|
# =============================================================================
|
|
# Logging Configuration
|
|
# =============================================================================
|
|
LOG_LEVEL=info
|
|
LOG_PATH=/var/log/siro-api/
|
|
SECURITY_LOG_PATH=/var/log/siro-api/security/
|
|
|
|
# =============================================================================
|
|
# Firebase Configuration
|
|
# =============================================================================
|
|
FIREBASE_PROJECT_ID=siro-project
|
|
FIREBASE_API_KEY=<CHANGE_ME_FIREBASE_KEY>
|
|
|
|
# =============================================================================
|
|
# SMS Configuration (for OTP)
|
|
# =============================================================================
|
|
SMS_PROVIDER=twilio
|
|
SMS_API_KEY=<CHANGE_ME_SMS_KEY>
|
|
SMS_API_SECRET=<CHANGE_ME_SMS_SECRET>
|
|
|
|
# =============================================================================
|
|
# Email Configuration
|
|
# =============================================================================
|
|
MAIL_HOST=smtp.gmail.com
|
|
MAIL_PORT=587
|
|
MAIL_USER=<CHANGE_ME_EMAIL>
|
|
MAIL_PASS=<CHANGE_ME_EMAIL_PASSWORD>
|
|
|
|
# =============================================================================
|
|
# Application Configuration
|
|
# =============================================================================
|
|
APP_ENV=production
|
|
APP_DEBUG=false
|
|
APP_NAME=Siro
|
|
APP_DOMAIN=api-syria.siromove.com
|
|
|
|
# =============================================================================
|
|
# Nabeh Integration (server-to-server API key)
|
|
# Must match NABEH_API_KEY in Nabeh's .env
|
|
# =============================================================================
|
|
NABEH_API_KEY=<CHANGE_ME_SHARED_SECRET>
|
|
SECRET_KEY_HMAC=<CHANGE_ME_HMAC_SECRET_FOR_SIGNED_URLS>
|
|
|
|
# =============================================================================
|
|
# Security Configuration - Fingerprint
|
|
# =============================================================================
|
|
FP_PEPPER=<CHANGE_ME_FINGERPRINT_PEPPER>
|
|
|
|
# =============================================================================
|
|
# Feature Flags
|
|
# =============================================================================
|
|
FEATURE_MFA_ENABLED=true
|
|
FEATURE_S2S_WALLET_ENABLED=true
|
|
FEATURE_CERTIFICATE_PINNING=true
|
|
|
|
# =============================================================================
|
|
# SECRETS - DO NOT EDIT OR COMMIT!
|
|
# =============================================================================
|
|
# This file contains secrets. Keep it secure!
|
|
# Permissions: chmod 600 .env
|
|
# Owner: www-data (or your web server user)
|