2026-01-01 22:24:30 -06:00
|
|
|
# Environment Variables for Backend
|
|
|
|
|
# Copy this file to .env and fill in your values
|
2026-01-04 17:52:37 -06:00
|
|
|
# SECURITY: Never commit .env to version control
|
2026-01-01 22:24:30 -06:00
|
|
|
|
|
|
|
|
# Server
|
2026-01-04 17:52:37 -06:00
|
|
|
PORT=5000
|
2026-01-01 22:24:30 -06:00
|
|
|
NODE_ENV=development
|
|
|
|
|
|
2026-01-04 17:52:37 -06:00
|
|
|
# Database Configuration
|
|
|
|
|
DB_HOST=localhost
|
|
|
|
|
DB_PORT=5432
|
|
|
|
|
DB_NAME=skyartshop
|
|
|
|
|
DB_USER=skyartapp
|
|
|
|
|
DB_PASSWORD=CHANGE_THIS_STRONG_PASSWORD
|
2026-01-01 22:24:30 -06:00
|
|
|
|
2026-01-04 17:52:37 -06:00
|
|
|
# Session Security (CRITICAL: Generate strong random secrets)
|
|
|
|
|
# Generate with: node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
|
|
|
|
|
SESSION_SECRET=CHANGE_THIS_64_CHARACTER_HEX_STRING
|
|
|
|
|
JWT_SECRET=CHANGE_THIS_64_CHARACTER_HEX_STRING
|
2026-01-01 22:24:30 -06:00
|
|
|
|
2026-01-04 17:52:37 -06:00
|
|
|
# CORS Configuration
|
|
|
|
|
CORS_ORIGIN=http://localhost:3000
|
2026-01-01 22:24:30 -06:00
|
|
|
|
2026-01-04 17:52:37 -06:00
|
|
|
# File Upload Settings
|
2026-01-01 22:24:30 -06:00
|
|
|
MAX_FILE_SIZE=5242880
|
2026-01-04 17:52:37 -06:00
|
|
|
ALLOWED_FILE_TYPES=image/jpeg,image/png,image/gif,image/webp
|
|
|
|
|
|
|
|
|
|
# Rate Limiting
|
|
|
|
|
RATE_LIMIT_WINDOW_MS=900000
|
|
|
|
|
RATE_LIMIT_MAX_REQUESTS=100
|
|
|
|
|
|
|
|
|
|
# Logging
|
|
|
|
|
LOG_LEVEL=info
|
|
|
|
|
|
|
|
|
|
# Security Headers
|
|
|
|
|
FORCE_HTTPS=false
|
|
|
|
|
|
|
|
|
|
# ⚠️ SECURITY CHECKLIST:
|
|
|
|
|
# [ ] Change SESSION_SECRET to 64-character random hex
|
|
|
|
|
# [ ] Change JWT_SECRET to 64-character random hex
|
|
|
|
|
# [ ] Set strong DB_PASSWORD (12+ chars, mixed case, numbers, symbols)
|
|
|
|
|
# [ ] Update CORS_ORIGIN for production domain
|
|
|
|
|
# [ ] Set NODE_ENV=production in production
|
|
|
|
|
# [ ] Set FORCE_HTTPS=true in production
|
|
|
|
|
# [ ] Review all settings before deploying
|
