forked from Manuel1234477/Stellar-Micro-Donation-API
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
168 lines (119 loc) · 5.05 KB
/
.env.example
File metadata and controls
168 lines (119 loc) · 5.05 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
# =====================================
# Server Configuration
# =====================================
# Port the API server listens on locally.
PORT=3000
# Runtime mode: use "development" for local testing.
NODE_ENV=development
# =====================================
# Stellar Network Configuration
# =====================================
# Stellar environment to target.
# Allowed: testnet, mainnet, futurenet.
# For local testing, use testnet.
STELLAR_ENVIRONMENT=testnet
# Optional explicit Horizon endpoint.
# Leave commented to use the default URL for STELLAR_NETWORK.
# HORIZON_URL=https://horizon-testnet.stellar.org
# Optional: use mock Stellar responses without outbound network calls.
# true = mock mode (good for offline/local tests)
# false = real Stellar network requests
MOCK_STELLAR=false
# =====================================
# Database Configuration
# =====================================
# Storage engine used by the app.
# Current local default uses sqlite.
DB_TYPE=sqlite
# SQLite file path (relative to project root).
DB_PATH=./donations.db
# Maximum number of reusable SQLite connections kept in the in-process pool.
DB_POOL_SIZE=5
# Milliseconds to wait for a pooled connection before failing safely.
DB_ACQUIRE_TIMEOUT=10000
# =====================================
# API Configuration
# =====================================
# Prefix for all API routes.
API_PREFIX=/api/v1
# Max requests per IP per time window (see rate limiter config in code).
RATE_LIMIT=100
# =====================================
# CORS Configuration
# =====================================
# Comma-separated list of allowed origins for CORS.
# Supports exact origins and wildcard subdomain patterns (e.g. *.example.com).
# Leave unset to reject all cross-origin requests.
# CORS_ALLOWED_ORIGINS=https://app.example.com,https://admin.example.com,*.example.com
# Allowed HTTP methods (default: GET,POST,PUT,PATCH,DELETE,OPTIONS)
# CORS_ALLOWED_METHODS=GET,POST,PUT,PATCH,DELETE,OPTIONS
# Allowed request headers (default includes Content-Type, Authorization, X-API-Key, etc.)
# CORS_ALLOWED_HEADERS=Content-Type,Authorization,X-API-Key,X-Request-ID,X-Idempotency-Key
# Preflight cache duration in seconds (default: 86400 = 24 hours)
# CORS_MAX_AGE=86400
# =====================================
# API Key Protection
# =====================================
# Legacy API key list (comma-separated).
# Required by current environment validation for local/runtime startup.
# Safe local examples only; replace with your own dev keys.
API_KEYS=dev_key_1234567890,dev_key_abcdef123456
# Recommended: Database-backed API key management.
# Example commands:
# npm run keys:create -- --name "Local Dev Key" --role admin --expires 365
# npm run keys:list
# See docs/API_KEY_ROTATION.md for details.
# =====================================
# Service Account (Optional)
# =====================================
# Stellar secret for service-side operations.
# Keep this commented unless you explicitly need service signing.
# Never commit a real secret key.
# SERVICE_SECRET_KEY=SXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
# Alias supported by code (same purpose as SERVICE_SECRET_KEY):
# STELLAR_SECRET=SXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
# =====================================
# Data Storage (Optional Overrides)
# =====================================
# Optional JSON storage path override for donation records.
# If omitted, code defaults to ./data/donations.json.
# DB_JSON_PATH=./data/donations.json
# =====================================
# Donation Limits (XLM)
# =====================================
# Minimum donation amount accepted by validation.
MIN_DONATION_AMOUNT=0.01
# Maximum donation amount accepted by validation.
MAX_DONATION_AMOUNT=10000
# Daily cap per donor.
# Set to 0 to disable the daily limit.
MAX_DAILY_DONATION_PER_DONOR=0
# =====================================
# Logging Configuration
# =====================================
# Write logs to files in LOG_DIR in addition to console.
LOG_TO_FILE=false
# Directory for log files when LOG_TO_FILE=true.
LOG_DIR=./logs
# Include extra debug details in logs.
LOG_VERBOSE=false
# =====================================
# Encryption (Optional for Local, Required in Production)
# =====================================
# App uses a development fallback when this is unset outside production.
# In production, ENCRYPTION_KEY must be provided.
# ENCRYPTION_KEY=local_dev_encryption_key_change_me
# =====================================
# Stellar Federation Server (Optional)
# =====================================
# Domain this server acts as a federation server for.
# Defaults to the request hostname if not set.
# FEDERATION_DOMAIN=example.com
# Pre-registered federation records (JSON).
# Simple form: {"alice":"GABC..."}
# With memo: {"bob":{"account_id":"GXYZ...","memo_type":"text","memo":"123"}}
# FEDERATION_RECORDS={}
# Debug Mode (local development only)
# WARNING: Never enable in production - may expose sensitive information
# Set to 'true' to enable, 'false' or omit to disable (default: false)
DEBUG_MODE=false