83 lines
2.3 KiB
Plaintext
83 lines
2.3 KiB
Plaintext
# ⒸAngelaMos | 2026
|
|
# ---------------------------------------------
|
|
# API Security Scanner - Environment Variables
|
|
# Copy this file to .env and update the values
|
|
|
|
# Application Settings
|
|
APP_NAME="API Security Tester"
|
|
VERSION="1.0.0"
|
|
DEBUG=true
|
|
|
|
# Security
|
|
SECRET_KEY=your-secret-key-change-this-in-production
|
|
ALGORITHM=HS256
|
|
ACCESS_TOKEN_EXPIRE_MINUTES=1440
|
|
|
|
# Database (PostgreSQL)
|
|
# For local development (outside Docker)
|
|
POSTGRES_USER=apiuser
|
|
POSTGRES_PASSWORD=apipass
|
|
POSTGRES_DB=apisecurity
|
|
POSTGRES_HOST=localhost
|
|
POSTGRES_PORT=5432
|
|
|
|
# Database URL (overridden by docker-compose for container networking)
|
|
DATABASE_URL=postgresql+asyncpg://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}
|
|
|
|
# Backend API
|
|
BACKEND_HOST=0.0.0.0
|
|
BACKEND_PORT=8000
|
|
|
|
# CORS Origins (comma-separated for multiple origins)
|
|
CORS_ORIGINS=http://localhost:5173,http://localhost:3000,http://localhost,http://localhost:8000
|
|
|
|
# Frontend API URL
|
|
# When using Docker with nginx: http://localhost/api
|
|
# When running Vite directly (npm run dev): http://localhost:8000
|
|
VITE_API_URL=http://localhost/api
|
|
|
|
# ---------------------------------------------
|
|
# Docker Host Port Mappings
|
|
# ---------------------------------------------
|
|
# Change these if you have port conflicts on your host machine
|
|
# Format: HOST_PORT:CONTAINER_PORT (only HOST_PORT is configurable)
|
|
HOST_DB_PORT=5432
|
|
HOST_BACKEND_PORT=8000
|
|
HOST_FRONTEND_PORT=5173
|
|
HOST_NGINX_PORT=80
|
|
# Uncomment for production HTTPS:
|
|
# HOST_NGINX_HTTPS_PORT=443
|
|
|
|
# ---------------------------------------------
|
|
# Scanner Configuration
|
|
# ---------------------------------------------
|
|
# Default maximum requests for scans
|
|
DEFAULT_MAX_REQUESTS=100
|
|
DEFAULT_TIMEOUT_SECONDS=10
|
|
DEFAULT_RETRY_COUNT=3
|
|
|
|
# Scanner rate limiting (outgoing requests to target)
|
|
SCANNER_RATE_LIMIT_THRESHOLD=100
|
|
SCANNER_RATE_LIMIT_WINDOW_SECONDS=60
|
|
|
|
# Scanner timeouts and connection limits
|
|
SCANNER_MAX_CONCURRENT_REQUESTS=50
|
|
SCANNER_CONNECTION_TIMEOUT=30
|
|
SCANNER_READ_TIMEOUT=30
|
|
|
|
# Scanner request spacing and timing
|
|
DEFAULT_JITTER_MS=100
|
|
DEFAULT_RETRY_WAIT_SECONDS=60
|
|
DEFAULT_BASELINE_SAMPLES=10
|
|
|
|
# Field Validation Constants
|
|
PASSWORD_MIN_LENGTH=8
|
|
PASSWORD_MAX_LENGTH=100
|
|
EMAIL_MAX_LENGTH=255
|
|
URL_MAX_LENGTH=2048
|
|
|
|
# Production Settings (optional, uncomment for prod)
|
|
# DEBUG=false
|
|
# CORS_ORIGINS=https://yourdomain.com
|
|
# VITE_API_URL=https://api.yourdomain.com
|