Cybersecurity-Projects/PROJECTS/intermediate/api-security-scanner/.env.example

83 lines
2.3 KiB
Plaintext

# ⒸAngelaMos | 2026
# ---------------------------------------------
# API Security Scanner - Environment Variables
# Copy this file to .env and update the values
# Application Settings
APP_NAME="API Security Tester"
VERSION="1.0.0"
DEBUG=true
# Security
SECRET_KEY=your-secret-key-change-this-in-production
ALGORITHM=HS256
ACCESS_TOKEN_EXPIRE_MINUTES=1440
# Database (PostgreSQL)
# For local development (outside Docker)
POSTGRES_USER=apiuser
POSTGRES_PASSWORD=apipass
POSTGRES_DB=apisecurity
POSTGRES_HOST=localhost
POSTGRES_PORT=5432
# Database URL (overridden by docker-compose for container networking)
DATABASE_URL=postgresql+asyncpg://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}
# Backend API
BACKEND_HOST=0.0.0.0
BACKEND_PORT=8000
# CORS Origins (comma-separated for multiple origins)
CORS_ORIGINS=http://localhost:5173,http://localhost:3000,http://localhost,http://localhost:8000
# Frontend API URL
# When using Docker with nginx: http://localhost/api
# When running Vite directly (npm run dev): http://localhost:8000
VITE_API_URL=http://localhost/api
# ---------------------------------------------
# Docker Host Port Mappings
# ---------------------------------------------
# Change these if you have port conflicts on your host machine
# Format: HOST_PORT:CONTAINER_PORT (only HOST_PORT is configurable)
HOST_DB_PORT=5432
HOST_BACKEND_PORT=8000
HOST_FRONTEND_PORT=5173
HOST_NGINX_PORT=80
# Uncomment for production HTTPS:
# HOST_NGINX_HTTPS_PORT=443
# ---------------------------------------------
# Scanner Configuration
# ---------------------------------------------
# Default maximum requests for scans
DEFAULT_MAX_REQUESTS=100
DEFAULT_TIMEOUT_SECONDS=10
DEFAULT_RETRY_COUNT=3
# Scanner rate limiting (outgoing requests to target)
SCANNER_RATE_LIMIT_THRESHOLD=100
SCANNER_RATE_LIMIT_WINDOW_SECONDS=60
# Scanner timeouts and connection limits
SCANNER_MAX_CONCURRENT_REQUESTS=50
SCANNER_CONNECTION_TIMEOUT=30
SCANNER_READ_TIMEOUT=30
# Scanner request spacing and timing
DEFAULT_JITTER_MS=100
DEFAULT_RETRY_WAIT_SECONDS=60
DEFAULT_BASELINE_SAMPLES=10
# Field Validation Constants
PASSWORD_MIN_LENGTH=8
PASSWORD_MAX_LENGTH=100
EMAIL_MAX_LENGTH=255
URL_MAX_LENGTH=2048
# Production Settings (optional, uncomment for prod)
# DEBUG=false
# CORS_ORIGINS=https://yourdomain.com
# VITE_API_URL=https://api.yourdomain.com