forked from memenow/dyvine
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
122 lines (111 loc) · 4.9 KB
/
Copy path.env.example
File metadata and controls
122 lines (111 loc) · 4.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
# Dyvine API Configuration
# Copy this file to .env and configure with your actual values
# ================================
# API Server Configuration
# ================================
# Keep ``API_DEBUG=false`` outside local development. ``true`` disables the
# production secret validator that rejects the ``change-me-in-production``
# sentinel below; shipping it as the default would let a misconfigured
# deployment boot with a placeholder secret key.
API_DEBUG=false
API_HOST=0.0.0.0
API_PORT=8000
API_PROJECT_NAME="Dyvine API"
API_VERSION=1.0.0
API_PREFIX="/api/v1"
API_RATE_LIMIT_PER_SECOND=10
# Production deployments MUST replace this localhost default with an
# explicit allowlist of trusted browser origins. ``["*"]`` is accepted
# but automatically disables credentialed CORS (see ``main.py``
# middleware) and still exposes the API to any origin, so it is suitable
# for local development only. Omitting this variable falls back to the
# Pydantic default ``["http://localhost:3000"]``.
API_CORS_ORIGINS=["http://localhost:3000"]
API_OPERATION_DB_PATH=data/douyin/state/operations.db
# ================================
# Security Configuration
# ================================
# ``SECURITY_API_KEY`` is required when ``SECURITY_REQUIRE_API_KEY`` is true
# (the default in production). Clients must supply the same value in the
# ``X-API-Key`` request header to reach any router endpoint.
#
# Generate a fresh value with:
# python -c "import secrets; print(secrets.token_urlsafe(48))"
SECURITY_SECRET_KEY=
SECURITY_API_KEY=
SECURITY_ACCESS_TOKEN_EXPIRE_MINUTES=60
# Set to ``false`` only when fronting the API with another auth layer
# (e.g. mTLS, an internal mesh policy). When ``true`` (default) all
# router endpoints reject requests that lack a matching ``X-API-Key``
# header.
SECURITY_REQUIRE_API_KEY=true
# ================================
# Douyin Platform Configuration
# ================================
# Required: Get this from your browser after logging into Douyin
DOUYIN_COOKIE=
# Optional: Custom headers for requests
DOUYIN_USER_AGENT=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
DOUYIN_REFERER=https://www.douyin.com/
# Root directory under which user-supplied ``output_path`` values are
# resolved. Path-traversal attempts that escape this root are rejected
# at the schema layer. Override only when the deployment writes
# downloads to a non-default volume.
DOUYIN_DOWNLOAD_ROOT=data/douyin/downloads
# Optional: Proxy configuration
# DOUYIN_PROXY_HTTP=http://proxy.example.com:8080
# DOUYIN_PROXY_HTTPS=https://proxy.example.com:8080
# Optional: Livestream-specific HTTP headers
# These headers are sent with livestream API requests to live.douyin.com.
#
# CSRF token: Douyin's anti-automation token. Extract from browser DevTools
# (Network tab -> any live.douyin.com request -> x-secsdk-csrf-token header).
# Leave empty to omit the header entirely.
# DOUYIN_LIVE_CSRF_TOKEN=
#
# sec-ch-ua: Client Hints header identifying the browser. Update the version
# numbers to match the Chrome version used when extracting the cookie.
DOUYIN_LIVE_SEC_CH_UA="Not A(Brand";v="99", "Google Chrome";v="131", "Chromium";v="131"
# ================================
# Cloudflare R2 Storage Configuration
# ================================
# Optional: Configure for automatic content uploads to R2
R2_ACCOUNT_ID=
R2_ACCESS_KEY_ID=
R2_SECRET_ACCESS_KEY=
R2_BUCKET_NAME=
R2_ENDPOINT=
# ================================
# Notes on rate limiting and logging
# ================================
# ``API_RATE_LIMIT_PER_SECOND`` (declared above) is reserved for an
# external gateway / ingress to honour. The application itself does
# not enforce request-rate limits today; the only built-in concurrency
# controls are the per-room dedupe lock in ``LivestreamService`` and the
# bounded thread-pool executors owned by ``ServiceContainer``.
#
# Logging is configured in code (``core.logging.setup_logging``):
# JSON to ``logs/dyvine.log`` with daily UTC rotation, plus a console
# handler that uses a human-readable format when ``API_DEBUG=true``.
# There is no ``LOG_LEVEL`` / ``LOG_FORMAT`` environment override; the
# level follows ``API_DEBUG`` (DEBUG vs INFO) and the format is JSON in
# both file and non-debug console output.
# ================================
# Usage Instructions
# ================================
# 1. Copy this file to .env
# 2. Generate SECURITY_SECRET_KEY and SECURITY_API_KEY
# 3. Configure DOUYIN_COOKIE with your session data
# 4. Configure R2 settings if using cloud storage
# 5. Set an explicit CORS origin list for browser clients
# 6. Restart the application to apply changes
# ================================
# Getting Douyin Cookie
# ================================
# 1. Open Douyin.com in your browser
# 2. Log in to your account
# 3. Open browser developer tools (F12)
# 4. Go to Network tab and reload the page
# 5. Find any request to douyin.com
# 6. Copy the entire Cookie header value
# 7. Paste it as the DOUYIN_COOKIE value above