-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
69 lines (61 loc) · 3 KB
/
.env.example
File metadata and controls
69 lines (61 loc) · 3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# Copy this file to `.env` (gitignored) and fill in values.
# The app loads .env automatically at startup via python-dotenv
# (see app/config.py). Restart uvicorn after editing.
#
# Real env vars (e.g. set via `$env:FOO = "bar"` in PowerShell or
# the platform's env machinery in production) take precedence over
# values in this file.
# --- Deployment ---------------------------------------------------------
# Set DEPLOY_ENV=production to disable /docs, /redoc, /openapi.json
# and disable the dev-only no-cache middleware + BASE_URL auto-derive.
DEPLOY_ENV=
# --- Database -----------------------------------------------------------
# SQLAlchemy URL. SQLite by default. For Postgres:
# DATABASE_URL=postgresql+psycopg://user:pass@host:5432/qrdb
DATABASE_URL=sqlite:///./qr_code.db
# --- Public URL ---------------------------------------------------------
# Encoded into QR codes and used in short URLs, magic-link emails,
# and the GitHub OAuth callback. Leave BLANK in dev — the app auto-
# derives from the incoming request host so the URL always matches
# whatever port your uvicorn is on. Set this explicitly in production
# (the QR PNG and email links must encode the public domain, not
# whatever internal hostname the app server is reachable at).
# Dev: BASE_URL= (leave empty)
# Prod: BASE_URL=https://qr.example.com
BASE_URL=
# --- Rate limits --------------------------------------------------------
CREATE_RATE_LIMIT=10/minute
REDIRECT_RATE_LIMIT=300/minute
MUTATION_RATE_LIMIT=30/minute
RATE_LIMIT_STORAGE_URI=memory://
# AUTH_REQUEST_RATE_LIMIT controls /api/auth/request-link.
AUTH_REQUEST_RATE_LIMIT=3/minute
# --- Scan-event tuning --------------------------------------------------
SCAN_DEDUP_WINDOW=1.0
SCAN_FLUSH_BATCH_SIZE=10
SCAN_FLUSH_INTERVAL=5.0
# --- Auth ---------------------------------------------------------------
SESSION_COOKIE_NAME=qrs_session
SESSION_TTL_DAYS=30
MAGIC_LINK_TTL_MINUTES=15
# Email provider:
# "" — ConsoleEmailService, prints magic link to stdout (dev default)
# "console" — same as above, explicit form
# "resend" — Resend HTTP API. Requires RESEND_API_KEY + EMAIL_FROM.
EMAIL_PROVIDER=
# Used as the "From" address on outgoing emails. For Resend dev /
# unverified domains use `onboarding@resend.dev`. For prod, verify a
# domain in the Resend dashboard and use `noreply@your-domain.com`.
EMAIL_FROM=noreply@localhost
# Sign up at https://resend.com (free: 3000/month, 100/day) and
# create an API key. Only required when EMAIL_PROVIDER=resend.
RESEND_API_KEY=
# --- GitHub OAuth -------------------------------------------------------
# Register an OAuth app at https://github.com/settings/developers
# Callback URL must be exactly: ${BASE_URL}/api/auth/github/callback
# GitHub allows multiple callback URLs per app since 2021 — register
# both your local dev URL and your production URL on the same app.
# Leave blank to disable GitHub sign-in (the /api/auth/github/* routes
# won't be registered).
GITHUB_CLIENT_ID=
GITHUB_CLIENT_SECRET=