# NaviDocs Environment Variables # Copy this file to .env and fill in your specific values # IMPORTANT: Never commit .env to version control # Created: 2025-11-14 # ============================================================================ # DATABASE CONFIGURATION # ============================================================================ # PostgreSQL Database Connection DB_HOST=localhost DB_PORT=5432 DB_NAME=navidocs DB_USER=navidocs_user DB_PASSWORD=your_secure_password_here # Alternative: Full connection string (optional, if using DATABASE_URL) # DATABASE_URL=postgresql://navidocs_user:password@localhost:5432/navidocs # Connection Pool Configuration DB_POOL_MIN=2 DB_POOL_MAX=20 DB_CONNECTION_TIMEOUT=30000 DB_IDLE_TIMEOUT=10000 # ============================================================================ # AUTHENTICATION & SECURITY # ============================================================================ # JWT Configuration JWT_SECRET=your_super_secret_jwt_key_minimum_32_characters_long JWT_EXPIRY=24h JWT_REFRESH_EXPIRY=7d # Encryption Key (for sensitive data encryption) # Generate with: node -e "console.log(require('crypto').randomBytes(32).toString('hex'))" ENCRYPTION_KEY=your_encryption_key_hex_string_64_characters # Session Management SESSION_SECRET=your_session_secret_key_minimum_32_characters # CORS Configuration NODE_ENV=production ALLOWED_ORIGINS=https://example.com,https://app.example.com,http://localhost:3000 CORS_CREDENTIALS=true # ============================================================================ # SERVER CONFIGURATION # ============================================================================ # Server Port PORT=3001 # API Configuration API_BASE_URL=https://api.example.com FRONTEND_URL=https://example.com # Logging LOG_LEVEL=info LOG_STORAGE_TYPE=file LOG_STORAGE_PATH=./logs # Request/Response Configuration REQUEST_TIMEOUT=30000 MAX_JSON_SIZE=10mb MAX_URLENCODED_SIZE=10mb # ============================================================================ # FILE UPLOAD CONFIGURATION # ============================================================================ # Local File Storage UPLOAD_DIR=./uploads UPLOAD_MAX_SIZE=10485760 UPLOAD_ALLOWED_TYPES=image/jpeg,image/png,image/gif,image/webp,application/pdf # Cleanup Configuration TEMP_FILE_CLEANUP_ENABLED=true TEMP_FILE_CLEANUP_AGE_HOURS=24 # S3/Cloud Storage (if using cloud storage instead of local) # Set FILE_STORAGE_TYPE to 's3' to enable FILE_STORAGE_TYPE=local # S3_BUCKET=navidocs-uploads # S3_REGION=us-east-1 # S3_ACCESS_KEY=your_aws_access_key # S3_SECRET_KEY=your_aws_secret_key # S3_ENDPOINT=https://s3.amazonaws.com # ============================================================================ # SEARCH CONFIGURATION # ============================================================================ # Search Backend: 'postgres-fts' or 'meilisearch' SEARCH_TYPE=postgres-fts SEARCH_TIMEOUT=5000 # Meilisearch Configuration (if using Meilisearch) # MEILISEARCH_HOST=http://localhost:7700 # MEILISEARCH_KEY=your_meilisearch_api_key # MEILISEARCH_TIMEOUT=10000 # Search Index Settings SEARCH_INDEX_BATCH_SIZE=1000 SEARCH_INDEX_AUTO_REFRESH=true # ============================================================================ # API RATE LIMITING # ============================================================================ # Rate Limit Configuration RATE_LIMIT_ENABLE=true RATE_LIMIT_WINDOW_MS=900000 RATE_LIMIT_MAX_REQUESTS=100 RATE_LIMIT_PER_USER=1000 # Whitelist IPs/Users from rate limiting (comma-separated) RATE_LIMIT_WHITELIST= # ============================================================================ # NOTIFICATION CONFIGURATION (Optional) # ============================================================================ # WhatsApp Integration (for maintenance reminders, expense notifications) WHATSAPP_ENABLED=false # WHATSAPP_API_KEY=your_whatsapp_api_key # WHATSAPP_PHONE_ID=your_phone_id # WHATSAPP_BUSINESS_ACCOUNT_ID=your_account_id # Email Configuration (for alerts and notifications) EMAIL_ENABLED=false EMAIL_SERVICE=smtp EMAIL_FROM=noreply@example.com # SMTP_HOST=smtp.gmail.com # SMTP_PORT=587 # SMTP_USER=your_email@gmail.com # SMTP_PASSWORD=your_app_password # SMTP_SECURE=true # ============================================================================ # OCR CONFIGURATION (Optional) # ============================================================================ # Receipt OCR Provider: 'google-vision', 'aws-textract', or 'tesseract' OCR_ENABLED=false # OCR_PROVIDER=google-vision # OCR_API_KEY=your_ocr_api_key # OCR_PROJECT_ID=your_gcp_project_id # OCR_TIMEOUT=30000 # ============================================================================ # MONITORING & LOGGING # ============================================================================ # Application Performance Monitoring (APM) APM_ENABLED=false APM_SERVICE_NAME=navidocs-api # APM_SERVER_URL=https://apm.example.com # APM_SERVER_TOKEN=your_apm_token # Error Tracking (Sentry) SENTRY_ENABLED=false # SENTRY_DSN=https://key@sentry.io/projectid # SENTRY_ENVIRONMENT=production # SENTRY_RELEASE=1.0.0 # Logging to External Service LOG_EXTERNAL_ENABLED=false # LOG_SERVICE=datadog # LOG_DATADOG_KEY=your_datadog_api_key # LOG_DATADOG_SITE=datadoghq.com # ============================================================================ # SECURITY HEADERS & CORS # ============================================================================ # Content Security Policy CSP_ENABLED=true CSP_REPORT_URI=https://example.com/csp-report # CORS Settings CORS_ALLOW_METHODS=GET,POST,PUT,DELETE,OPTIONS CORS_ALLOW_HEADERS=Content-Type,Authorization,X-Request-ID CORS_EXPOSE_HEADERS=Content-Length,X-Request-ID CORS_MAX_AGE=86400 # ============================================================================ # BACKGROUND JOBS (Optional) # ============================================================================ # Job Queue Configuration JOBS_ENABLED=false # JOBS_REDIS_URL=redis://localhost:6379 # JOBS_CONCURRENCY=5 # JOBS_TIMEOUT=60000 # ============================================================================ # FEATURE FLAGS (Optional) # ============================================================================ # Feature Flags for gradual rollout FEATURE_ENABLE_CAMERA_WEBHOOK=true FEATURE_ENABLE_EXPENSE_SPLITTING=true FEATURE_ENABLE_CALENDAR_SYNC=true FEATURE_ENABLE_FULL_TEXT_SEARCH=true FEATURE_ENABLE_AUDIT_LOGGING=true # ============================================================================ # DEVELOPMENT ONLY (Do NOT use in production) # ============================================================================ # Debug Mode (set to false in production) DEBUG=false # Bypass Authentication (NEVER enable in production) BYPASS_AUTH=false # Database Reset (DANGEROUS - for development only) RESET_DB_ON_STARTUP=false # ============================================================================ # EXAMPLE VALUES - UPDATE FOR YOUR ENVIRONMENT # ============================================================================ # Example for development: # DB_HOST=localhost # DB_USER=navidocs_dev # DB_PASSWORD=dev_password # JWT_SECRET=dev_secret_key_for_development_only # NODE_ENV=development # ALLOWED_ORIGINS=http://localhost:3000 # Example for staging: # DB_HOST=staging-db.internal # DB_USER=navidocs_staging # DB_PASSWORD= # JWT_SECRET= # NODE_ENV=staging # ALLOWED_ORIGINS=https://staging.example.com # Example for production: # DB_HOST=prod-db.internal # DB_USER=navidocs_prod # DB_PASSWORD= # JWT_SECRET= # NODE_ENV=production # ALLOWED_ORIGINS=https://example.com,https://app.example.com # SENTRY_ENABLED=true # APM_ENABLED=true # RATE_LIMIT_ENABLE=true # ============================================================================ # NOTES # ============================================================================ # - All passwords should be stored in a secure secret management system # - Never commit the .env file to version control # - Use different credentials for each environment # - Rotate secrets regularly # - Enable 2FA for database access # - Monitor access logs to sensitive resources # - Keep sensitive keys and passwords backed up securely # - Set file permissions: chmod 600 .env # - Review security documentation before deployment # End of .env.example