-
Notifications
You must be signed in to change notification settings - Fork 69
Expand file tree
/
Copy path.env.example
More file actions
191 lines (165 loc) · 6.47 KB
/
.env.example
File metadata and controls
191 lines (165 loc) · 6.47 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
# ========================================
# ExpenseFlow Environment Configuration
# ========================================
# Copy this file to .env and update with your actual values
# ========================================
# Server Configuration
# ========================================
PORT=3000
NODE_ENV=development
FRONTEND_URL=http://localhost:3000
# ========================================
# Database Configuration
# ========================================
MONGODB_URI=mongodb://localhost:27017/expenseflow
# ========================================
# JWT Configuration
# ========================================
JWT_SECRET=your_jwt_secret_key_here_change_in_production
JWT_EXPIRE=7d
# ========================================
# Clerk Authentication Configuration
# ========================================
# ExpenseFlow uses Clerk for authentication (login, signup, session management).
# You MUST create a free Clerk account and set up an application to run this project.
#
# SETUP STEPS:
# 1. Go to https://clerk.com and sign up for a free account
# 2. Create a new application in the Clerk Dashboard
# 3. In your Clerk Dashboard, go to "API Keys" section
# 4. Copy the "Publishable key" (starts with pk_test_) → paste below as CLERK_PUBLISHABLE_KEY
# 5. Copy the "Secret key" (starts with sk_test_) → paste below as CLERK_SECRET_KEY
# 6. Your Frontend API URL is shown in the Clerk Dashboard home page
# (looks like: https://<your-app-slug>.clerk.accounts.dev)
# → paste below as CLERK_FRONTEND_API
# 7. IMPORTANT: You also need to update the Clerk SDK script tags in these HTML files
# with YOUR publishable key and frontend API URL:
# - public/login.html (data-clerk-publishable-key and src attributes)
# - public/signup.html (data-clerk-publishable-key and src attributes)
# - public/index.html (data-clerk-publishable-key and src attributes)
# - public/dashboard.html(data-clerk-publishable-key and src attributes)
# Replace: data-clerk-publishable-key="pk_test_XXXXX" with your key
# Replace: src="https://<your-app-slug>.clerk.accounts.dev/npm/@clerk/clerk-js@5/dist/clerk.browser.js"
#
# 8. (Optional) For Clerk Webhooks, go to Dashboard → Webhooks → Create Endpoint
# Copy the signing secret → paste below as CLERK_WEBHOOK_SECRET
#
# Clerk Authentication Providers:
# In Clerk Dashboard → User & Authentication → Social Connections
# Enable: Google, LinkedIn, or any OAuth providers you want on login/signup
#
CLERK_PUBLISHABLE_KEY=pk_test_XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
CLERK_SECRET_KEY=sk_test_XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
CLERK_FRONTEND_API=https://your-app-slug.clerk.accounts.dev
CLERK_API_URL=https://api.clerk.com
CLERK_JWT_KEY=your_jwt_verification_key
CLERK_WEBHOOK_SECRET=whsec_XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
# ========================================
# Email Configuration
# ========================================
EMAIL_SERVICE=gmail
EMAIL_USER=your-email@gmail.com
EMAIL_PASSWORD=your-app-password
EMAIL_FROM=noreply@expenseflow.com
# ========================================
# AUTOMATED BACKUP SYSTEM (Issue #462)
# ========================================
# Local Backup Storage
BACKUP_DIR=./backups
BACKUP_RETENTION_DAYS=30
# Backup Schedule (in UTC timezone)
# Daily backup: 2:00 AM UTC
# Weekly backup: Sundays 3:00 AM UTC
# Monthly backup: 1st of month 4:00 AM UTC
# Retention cleanup: Daily 5:00 AM UTC
# AWS S3 Backup (Optional)
BACKUP_TO_S3=false
AWS_ACCESS_KEY_ID=your_aws_access_key
AWS_SECRET_ACCESS_KEY=your_aws_secret_key
AWS_REGION=us-east-1
AWS_BACKUP_BUCKET=expenseflow-backups
# Google Cloud Storage Backup (Optional)
BACKUP_TO_GCS=false
GCS_PROJECT_ID=your_gcs_project_id
GCS_KEY_FILE=./gcs-key.json
GCS_BACKUP_BUCKET=expenseflow-backups
# Azure Blob Storage Backup (Optional)
BACKUP_TO_AZURE=false
AZURE_STORAGE_ACCOUNT=your_storage_account_name
AZURE_STORAGE_KEY=your_storage_account_key
AZURE_BACKUP_CONTAINER=expenseflow-backups
# Backup Compression
BACKUP_COMPRESSION=true
BACKUP_COMPRESSION_LEVEL=9
# Backup Retention Policy
# Daily backups: retains last 7 days
# Weekly backups: retains last 4 weeks
# Monthly backups: retains indefinitely
BACKUP_DAILY_RETENTION_DAYS=7
BACKUP_WEEKLY_RETENTION_DAYS=28
BACKUP_MONTHLY_RETENTION_INDEFINITE=true
# ========================================
# Notification Configuration
# ========================================
# Send admin alerts when backups complete or fail
BACKUP_ADMIN_EMAIL=admin@expenseflow.com
BACKUP_SEND_NOTIFICATIONS=true
BACKUP_NOTIFY_ON_SUCCESS=true
BACKUP_NOTIFY_ON_FAILURE=true
# ========================================
# 2FA Configuration
# ========================================
GOOGLE_2FA_WINDOW=1
TWILIO_ACCOUNT_SID=your_twilio_account_sid
TWILIO_AUTH_TOKEN=your_twilio_auth_token
TWILIO_PHONE_NUMBER=+1234567890
# ========================================
# Cloud Integration
# ========================================
INTUIT_CLIENT_ID=your_intuit_client_id
INTUIT_CLIENT_SECRET=your_intuit_client_secret
XERO_CLIENT_ID=your_xero_client_id
XERO_CLIENT_SECRET=your_xero_client_secret
# ========================================
# External Services
# ========================================
EXCHANGE_RATE_API=https://api.exchangerate-api.com/v4/latest/
CRYPTO_API=https://api.coingecko.com/api/v3/
# ========================================
# Security Configuration
# ========================================
RATE_LIMIT_WINDOW=15
RATE_LIMIT_MAX_REQUESTS=100
RATE_LIMIT_DELAY=0
# ========================================
# File Upload Configuration
# ========================================
MAX_UPLOAD_SIZE=10485760
UPLOAD_DIR=./uploads
ALLOWED_EXTENSIONS=pdf,jpg,jpeg,png,doc,docx,xls,xlsx
# ========================================
# Session Configuration
# ========================================
SESSION_TIMEOUT=3600000
REMEMBER_ME_DURATION=2592000000
# ========================================
# Analytics Configuration
# ========================================
ENABLE_ANALYTICS=true
ANALYTICS_RETENTION_DAYS=90
# ========================================
# Logging Configuration
# ========================================
LOG_LEVEL=debug
LOG_DIR=./logs
ENABLE_FILE_LOGGING=true
ENABLE_CONSOLE_LOGGING=true
# ========================================
# Incident Response Automation (Issue #919)
# ========================================
# Comma-separated incident admin emails for /api/incident-automation access
INCIDENT_ADMIN_EMAILS=security-admin@expenseflow.com
# Optional outbound integrations
INCIDENT_SIEM_WEBHOOK_URL=
INCIDENT_TICKETING_WEBHOOK_URL=
INCIDENT_AUTOMATION_WEBHOOK_URL=