442a1e2f9f
Backend: - Set JWT as HttpOnly cookie on login, add cookie fallback in auth middleware - Add /auth/logout endpoint to clear cookie - Fix CORS to echo origin with Allow-Credentials for withCredentials requests - Make SPA static serving optional via SERVE_SPA config flag Frontend: - Remove manual token management; rely on HttpOnly cookie + withCredentials - Simplify auth-slice to authenticated boolean flag - Fix Artefact interface to match backend fields (sha256Hash, fileName, fileSize) - Fix artefact upload endpoint and send version in FormData - Use KiB/MiB for file size display - Move Redux hooks from store/hooks to hooks/store
75 lines
3.7 KiB
Bash
75 lines
3.7 KiB
Bash
# ─────────────────────────────────────────────────────────
|
||
# OTA Manifest Server — Environment Variables
|
||
# ─────────────────────────────────────────────────────────
|
||
# Copy this file to .env and adjust values for your environment:
|
||
# cp .env.example .env
|
||
# ─────────────────────────────────────────────────────────
|
||
|
||
# ── Server ──────────────────────────────────────────────
|
||
|
||
# HTTP listen port.
|
||
# Default: 8080
|
||
SERVER_PORT=8080
|
||
|
||
# ── Security ────────────────────────────────────────────
|
||
|
||
# Secret key for signing JWT tokens. Use a long random string in production.
|
||
# Generate: openssl rand -hex 32
|
||
# Example: JWT_SECRET=a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6
|
||
JWT_SECRET=change-me-in-production
|
||
|
||
# JWT token validity period in hours.
|
||
# Default: 24 (tokens expire after 1 day)
|
||
JWT_EXPIRY_HRS=24
|
||
|
||
# ── Database ────────────────────────────────────────────
|
||
|
||
# PostgreSQL connection string (URL format).
|
||
# Format: postgres://<user>:<password>@<host>:<port>/<database>?sslmode=disable
|
||
# Default: postgres://postgres:postgres@localhost:5432/manifest?sslmode=disable
|
||
# Example: DATABASE_URL=postgres://ota_user:secret@10.0.1.5:5432/manifest?sslmode=disable
|
||
DATABASE_URL=postgres://postgres:postgres@localhost:5432/manifest?sslmode=disable
|
||
|
||
# ── Storage ─────────────────────────────────────────────
|
||
|
||
# Directory where uploaded JAR/artefact files are stored.
|
||
# Must be writable by the server process.
|
||
# Default: /var/ota/artefacts
|
||
# Linux: ARTEFACT_DIR=/var/ota/artefacts
|
||
# Windows: ARTEFACT_DIR=D:\ota\artefacts
|
||
# macOS: ARTEFACT_DIR=/usr/local/var/ota/artefacts
|
||
ARTEFACT_DIR=/var/ota/artefacts
|
||
|
||
# ── Download & Bandwidth Control ────────────────────────
|
||
|
||
# Maximum number of simultaneous download streams.
|
||
# Under 10 Mbps total bandwidth, each stream is throttled to
|
||
# ~BANDWIDTH_BPS / MAX_CONCURRENT_DOWNLOADS bytes/s.
|
||
# Default: 50
|
||
# Example: MAX_CONCURRENT_DOWNLOADS=30 (more conservative)
|
||
MAX_CONCURRENT_DOWNLOADS=50
|
||
|
||
# Per-connection bandwidth limit in bytes per second.
|
||
# The default (209715 ≈ 205 KB/s) keeps 50 concurrent streams
|
||
# at roughly 10 Mbps total (50 × 205 KB/s ≈ 10 MB/s).
|
||
# Default: 209715
|
||
# Example: BANDWIDTH_BPS=102400 (~100 KB/s per stream, ~5 Mbps total)
|
||
BANDWIDTH_BPS=209715
|
||
|
||
# ── Rate Limiting ───────────────────────────────────────
|
||
|
||
# Maximum API requests per second per client IP (token bucket).
|
||
# Burst capacity is 2× this value.
|
||
# Default: 100
|
||
# Example: RATE_LIMIT_RPS=50 (stricter, for constrained environments)
|
||
RATE_LIMIT_RPS=100
|
||
|
||
# ── Web Admin Panel ───────────────────────────────────────
|
||
|
||
# Whether the Go server should serve the built SPA frontend from ./web/dist.
|
||
# Set to false when using Caddy, Nginx, or another reverse proxy to serve
|
||
# the frontend and proxy API requests to this server.
|
||
# Default: true
|
||
# Example: SERVE_SPA=false (frontend served by external web server)
|
||
SERVE_SPA=true
|