Files
pipely/.env.example
T
siujamo 442a1e2f9f refactor: move auth token to HttpOnly cookie, fix CORS and artefacts
Backend:
- Set JWT as HttpOnly cookie on login, add cookie fallback in auth middleware
- Add /auth/logout endpoint to clear cookie
- Fix CORS to echo origin with Allow-Credentials for withCredentials requests
- Make SPA static serving optional via SERVE_SPA config flag

Frontend:
- Remove manual token management; rely on HttpOnly cookie + withCredentials
- Simplify auth-slice to authenticated boolean flag
- Fix Artefact interface to match backend fields (sha256Hash, fileName, fileSize)
- Fix artefact upload endpoint and send version in FormData
- Use KiB/MiB for file size display
- Move Redux hooks from store/hooks to hooks/store
2026-07-07 15:57:26 +08:00

75 lines
3.7 KiB
Bash
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# ─────────────────────────────────────────────────────────
# OTA Manifest Server — Environment Variables
# ─────────────────────────────────────────────────────────
# Copy this file to .env and adjust values for your environment:
# cp .env.example .env
# ─────────────────────────────────────────────────────────
# ── Server ──────────────────────────────────────────────
# HTTP listen port.
# Default: 8080
SERVER_PORT=8080
# ── Security ────────────────────────────────────────────
# Secret key for signing JWT tokens. Use a long random string in production.
# Generate: openssl rand -hex 32
# Example: JWT_SECRET=a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6
JWT_SECRET=change-me-in-production
# JWT token validity period in hours.
# Default: 24 (tokens expire after 1 day)
JWT_EXPIRY_HRS=24
# ── Database ────────────────────────────────────────────
# PostgreSQL connection string (URL format).
# Format: postgres://<user>:<password>@<host>:<port>/<database>?sslmode=disable
# Default: postgres://postgres:postgres@localhost:5432/manifest?sslmode=disable
# Example: DATABASE_URL=postgres://ota_user:secret@10.0.1.5:5432/manifest?sslmode=disable
DATABASE_URL=postgres://postgres:postgres@localhost:5432/manifest?sslmode=disable
# ── Storage ─────────────────────────────────────────────
# Directory where uploaded JAR/artefact files are stored.
# Must be writable by the server process.
# Default: /var/ota/artefacts
# Linux: ARTEFACT_DIR=/var/ota/artefacts
# Windows: ARTEFACT_DIR=D:\ota\artefacts
# macOS: ARTEFACT_DIR=/usr/local/var/ota/artefacts
ARTEFACT_DIR=/var/ota/artefacts
# ── Download & Bandwidth Control ────────────────────────
# Maximum number of simultaneous download streams.
# Under 10 Mbps total bandwidth, each stream is throttled to
# ~BANDWIDTH_BPS / MAX_CONCURRENT_DOWNLOADS bytes/s.
# Default: 50
# Example: MAX_CONCURRENT_DOWNLOADS=30 (more conservative)
MAX_CONCURRENT_DOWNLOADS=50
# Per-connection bandwidth limit in bytes per second.
# The default (209715 ≈ 205 KB/s) keeps 50 concurrent streams
# at roughly 10 Mbps total (50 × 205 KB/s ≈ 10 MB/s).
# Default: 209715
# Example: BANDWIDTH_BPS=102400 (~100 KB/s per stream, ~5 Mbps total)
BANDWIDTH_BPS=209715
# ── Rate Limiting ───────────────────────────────────────
# Maximum API requests per second per client IP (token bucket).
# Burst capacity is 2× this value.
# Default: 100
# Example: RATE_LIMIT_RPS=50 (stricter, for constrained environments)
RATE_LIMIT_RPS=100
# ── Web Admin Panel ───────────────────────────────────────
# Whether the Go server should serve the built SPA frontend from ./web/dist.
# Set to false when using Caddy, Nginx, or another reverse proxy to serve
# the frontend and proxy API requests to this server.
# Default: true
# Example: SERVE_SPA=false (frontend served by external web server)
SERVE_SPA=true