-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.web.example
More file actions
110 lines (93 loc) · 4.51 KB
/
.env.web.example
File metadata and controls
110 lines (93 loc) · 4.51 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
# Wealthfolio Web Mode Environment Configuration
# Copy this file to .env.web and customize for your local development setup
# All variables are optional and will use defaults if not set
# =============================================================================
# SERVER CONFIGURATION (Axum Backend)
# =============================================================================
# Server bind address (default: 0.0.0.0:8080)
# For local development, use 127.0.0.1 to bind only to localhost
# For Docker or network access, use 0.0.0.0
WF_LISTEN_ADDR=127.0.0.1:8080
# SQLite database path (default: ./db/app.db)
# Can be a file path or directory (if directory, app.db will be created inside)
# Examples:
# - ./db/web-dev.db (file path)
# - ./db (directory, will use ./db/app.db)
WF_DB_PATH=./db/web-dev.db
# CORS allowed origins (default: *)
# Comma-separated list of origins that can access the API
# Set this to restrict cross-origin requests for security
# Examples:
# - http://localhost:1420 (Vite dev server only)
# - http://localhost:1420,http://localhost:3000 (multiple origins)
# - * (allow all origins - not recommended for production)
WF_CORS_ALLOW_ORIGINS=http://localhost:1420
# Request timeout in milliseconds (default: 30000)
# Maximum time to wait for a request to complete
WF_REQUEST_TIMEOUT_MS=30000
# Static files directory (default: dist)
# Directory containing the built frontend assets
# Only relevant when running the server in production mode
WF_STATIC_DIR=dist
# =============================================================================
# SECRETS & SECURITY
# =============================================================================
# Encryption key used for both secrets at rest and JWT signing (required)
# Must be a 32-byte key, either:
# - Base64-encoded string (recommended): Generate with 'openssl rand -base64 32'
# - 32-character ASCII string
# SECURITY: Keep this key secure and never commit it to version control
WF_SECRET_KEY=
# Example generation commands:
# macOS/Linux: export WF_SECRET_KEY=$(openssl rand -base64 32)
# Windows PS: $env:WF_SECRET_KEY=$(openssl rand -base64 32)
# Authentication for web mode (required to enable login)
# Provide an Argon2id PHC string (see README for generation instructions)
WF_AUTH_PASSWORD_HASH=
# Optional JWT access token lifetime in minutes (default: 60)
# WF_AUTH_TOKEN_TTL_MINUTES=60
# Secrets storage file path (optional)
# Location where encrypted secrets are stored (default: <data-root>/secrets.json)
# The data root is derived from the database path
# WF_SECRET_FILE=
# =============================================================================
# ADDONS CONFIGURATION
# =============================================================================
# Addons directory path (optional)
# Location where addons are installed and loaded from
# If not set, defaults to <data-root>/addons (derived from database path)
# WF_ADDONS_DIR=
# =============================================================================
# VITE DEVELOPMENT SERVER CONFIGURATION
# =============================================================================
# Backend API URL for Vite proxy (default: http://127.0.0.1:8080)
# This tells Vite where to proxy API requests during development
# Should match WF_LISTEN_ADDR above
VITE_API_TARGET=http://127.0.0.1:8080
# =============================================================================
# USAGE NOTES
# =============================================================================
#
# 1. Development Mode:
# - Run 'pnpm run dev:web' to start both Vite and the Axum server
# - Access the app at http://localhost:1420 (Vite dev server)
# - API requests are proxied to the backend at WF_LISTEN_ADDR
#
# 2. Production Mode (Docker):
# - Build: docker build -t wealthfolio-web .
# - Run: docker run -e WF_LISTEN_ADDR=0.0.0.0:8080 -p 8080:8080 wealthfolio-web
# - Access at http://localhost:8080 (serves both frontend and API)
#
# 3. Security Best Practices:
# - Always set WF_SECRET_KEY in production
# - Restrict WF_CORS_ALLOW_ORIGINS to known origins
# - Use HTTPS in production (consider reverse proxy like nginx/Caddy)
# - Keep this file (.env.web) out of version control
# - Never commit WF_SECRET_KEY to git
#
# 4. Database Path Recommendations:
# - Development: Use ./db/web-dev.db to separate from desktop app data
# - Production: Use absolute paths or Docker volumes for persistence
# - Backup regularly, especially before updates
#
# =============================================================================