agatha
aaacfae653
API responses now include file_url and thumbnail_url fields. When S3_PUBLIC_BASE_URL is configured, these point to the CDN domain; when unset, they fall back to the existing API proxy paths so local dev requires no additional setup. UI updated to use response URL fields directly instead of constructing proxy URLs client-side. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
38 lines
1.2 KiB
Plaintext
38 lines
1.2 KiB
Plaintext
# PostgreSQL — async DSN for SQLAlchemy + asyncpg
|
|
DATABASE_URL=postgresql+asyncpg://reactbin:reactbin@postgres:5432/reactbin
|
|
|
|
# S3-compatible object storage (MinIO in local dev)
|
|
S3_ENDPOINT_URL=http://minio:9000
|
|
S3_BUCKET_NAME=reactbin
|
|
S3_ACCESS_KEY_ID=minioadmin
|
|
S3_SECRET_ACCESS_KEY=minioadmin
|
|
S3_REGION=us-east-1
|
|
|
|
# Angular SPA — injected at build or runtime
|
|
API_BASE_URL=http://localhost:8000
|
|
|
|
# CDN base URL for serving images (e.g. https://cdn.example.com).
|
|
# Leave empty in local dev to use API proxy fallback.
|
|
S3_PUBLIC_BASE_URL=
|
|
|
|
# Upload size limit in bytes (default 50 MiB)
|
|
MAX_UPLOAD_BYTES=52428800
|
|
|
|
# Owner credentials and JWT signing secret
|
|
JWT_SECRET_KEY=change-me-to-a-long-random-string
|
|
JWT_EXPIRY_SECONDS=86400
|
|
OWNER_USERNAME=owner
|
|
OWNER_PASSWORD=change-me
|
|
|
|
# Login brute-force protection
|
|
LOGIN_MAX_FAILURES=5
|
|
LOGIN_WINDOW_SECONDS=300
|
|
LOGIN_COOLDOWN_SECONDS=900
|
|
# Comma-separated IPs/CIDRs of trusted upstream proxies (e.g. nginx ingress pod CIDR).
|
|
# Leave empty when not behind a reverse proxy.
|
|
LOGIN_TRUSTED_PROXY_IPS=
|
|
|
|
# API documentation endpoints (Swagger UI, ReDoc, OpenAPI schema)
|
|
# Set to false in production to avoid exposing the API surface publicly.
|
|
API_DOCS_ENABLED=true
|