Spaces:
Sleeping
Sleeping
| # ============================================================================= | |
| # API Gateway Environment Configuration | |
| # ============================================================================= | |
| # Copy this file to .env and fill in your actual values | |
| # Never commit the .env file to version control! | |
| # ----------------------------------------------------------------------------- | |
| # Environment | |
| # ----------------------------------------------------------------------------- | |
| # Options: "production" or "development" | |
| # Affects cookie security settings and database naming | |
| ENVIRONMENT=development | |
| # ----------------------------------------------------------------------------- | |
| # Database | |
| # ----------------------------------------------------------------------------- | |
| # Database name (filename will be {DB_NAME}_{ENVIRONMENT}.db) | |
| DB_NAME=apigateway | |
| # Reset database on startup (CAUTION: deletes all data) | |
| # RESET_DB=true | |
| # ----------------------------------------------------------------------------- | |
| # CORS Configuration | |
| # ----------------------------------------------------------------------------- | |
| # Comma-separated list of allowed origins for CORS (NO SPACES!) | |
| # IMPORTANT: Required for cookies to work with credentials | |
| # Production example: CORS_ORIGINS=https://app.yourdomain.com,https://www.yourdomain.com | |
| # Development example: CORS_ORIGINS=http://localhost:3000,http://localhost:5173 | |
| CORS_ORIGINS=http://localhost:3000,http://localhost:5173 | |
| # ----------------------------------------------------------------------------- | |
| # JWT Authentication | |
| # ----------------------------------------------------------------------------- | |
| # Secret key for signing JWT tokens (REQUIRED) | |
| # Generate with: python -c "import secrets; print(secrets.token_urlsafe(64))" | |
| JWT_SECRET=your-secret-key-here-change-me | |
| # JWT algorithm for token signing | |
| JWT_ALGORITHM=HS256 | |
| # Access token expiry in minutes (short-lived, for API requests) | |
| # Production: 5-15 minutes | Development: 30-60 minutes | |
| JWT_ACCESS_EXPIRY_MINUTES=15 | |
| # Refresh token expiry in days (long-lived, for getting new access tokens) | |
| # Production: 7-14 days | Development: 30-90 days | |
| JWT_REFRESH_EXPIRY_DAYS=7 | |
| # ----------------------------------------------------------------------------- | |
| # Google OAuth | |
| # ----------------------------------------------------------------------------- | |
| # Google OAuth Client ID for Google Sign-In | |
| # Get from: https://console.cloud.google.com/apis/credentials | |
| AUTH_SIGN_IN_GOOGLE_CLIENT_ID=your-google-client-id.apps.googleusercontent.com | |
| # ----------------------------------------------------------------------------- | |
| # Admin Configuration | |
| # ----------------------------------------------------------------------------- | |
| # Comma-separated list of admin email addresses | |
| # Example: ADMIN_EMAILS=admin@example.com,boss@example.com | |
| ADMIN_EMAILS= | |
| # ----------------------------------------------------------------------------- | |
| # Payment Integration (Razorpay) | |
| # ----------------------------------------------------------------------------- | |
| # Razorpay API credentials | |
| # Get from: https://dashboard.razorpay.com/app/keys | |
| RAZORPAY_KEY_ID=your_razorpay_key_id | |
| RAZORPAY_KEY_SECRET=your_razorpay_key_secret | |
| # Razorpay webhook secret for verifying webhook signatures | |
| # Get from: https://dashboard.razorpay.com/app/webhooks | |
| RAZORPAY_WEBHOOK_SECRET=your_webhook_secret | |
| # ----------------------------------------------------------------------------- | |
| # Google Drive Backup (Optional) | |
| # ----------------------------------------------------------------------------- | |
| # Path to Google Drive service account credentials JSON file | |
| # Used for automatic database backups to Google Drive | |
| # GOOGLE_DRIVE_CREDENTIALS_PATH=/path/to/credentials.json | |
| # Google Drive folder ID where backups should be stored | |
| # GOOGLE_DRIVE_FOLDER_ID=your_folder_id | |
| # ----------------------------------------------------------------------------- | |
| # Gemini AI API Keys | |
| # ----------------------------------------------------------------------------- | |
| # Comma-separated list of Gemini API keys for video generation | |
| # Get from: https://makersuite.google.com/app/apikey | |
| # Example: GEMINI_API_KEYS=key1,key2,key3 | |
| GEMINI_API_KEYS=your-gemini-api-key | |
| # Number of concurrent jobs per API key (rate limiting) | |
| JOB_PER_API_KEY=2 | |
| # Enable mock mode for testing without consuming API credits | |
| # GEMINI_MOCK_MODE=true | |
| # ----------------------------------------------------------------------------- | |
| # Email Configuration (Optional) | |
| # ----------------------------------------------------------------------------- | |
| # SMTP settings for sending emails (contact form, notifications, etc.) | |
| # SMTP_HOST=smtp.gmail.com | |
| # SMTP_PORT=587 | |
| # SMTP_USER=your-email@gmail.com | |
| # SMTP_PASSWORD=your-app-password | |
| # SMTP_FROM=noreply@yourdomain.com | |
| # ----------------------------------------------------------------------------- | |
| # Logging | |
| # ----------------------------------------------------------------------------- | |
| # Log level: DEBUG, INFO, WARNING, ERROR, CRITICAL | |
| LOG_LEVEL=INFO | |
| # ----------------------------------------------------------------------------- | |
| # Server Configuration | |
| # ----------------------------------------------------------------------------- | |
| # Server host and port (for uvicorn) | |
| # HOST=0.0.0.0 | |
| # PORT=8000 | |
| # Number of worker processes | |
| # WORKERS=4 | |
| # ----------------------------------------------------------------------------- | |
| # Feature Flags (Optional) | |
| # ----------------------------------------------------------------------------- | |
| # Enable/disable specific features | |
| # ENABLE_RATE_LIMITING=true | |
| # ENABLE_AUDIT_LOGGING=true | |
| # ENABLE_AUTO_BACKUP=true | |
| # ============================================================================= | |
| # Notes | |
| # ============================================================================= | |
| # 1. JWT_SECRET is REQUIRED - generate a secure one before deploying! | |
| # 2. In production, set ENVIRONMENT=production for proper cookie security | |
| # 3. CORS_ORIGINS must match your frontend domain exactly (including https://) | |
| # 4. Never commit your .env file - it contains sensitive credentials | |
| # 5. Keep your .env.example file updated as you add new variables | |