# ============================================================================ # ROA2WEB Backend - Environment Configuration Template # ============================================================================ # Copy this file to .env and fill in your actual values # IMPORTANT: Never commit .env file to git! # ============================================================================ # ORACLE DATABASE CONFIGURATION (REQUIRED) # ============================================================================ # Connection to CONTAFIN_ORACLE schema for authentication and user management # Each company is a separate schema in Oracle Database # Development: Through SSH tunnel (localhost:1526) # Windows Production: Direct connection to Oracle server ORACLE_USER=CONTAFIN_ORACLE ORACLE_PASSWORD=SET_IN_PRODUCTION_ENV ORACLE_HOST=localhost ORACLE_PORT=1526 ORACLE_SID=ROA # Development Only: Start SSH tunnel before running backend # ./ssh_tunnel.sh start # ./ssh_tunnel.sh status # ============================================================================ # JWT AUTHENTICATION (REQUIRED) # ============================================================================ # Used for JWT token generation and validation (shared/auth/jwt_handler.py) # Generate strong secret: python3 -c "import secrets; print(secrets.token_urlsafe(32))" JWT_SECRET_KEY=GENERATE_STRONG_SECRET_IN_PRODUCTION # Token expiration settings (used by shared/auth/jwt_handler.py) ACCESS_TOKEN_EXPIRE_MINUTES=30 REFRESH_TOKEN_EXPIRE_DAYS=7 # ============================================================================ # SESSION SECURITY - EMAIL 2FA (REQUIRED) # ============================================================================ # Must match telegram-bot AUTH_SESSION_SECRET for email login flow # Used by backend/app/routers/telegram.py for session token validation # Generate with: python3 -c "import secrets; print(secrets.token_urlsafe(32))" AUTH_SESSION_SECRET=your-secure-random-secret-here-min-32-chars # ============================================================================ # TELEGRAM BOT INTEGRATION (REQUIRED for Telegram features) # ============================================================================ # Internal API URL for telegram bot service (auth code management) # Used by backend/app/routers/telegram.py to communicate with bot # Development: http://localhost:8002 # Windows Production: http://localhost:8002 # Docker Production: http://telegram-bot:8002 TELEGRAM_BOT_INTERNAL_API=http://localhost:8002 # ============================================================================ # CACHE CONFIGURATION (OPTIONAL - defaults provided) # ============================================================================ # Two-tier hybrid cache system (L1: in-memory LRU, L2: SQLite persistent) # Used by backend/app/cache/config.py # Core Settings CACHE_ENABLED=True CACHE_TYPE=hybrid CACHE_SQLITE_PATH=./cache_data/roa2web_cache.db CACHE_MEMORY_MAX_SIZE=1000 CACHE_DEFAULT_TTL=900 # TTL per Cache Type (seconds) CACHE_TTL_SCHEMA=86400 CACHE_TTL_COMPANIES=1800 CACHE_TTL_DASHBOARD_SUMMARY=1800 CACHE_TTL_DASHBOARD_TRENDS=1800 CACHE_TTL_INVOICES=600 CACHE_TTL_INVOICES_SUMMARY=900 CACHE_TTL_TREASURY=600 # Maintenance CACHE_CLEANUP_INTERVAL=3600 # Event-Based Invalidation (experimental) CACHE_AUTO_INVALIDATE=False CACHE_CHECK_INTERVAL=300 # Performance Tracking CACHE_TRACK_PERFORMANCE=True CACHE_BENCHMARK_ON_STARTUP=False