romfast/roa2web-service-auto
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
roa2web-service-auto/backend/.env.example
Claude Agent b137e80b71 feat: multi-Oracle server support with runtime switching 
Complete implementation of multi-server Oracle database support:

Backend:
- Multi-pool Oracle with lazy loading per server
- Email-to-server cache for automatic server discovery
- JWT tokens include server_id claim
- /auth/check-identity and /auth/check-email endpoints
- /auth/my-servers endpoint for listing user's accessible servers
- Server switch with password re-authentication

Frontend:
- New ServerSelector component for header dropdown
- Multi-step login flow (identity → server → password)
- Server switching from header with password modal
- Mobile drawer menu with server selection
- Dark mode support for all new components
- URL bookmark support with ?server= query param

Scripts:
- Unified start.sh replacing start-prod.sh/start-test.sh
- Unified ssh-tunnel.sh with multi-server support
- Updated status.sh for new architecture

Tests:
- E2E tests for multi-server and single-server login flows
- Backend unit tests for all new endpoints
- Oracle multi-pool integration tests

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-26 22:39:06 +00:00

180 lines
6.9 KiB
Plaintext
Raw Permalink Blame History

# ============================================================================
# ROA2WEB Unified Backend - Environment Configuration Template
# ============================================================================
# Single backend process serving Reports, Data Entry, and Telegram modules
#
# SETUP INSTRUCTIONS:
# 1. Copy this template: cp .env.example .env.dev
# 2. Fill in your actual values in .env.dev
# 3. Run: ./start-dev.sh (auto-copies .env.dev to .env)
#
# ENVIRONMENT FILES:
# - .env.dev → Development config (committed to git with real values)
# - .env.test → Test config (committed to git)
# - .env.prod → Production config template (committed, use placeholders!)
# - .env → Active config (auto-generated, NOT committed)
#
# IMPORTANT: Never manually edit .env - edit .env.dev instead!
# ============================================================================
# ORACLE DATABASE CONFIGURATION
# ============================================================================
# Single server: Use ORACLE_USER/HOST/PORT/SID
# Multi-server: Use ORACLE_SERVERS JSON (ignores single server vars)
# Passwords: secrets/{id}.oracle_pass
# SSH tunnels: ssh-tunnels.json (separate file)
ORACLE_USER=CONTAFIN_ORACLE
ORACLE_PASSWORD=SET_IN_SECRETS_FILE
ORACLE_HOST=localhost
ORACLE_PORT=1521
ORACLE_SID=ROA
# Multi-server example (uncomment to use):
# ORACLE_SERVERS='[{"id":"server1","name":"Server 1","host":"localhost","port":1521,"user":"USER","sid":"ROA"}]'
# ============================================================================
# JWT AUTHENTICATION (REQUIRED - Shared by all modules)
# ============================================================================
# Used for JWT token generation and validation (shared/auth/jwt_handler.py)
# Generate strong secret: python3 -c "import secrets; print(secrets.token_urlsafe(32))"
JWT_SECRET_KEY=GENERATE_STRONG_SECRET_IN_PRODUCTION
JWT_ALGORITHM=HS256
# Token expiration settings (used by shared/auth/jwt_handler.py)
ACCESS_TOKEN_EXPIRE_MINUTES=30
REFRESH_TOKEN_EXPIRE_DAYS=7
# ============================================================================
# SESSION SECURITY - EMAIL 2FA (REQUIRED for Telegram email login)
# ============================================================================
# Used by Telegram module for session token validation
# Generate with: python3 -c "import secrets; print(secrets.token_urlsafe(32))"
AUTH_SESSION_SECRET=your-secure-random-secret-here-min-32-chars
# ============================================================================
# SERVER CONFIGURATION
# ============================================================================
# Unified backend server settings
API_HOST=0.0.0.0
API_PORT=8000
DEBUG=false
# CORS Origins (comma-separated)
CORS_ORIGINS=http://localhost:3000,http://localhost:5173
# ============================================================================
# REPORTS MODULE - CACHE CONFIGURATION (OPTIONAL - defaults provided)
# ============================================================================
# Two-tier hybrid cache system (L1: in-memory LRU, L2: SQLite persistent)
# Used by backend/modules/reports/cache/config.py
# Core Settings
REPORTS_CACHE_ENABLED=True
REPORTS_CACHE_TYPE=hybrid
REPORTS_CACHE_SQLITE_PATH=./data/cache/roa2web_cache.db
REPORTS_CACHE_MEMORY_MAX_SIZE=1000
REPORTS_CACHE_DEFAULT_TTL=900
# TTL per Cache Type (seconds)
REPORTS_CACHE_TTL_SCHEMA=86400
REPORTS_CACHE_TTL_COMPANIES=1800
REPORTS_CACHE_TTL_DASHBOARD_SUMMARY=1800
REPORTS_CACHE_TTL_DASHBOARD_TRENDS=1800
REPORTS_CACHE_TTL_INVOICES=600
REPORTS_CACHE_TTL_INVOICES_SUMMARY=900
REPORTS_CACHE_TTL_TREASURY=600
# Maintenance
REPORTS_CACHE_CLEANUP_INTERVAL=3600
# Event-Based Invalidation (experimental)
REPORTS_CACHE_AUTO_INVALIDATE=False
REPORTS_CACHE_CHECK_INTERVAL=300
# Performance Tracking
REPORTS_CACHE_TRACK_PERFORMANCE=True
REPORTS_CACHE_BENCHMARK_ON_STARTUP=False
# ============================================================================
# DATA ENTRY MODULE - CONFIGURATION
# ============================================================================
# Data Entry module settings (receipts, OCR, etc.)
# SQLite Database
DATA_ENTRY_SQLITE_DATABASE_PATH=data/receipts/receipts.db
# File uploads
DATA_ENTRY_UPLOAD_PATH=data/receipts/uploads
DATA_ENTRY_MAX_UPLOAD_SIZE_MB=10
# ============================================================================
# OCR ENGINE CONFIGURATION
# ============================================================================
# Control which OCR engines are loaded at startup.
# Disabling engines saves memory but limits available OCR modes.
# Enable/disable PaddleOCR (set to 'false' to save ~800MB RAM)
# When disabled: 'paddleocr' engine unavailable
OCR_ENABLE_PADDLEOCR=false
# Enable/disable Tesseract (set to 'false' to save ~50MB RAM)
# When disabled: 'tesseract' engine unavailable
OCR_ENABLE_TESSERACT=false
# Default OCR engine when not specified in request
# Options: tesseract, doctr, doctr_plus, paddleocr
# Recommended: doctr_plus (2-tier sequential with early exit, ~7.5s avg)
OCR_DEFAULT_ENGINE=doctr_plus
# Active OCR engines shown in frontend dropdown (comma-separated)
# Options: tesseract, doctr, doctr_plus, paddleocr
# doctr_plus: 73.3% perfect, 7.5s avg, 65% fast path (recommended)
# doctr: 63.3% perfect, simpler but faster
OCR_ACTIVE_ENGINES=tesseract,doctr,doctr_plus,paddleocr
# OCR Worker Pool Configuration
# Number of parallel OCR workers (each loads ~1GB for docTR)
# Recommended: 2 for 8GB RAM, 3 for 16GB RAM
OCR_WORKERS=2
# Max tasks per worker before restart (0 = no restart, saves 40-60s warmup time)
# Set to 0 for testing, 10-20 for production (prevents memory leaks)
OCR_MAX_TASKS_PER_CHILD=0
# ============================================================================
# TELEGRAM MODULE - BOT CONFIGURATION (REQUIRED for Telegram features)
# ============================================================================
# Obtain bot token from @BotFather on Telegram
TELEGRAM_BOT_TOKEN=your_bot_token_here
# ============================================================================
# TELEGRAM MODULE - EMAIL AUTHENTICATION (SMTP) (REQUIRED for email 2FA)
# ============================================================================
# Required for email-based 2FA authentication flow
# Users can login with email + password instead of web app linking
# SMTP Server Configuration
TELEGRAM_SMTP_HOST=mail.romfast.ro
TELEGRAM_SMTP_PORT=587
TELEGRAM_SMTP_USER=ups@romfast.ro
TELEGRAM_SMTP_PASSWORD=your_smtp_password_here
TELEGRAM_SMTP_FROM_EMAIL=ups@romfast.ro
TELEGRAM_SMTP_FROM_NAME=ROA2WEB
TELEGRAM_SMTP_USE_TLS=true
# Email Retry Settings
TELEGRAM_EMAIL_MAX_RETRIES=3
TELEGRAM_EMAIL_RETRY_DELAY=2.0
# ============================================================================
# TELEGRAM MODULE - DATABASE (SQLite for bot data)
# ============================================================================
# Separate SQLite database for Telegram bot auth codes and sessions
TELEGRAM_SQLITE_DATABASE_PATH=data/telegram/telegram.db
Reference in New Issue View Git Blame Copy Permalink