drive/apps/backend/config.example.yaml

# Drexa Backend Configuration
# Copy this file to config.yaml and adjust values for your environment.

server:
  port: 8080

database:
  postgres_url: postgres://user:password@localhost:5432/drexa?sslmode=disable

jwt:
  issuer: drexa
  audience: drexa-api
  # Secret key can be provided via (in order of precedence):
  # 1. JWT_SECRET_KEY environment variable (base64 encoded)
  # 2. secret_key_base64 below (base64 encoded)
  # 3. secret_key_path below (file with base64 encoded content)
  # secret_key_base64: "base64encodedkey"
  secret_key_path: /run/secrets/jwt_secret_key

storage:
  # Mode: "flat" (UUID-based keys) or "hierarchical" (path-based keys)
  # Note: S3 backend only supports "flat" mode
  mode: flat
  # Backend: "fs" (filesystem) or "s3" (not yet implemented)
  backend: fs
  # Required when backend is "fs"
  root_path: /var/lib/drexa/blobs
  # Required when backend is "s3"
  # bucket: my-drexa-bucket

cookie:
  # Domain for cross-subdomain auth cookies.
  # Set this when frontend and API are on different subdomains (e.g., "app.com" for web.app.com + api.app.com).
  # Leave empty for same-host cookies (localhost, single domain).
  # domain: app.com
  # Secure flag for cookies. If not set, automatically determined from request protocol (true for HTTPS, false for HTTP).
  # Set explicitly to override automatic detection (useful for local development with HTTPS).
  # secure: false

cors:
  # Allowed origins for cross-origin requests.
  # Required when frontend and API are on different domains.
  # If not specified, CORS will be restrictive (only same-origin requests allowed).
  # Example for cross-domain setup:
  # allow_origins:
  #   - http://localhost:3000
  #   - https://app.example.com
  # Allow credentials (cookies, authorization headers) in cross-origin requests.
  # Should be true when using cookies for authentication in cross-domain setups.
  # Note: When allow_credentials is true, you must explicitly specify allow_origins
  # (wildcard "*" is not allowed with credentials for security reasons).
  # allow_credentials: true
feat: impl config loading 2025-11-29 18:09:41 +00:00			`# Drexa Backend Configuration`
			`# Copy this file to config.yaml and adjust values for your environment.`

			`server:`
			`port: 8080`

			`database:`
			`postgres_url: postgres://user:password@localhost:5432/drexa?sslmode=disable`

			`jwt:`
			`issuer: drexa`
			`audience: drexa-api`
			`# Secret key can be provided via (in order of precedence):`
			`# 1. JWT_SECRET_KEY environment variable (base64 encoded)`
			`# 2. secret_key_base64 below (base64 encoded)`
			`# 3. secret_key_path below (file with base64 encoded content)`
			`# secret_key_base64: "base64encodedkey"`
			`secret_key_path: /run/secrets/jwt_secret_key`

			`storage:`
			`# Mode: "flat" (UUID-based keys) or "hierarchical" (path-based keys)`
			`# Note: S3 backend only supports "flat" mode`
			`mode: flat`
			`# Backend: "fs" (filesystem) or "s3" (not yet implemented)`
			`backend: fs`
			`# Required when backend is "fs"`
			`root_path: /var/lib/drexa/blobs`
			`# Required when backend is "s3"`
			`# bucket: my-drexa-bucket`

feat: impl cookie-based auth tokens exchange implement access/refresh token exchange via cookies as well as automatic access token refresh 2025-12-04 00:26:20 +00:00			`cookie:`
			`# Domain for cross-subdomain auth cookies.`
			`# Set this when frontend and API are on different subdomains (e.g., "app.com" for web.app.com + api.app.com).`
refactor: initial frontend wiring for new api 2025-12-15 00:13:10 +00:00			`# Leave empty for same-host cookies (localhost, single domain).`
feat: impl cookie-based auth tokens exchange implement access/refresh token exchange via cookies as well as automatic access token refresh 2025-12-04 00:26:20 +00:00			`# domain: app.com`
refactor: initial frontend wiring for new api 2025-12-15 00:13:10 +00:00			`# Secure flag for cookies. If not set, automatically determined from request protocol (true for HTTPS, false for HTTP).`
			`# Set explicitly to override automatic detection (useful for local development with HTTPS).`
			`# secure: false`

			`cors:`
			`# Allowed origins for cross-origin requests.`
			`# Required when frontend and API are on different domains.`
			`# If not specified, CORS will be restrictive (only same-origin requests allowed).`
			`# Example for cross-domain setup:`
			`# allow_origins:`
			`# - http://localhost:3000`
			`# - https://app.example.com`
			`# Allow credentials (cookies, authorization headers) in cross-origin requests.`
			`# Should be true when using cookies for authentication in cross-domain setups.`
			`# Note: When allow_credentials is true, you must explicitly specify allow_origins`
			`# (wildcard "*" is not allowed with credentials for security reasons).`
			`# allow_credentials: true`