drive/apps/backend/config.example.yaml

# Drexa Backend Configuration
# Copy this file to config.yaml and adjust values for your environment.

server:
  port: 8080

database:
  postgres_url: postgres://user:password@localhost:5432/drexa?sslmode=disable

jwt:
  issuer: drexa
  audience: drexa-api
  # Secret key can be provided via (in order of precedence):
  # 1. JWT_SECRET_KEY environment variable (base64 encoded)
  # 2. secret_key_base64 below (base64 encoded)
  # 3. secret_key_path below (file with base64 encoded content)
  # secret_key_base64: "base64encodedkey"
  secret_key_path: /run/secrets/jwt_secret_key

storage:
  # Mode: "flat" (UUID-based keys) or "hierarchical" (path-based keys)
  # Note: S3 backend only supports "flat" mode
  mode: flat
  # Backend: "fs" (filesystem) or "s3" (not yet implemented)
  backend: fs
  # Required when backend is "fs"
  root_path: /var/lib/drexa/blobs
  # Required when backend is "s3"
  # bucket: my-drexa-bucket

cookie:
  # Domain for cross-subdomain auth cookies.
  # Set this when frontend and API are on different subdomains (e.g., "app.com" for web.app.com + api.app.com).
  # Leave empty for same-host cookies (localhost, single domain).
  # domain: app.com

cors:
  # Allowed origins for cross-origin requests.
  # Required when frontend and API are on different domains.
  # If not specified, CORS will be restrictive (only same-origin requests allowed).
  # Example for cross-domain setup:
  # allow_origins:
  #   - http://localhost:3000
  #   - https://app.example.com
  # Allow credentials (cookies, authorization headers) in cross-origin requests.
  # Should be true when using cookies for authentication in cross-domain setups.
  # Note: When allow_credentials is true, you must explicitly specify allow_origins
  # (wildcard "*" is not allowed with credentials for security reasons).
  # allow_credentials: true