Rustelo/config/others/rbac.env.example

# RBAC (Role-Based Access Control) Configuration
# Copy this file to .env and configure for your environment

# =============================================================================
# RBAC Feature Flags
# =============================================================================

# Enable/disable RBAC system entirely (default: false)
ENABLE_RBAC=false

# Database access control (requires ENABLE_RBAC=true)
ENABLE_RBAC_DATABASE=false

# File system access control (requires ENABLE_RBAC=true)
ENABLE_RBAC_FILES=false

# Content management access control (requires ENABLE_RBAC=true)
ENABLE_RBAC_CONTENT=false

# API endpoint access control (requires ENABLE_RBAC=true)
ENABLE_RBAC_API=false

# User categories feature (requires ENABLE_RBAC=true)
ENABLE_RBAC_CATEGORIES=false

# User tags feature (requires ENABLE_RBAC=true)
ENABLE_RBAC_TAGS=false

# Permission caching (improves performance, requires ENABLE_RBAC=true)
ENABLE_RBAC_CACHING=false

# Access audit logging (requires ENABLE_RBAC=true)
ENABLE_RBAC_AUDIT=false

# TOML configuration file loading (requires ENABLE_RBAC=true)
ENABLE_RBAC_TOML_CONFIG=false

# Hierarchical permissions (categories/tags inheritance)
ENABLE_RBAC_HIERARCHICAL=false

# Dynamic rule evaluation
ENABLE_RBAC_DYNAMIC_RULES=false

# =============================================================================
# RBAC Configuration Paths
# =============================================================================

# Path to RBAC TOML configuration file
RBAC_CONFIG_PATH=config/rbac.toml

# Path to RBAC database migrations
RBAC_MIGRATIONS_PATH=migrations/rbac

# =============================================================================
# Core Authentication (always required)
# =============================================================================

# Enable basic authentication system
ENABLE_AUTH=true

# Enable JWT token authentication
ENABLE_JWT=true

# Enable OAuth providers (Google, GitHub, etc.)
ENABLE_OAUTH=false

# Enable two-factor authentication
ENABLE_2FA=false

# Enable session management
ENABLE_SESSIONS=true

# Enable password reset functionality
ENABLE_PASSWORD_RESET=true

# Enable email verification
ENABLE_EMAIL_VERIFICATION=false

# =============================================================================
# Database Configuration
# =============================================================================

# Database connection string
DATABASE_URL=postgresql://username:password@localhost:5432/rustelo_dev

# Database pool settings
DATABASE_MAX_CONNECTIONS=20
DATABASE_MIN_CONNECTIONS=5
DATABASE_CONNECTION_TIMEOUT=30
DATABASE_IDLE_TIMEOUT=600
DATABASE_MAX_LIFETIME=1800

# =============================================================================
# Server Configuration
# =============================================================================

# Server host and port
SERVER_HOST=127.0.0.1
SERVER_PORT=3030
SERVER_PROTOCOL=http

# Environment (development/production)
ENVIRONMENT=development

# =============================================================================
# Security Configuration
# =============================================================================

# JWT secret key (change in production!)
JWT_SECRET=your-super-secret-jwt-key-change-this-in-production

# Session secret (change in production!)
SESSION_SECRET=your-session-secret-key-change-this-in-production

# Enable CSRF protection
ENABLE_CSRF=true

# Enable rate limiting
ENABLE_RATE_LIMITING=true

# Rate limiting settings
RATE_LIMIT_REQUESTS=100
RATE_LIMIT_WINDOW=60

# Bcrypt cost for password hashing
BCRYPT_COST=12

# =============================================================================
# Content Management Features
# =============================================================================

# Enable content management system
ENABLE_CONTENT=true

# Enable markdown rendering
ENABLE_MARKDOWN=true

# Enable syntax highlighting
ENABLE_SYNTAX_HIGHLIGHTING=false

# Enable file uploads
ENABLE_FILE_UPLOADS=true

# Enable content versioning
ENABLE_CONTENT_VERSIONING=false

# Enable content scheduling
ENABLE_CONTENT_SCHEDULING=false

# Enable SEO features
ENABLE_SEO=true

# =============================================================================
# Performance Features
# =============================================================================

# Enable response caching
ENABLE_CACHING=true

# Enable database query caching
ENABLE_QUERY_CACHING=true

# Enable compression
ENABLE_COMPRESSION=true

# Enable connection pooling
ENABLE_CONNECTION_POOLING=true

# Enable lazy loading
ENABLE_LAZY_LOADING=false

# Enable background tasks
ENABLE_BACKGROUND_TASKS=true

# =============================================================================
# Logging Configuration
# =============================================================================

# Log level (trace, debug, info, warn, error)
LOG_LEVEL=info
RUST_LOG=info

# Enable console logging
ENABLE_CONSOLE_LOGGING=true

# Enable file logging
ENABLE_FILE_LOGGING=false

# Log file path
LOG_FILE_PATH=logs/app.log

# =============================================================================
# TLS/HTTPS Configuration
# =============================================================================

# Enable TLS/HTTPS
ENABLE_TLS=false

# TLS certificate paths (when ENABLE_TLS=true)
TLS_CERT_PATH=certs/cert.pem
TLS_KEY_PATH=certs/key.pem

# =============================================================================
# OAuth Configuration (when ENABLE_OAUTH=true)
# =============================================================================

# Google OAuth
GOOGLE_CLIENT_ID=your-google-client-id
GOOGLE_CLIENT_SECRET=your-google-client-secret
GOOGLE_REDIRECT_URI=http://localhost:3030/auth/google/callback

# GitHub OAuth
GITHUB_CLIENT_ID=your-github-client-id
GITHUB_CLIENT_SECRET=your-github-client-secret
GITHUB_REDIRECT_URI=http://localhost:3030/auth/github/callback

# =============================================================================
# Email Configuration (when email features are enabled)
# =============================================================================

# Enable email functionality
ENABLE_EMAIL=false

# SMTP settings
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_USERNAME=your-email@gmail.com
SMTP_PASSWORD=your-app-password
FROM_EMAIL=noreply@yourapp.com
FROM_NAME=Your App

# =============================================================================
# Redis Configuration (optional)
# =============================================================================

# Enable Redis for caching/sessions
ENABLE_REDIS=false

# Redis connection
REDIS_URL=redis://localhost:6379
REDIS_POOL_SIZE=10
REDIS_CONNECTION_TIMEOUT=5
REDIS_COMMAND_TIMEOUT=5

# =============================================================================
# Custom Feature Flags
# =============================================================================

# Add your custom feature flags here
# ENABLE_MY_CUSTOM_FEATURE=false
# ENABLE_ANALYTICS=false
# ENABLE_NOTIFICATIONS=false

# =============================================================================
# RBAC Example Configurations
# =============================================================================

# Example 1: Minimal RBAC (only basic categories)
# ENABLE_RBAC=true
# ENABLE_RBAC_CATEGORIES=true
# ENABLE_RBAC_CACHING=true

# Example 2: Database-focused RBAC
# ENABLE_RBAC=true
# ENABLE_RBAC_DATABASE=true
# ENABLE_RBAC_CATEGORIES=true
# ENABLE_RBAC_TAGS=true
# ENABLE_RBAC_CACHING=true
# ENABLE_RBAC_AUDIT=true

# Example 3: Full RBAC with all features
# ENABLE_RBAC=true
# ENABLE_RBAC_DATABASE=true
# ENABLE_RBAC_FILES=true
# ENABLE_RBAC_CONTENT=true
# ENABLE_RBAC_API=true
# ENABLE_RBAC_CATEGORIES=true
# ENABLE_RBAC_TAGS=true
# ENABLE_RBAC_CACHING=true
# ENABLE_RBAC_AUDIT=true
# ENABLE_RBAC_TOML_CONFIG=true
# ENABLE_RBAC_HIERARCHICAL=true
# ENABLE_RBAC_DYNAMIC_RULES=true

# Example 4: Content management with RBAC
# ENABLE_RBAC=true
# ENABLE_RBAC_CONTENT=true
# ENABLE_RBAC_FILES=true
# ENABLE_RBAC_CATEGORIES=true
# ENABLE_RBAC_TAGS=true
# ENABLE_CONTENT=true
# ENABLE_FILE_UPLOADS=true

# =============================================================================
# Development vs Production Settings
# =============================================================================

# Development settings (copy these for development)
# ENVIRONMENT=development
# LOG_LEVEL=debug
# ENABLE_CSRF=false
# ENABLE_TLS=false
# DATABASE_URL=postgresql://dev:dev@localhost:5432/rustelo_dev

# Production settings (copy these for production)
# ENVIRONMENT=production
# LOG_LEVEL=warn
# ENABLE_CSRF=true
# ENABLE_TLS=true
# ENABLE_RATE_LIMITING=true
# DATABASE_URL=postgresql://prod_user:secure_password@db.example.com:5432/rustelo_prod
# JWT_SECRET=very-long-random-secure-key-for-production
# SESSION_SECRET=another-very-long-random-secure-key-for-production
chore: add config path 2025-07-07 23:13:01 +01:00			`# RBAC (Role-Based Access Control) Configuration`
			`# Copy this file to .env and configure for your environment`

			`# =============================================================================`
			`# RBAC Feature Flags`
			`# =============================================================================`

			`# Enable/disable RBAC system entirely (default: false)`
			`ENABLE_RBAC=false`

			`# Database access control (requires ENABLE_RBAC=true)`
			`ENABLE_RBAC_DATABASE=false`

			`# File system access control (requires ENABLE_RBAC=true)`
			`ENABLE_RBAC_FILES=false`

			`# Content management access control (requires ENABLE_RBAC=true)`
			`ENABLE_RBAC_CONTENT=false`

			`# API endpoint access control (requires ENABLE_RBAC=true)`
			`ENABLE_RBAC_API=false`

			`# User categories feature (requires ENABLE_RBAC=true)`
			`ENABLE_RBAC_CATEGORIES=false`

			`# User tags feature (requires ENABLE_RBAC=true)`
			`ENABLE_RBAC_TAGS=false`

			`# Permission caching (improves performance, requires ENABLE_RBAC=true)`
			`ENABLE_RBAC_CACHING=false`

			`# Access audit logging (requires ENABLE_RBAC=true)`
			`ENABLE_RBAC_AUDIT=false`

			`# TOML configuration file loading (requires ENABLE_RBAC=true)`
			`ENABLE_RBAC_TOML_CONFIG=false`

			`# Hierarchical permissions (categories/tags inheritance)`
			`ENABLE_RBAC_HIERARCHICAL=false`

			`# Dynamic rule evaluation`
			`ENABLE_RBAC_DYNAMIC_RULES=false`

			`# =============================================================================`
			`# RBAC Configuration Paths`
			`# =============================================================================`

			`# Path to RBAC TOML configuration file`
			`RBAC_CONFIG_PATH=config/rbac.toml`

			`# Path to RBAC database migrations`
			`RBAC_MIGRATIONS_PATH=migrations/rbac`

			`# =============================================================================`
			`# Core Authentication (always required)`
			`# =============================================================================`

			`# Enable basic authentication system`
			`ENABLE_AUTH=true`

			`# Enable JWT token authentication`
			`ENABLE_JWT=true`

			`# Enable OAuth providers (Google, GitHub, etc.)`
			`ENABLE_OAUTH=false`

			`# Enable two-factor authentication`
			`ENABLE_2FA=false`

			`# Enable session management`
			`ENABLE_SESSIONS=true`

			`# Enable password reset functionality`
			`ENABLE_PASSWORD_RESET=true`

			`# Enable email verification`
			`ENABLE_EMAIL_VERIFICATION=false`

			`# =============================================================================`
			`# Database Configuration`
			`# =============================================================================`

			`# Database connection string`
			`DATABASE_URL=postgresql://username:password@localhost:5432/rustelo_dev`

			`# Database pool settings`
			`DATABASE_MAX_CONNECTIONS=20`
			`DATABASE_MIN_CONNECTIONS=5`
			`DATABASE_CONNECTION_TIMEOUT=30`
			`DATABASE_IDLE_TIMEOUT=600`
			`DATABASE_MAX_LIFETIME=1800`

			`# =============================================================================`
			`# Server Configuration`
			`# =============================================================================`

			`# Server host and port`
			`SERVER_HOST=127.0.0.1`
			`SERVER_PORT=3030`
			`SERVER_PROTOCOL=http`

			`# Environment (development/production)`
			`ENVIRONMENT=development`

			`# =============================================================================`
			`# Security Configuration`
			`# =============================================================================`

			`# JWT secret key (change in production!)`
			`JWT_SECRET=your-super-secret-jwt-key-change-this-in-production`

			`# Session secret (change in production!)`
			`SESSION_SECRET=your-session-secret-key-change-this-in-production`

			`# Enable CSRF protection`
			`ENABLE_CSRF=true`

			`# Enable rate limiting`
			`ENABLE_RATE_LIMITING=true`

			`# Rate limiting settings`
			`RATE_LIMIT_REQUESTS=100`
			`RATE_LIMIT_WINDOW=60`

			`# Bcrypt cost for password hashing`
			`BCRYPT_COST=12`

			`# =============================================================================`
			`# Content Management Features`
			`# =============================================================================`

			`# Enable content management system`
			`ENABLE_CONTENT=true`

			`# Enable markdown rendering`
			`ENABLE_MARKDOWN=true`

			`# Enable syntax highlighting`
			`ENABLE_SYNTAX_HIGHLIGHTING=false`

			`# Enable file uploads`
			`ENABLE_FILE_UPLOADS=true`

			`# Enable content versioning`
			`ENABLE_CONTENT_VERSIONING=false`

			`# Enable content scheduling`
			`ENABLE_CONTENT_SCHEDULING=false`

			`# Enable SEO features`
			`ENABLE_SEO=true`

			`# =============================================================================`
			`# Performance Features`
			`# =============================================================================`

			`# Enable response caching`
			`ENABLE_CACHING=true`

			`# Enable database query caching`
			`ENABLE_QUERY_CACHING=true`

			`# Enable compression`
			`ENABLE_COMPRESSION=true`

			`# Enable connection pooling`
			`ENABLE_CONNECTION_POOLING=true`

			`# Enable lazy loading`
			`ENABLE_LAZY_LOADING=false`

			`# Enable background tasks`
			`ENABLE_BACKGROUND_TASKS=true`

			`# =============================================================================`
			`# Logging Configuration`
			`# =============================================================================`

			`# Log level (trace, debug, info, warn, error)`
			`LOG_LEVEL=info`
			`RUST_LOG=info`

			`# Enable console logging`
			`ENABLE_CONSOLE_LOGGING=true`

			`# Enable file logging`
			`ENABLE_FILE_LOGGING=false`

			`# Log file path`
			`LOG_FILE_PATH=logs/app.log`

			`# =============================================================================`
			`# TLS/HTTPS Configuration`
			`# =============================================================================`

			`# Enable TLS/HTTPS`
			`ENABLE_TLS=false`

			`# TLS certificate paths (when ENABLE_TLS=true)`
			`TLS_CERT_PATH=certs/cert.pem`
			`TLS_KEY_PATH=certs/key.pem`

			`# =============================================================================`
			`# OAuth Configuration (when ENABLE_OAUTH=true)`
			`# =============================================================================`

			`# Google OAuth`
			`GOOGLE_CLIENT_ID=your-google-client-id`
			`GOOGLE_CLIENT_SECRET=your-google-client-secret`
			`GOOGLE_REDIRECT_URI=http://localhost:3030/auth/google/callback`

			`# GitHub OAuth`
			`GITHUB_CLIENT_ID=your-github-client-id`
			`GITHUB_CLIENT_SECRET=your-github-client-secret`
			`GITHUB_REDIRECT_URI=http://localhost:3030/auth/github/callback`

			`# =============================================================================`
			`# Email Configuration (when email features are enabled)`
			`# =============================================================================`

			`# Enable email functionality`
			`ENABLE_EMAIL=false`

			`# SMTP settings`
			`SMTP_HOST=smtp.gmail.com`
			`SMTP_PORT=587`
			`SMTP_USERNAME=your-email@gmail.com`
			`SMTP_PASSWORD=your-app-password`
			`FROM_EMAIL=noreply@yourapp.com`
			`FROM_NAME=Your App`

			`# =============================================================================`
			`# Redis Configuration (optional)`
			`# =============================================================================`

			`# Enable Redis for caching/sessions`
			`ENABLE_REDIS=false`

			`# Redis connection`
			`REDIS_URL=redis://localhost:6379`
			`REDIS_POOL_SIZE=10`
			`REDIS_CONNECTION_TIMEOUT=5`
			`REDIS_COMMAND_TIMEOUT=5`

			`# =============================================================================`
			`# Custom Feature Flags`
			`# =============================================================================`

			`# Add your custom feature flags here`
			`# ENABLE_MY_CUSTOM_FEATURE=false`
			`# ENABLE_ANALYTICS=false`
			`# ENABLE_NOTIFICATIONS=false`

			`# =============================================================================`
			`# RBAC Example Configurations`
			`# =============================================================================`

			`# Example 1: Minimal RBAC (only basic categories)`
			`# ENABLE_RBAC=true`
			`# ENABLE_RBAC_CATEGORIES=true`
			`# ENABLE_RBAC_CACHING=true`

			`# Example 2: Database-focused RBAC`
			`# ENABLE_RBAC=true`
			`# ENABLE_RBAC_DATABASE=true`
			`# ENABLE_RBAC_CATEGORIES=true`
			`# ENABLE_RBAC_TAGS=true`
			`# ENABLE_RBAC_CACHING=true`
			`# ENABLE_RBAC_AUDIT=true`

			`# Example 3: Full RBAC with all features`
			`# ENABLE_RBAC=true`
			`# ENABLE_RBAC_DATABASE=true`
			`# ENABLE_RBAC_FILES=true`
			`# ENABLE_RBAC_CONTENT=true`
			`# ENABLE_RBAC_API=true`
			`# ENABLE_RBAC_CATEGORIES=true`
			`# ENABLE_RBAC_TAGS=true`
			`# ENABLE_RBAC_CACHING=true`
			`# ENABLE_RBAC_AUDIT=true`
			`# ENABLE_RBAC_TOML_CONFIG=true`
			`# ENABLE_RBAC_HIERARCHICAL=true`
			`# ENABLE_RBAC_DYNAMIC_RULES=true`

			`# Example 4: Content management with RBAC`
			`# ENABLE_RBAC=true`
			`# ENABLE_RBAC_CONTENT=true`
			`# ENABLE_RBAC_FILES=true`
			`# ENABLE_RBAC_CATEGORIES=true`
			`# ENABLE_RBAC_TAGS=true`
			`# ENABLE_CONTENT=true`
			`# ENABLE_FILE_UPLOADS=true`

			`# =============================================================================`
			`# Development vs Production Settings`
			`# =============================================================================`

			`# Development settings (copy these for development)`
			`# ENVIRONMENT=development`
			`# LOG_LEVEL=debug`
			`# ENABLE_CSRF=false`
			`# ENABLE_TLS=false`
			`# DATABASE_URL=postgresql://dev:dev@localhost:5432/rustelo_dev`

			`# Production settings (copy these for production)`
			`# ENVIRONMENT=production`
			`# LOG_LEVEL=warn`
			`# ENABLE_CSRF=true`
			`# ENABLE_TLS=true`
			`# ENABLE_RATE_LIMITING=true`
			`# DATABASE_URL=postgresql://prod_user:secure_password@db.example.com:5432/rustelo_prod`
			`# JWT_SECRET=very-long-random-secure-key-for-production`
			`# SESSION_SECRET=another-very-long-random-secure-key-for-production`