Rustelo/config/features/auth.toml

# Authentication Feature Configuration
# Settings for the authentication and authorization system

[features]
auth = true

# OAuth Configuration
[oauth]
enabled = false

[oauth.google]
client_id = "your-google-client-id"
client_secret = "your-google-client-secret"
redirect_uri = "http://localhost:3030/auth/google/callback"

[oauth.github]
client_id = "your-github-client-id"
client_secret = "your-github-client-secret"
redirect_uri = "http://localhost:3030/auth/github/callback"

# JWT Configuration
[auth.jwt]
secret = "change-this-in-production-to-a-secure-random-string"
expiration = 86400  # 24 hours in seconds
refresh_token_expiration = 604800  # 7 days in seconds
algorithm = "HS256"
issuer = "rustelo-app"
audience = "rustelo-users"

# Password Policy
[auth.password]
min_length = 8
require_uppercase = true
require_lowercase = true
require_numbers = true
require_special_chars = true
max_age_days = 90
history_count = 5

# Account Security
[auth.security]
max_login_attempts = 5
lockout_duration = 900  # 15 minutes in seconds
session_timeout = 3600  # 1 hour in seconds
require_email_verification = true
password_reset_timeout = 3600  # 1 hour in seconds

# Two-Factor Authentication
[auth.two_factor]
enabled = false
backup_codes_count = 10
totp_issuer = "Rustelo App"
totp_digits = 6
totp_period = 30

# User Registration
[auth.registration]
enabled = true
require_email_verification = true
auto_approve = true
default_role = "user"
allowed_domains = []  # Empty array means all domains allowed

# Session Management
[auth.sessions]
cleanup_interval = 3600  # 1 hour in seconds
max_concurrent_sessions = 5
remember_me_duration = 2592000  # 30 days in seconds

# Rate Limiting for Auth Endpoints
[auth.rate_limiting]
login_attempts_per_minute = 5
registration_attempts_per_hour = 3
password_reset_attempts_per_hour = 3
chore: add config path 2025-07-07 23:13:01 +01:00			`# Authentication Feature Configuration`
			`# Settings for the authentication and authorization system`

			`[features]`
			`auth = true`

			`# OAuth Configuration`
			`[oauth]`
			`enabled = false`

			`[oauth.google]`
			`client_id = "your-google-client-id"`
			`client_secret = "your-google-client-secret"`
			`redirect_uri = "http://localhost:3030/auth/google/callback"`

			`[oauth.github]`
			`client_id = "your-github-client-id"`
			`client_secret = "your-github-client-secret"`
			`redirect_uri = "http://localhost:3030/auth/github/callback"`

			`# JWT Configuration`
			`[auth.jwt]`
			`secret = "change-this-in-production-to-a-secure-random-string"`
			`expiration = 86400 # 24 hours in seconds`
			`refresh_token_expiration = 604800 # 7 days in seconds`
			`algorithm = "HS256"`
			`issuer = "rustelo-app"`
			`audience = "rustelo-users"`

			`# Password Policy`
			`[auth.password]`
			`min_length = 8`
			`require_uppercase = true`
			`require_lowercase = true`
			`require_numbers = true`
			`require_special_chars = true`
			`max_age_days = 90`
			`history_count = 5`

			`# Account Security`
			`[auth.security]`
			`max_login_attempts = 5`
			`lockout_duration = 900 # 15 minutes in seconds`
			`session_timeout = 3600 # 1 hour in seconds`
			`require_email_verification = true`
			`password_reset_timeout = 3600 # 1 hour in seconds`

			`# Two-Factor Authentication`
			`[auth.two_factor]`
			`enabled = false`
			`backup_codes_count = 10`
			`totp_issuer = "Rustelo App"`
			`totp_digits = 6`
			`totp_period = 30`

			`# User Registration`
			`[auth.registration]`
			`enabled = true`
			`require_email_verification = true`
			`auto_approve = true`
			`default_role = "user"`
			`allowed_domains = [] # Empty array means all domains allowed`

			`# Session Management`
			`[auth.sessions]`
			`cleanup_interval = 3600 # 1 hour in seconds`
			`max_concurrent_sessions = 5`
			`remember_me_duration = 2592000 # 30 days in seconds`

			`# Rate Limiting for Auth Endpoints`
			`[auth.rate_limiting]`
			`login_attempts_per_minute = 5`
			`registration_attempts_per_hour = 3`
			`password_reset_attempts_per_hour = 3`