# RBAC (Role-Based Access Control) Configuration # Copy this file to .env and configure for your environment # ============================================================================= # RBAC Feature Flags # ============================================================================= # Enable/disable RBAC system entirely (default: false) ENABLE_RBAC=false # Database access control (requires ENABLE_RBAC=true) ENABLE_RBAC_DATABASE=false # File system access control (requires ENABLE_RBAC=true) ENABLE_RBAC_FILES=false # Content management access control (requires ENABLE_RBAC=true) ENABLE_RBAC_CONTENT=false # API endpoint access control (requires ENABLE_RBAC=true) ENABLE_RBAC_API=false # User categories feature (requires ENABLE_RBAC=true) ENABLE_RBAC_CATEGORIES=false # User tags feature (requires ENABLE_RBAC=true) ENABLE_RBAC_TAGS=false # Permission caching (improves performance, requires ENABLE_RBAC=true) ENABLE_RBAC_CACHING=false # Access audit logging (requires ENABLE_RBAC=true) ENABLE_RBAC_AUDIT=false # TOML configuration file loading (requires ENABLE_RBAC=true) ENABLE_RBAC_TOML_CONFIG=false # Hierarchical permissions (categories/tags inheritance) ENABLE_RBAC_HIERARCHICAL=false # Dynamic rule evaluation ENABLE_RBAC_DYNAMIC_RULES=false # ============================================================================= # RBAC Configuration Paths # ============================================================================= # Path to RBAC TOML configuration file RBAC_CONFIG_PATH=config/rbac.toml # Path to RBAC database migrations RBAC_MIGRATIONS_PATH=migrations/rbac # ============================================================================= # Core Authentication (always required) # ============================================================================= # Enable basic authentication system ENABLE_AUTH=true # Enable JWT token authentication ENABLE_JWT=true # Enable OAuth providers (Google, GitHub, etc.) ENABLE_OAUTH=false # Enable two-factor authentication ENABLE_2FA=false # Enable session management ENABLE_SESSIONS=true # Enable password reset functionality ENABLE_PASSWORD_RESET=true # Enable email verification ENABLE_EMAIL_VERIFICATION=false # ============================================================================= # Database Configuration # ============================================================================= # Database connection string DATABASE_URL=postgresql://username:password@localhost:5432/rustelo_dev # Database pool settings DATABASE_MAX_CONNECTIONS=20 DATABASE_MIN_CONNECTIONS=5 DATABASE_CONNECTION_TIMEOUT=30 DATABASE_IDLE_TIMEOUT=600 DATABASE_MAX_LIFETIME=1800 # ============================================================================= # Server Configuration # ============================================================================= # Server host and port SERVER_HOST=127.0.0.1 SERVER_PORT=3030 SERVER_PROTOCOL=http # Environment (development/production) ENVIRONMENT=development # ============================================================================= # Security Configuration # ============================================================================= # JWT secret key (change in production!) JWT_SECRET=your-super-secret-jwt-key-change-this-in-production # Session secret (change in production!) SESSION_SECRET=your-session-secret-key-change-this-in-production # Enable CSRF protection ENABLE_CSRF=true # Enable rate limiting ENABLE_RATE_LIMITING=true # Rate limiting settings RATE_LIMIT_REQUESTS=100 RATE_LIMIT_WINDOW=60 # Bcrypt cost for password hashing BCRYPT_COST=12 # ============================================================================= # Content Management Features # ============================================================================= # Enable content management system ENABLE_CONTENT=true # Enable markdown rendering ENABLE_MARKDOWN=true # Enable syntax highlighting ENABLE_SYNTAX_HIGHLIGHTING=false # Enable file uploads ENABLE_FILE_UPLOADS=true # Enable content versioning ENABLE_CONTENT_VERSIONING=false # Enable content scheduling ENABLE_CONTENT_SCHEDULING=false # Enable SEO features ENABLE_SEO=true # ============================================================================= # Performance Features # ============================================================================= # Enable response caching ENABLE_CACHING=true # Enable database query caching ENABLE_QUERY_CACHING=true # Enable compression ENABLE_COMPRESSION=true # Enable connection pooling ENABLE_CONNECTION_POOLING=true # Enable lazy loading ENABLE_LAZY_LOADING=false # Enable background tasks ENABLE_BACKGROUND_TASKS=true # ============================================================================= # Logging Configuration # ============================================================================= # Log level (trace, debug, info, warn, error) LOG_LEVEL=info RUST_LOG=info # Enable console logging ENABLE_CONSOLE_LOGGING=true # Enable file logging ENABLE_FILE_LOGGING=false # Log file path LOG_FILE_PATH=logs/app.log # ============================================================================= # TLS/HTTPS Configuration # ============================================================================= # Enable TLS/HTTPS ENABLE_TLS=false # TLS certificate paths (when ENABLE_TLS=true) TLS_CERT_PATH=certs/cert.pem TLS_KEY_PATH=certs/key.pem # ============================================================================= # OAuth Configuration (when ENABLE_OAUTH=true) # ============================================================================= # Google OAuth GOOGLE_CLIENT_ID=your-google-client-id GOOGLE_CLIENT_SECRET=your-google-client-secret GOOGLE_REDIRECT_URI=http://localhost:3030/auth/google/callback # GitHub OAuth GITHUB_CLIENT_ID=your-github-client-id GITHUB_CLIENT_SECRET=your-github-client-secret GITHUB_REDIRECT_URI=http://localhost:3030/auth/github/callback # ============================================================================= # Email Configuration (when email features are enabled) # ============================================================================= # Enable email functionality ENABLE_EMAIL=false # SMTP settings SMTP_HOST=smtp.gmail.com SMTP_PORT=587 SMTP_USERNAME=your-email@gmail.com SMTP_PASSWORD=your-app-password FROM_EMAIL=noreply@yourapp.com FROM_NAME=Your App # ============================================================================= # Redis Configuration (optional) # ============================================================================= # Enable Redis for caching/sessions ENABLE_REDIS=false # Redis connection REDIS_URL=redis://localhost:6379 REDIS_POOL_SIZE=10 REDIS_CONNECTION_TIMEOUT=5 REDIS_COMMAND_TIMEOUT=5 # ============================================================================= # Custom Feature Flags # ============================================================================= # Add your custom feature flags here # ENABLE_MY_CUSTOM_FEATURE=false # ENABLE_ANALYTICS=false # ENABLE_NOTIFICATIONS=false # ============================================================================= # RBAC Example Configurations # ============================================================================= # Example 1: Minimal RBAC (only basic categories) # ENABLE_RBAC=true # ENABLE_RBAC_CATEGORIES=true # ENABLE_RBAC_CACHING=true # Example 2: Database-focused RBAC # ENABLE_RBAC=true # ENABLE_RBAC_DATABASE=true # ENABLE_RBAC_CATEGORIES=true # ENABLE_RBAC_TAGS=true # ENABLE_RBAC_CACHING=true # ENABLE_RBAC_AUDIT=true # Example 3: Full RBAC with all features # ENABLE_RBAC=true # ENABLE_RBAC_DATABASE=true # ENABLE_RBAC_FILES=true # ENABLE_RBAC_CONTENT=true # ENABLE_RBAC_API=true # ENABLE_RBAC_CATEGORIES=true # ENABLE_RBAC_TAGS=true # ENABLE_RBAC_CACHING=true # ENABLE_RBAC_AUDIT=true # ENABLE_RBAC_TOML_CONFIG=true # ENABLE_RBAC_HIERARCHICAL=true # ENABLE_RBAC_DYNAMIC_RULES=true # Example 4: Content management with RBAC # ENABLE_RBAC=true # ENABLE_RBAC_CONTENT=true # ENABLE_RBAC_FILES=true # ENABLE_RBAC_CATEGORIES=true # ENABLE_RBAC_TAGS=true # ENABLE_CONTENT=true # ENABLE_FILE_UPLOADS=true # ============================================================================= # Development vs Production Settings # ============================================================================= # Development settings (copy these for development) # ENVIRONMENT=development # LOG_LEVEL=debug # ENABLE_CSRF=false # ENABLE_TLS=false # DATABASE_URL=postgresql://dev:dev@localhost:5432/rustelo_dev # Production settings (copy these for production) # ENVIRONMENT=production # LOG_LEVEL=warn # ENABLE_CSRF=true # ENABLE_TLS=true # ENABLE_RATE_LIMITING=true # DATABASE_URL=postgresql://prod_user:secure_password@db.example.com:5432/rustelo_prod # JWT_SECRET=very-long-random-secure-key-for-production # SESSION_SECRET=another-very-long-random-secure-key-for-production