AcadeNice/Wiki
1
0
Fork 0
Code Issues Pull requests Releases Activity Actions
Wiki/bridge/.env.example
Corentin JOGUET 0cf6533885
Some checks are pending
CI / Lint bridge (Biome) (push) Waiting to run
Details
CI / Type-check bridge (push) Blocked by required conditions
Details
CI / Tests unit bridge (push) Blocked by required conditions
Details
CI / Tests integration bridge (push) Blocked by required conditions
Details
CI / Security scan (push) Waiting to run
Details
CI / Docker build + healthcheck (push) Blocked by required conditions
Details
feat(bridge): Bloc 5 rate limit + cache invalidation cote writes
2026-05-07 21:44:33 +02:00

49 lines
2 KiB
Text
Raw Blame History

# Bridge service — variables d'environnement
# Copier vers .env et remplir avec valeurs reelles.
# Server
NODE_ENV=development
PORT=4000
LOG_LEVEL=debug
# Baserow API
BASEROW_API_URL=http://baserow:80/api
BASEROW_API_TOKEN=
# Docmost API
DOCMOST_API_URL=http://docmost:3000/api
DOCMOST_API_TOKEN=
# Redis (cache + idempotence webhooks + lookup Personne)
REDIS_URL=redis://docmost-redis:6379
# Webhooks Baserow signature secret (HMAC-SHA256, header X-Baserow-Signature)
BASEROW_WEBHOOK_SECRET=
# Webhooks Docmost signature secret (HMAC-SHA256, header X-Docmost-Signature)
# Stub Bloc 7b — handlers metier viennent en Bloc 8 (Tiptap node-views)
DOCMOST_WEBHOOK_SECRET=
# Auth tokens bridge — JSON serialise (Phase 2 simple)
# Format: [{"token":"brg_xxx","name":"label","scopes":["read:personnes",...]}]
# Phase 3 : migration vers DB dediee
BRIDGE_API_TOKENS=
# Authentik OIDC (optional — laisse vide pour mode local-only avec service tokens)
# Active uniquement si AUTHENTIK_ISSUER + AUTHENTIK_JWKS_URI + AUTHENTIK_AUDIENCE sont set.
# AUTHENTIK_ISSUER=https://auth.acadenice.com/application/o/formation-hub/
# AUTHENTIK_JWKS_URI=https://auth.acadenice.com/application/o/formation-hub/jwks/
# AUTHENTIK_AUDIENCE=formation-hub-bridge
# AUTH_GROUPS_SCOPES_MAP={"formation-hub-formateurs":["formation:read","intervention:write"],"formation-hub-admins":["admin:*"]}
# AUTH_STRICT_MAPPING=true # false -> autorise les emails OIDC sans Personne (scopes des groups uniquement)
# Rate limiting (Bloc 5) — sliding window Redis sur /api/v1/*
# (hors /api/health, /api/ready, /api/webhooks/* qui ont leur propre defense).
# Global s'applique sur tous les verbes ; Mutation s'ajoute sur POST/PATCH/PUT/DELETE
# avec un compteur Redis distinct (suffixe `:mut`) volontairement plus strict.
# Cle derivee de l'identite : tokenId (service token) > email OIDC > sub OIDC > IP > anonymous.
# Defauts conservateurs ci-dessous, override si besoin.
# RATE_LIMIT_GLOBAL_MAX=100
# RATE_LIMIT_GLOBAL_WINDOW=60
# RATE_LIMIT_MUTATION_MAX=30
# RATE_LIMIT_MUTATION_WINDOW=60
Reference in a new issue View git blame Copy permalink