docs: update .env.example with improved descriptions and security focus

- Restructure and group configuration sections for clarity
- Add detailed comments for HTTPS, CORS, and security-related settings
- Update placeholder values and improve formatting for readability

Author: Pdzly

.env.example

@@ -1,31 +1,46 @@
-HOST=0.0.0.0
+# DevBin Backend Environment Configuration
+
+# Server Configuration
 APP_PORT=8000
+APP_HOST=0.0.0.0
+APP_WORKERS=1
+APP_RELOAD=false
+APP_DEBUG=false
+
+# Database Configuration
+APP_DATABASE_URL=postgresql+asyncpg://postgres:postgres@localhost:5432/devbin
+
+# Security - HTTPS
+# Set to true to redirect HTTP to HTTPS
+# Only enable if your deployment terminates SSL directly
+# Keep false if using reverse proxy (nginx, traefik, caddy, etc.)
+APP_ENFORCE_HTTPS=false
+
+# Security - CORS
+# For development (allows all origins):
+APP_CORS_DOMAINS=["*"]
+APP_ALLOW_CORS_WILDCARD=true
+
+# For production (specify exact domains):
+# APP_CORS_DOMAINS=["https://devbin.example.com","https://app.devbin.example.com"]
+# APP_ALLOW_CORS_WILDCARD=false
 
-# Database configuration
-POSTGRES_USER=postgres
-POSTGRES_PASSWORD=postgres
-POSTGRES_DB=devbin
+# Trusted Hosts (for X-Forwarded-For header)
+APP_TRUSTED_HOSTS=["127.0.0.1"]
 
-# Application configuration
-APP_DATABASE_URL=postgresql://postgres:postgres@devbin_db:5432/devbin
+# Paste Configuration
 APP_MAX_CONTENT_LENGTH=10000
 APP_BASE_FOLDER_PATH=./files
-# 1-9999999 or True for "os.cpu_count" ( how many cpu threads the machine has )
-# WARNING: Rate Limit / Cache is PER worker. e.g. expect 2x memore as both will cache different/doubles.
-APP_WORKERS=1
-APP_BYPASS_TOKEN= # Bypasses Rate limits
-APP_CORS_DOMAINS='["http://localhost:3000"]'
-APP_CACHE_TTL=300
-APP_CACHE_SIZE_LIMIT=1000
 APP_MIN_STORAGE_MB=1024
-APP_TRUSTED_HOSTS='["127.0.0.1", 'devbin_frontend']'
-APP_KEEP_DELETED_PASTES_TIME_HOURS=336 # 2 Weeks
+APP_KEEP_DELETED_PASTES_TIME_HOURS=336
 
-# Debug / Development settings
-APP_SQLALCHEMY_ECHO=false
-APP_DEBUG=true
-APP_RELOAD=false
+# Caching
+APP_CACHE_SIZE_LIMIT=1000
+APP_CACHE_TTL=300
+
+# Privacy Settings
+APP_SAVE_USER_AGENT=false
+APP_SAVE_IP_ADDRESS=false
 
-# Frontend configurations
-API_BASE_URL=http://devden:8000
-PORT=3000
+# Optional: Rate limit bypass token for trusted apps
+# APP_BYPASS_TOKEN=your_secret_bypass_token_here

backend/.env.example

@@ -42,5 +42,5 @@ APP_CACHE_TTL=300
 APP_SAVE_USER_AGENT=false
 APP_SAVE_IP_ADDRESS=false
 
-# Optional: Rate limit bypass token for testing
+# Optional: Rate limit bypass token for trusted apps
 # APP_BYPASS_TOKEN=your_secret_bypass_token_here