Skip to content

Commit 0bab60d

Browse files
fullenifulleni
committed
docs(env): update JWT expiry default and admin configuration
- Change JWT_EXPIRY_HOURS default from 1 hour to 720 hours (1 month) - Update ADMIN OVERRIDE to REQUIRED for the single administrator account setting - Clarify optional rate limit configuration for API endpoints
1 parent 17fc972 commit 0bab60d

File tree

1 file changed

+11
-11
lines changed

1 file changed

+11
-11
lines changed

.env.example

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -12,8 +12,8 @@
1212
# JWT_SECRET_KEY="your-super-secret-and-long-jwt-key"
1313

1414
# OPTIONAL: The duration for which a JWT is valid, in hours.
15-
# Defaults to 1 hour if not specified.
16-
# JWT_EXPIRY_HOURS="1"
15+
# Defaults to 720 hour (1 month) if not specified.
16+
# JWT_EXPIRY_HOURS="720"
1717

1818
# REQUIRED FOR PRODUCTION: The specific origin URL of your web client.
1919
# This allows the client (e.g., the HT Dashboard) to make requests to the API.
@@ -34,7 +34,7 @@
3434
# Use "https://api.eu.sendgrid.com" for EU-based accounts.
3535
# SENDGRID_API_URL="https://api.sendgrid.com"
3636

37-
# ADMIN OVERRIDE: Sets the single administrator account for the application.
37+
# REQUIRED: Sets the single administrator account for the application.
3838
# On server startup, the system ensures that the user with this email is the
3939
# one and only administrator.
4040
# - If no admin exists, one will be created with this email.
@@ -44,15 +44,15 @@
4444
# This provides a secure way to set or recover the admin account.
4545
# OVERRIDE_ADMIN_EMAIL="[email protected]"
4646

47-
# OPTIONAL: Configure API request limits to prevent abuse.
48-
# The application provides sensible defaults if these are not set.
49-
#
50-
# Limit for the /auth/request-code endpoint (requests per window).
47+
48+
# OPTIONAL: Limit for the /auth/request-code endpoint (requests per window).
5149
# RATE_LIMIT_REQUEST_CODE_LIMIT=3
52-
# Window for the /auth/request-code endpoint, in hours.
50+
51+
# OPTIONAL: Window for the /auth/request-code endpoint, in hours.
5352
# RATE_LIMIT_REQUEST_CODE_WINDOW_HOURS=24
54-
#
55-
# Limit for the generic /data API endpoints (requests per window).
53+
54+
# OPTIONAL: Limit for the generic /data API endpoints (requests per window).
5655
# RATE_LIMIT_DATA_API_LIMIT=1000
57-
# Window for the /data API endpoints, in minutes.
56+
57+
# OPTIONAL: Window for the /data API endpoints, in minutes.
5858
# RATE_LIMIT_DATA_API_WINDOW_MINUTES=60

0 commit comments

Comments
 (0)