-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path.env.example
More file actions
61 lines (54 loc) · 2.11 KB
/
.env.example
File metadata and controls
61 lines (54 loc) · 2.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# AI Interview Simulator - Environment Configuration
# Copy this file to .env and fill in your values
# ===================
# Database Configuration
# ===================
DB_HOST=localhost
DB_PORT=5432
DB_NAME=interview_simulator
DB_USERNAME=postgres
DB_PASSWORD=your_secure_password_here
# ===================
# Application Mode
# ===================
# DEV = Backend provides API key (for local development)
# PROD = Users must provide their own API key (for production)
# REVIEWER = Hide API modal, use multi-key rotation (for competition judges)
APP_MODE=DEV
# ===================
# Gemini API Configuration
# ===================
# Only required in DEV mode
# Get your free key at: https://aistudio.google.com/app/apikey
GEMINI_API_KEY=AIza...your_key_here
# ===================
# REVIEWER Mode Configuration
# ===================
# Only required in REVIEWER mode
# Comma-separated API keys (one per grading model in the fallback chain)
# GEMINI_REVIEWER_KEYS=AIza...key1,AIza...key2,AIza...key3
# Grading model fallback chain (comma-separated)
# GEMINI_GRADING_MODELS=gemini-3-flash-preview,gemini-2.5-flash,gemini-2.5-flash-lite,gemma-3-12b-it
# ===================
# Security / Deployment
# ===================
# Session cookie Secure flag. Default true (HTTPS only).
# Set to false ONLY for local plain-HTTP development, otherwise the browser
# refuses to send the session cookie and the admin login breaks.
# SESSION_COOKIE_SECURE=true
# Reverse-proxy IP trust. Default false. Set to true ONLY when the app is
# deployed behind a trusted proxy (Cloudflare Tunnel / nginx / load balancer).
# With this true and no proxy in front, attackers can spoof source IPs and
# bypass per-IP rate limits.
#
# Header priority when the flag is true:
# 1. CF-Connecting-IP (Cloudflare — overwritten by edge, spoof-proof)
# 2. X-Forwarded-For (leftmost entry; generic proxy fallback)
# 3. socket peer address (no header → direct connection)
#
# For Cloudflare Tunnel (cloudflared) or similar:
# APP_TRUST_FORWARDED_HEADERS=true
# ===================
# JVM Options (Docker only)
# ===================
# JAVA_OPTS="-Xmx512m -Xms256m"