.env.default

### GLOBAL VARIABLES ###

# If !false, Next's bundle(s) will be analyzed and report files generated.
ANALYZE=false

# This will overwrite the NODE_ENV setting during runtime and for the compiled
# applications.
#
# Recognized values: test development production
# Default value: empty
NODE_ENV=

# MongoDB connect URI. Specify auth credentials if necessary. YOU MUST *NOT*
# SPECIFY A DATABASE AT THE END!
MONGODB_URI=mongodb://127.0.0.1:27017

# Dedicated port to be used by the MongoDB Memory Server during unit tests.
# Especially useful when stepping through code, since you can always access the
# db at `mongodb://127.0.0.1:MONGODB_MS_PORT` when the debugger is paused.
# Tip: call `jest.setTimeout()` with a large number (i.e. 10**6) to ensure the
# MongoClient isn't closed randomly leading to strange errors.
#
# Leave this blank to choose any random port (not recommended). Note: this
# option is also used when Node is started in debug mode, e.g. `node
# --inspect-brk` or `node --debug`, or if the debugger is attached before the
# database connection is memoized.
MONGODB_MS_PORT=6666

# Determines the maximum allowed character length of an *entire* HTTP
# Authorization header. The default is 500.
AUTH_HEADER_MAX_LENGTH=500

# Controls which versions of the API will respond to requests. Examples (disable
# v1; disable v1 and v2; disable v3, v5, and v7):
#   DISABLED_API_VERSIONS=1
#   DISABLED_API_VERSIONS=1,2
#   DISABLED_API_VERSIONS=3,5,7
#
# Note that `DISABLED_API_VERSIONS=` (i.e. empty) means no
# versions are disabled!
DISABLED_API_VERSIONS=

# Determines the number of items returned by paginated endpoints.
RESULTS_PER_PAGE=100

# If !false, all rate limits and exponential soft banning will be ignored.
IGNORE_RATE_LIMITS=false

# If !false, no one will be able to use the API.
LOCKOUT_ALL_CLIENTS=false

# Controls what request methods are allowed. Empty means all are allowed
# (default).
#
# Example, to make API read-only:
#   DISALLOWED_METHODS=POST,PUT
DISALLOWED_METHODS=

# Every Nth request will be be cancelled and an HTTP 555 response returned. Note
# that, in addition to every Nth request, the very first request sent to the API
# will also return a contrived error. Set to 0 to disable all contrived errors.
REQUESTS_PER_CONTRIVED_ERROR=10

# Maximum allowed size of a request body (and content-length header value) in
# bytes. Should be a string like 1kb, 1mb, 500b.
MAX_CONTENT_LENGTH_BYTES=10kb

# Maximum number of parameters that can be passed to endpoints that accept
# multiple slash parameters.
MAX_PARAMS_PER_REQUEST=100

# Minimum allowed string length of a username.
MIN_USER_NAME_LENGTH=4

# Maximum allowed string length of a username.
MAX_USER_NAME_LENGTH=16

# Minimum allowed string length of a user email.
MIN_USER_EMAIL_LENGTH=4

# Maximum allowed string length of a user email.
MAX_USER_EMAIL_LENGTH=75

# Expected string length of a user's cryptographic salt (hexadecimal length).
USER_SALT_LENGTH=32

# Expected string length of a user's cryptographic key (hexadecimal length).
USER_KEY_LENGTH=128

# Maximum number of pages a blog can have.
MAX_USER_BLOG_PAGES=100

# Maximum allowed length of a blog name.
MAX_BLOG_NAME_LENGTH=100

# Maximum allowed length of a blog navigation link's href.
MAX_NAV_LINK_HREF_LENGTH=150

# Maximum allowed length of a blog navigation link's text.
MAX_NAV_LINK_TEXT_LENGTH=50

# Maximum allowed length of a blog page's name.
MAX_BLOG_PAGE_NAME_LENGTH=100

# Maximum allowed length of a blog page's name. Should be a string like 1kb,
# 1mb, 500b.
MAX_BLOG_PAGE_CONTENTS_LENGTH_BYTES=3kb

# How long active sessions are kept around before being deleted. Renewing an
# active session will reset the session's time-to-live.
SESSION_EXPIRE_AFTER_SECONDS=30

### EXTERNAL SCRIPT VARIABLES ###
# (optional unless using the relevant external script)

# How often this script is going to be invoked. This doesn't determine anything
# automatically on its own, this is useful to ensure the script works no matter
# how often you decide to call it.
BAN_HAMMER_WILL_BE_CALLED_EVERY_SECONDS=60

# The maximum number of requests per BAN_HAMMER_RESOLUTION_WINDOW_SECONDS
# allowed by a single client.
BAN_HAMMER_MAX_REQUESTS_PER_WINDOW=10

# How far back into the past this script looks when checking a key or ip against
# BAN_HAMMER_MAX_REQUESTS_PER_WINDOW.
BAN_HAMMER_RESOLUTION_WINDOW_SECONDS=1

# The initial amount of time an offender is banned.
BAN_HAMMER_DEFAULT_BAN_TIME_MINUTES=1

# When an offender is banned twice in the same "period," they're banned for
# BAN_HAMMER_DEFAULT_BAN_TIME_MINUTES * BAN_HAMMER_RECIDIVISM_PUNISH_MULTIPLIER
# minutes instead of the default. This is also the length of the "period".
BAN_HAMMER_RECIDIVISM_PUNISH_MULTIPLIER=2

# The size (in bytes) of the root request-log collection will not be allowed to
# exceed this amount. Oldest entries are deleted first. Should be a string like
# 1kb, 1mb, 500b.
PRUNE_DATA_MAX_LOGS_BYTES=50mb

# The size (in bytes) of the root limited-log collection will not be allowed to
# exceed this amount. Oldest entries are deleted first. Should be a string like
# 1kb, 1mb, 500b.
PRUNE_DATA_MAX_BANNED_BYTES=10mb

# The size (in bytes) of the pages collection will not be allowed to exceed this
# amount. Oldest entries are deleted first. Should be a string like 1kb, 1mb,
# 500b.
PRUNE_DATA_MAX_PAGES_BYTES=300mb

# The size (in bytes) of the sessions collection will not be allowed to exceed
# this amount. Oldest entries are deleted first. Should be a string like 1kb,
# 1mb, 500b.
PRUNE_DATA_MAX_SESSIONS_BYTES=20mb

# The size (in bytes) of the users collection will not be allowed to exceed this
# amount. Oldest entries are deleted first. Should be a string like 1kb, 1mb,
# 500b.
PRUNE_DATA_MAX_USERS_BYTES=50mb

### TOOLS FRONTEND VARIABLES ###
# (optional unless using tools)