zee-solution/configs/config.yaml

app:
  name: "ULFlow Starter Kit"
  version: "0.1.0"
  environment: "development"
  timezone: "Asia/Ho_Chi_Minh"

logger:
  level: "info" # debug, info, warn, error

server:
  host: "0.0.0.0"
  port: 3000
  read_timeout: 15
  write_timeout: 15
  shutdown_timeout: 30
  trusted_proxies: []
  allow_origins:
    - "*"

database:
  driver: "postgres"
  host: "postgres"
  port: 5432
  username: "postgres"
  password: "postgres"
  database: "ulflow_zee"
  ssl_mode: "disable"
  max_open_conns: 25
  max_idle_conns: 5
  conn_max_lifetime: 300
  migration_path: "migrations"

# JWT Configuration
jwt:
  # Generate a secure random secret key using: openssl rand -base64 32
  secret: "ulflow2121_this_is_a_secure_key_for_jwt_signing"
  # Access Token expiration time in minutes (15 minutes)
  access_token_expire: 15
  # Refresh Token expiration time in minutes (7 days = 10080 minutes)
  refresh_token_expire: 10080
  # Algorithm for JWT signing (HS256, HS384, HS512, RS256, etc.)
  algorithm: "HS256"
  # Issuer for JWT tokens
  issuer: "ulflow-zee"
  # Audience for JWT tokens
  audience: ["ulflow-web"]

# Security configurations
security:
  # Rate limiting for authentication endpoints (requests per minute)
  rate_limit:
    login: 5
    register: 3
    refresh: 10
  # Password policy
  password:
    min_length: 8
    require_upper: true
    require_lower: true
    require_number: true
    require_special: true
  # Cookie settings
  cookie:
    secure: true
    http_only: true
    same_site: "Lax"  # or "Strict" for more security
    domain: ""  # Set your domain in production
    path: "/"
  # CORS settings
  cors:
    allowed_origins: ["*"]  # Restrict in production
    allowed_methods: ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"]
    allowed_headers: ["Origin", "Content-Type", "Accept", "Authorization"]
    exposed_headers: ["Content-Length", "X-Total-Count"]
    allow_credentials: true
    max_age: 300  # 5 minutes