6.8 KiB
6.8 KiB
Environment Configuration Guide
Overview
This guide explains all environment variables used in the Interview Quiz Backend application and how to configure them properly.
Quick Start
-
Copy the example file:
cp .env.example .env -
Generate a secure JWT secret:
npm run generate:jwt -
Update database credentials in
.env:DB_USER=root DB_PASSWORD=your_mysql_password -
Validate your configuration:
npm run validate:env
Environment Variables
Server Configuration
NODE_ENV
- Type: String
- Required: Yes
- Default:
development - Values:
development,test,production - Description: Application environment mode
PORT
- Type: Number
- Required: Yes
- Default:
3000 - Range: 1000-65535
- Description: Port number for the server
API_PREFIX
- Type: String
- Required: Yes
- Default:
/api - Description: API route prefix
Database Configuration
DB_HOST
- Type: String
- Required: Yes
- Default:
localhost - Description: MySQL server hostname
DB_PORT
- Type: Number
- Required: Yes
- Default:
3306 - Description: MySQL server port
DB_NAME
- Type: String
- Required: Yes
- Default:
interview_quiz_db - Description: Database name
DB_USER
- Type: String
- Required: Yes
- Default:
root - Description: Database username
DB_PASSWORD
- Type: String
- Required: Yes (in production)
- Default: Empty string
- Description: Database password
- Security: Never commit this to version control!
DB_DIALECT
- Type: String
- Required: Yes
- Default:
mysql - Values:
mysql,postgres,sqlite,mssql - Description: Database type
Database Connection Pool
DB_POOL_MAX
- Type: Number
- Required: No
- Default:
10 - Description: Maximum number of connections in pool
DB_POOL_MIN
- Type: Number
- Required: No
- Default:
0 - Description: Minimum number of connections in pool
DB_POOL_ACQUIRE
- Type: Number
- Required: No
- Default:
30000(30 seconds) - Description: Max time (ms) to get connection before error
DB_POOL_IDLE
- Type: Number
- Required: No
- Default:
10000(10 seconds) - Description: Max idle time (ms) before releasing connection
JWT Authentication
JWT_SECRET
- Type: String
- Required: Yes
- Min Length: 32 characters (64+ recommended)
- Description: Secret key for signing JWT tokens
- Security:
- Generate with:
npm run generate:jwt - Must be different for each environment
- Rotate regularly in production
- Never commit to version control!
- Generate with:
JWT_EXPIRE
- Type: String
- Required: Yes
- Default:
24h - Format: Time string (e.g.,
24h,7d,1m) - Description: JWT token expiration time
Rate Limiting
RATE_LIMIT_WINDOW_MS
- Type: Number
- Required: No
- Default:
900000(15 minutes) - Description: Time window for rate limiting (ms)
RATE_LIMIT_MAX_REQUESTS
- Type: Number
- Required: No
- Default:
100 - Description: Max requests per window per IP
CORS Configuration
CORS_ORIGIN
- Type: String
- Required: Yes
- Default:
http://localhost:4200 - Description: Allowed CORS origin (frontend URL)
- Examples:
- Development:
http://localhost:4200 - Production:
https://yourapp.com
- Development:
Guest User Configuration
GUEST_SESSION_EXPIRE_HOURS
- Type: Number
- Required: No
- Default:
24 - Description: Guest session expiry time in hours
GUEST_MAX_QUIZZES
- Type: Number
- Required: No
- Default:
3 - Description: Maximum quizzes a guest can take
Logging
LOG_LEVEL
- Type: String
- Required: No
- Default:
info - Values:
error,warn,info,debug - Description: Logging verbosity level
Environment-Specific Configurations
Development
NODE_ENV=development
PORT=3000
DB_HOST=localhost
DB_PASSWORD=your_dev_password
JWT_SECRET=dev_jwt_secret_generate_with_npm_run_generate_jwt
CORS_ORIGIN=http://localhost:4200
LOG_LEVEL=debug
Production
NODE_ENV=production
PORT=3000
DB_HOST=your_production_host
DB_PASSWORD=strong_production_password
JWT_SECRET=production_jwt_secret_must_be_different_from_dev
CORS_ORIGIN=https://yourapp.com
LOG_LEVEL=warn
Testing
NODE_ENV=test
PORT=3001
DB_NAME=interview_quiz_db_test
DB_PASSWORD=test_password
JWT_SECRET=test_jwt_secret
LOG_LEVEL=error
Validation
The application automatically validates all environment variables on startup.
Manual Validation
Run validation anytime:
npm run validate:env
Validation Checks
- ✅ All required variables are set
- ✅ Values are in correct format (string, number)
- ✅ Numbers are within valid ranges
- ✅ Enums match allowed values
- ✅ Minimum length requirements met
- ⚠️ Warnings for weak configurations
Security Best Practices
1. JWT Secret
- Generate strong, random secrets:
npm run generate:jwt - Use different secrets for each environment
- Store securely (never in code)
- Rotate periodically
2. Database Password
- Use strong, unique passwords
- Never commit to version control
- Use environment-specific passwords
- Restrict database user permissions
3. CORS Origin
- Set to exact frontend URL
- Never use
*in production - Use HTTPS in production
4. Rate Limiting
- Adjust based on expected traffic
- Lower limits for auth endpoints
- Monitor for abuse patterns
Troubleshooting
Validation Fails
Check the error messages and fix invalid values:
npm run validate:env
Database Connection Fails
- Verify MySQL is running
- Check credentials in
.env - Test connection:
npm run test:db - Ensure database exists
JWT Errors
- Verify JWT_SECRET is set
- Ensure it's at least 32 characters
- Regenerate if needed:
npm run generate:jwt
Configuration Module
Access configuration in code:
const config = require('./config/config');
// Server config
console.log(config.server.port);
console.log(config.server.nodeEnv);
// Database config
console.log(config.database.host);
console.log(config.database.name);
// JWT config
console.log(config.jwt.secret);
console.log(config.jwt.expire);
// Guest config
console.log(config.guest.maxQuizzes);
Additional Resources
Remember: Never commit .env files to version control! Only commit .env.example with placeholder values.