diff --git a/docker/.env.example b/docker/.env.example index 63308bc9e..d2f713492 100644 --- a/docker/.env.example +++ b/docker/.env.example @@ -30,6 +30,11 @@ SECRET_KEY=replace_me_with_a_random_string # Auth type: LOCAL (email/password) or GOOGLE (OAuth) AUTH_TYPE=LOCAL +# Cloud only: set COOKIE_DOMAIN=.surfsense.com so api., zero., and app +# subdomains all receive the same first-party session cookie. Leave empty for +# self-hosted Docker where Caddy serves a single origin. +# COOKIE_DOMAIN= + # Deployment mode: self-hosted enables local filesystem connectors; cloud hides them. DEPLOYMENT_MODE=self-hosted @@ -135,6 +140,19 @@ CERT_EMAIL= # ZERO_MUTATE_URL=https://surf.example.com/api/zero/mutate # ZERO_QUERY_URL=http://frontend:3000/api/zero/query # ZERO_MUTATE_URL=http://frontend:3000/api/zero/mutate +# +# Forward browser session cookies from zero-cache to the query route. Keep this +# enabled before switching the web app to cookie-only auth. +# ZERO_QUERY_FORWARD_COOKIES=true +# +# Optional shared secret for the zero-cache -> /api/zero/query hop. Set the same +# value on zero-cache and the frontend. When unset, the query route accepts the +# request for backward-compatible rollout. +# ZERO_QUERY_API_KEY= +# +# Bounds for auth revocation and RBAC membership changes on already-open sockets. +# ZERO_AUTH_REVALIDATE_INTERVAL_SECONDS=60 +# ZERO_AUTH_RETRANSFORM_INTERVAL_SECONDS=60 # ------------------------------------------------------------------------------ # Database (defaults work out of the box, change for security) diff --git a/surfsense_backend/.env.example b/surfsense_backend/.env.example index 6a8f991e4..aee79c09f 100644 --- a/surfsense_backend/.env.example +++ b/surfsense_backend/.env.example @@ -81,9 +81,24 @@ STRIPE_RECONCILIATION_INTERVAL=10m SECRET_KEY=SECRET -# JWT Token Lifetimes (optional, defaults shown) -# ACCESS_TOKEN_LIFETIME_SECONDS=86400 # 1 day -# REFRESH_TOKEN_LIFETIME_SECONDS=1209600 # 2 weeks +# JWT/session lifetimes (optional, defaults shown) +# ACCESS_TOKEN_LIFETIME_SECONDS=1800 # 30 minutes +# REFRESH_TOKEN_LIFETIME_SECONDS=1209600 # 14-day inactivity window +# REFRESH_ROTATION_GRACE_SECONDS=45 +# REFRESH_ABSOLUTE_LIFETIME_SECONDS=2592000 # 30-day absolute cap +# +# Web session cookies. Leave COOKIE_DOMAIN empty for self-hosted same-origin +# Docker. In cloud, use .surfsense.com so api., zero., and the app share the +# first-party session cookie. +# SESSION_COOKIE_NAME=surfsense_session +# REFRESH_COOKIE_NAME=surfsense_refresh +# SESSION_COOKIE_SECURE_POLICY=auto +# SESSION_COOKIE_SAMESITE=lax +# COOKIE_DOMAIN= +# +# Comma-separated allow-list for cookie-session unsafe requests. Defaults also +# include NEXT_FRONTEND_URL and SURFSENSE_PUBLIC_URL when set. +# CSRF_ALLOWED_ORIGINS=http://localhost:3000 # Personal Access Tokens (PATs). Empty/unset = no maximum; users may create # never-expiring PATs. When set, PAT creation requires an expiry <= this many days. # PAT_MAX_EXPIRY_DAYS= @@ -115,6 +130,8 @@ REGISTRATION_ENABLED=TRUE or FALSE # For Google Auth Only GOOGLE_OAUTH_CLIENT_ID=924507538m GOOGLE_OAUTH_CLIENT_SECRET=GOCSV +GOOGLE_DESKTOP_CLIENT_ID=your_google_desktop_client_id +GOOGLE_DESKTOP_CLIENT_SECRET=your_google_desktop_client_secret GOOGLE_PICKER_API_KEY=your-google-picker-api-key # Google Connector Specific Configurations diff --git a/surfsense_web/.env.example b/surfsense_web/.env.example index 11646c948..3d2d69a5a 100644 --- a/surfsense_web/.env.example +++ b/surfsense_web/.env.example @@ -48,6 +48,10 @@ NEXT_PUBLIC_POSTHOG_HOST=https://us.i.posthog.com # "/zero" endpoint behind Caddy. Set it for local dev or packaged clients. # ───────────────────────────────────────────────────────────────────────────── # NEXT_PUBLIC_ZERO_CACHE_URL=http://localhost:4848 +# Server-only shared secret that authorizes zero-cache when it calls +# /api/zero/query. Leave unset during the compatibility rollout, then set it +# once every zero-cache instance sends X-Api-Key. +# ZERO_QUERY_API_KEY= # ───────────────────────────────────────────────────────────────────────────── # Cloudflare Turnstile CAPTCHA for anonymous chat abuse prevention