# SecureAuth Configuration (Node.js/Express)
# Author: Bwalya Adrian Mange (106-293)

# Server Configuration
PORT=3000
NODE_ENV=development

# JWT Configuration
JWT_SECRET=your-super-secret-jwt-key-change-this-in-production
JWT_ALGORITHM=HS256
JWT_TEMP_EXPIRY_MINUTES=5
JWT_FULL_EXPIRY_HOURS=24

# Bcrypt Configuration
BCRYPT_ROUNDS=12

# TOTP Configuration
TOTP_ISSUER=SecureAuth-CUZ
TOTP_WINDOW=1

# Security Configuration
INACTIVITY_TIMEOUT_MINUTES=5
MAX_FAILED_ATTEMPTS=5
LOCKOUT_DURATION_MINUTES=30

# ═══════════════════════════════════════════════════════════════════
# DDOS PROTECTION CONFIGURATION
# ═══════════════════════════════════════════════════════════════════

# Request Size Limits
MAX_REQUEST_SIZE=100000              # 100KB - Prevents large payload attacks

# IP-Based Protection
MAX_REQUESTS_PER_MINUTE=60           # Normal traffic threshold
AUTO_BAN_THRESHOLD=100               # Auto-ban after 100 requests/minute
BAN_DURATION_MINUTES=30              # Ban duration in minutes

# Connection Limits
MAX_CONCURRENT_CONNECTIONS=100       # Max connections per IP

# Database
DATABASE_PATH=./secureauth.db
