chore: update example env

.env.example

@@ -1,22 +1,84 @@
-PORT=3000
-ADDRESS=0.0.0.0
-APP_URL=http://localhost:3000
-USERS=your_user_password_hash
-USERS_FILE=users_file
-SECURE_COOKIE=false
-OAUTH_WHITELIST=
-GENERIC_NAME=My OAuth
-SESSION_EXPIRY=7200
-LOGIN_TIMEOUT=300
-LOGIN_MAX_RETRIES=5
-LOG_LEVEL=debug
-APP_TITLE=Tinyauth SSO
-FORGOT_PASSWORD_MESSAGE=Some message about resetting the password
-OAUTH_AUTO_REDIRECT=none
-BACKGROUND_IMAGE=some_image_url
-GENERIC_SKIP_SSL=false
-RESOURCES_DIR=/data/resources
-DATABASE_PATH=/data/tinyauth.db
-DISABLE_ANALYTICS=false
-DISABLE_RESOURCES=false
-TRUSTED_PROXIES=
+# Base Configuration
+
+# The base URL where Tinyauth is accessible
+TINYAUTH_APPURL=https://auth.example.com
+# Log level: trace, debug, info, warn, error
+TINYAUTH_LOGLEVEL=info
+# Directory for static resources
+TINYAUTH_RESOURCESDIR=/data/resources
+# Path to SQLite database file
+TINYAUTH_DATABASEPATH=/data/tinyauth.db
+# Disable version heartbeat
+TINYAUTH_DISABLEANALYTICS=false
+# Disable static resource serving
+TINYAUTH_DISABLERESOURCES=false
+# Disable UI warning messages
+TINYAUTH_DISABLEUIWARNINGS=false
+
+# Server Configuration
+
+# Port to listen on
+TINYAUTH_SERVER_PORT=3000
+# Interface to bind to (0.0.0.0 for all interfaces)
+TINYAUTH_SERVER_ADDRESS=0.0.0.0
+# Unix socket path (optional, overrides port/address if set)
+TINYAUTH_SERVER_SOCKETPATH=
+# Comma-separated list of trusted proxy IPs/CIDRs
+TINYAUTH_SERVER_TRUSTEDPROXIES=
+
+# Authentication Configuration
+
+# Format: username:bcrypt_hash (use bcrypt to generate hash)
+TINYAUTH_AUTH_USERS=admin:$2a$10$example_bcrypt_hash_here
+# Path to external users file (optional)
+TINYAUTH_USERSFILE=
+# Enable secure cookies (requires HTTPS)
+TINYAUTH_SECURECOOKIE=true
+# Session expiry in seconds (7200 = 2 hours)
+TINYAUTH_SESSIONEXPIRY=7200
+# Login timeout in seconds (300 = 5 minutes)
+TINYAUTH_LOGINTIMEOUT=300
+# Maximum login retries before lockout
+TINYAUTH_LOGINMAXRETRIES=5
+
+# OAuth Configuration
+
+# Regex pattern for allowed email addresses (e.g., /@example\.com$/)
+TINYAUTH_OAUTH_WHITELIST=
+# Provider ID to auto-redirect to (skips login page)
+TINYAUTH_OAUTH_AUTOREDIRECT=
+# OAuth Provider Configuration (replace MYPROVIDER with your provider name)
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_CLIENTID=your_client_id_here
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_CLIENTSECRET=your_client_secret_here
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_AUTHURL=https://provider.example.com/oauth/authorize
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_TOKENURL=https://provider.example.com/oauth/token
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_USERINFOURL=https://provider.example.com/oauth/userinfo
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_REDIRECTURL=https://auth.example.com/oauth/callback/myprovider
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_SCOPES=openid email profile
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_NAME=My OAuth Provider
+# Allow self-signed certificates
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_INSECURE=false
+
+# UI Customization
+
+# Custom title for login page
+TINYAUTH_UI_TITLE=Tinyauth
+# Message shown on forgot password page
+TINYAUTH_UI_FORGOTPASSWORDMESSAGE="Contact your administrator to reset your password"
+# Background image URL for login page
+TINYAUTH_UI_BACKGROUNDIMAGE=
+
+# LDAP Configuration
+
+# LDAP server address
+TINYAUTH_LDAP_ADDRESS=ldap://ldap.example.com:389
+# DN for binding to LDAP server
+TINYAUTH_LDAP_BINDDN=cn=readonly,dc=example,dc=com
+# Password for bind DN
+TINYAUTH_LDAP_BINDPASSWORD=your_bind_password
+# Base DN for user searches
+TINYAUTH_LDAP_BASEDN=dc=example,dc=com
+# Search filter (%s will be replaced with username)
+TINYAUTH_LDAP_SEARCHFILTER=(&(uid=%s)(memberOf=cn=users,ou=groups,dc=example,dc=com))
+# Allow insecure LDAP connections
+TINYAUTH_LDAP_INSECURE=false