Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/edgar2420/QrPermision/llms.txt

Use this file to discover all available pages before exploring further.

The PermisosQR backend is configured exclusively through environment variables. On startup, dotenv reads a .env file in the backend/ directory and injects every key into process.env before any other module loads. This means you never hard-code credentials in source code — copy .env.example to .env, fill in your values, and the server picks them up automatically.

.env.example

The repository ships a ready-to-use template. Copy it as your starting point:
cp backend/.env.example backend/.env
PORT=4000
NODE_ENV=development

DB_HOST=localhost
DB_PORT=5432
DB_NAME=permisosqr
DB_USER=postgres
DB_PASSWORD=root

JWT_SECRET=your_super_secret_jwt_key_change_in_production
JWT_EXPIRES_IN=8h

Variable Reference

VariableRequiredDefaultDescription
PORTNo4000HTTP port the Express server listens on
NODE_ENVNodevelopmentEnvironment name (development / production)
DB_HOSTYeslocalhostPostgreSQL server hostname
DB_PORTNo5432PostgreSQL port
DB_NAMEYespermisosqrDatabase name
DB_USERYespostgresPostgreSQL username
DB_PASSWORDYesrootPostgreSQL password
JWT_SECRETYesSecret key used to sign and verify JWTs
JWT_EXPIRES_INNo8hJWT token lifetime (e.g. 8h, 24h, 7d)
The default JWT_SECRET value (your_super_secret_jwt_key_change_in_production) is publicly known. Any attacker who knows it can forge valid tokens for any user, including super-admins. Always replace it before deploying to any shared or internet-facing environment.

Production Notes

  • Change JWT_SECRET to a randomly generated string of at least 32 characters. You can generate one with openssl rand -hex 32.
  • Set NODE_ENV=production so Express disables stack-trace leak in error responses and enables performance optimisations.
  • Use a strong DB_PASSWORD — avoid simple words or the default root. Prefer a randomly generated password managed by your secrets store.
  • Never commit .env to version control. The file is listed in .gitignore by default; verify that it stays there. Use environment injection provided by your hosting platform (Docker secrets, Kubernetes ConfigMaps/Secrets, or a service like AWS Secrets Manager) instead.

Health Check Endpoint

The server exposes a lightweight health check route at GET /api/health. It runs a trivial SELECT 1 query against the PostgreSQL pool and returns the result, making it suitable for load-balancer probes and uptime monitors.
curl http://localhost:4000/api/health
Success response (200 OK) — database is reachable:
{ "status": "ok", "database": "connected", "timestamp": "2024-01-15T10:30:00.000Z" }
Failure response (500 Internal Server Error) — database is unreachable:
{ "status": "error", "database": "disconnected" }
Use the health check endpoint as the first debugging step whenever the frontend reports connection issues. A "database": "disconnected" response means PostgreSQL is down or the DB_* variables are misconfigured, not a problem with the application code itself.

Build docs developers (and LLMs) love