The PermisosQR backend is configured exclusively through environment variables. On startup,Documentation Index
Fetch the complete documentation index at: https://mintlify.com/edgar2420/QrPermision/llms.txt
Use this file to discover all available pages before exploring further.
dotenv reads a .env file in the backend/ directory and injects every key into process.env before any other module loads. This means you never hard-code credentials in source code — copy .env.example to .env, fill in your values, and the server picks them up automatically.
.env.example
The repository ships a ready-to-use template. Copy it as your starting point:Variable Reference
| Variable | Required | Default | Description |
|---|---|---|---|
PORT | No | 4000 | HTTP port the Express server listens on |
NODE_ENV | No | development | Environment name (development / production) |
DB_HOST | Yes | localhost | PostgreSQL server hostname |
DB_PORT | No | 5432 | PostgreSQL port |
DB_NAME | Yes | permisosqr | Database name |
DB_USER | Yes | postgres | PostgreSQL username |
DB_PASSWORD | Yes | root | PostgreSQL password |
JWT_SECRET | Yes | — | Secret key used to sign and verify JWTs |
JWT_EXPIRES_IN | No | 8h | JWT token lifetime (e.g. 8h, 24h, 7d) |
Production Notes
Production security checklist
Production security checklist
- Change
JWT_SECRETto a randomly generated string of at least 32 characters. You can generate one withopenssl rand -hex 32. - Set
NODE_ENV=productionso Express disables stack-trace leak in error responses and enables performance optimisations. - Use a strong
DB_PASSWORD— avoid simple words or the defaultroot. Prefer a randomly generated password managed by your secrets store. - Never commit
.envto version control. The file is listed in.gitignoreby default; verify that it stays there. Use environment injection provided by your hosting platform (Docker secrets, Kubernetes ConfigMaps/Secrets, or a service like AWS Secrets Manager) instead.
Health Check Endpoint
The server exposes a lightweight health check route atGET /api/health. It runs a trivial SELECT 1 query against the PostgreSQL pool and returns the result, making it suitable for load-balancer probes and uptime monitors.
200 OK) — database is reachable:
500 Internal Server Error) — database is unreachable: