idlerpg/site.config.php.example at main · NetIRC/idlerpg · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
<?php
/**
 * TEMPLATE: copy to site.config.php (gitignored). Keys and types must stay in sync with
 * public/includes/bootstrap.php ($IRPG: db_path, case_sensitive_names, debug, admin_panel).
 *
 * Typical locations:
 * - Next to public/: .../myproject/site.config.php (single tree).
 * - Bot + config in ~/idlerpg, web root is ~/public_html: keep site.config.php in ~/idlerpg/
 *   (bootstrap looks for ../idlerpg/site.config.php from public_html).
 * - Or set public/includes/local-root.php (see local-root.php.example) to that folder path.
 *
 * PHP needs read access to the SQLite the Node bot writes (same path as IRPG_DB_PATH in .env).
 */

return [
    // Same file as IRPG_DB_PATH in the bot .env. Prefer an ABSOLUTE path if the bot’s cwd
    // differs from this file’s folder. Relative values resolve from the directory of site.config.php.
    // PHP also tries siteRoot/data/idlerpg.db where siteRoot is the folder that contains public/
    // siteRoot is the folder that contains public/ — see bootstrap.php irpg_pick_readable_sqlite().
    // Linux: '/home/you/idlerpg/data/idlerpg.db' — Windows: 'C:/xampp/idlerpg/data/idlerpg.db'
    'db_path' => __DIR__ . '/data/idlerpg.db',

    // Same as IRPG_CASE_SENSITIVE_NAMES in the bot .env (true/false)
    'case_sensitive_names' => true,

    // Production: false. Set true temporarily to see exact paths/errors in API JSON (then turn off).
    'debug' => false,

    // Optional web flag for status line ("AI: active/inactive"). If omitted, bootstrap falls back
    // to IRPG_AI_ENABLED from the environment; if neither is present, web shows inactive.
    'ai_enabled' => false,

    // Optional hardened admin panel (public/admin/index.php).
    'admin_panel' => [
        // Keep false until fully configured.
        'enabled' => false,
        // Password hash generated with: php -r "echo password_hash('StrongPassHere', PASSWORD_DEFAULT), PHP_EOL;"
        // Reset example (forgot password): php -r "echo password_hash('NewStrongPass', PASSWORD_DEFAULT), PHP_EOL;"
        // If you forget the password later, generate a new hash and replace this value.
        // Example hash format: '$2y$10$.....................................................'
        'password_hash' => '',
        // Optional TOTP second factor (Google Authenticator/Authy/1Password).
        'totp_enabled' => false,
        // Base32 secret, e.g. generated with: openssl rand -base64 20 (then convert to base32) or any TOTP app seed tool.
        'totp_secret_base32' => '',
        'totp_issuer' => 'IdleRPG Admin',
        // IP allowlist (exact IP or CIDR). Keep narrow in production.
        'ip_allowlist' => ['127.0.0.1', '::1'],
        // Force HTTPS for admin requests (recommended in production).
        'require_https' => true,
        // Authenticated session TTL in seconds.
        'session_ttl_sec' => 1800,
    ],
];