2023-04-03 21:47:18 +00:00
|
|
|
|
#-----------------------Backend Config------------------------------#
|
|
|
|
|
|
# Prisma Config
|
|
|
|
|
|
DATABASE_URL=postgresql://postgres:testpass@hoppscotch-db:5432/hoppscotch
|
|
|
|
|
|
|
2024-08-14 07:34:12 +00:00
|
|
|
|
# Sensitive Data Encryption Key while storing in Database (32 character)
|
2025-08-27 08:03:27 +00:00
|
|
|
|
DATA_ENCRYPTION_KEY=data encryption key with 32 char
|
2024-08-14 07:34:12 +00:00
|
|
|
|
|
feat: platform independent core and the new desktop app (#4684)
* feat(desktop): init
* feat(desktop): external app download and setup
* feat(desktop): offload app load to plugin system
* perf(desktop): add rdbms facade and caching layer
* feat: parallelize signing, shared trust, lru cache
* feat: webapp encoder + compressor + hasher server
* feat(desktop): app autoupdate with hashed loader
* feat(kernel): init `hoppscotch-kernel`
* feat(kernel): `io`
* feat(kernel): `network`
* feat(kernel): `network` - native interceptor
* feat(kernel): `network` - interceptor - rest
* feat(kernel): `network` - interceptor - graphql
* feat(kernel): `network` - interceptor - capabilities
* feat(kernel): `network` - interceptor - `FormData`
* feat(kernel): `network` - interceptor - `oauth2.0`
* feat(kernel): `store`
* feat(desktop): dragging, traffic light, plugin workspaces
* feat(kernel|wip): `store`
* feat(kernel): `network` - capabilities - with active
* feat(kernel|wip): `network` - interceptor - `proxy`
* feat(kernel|wip): `network` - relay ext
* feat(kernel): `network` - interceptor - `proxy`
* feat(kernel): `network` - interceptor - decoding
* feat(kernel): `network` - interceptor - Kernel Err
* feat(kernel): `network` - flow transformation
* feat(kernel): `network` - request status
* fix(desktop): repositioning traffic lights on fullscreen exit
* feat(kernel): `network` - interceptor - `agent`
* feat(kernel): `store` - track updates
* feat(kernel): `network` - interceptor - extension
* feat(kernel): `network` - updates as overrides
* feat(interceptor): pre-process request encoding
* fix(ui): mismatched extension button size/position
* feat(kernel): `network` - interceptor - `browser`
* feat(native): common certs componsable
* fix(kernel): interceptor selection store and json parse
* feat(kernel): `network` - consistent multipart encoding
* feat(kernel): `network` - interceptor - `OAuth2.0`
* feat(kernel): `network` - interceptor - cookie support
* feat(agent): registration list, log-sink, relay
* feat(kernel): `network` - interceptor subtitles
* feat(kernel): `store` - persist network settings
* fix(agent): encrypted ser/de certificate requests
* feat(kernel): `kernelInterceptor` spotlight service
* fix(kernel): gql introspection edge-case schema
* ref: conditionals for migrated components
* feat(kernel): `localaccess` capability via relay
* feat(kernel): `network` - explicit types and lint
* feat(kernel): `store` - isolate host and platform
* feat(kernel): `store` - persistence service
* fix(infra): whitelisted origins, non-std engines
* feat(desktop): impl deep-link callbacks
* feat(kernel): `auth`
* feat(kernel): `io` - event listeners
* feat(kernel): platform migration
* fix: dep `vue` import on Win 11
Fixes `error TS2305: Module '"vue"' has no exported member
'VueConstructor'.` arising from `splitpane` dependency.
* fix(webapp-server): platform independent res paths
* feat(desktop): auth and emit via embedded server
* feat(platform): host, csp and bundle compatibility
- Bundle name format for using as host
- Windows UI handler HWND casting and version detection
- CSP headers type handling in URI protocol
- Protocol whitelist in env config
* feat(desktop|wip): login flow with `auth-tokens`
feat(desktop|wip): typesafe auth
* feat(backend): `auth` token flow, gql/websocket
feat(desktop): working auth for gql
feat: gql client with refresh token
* feat(backend): `auth` token flow, authorization bearer
* fix(gen): qualifier clash when invalidating cache
* feat(common): coordinated initialization service
* fix(desktop): appload persistence in data json
* feat(desktop|wip): desktop icons and updater
* fix: typos in readme docs
* fix: docker ignore copying on windows
* fix: update `.lock` file after rebase
* fix: `persistenceService` setup in tests
* fix: remove old console logs
* fix: console error on invalid schema
Show console error if default value is used when loading invalid data from
local storage
* fix(test): `PersistenceService` methods
* fix(test): `PersistenceService` rest tab state
* fix(test): `PersistenceService` gql tab state
* fix(test): `PersistenceService` global env
* fix(test): `PersistenceService` mqtt request
* fix(test): `PersistenceService` sse request
* fix(test): `PersistenceService` socketio request
* fix(test): `PersistenceService` websocket request
* fix(test): `PersistenceService` secret environment
* fix(test): `PersistenceService` selected env
* fix(test): `PersistenceService` collections
* fix(test): `PersistenceService` environments
* fix(test): `PersistenceService` history
* fix(test): `PersistenceService` settings
* fix(test): `PersistenceService` migrations
* fix(test): `InspectionService` request inspector
* feat(desktop): button to clear bundle/key cache
This is useful when there are partial updates to the web app or bundle gen server
which haven't been correctly propagated when the app bundle was downloaded.
If the user were to change the self host instance without updating the
desktop app; which is possible albeit rarely under very certain circumstances,
desktop app will refuse to load the bundle, this is because the desktop app
cannot differentiate between partial updates vs incorrect bundle being hosted
since both will fail verification.
The button lets the user decide what should be the appropriate action,
clear the bundle and trust the hosted app
or make sure the app is built and hosted correctly.
* fix(desktop): enforce one version per instance
This was part of a leftover scaffolding from development.
* fix(desktop): bundle url not stored after download
* fix(desktop): stalling progress on updates
* fix(backend): helper to parse cookie into kv-pairs
* feat(desktop): launch session on working endpoints
* fix(common): preserve `auth` structure and default
* fix: loading native networking with kernel mode
* fix: fallback for unhandled response error
* fix: `urlencoded` content request processing
* feat: `interceptor` - error mapping for `browser`
* fix: backwards compatibility for `digest` auth
* fix: platform check for `initializationService`
* fix: `interceptor` - analytics `strategy` resolution
* fix: `interceptor` - check for `cookies` component
* fix: enable digest auth support for `native`
* test: `interceptor` - kernel interceptor
* fix(relay): `grantType` casing for OAuth2.0
* test(wip): kernel transformers
* fix(relay): auth headers discarding others
* fix(desktop): http version deserialization
* fix(common): `grantType` extractor, auth processor
* fix: `PersistenceService` - parsing edge cases
* fix(infra): post rebase fixup
* fix(web): component structure and lint
* fix(desktop): cohesive splash opener, scroll url section
* fix: explicit auto auth and docs on url auth
* fix(relay): special chars failing proxy auth
* fix: finer cert control setting option
* fix: post-rebase fixup
* feat(appload): ability to vendor pre-built bytes
* fix: avoid copying over `target` dir in containers
* fix: auth key missing in capability set
* fix(desktop): relax `refresh_token` requirement
This is to support Firebase token
* fix(desktop): normalization for Windows WebView
* feat(desktop): instance switcher and vendored app
* fix(desktop): merge artifacts and conflicts
* feat(desktop): instance switcher improvements
* fix: derive instance name from normalized name
* fix: pkg links, lints and UI edge cases
* feat(desktop): restore window state after relaunch
* fix(desktop): distinguish header for cloud/default
* fix: instance switcher in web mode
* fix: close dropdown on new instance modal
* fix: whitelist vendored app origin
* feat(desktop): platform parity - `collections`
* fix: history entries population desync
* fix(desktop): check for history storage status
* fix(desktop): safe parse `globalEnv`
* feat(desktop): platform parity - `environment`
* fix: use settings store for proxy url
* fix: lint, unused imports
* fix: proxy input enabled for other interceptors
* feat: reverse proxy for desktop app server
* fix: duplicate entries after connecting to sh
* fix: specify instance org qualified
* fix: remove debugging logs
* feat(desktop): enable `devtools` in release builds
* fix(desktop): prepend protocol validation edgecase
* feat(desktop): clear cache on removing instance
* fix: better response toast message
* fix: avoid reverse proxy for webapp server
* fix(desktop): ignore subpath in instance name
* feat: switcher ui/ux improvements
* feat: more switcher ui/ux improvements
* feat(server): specify bundle version at build time
* fix(desktop): missing migration as rebase artifact
* fix: minor switcher ui/ux improvement
* fix: rebase artifacts
* fix: consolidated toast on success
* fix: missing i18n strings
* fix(desktop): handle drag and drop fe side
* feat: confirmation modal on instance removal
* chore: minor UI update
* chore: minor UI changes
* fix: gql connection partial refactor
* fix: resolve merge artifacts
* chore: prod lint
* feat(desktop): better desktop app update ux
* fix: broken gql connection.ts
---------
Co-authored-by: nivedin <nivedinp@gmail.com>
Co-authored-by: Andrew Bastin <andrewbastin.k@gmail.com>
2025-02-27 18:31:25 +00:00
|
|
|
|
# Whitelisted origins for the Hoppscotch App.
|
|
|
|
|
|
# This list controls which origins can interact with the app through cross-origin comms.
|
|
|
|
|
|
# - localhost ports (3170, 3000, 3100): app, backend, development servers and services
|
|
|
|
|
|
# - app://localhost_3200: Bundle server origin identifier
|
|
|
|
|
|
# NOTE: `3200` here refers to the bundle server (port 3200) that provides the bundles,
|
|
|
|
|
|
# NOT where the app runs. The app itself uses the `app://` protocol with dynamic
|
|
|
|
|
|
# bundle names like `app://{bundle-name}/`
|
2025-08-27 08:03:27 +00:00
|
|
|
|
WHITELISTED_ORIGINS=http://localhost:3170,http://localhost:3000,http://localhost:3100,app://localhost_3200,app://hoppscotch
|
2023-04-03 21:47:18 +00:00
|
|
|
|
|
2025-08-18 16:22:17 +00:00
|
|
|
|
# If true, the client’s IP address is understood as the left-most entry in the X-Forwarded-For header
|
|
|
|
|
|
TRUST_PROXY=false
|
2023-04-03 21:47:18 +00:00
|
|
|
|
|
|
|
|
|
|
#-----------------------Frontend Config------------------------------#
|
|
|
|
|
|
|
2022-10-06 19:20:48 +00:00
|
|
|
|
# Base URLs
|
2023-04-03 21:47:18 +00:00
|
|
|
|
VITE_BASE_URL=http://localhost:3000
|
|
|
|
|
|
VITE_SHORTCODE_BASE_URL=http://localhost:3000
|
2023-04-06 06:11:01 +00:00
|
|
|
|
VITE_ADMIN_URL=http://localhost:3100
|
2022-06-06 20:27:48 +00:00
|
|
|
|
|
|
|
|
|
|
# Backend URLs
|
2023-04-03 21:47:18 +00:00
|
|
|
|
VITE_BACKEND_GQL_URL=http://localhost:3170/graphql
|
2023-05-30 00:23:02 +00:00
|
|
|
|
VITE_BACKEND_WS_URL=ws://localhost:3170/graphql
|
2023-04-03 21:47:18 +00:00
|
|
|
|
VITE_BACKEND_API_URL=http://localhost:3170/v1
|
2022-10-29 22:16:40 +00:00
|
|
|
|
|
2023-04-04 15:29:31 +00:00
|
|
|
|
# Terms Of Service And Privacy Policy Links (Optional)
|
2023-04-18 17:44:06 +00:00
|
|
|
|
VITE_APP_TOS_LINK=https://docs.hoppscotch.io/support/terms
|
|
|
|
|
|
VITE_APP_PRIVACY_POLICY_LINK=https://docs.hoppscotch.io/support/privacy
|
2023-11-22 14:05:35 +00:00
|
|
|
|
|
2025-04-25 12:31:17 +00:00
|
|
|
|
# Set default to null as https://proxy.hoppscotch.io/ doesn't require an access token
|
|
|
|
|
|
VITE_PROXYSCOTCH_ACCESS_TOKEN=
|
|
|
|
|
|
|
2023-11-22 14:05:35 +00:00
|
|
|
|
# Set to `true` for subpath based access
|
|
|
|
|
|
ENABLE_SUBPATH_BASED_ACCESS=false
|
2026-05-06 13:06:35 +00:00
|
|
|
|
|
|
|
|
|
|
#-----------------------Docker Image Config-------------------------#
|
|
|
|
|
|
# Used by docker-compose.prod.yml and Makefile image targets.
|
|
|
|
|
|
API_CLIENT_REGISTRY=forge.lclr.dev
|
|
|
|
|
|
API_CLIENT_NAMESPACE=thibaud-lclr
|
|
|
|
|
|
API_CLIENT_IMAGE_PREFIX=api-client
|
|
|
|
|
|
API_CLIENT_TAG=latest
|
2026-05-06 14:51:07 +00:00
|
|
|
|
|
|
|
|
|
|
#-----------------------Coolify Prod Local Defaults----------------#
|
|
|
|
|
|
# Used only when running docker-compose.prod.yml locally.
|
2026-05-11 14:48:08 +00:00
|
|
|
|
# In production, Coolify auto-generates SERVICE_FQDN_* and SERVICE_URL_* from the
|
|
|
|
|
|
# domain configured in the Coolify UI (editable per deployment).
|
|
|
|
|
|
SERVICE_FQDN_HOPPSCOTCH_80=http://localhost:3000
|
|
|
|
|
|
SERVICE_FQDN_HOPPSCOTCH=http://localhost:3000
|
|
|
|
|
|
SERVICE_URL_HOPPSCOTCH=localhost:3000
|
2026-05-06 14:51:07 +00:00
|
|
|
|
SERVICE_PASSWORD_POSTGRES=testpass
|
2026-05-06 15:16:36 +00:00
|
|
|
|
SERVICE_BASE64_HOPPSCOTCH=0123456789abcdef0123456789abcdef
|