-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathappsettings.Development.json
More file actions
246 lines (221 loc) · 10.5 KB
/
appsettings.Development.json
File metadata and controls
246 lines (221 loc) · 10.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
{
// ===========================================================================================
// DEVELOPMENT ENVIRONMENT CONFIGURATION
// ===========================================================================================
// This file overrides settings in appsettings.json for local development
// Settings here are ONLY used when running in Development environment
//
// How environment detection works:
// - Determined by ASPNETCORE_ENVIRONMENT variable
// - Visual Studio automatically sets this to "Development"
// - In production, set to "Production"
//
// Configuration loading order (later files override earlier):
// 1. appsettings.json (base configuration)
// 2. appsettings.{Environment}.json (environment-specific)
// 3. User Secrets (development only)
// 4. Environment Variables
// 5. Command-line arguments
// ===========================================================================================
// ===== Development Logging Configuration =====
// More verbose logging for debugging and troubleshooting
// Production uses less verbose settings for performance
"Logging": {
"LogLevel": {
// Default: Debug level shows detailed information for debugging
// Includes: method entry/exit, variable values, execution flow
// Performance impact: Higher than Information (acceptable in dev)
"Default": "Debug",
// ASP.NET Core: Information level for request/response details
// Shows: HTTP requests, route matching, middleware execution
// Useful for debugging routing and middleware issues
"Microsoft.AspNetCore": "Information",
// Entity Framework Core: Information level for database queries
// Shows: Generated SQL queries, parameter values, query execution time
// Essential for debugging database operations
"Microsoft.EntityFrameworkCore": "Information",
// Application logs: Debug level for maximum visibility
// Shows all application-specific logging
"CleanArchitecture.ApiTemplate": "Debug"
}
},
// ===========================================================================================
// DEVELOPMENT JWT SETTINGS (DO NOT USE IN PRODUCTION)
// ===========================================================================================
// Development-friendly JWT configuration
// - Longer expiration times for easier testing
// - Clear labeling (Dev suffix) to prevent production confusion
// - Simpler secret key (still meets minimum length requirement)
//
// 🚨 WARNING: These settings are intentionally insecure for development convenience
// NEVER deploy to production with these settings!
"JwtSettings": {
// Development secret key (32+ characters required)
// Different from production to prevent accidental token interchange
// Clearly labeled as "Development" to avoid confusion
"SecretKey": "Development_Secret_Key_32Characters_Minimum!",
// Issuer: Labeled as "Dev" to differentiate from production tokens
// Tokens generated in dev won't be accepted by production API
"Issuer": "CleanArchitecture.ApiTemplate.Dev",
// Audience: Labeled as "Dev" environment
"Audience": "CleanArchitecture.ApiTemplate.Api.Dev",
// Longer expiration for development convenience
// 120 minutes (2 hours) reduces need to repeatedly generate tokens
// Allows longer debugging sessions without token expiration
// Production: Use 15-30 minutes for security
"ExpirationMinutes": 120,
// Longer refresh token expiration for development
// 30 days: Very permissive for local testing
// Production: Use 7-14 days maximum
"RefreshTokenExpirationDays": 30
},
// ===========================================================================================
// DEVELOPMENT EXTERNAL API CONFIGURATION
// ===========================================================================================
// Configuration for testing external API integrations locally
"ThirdPartyApi": {
// JSONPlaceholder: Free fake REST API for testing
// Provides realistic data without requiring real API credentials
// Features: users, posts, comments, albums, photos, todos
// No authentication required (perfect for development)
//
// Documentation: https://jsonplaceholder.typicode.com/
"BaseUrl": "https://jsonplaceholder.typicode.com/",
// Development API key placeholder
// For APIs that require authentication:
// 1. Sign up for a developer account
// 2. Get API key from provider
// 3. Store in User Secrets (not in source control)
// 4. Replace this placeholder
//
// To use User Secrets:
// 1. Right-click project → Manage User Secrets
// 2. Add: "ThirdPartyApi": { "ApiKey": "your-actual-key" }
// 3. User Secrets override this setting locally
"ApiKey": "dev-api-key-placeholder-replace-with-real-key",
// Longer timeout for development (60 seconds)
// Allows:
// - Debugging external API calls with breakpoints
// - Testing with slow development APIs
// - Network throttling for testing timeout handling
// Production: Use 30 seconds or less
"Timeout": 60
},
// ===========================================================================================
// DEVELOPMENT CORS CONFIGURATION (MORE PERMISSIVE)
// ===========================================================================================
// Allow more origins for local development convenience
// Supports various local development scenarios
"Cors": {
"AllowedOrigins": [
// HTTPS development server (default Blazor port)
"https://localhost:7000",
// Alternative HTTPS port (Kestrel default)
"https://localhost:5001",
// HTTP development server (for testing non-HTTPS scenarios)
// 🚨 NOTE: HTTPS should be used even in development
// This is here for legacy/compatibility testing only
"http://localhost:5000"
]
},
// ===========================================================================================
// DEVELOPMENT RATE LIMITING (MORE PERMISSIVE)
// ===========================================================================================
// Relaxed rate limits for development and testing
// Allows rapid API testing without hitting limits
//
// Development vs Production:
// - Dev: 200 req/min, 5000 req/hour (very permissive)
// - Prod: 60 req/min, 1000 req/hour (more restrictive)
"IpRateLimiting": {
// Enable rate limiting even in development
// Ensures code doesn't break when deployed to production
// Helps catch issues with rate limit handling early
"EnableEndpointRateLimiting": true,
// Don't stack blocked requests in development
// Makes testing rate limiting easier
"StackBlockedRequests": false,
// Development rate limit rules (more permissive)
"GeneralRules": [
{
// Per-minute limit: 200 requests
// Allows rapid testing: ~3 requests per second
// Enough for automated tests and rapid manual testing
"Endpoint": "*",
"Period": "1m",
"Limit": 200
},
{
// Hourly limit: 5000 requests
// Allows intensive development sessions
// High enough that legitimate development never hits it
// Low enough to catch runaway loops in code
"Endpoint": "*",
"Period": "1h",
"Limit": 5000
}
]
},
// ===========================================================================================
// DEVELOPMENT DATABASE CONFIGURATION
// ===========================================================================================
// More verbose logging and error details for debugging database issues
"DatabaseSettings": {
// LocalDB connection (built into Visual Studio)
// No installation required, perfect for development
// Database file stored in user's AppData folder
"ConnectionString": "Server=(localdb)\\mssqllocaldb;Database=CleanArchitecture.ApiTemplate;Trusted_Connection=True;TrustServerCertificate=True;MultipleActiveResultSets=True",
// Enable sensitive data logging in development
// Shows parameter values in SQL queries for debugging
// Example: "SELECT * FROM Users WHERE Email = @p0" with @p0 = "user@example.com"
"EnableSensitiveDataLogging": true,
// Enable detailed errors in development
// Shows full exception details including SQL query text
// Helps debug query issues and schema problems
"EnableDetailedErrors": true,
// Command timeout: 60 seconds (generous for development)
// Allows debugging queries with breakpoints
"CommandTimeout": 60,
// Retry configuration (same as production)
// Tests retry logic during development
"MaxRetryCount": 3,
"MaxRetryDelay": 30,
// Query splitting: false (default behavior)
// Can set to true to test splitting behavior
"EnableQuerySplitting": false
}
// ===========================================================================================
// DEVELOPMENT TIPS & BEST PRACTICES
// ===========================================================================================
//
// 1. USER SECRETS FOR SENSITIVE DATA:
// Don't hardcode API keys or passwords even in development
// Use User Secrets feature:
// - Right-click project → Manage User Secrets
// - Store sensitive values there (never committed to source control)
//
// 2. HTTPS EVEN IN DEVELOPMENT:
// Use HTTPS certificates even locally (Visual Studio generates them)
// Prevents certificate issues when deploying to production
// Matches production behavior more closely
//
// 3. TEST WITH PRODUCTION-LIKE SETTINGS:
// Occasionally test with stricter settings (short JWT expiration, etc.)
// Ensures code handles token refresh, rate limiting, etc.
//
// 4. ENVIRONMENT VARIABLE TESTING:
// Test overriding settings via environment variables
// Ensures deployment configuration works correctly
//
// 5. LOG LEVEL MANAGEMENT:
// Use Debug for active development
// Switch to Information when sharing logs (less noise)
// Use Warning/Error for performance testing
//
// 6. DATABASE CONFIGURATION:
// Use local database for development (LocalDB, SQLite)
// Don't connect to production databases from development
// Use realistic test data
//
// ===========================================================================================
}