2023-01-28 20:44:50 +01:00
#### Part-DB Configuration
2023-02-09 00:14:36 +01:00
# See https://docs.part-db.de/configuration.html for documentation of available options
2023-01-28 20:44:50 +01:00
###################################################################################
# Database settings
###################################################################################
2019-02-23 16:49:38 +01:00
2020-01-07 18:48:34 +01:00
# Format described at https://www.doctrine-project.org/projects/doctrine-dbal/en/latest/reference/configuration.html#connecting-using-a-url
# IMPORTANT: You MUST configure your server version, either here or in config/packages/doctrine.yaml
2020-06-13 23:58:59 +02:00
# Use a file (SQLite) as database. For bigger instances you should use a real database server (like MySQL)
DATABASE_URL = "sqlite:///%kernel.project_dir%/var/app.db"
# Uncomment this line (and comment the line above to use a MySQL database
2020-01-07 18:48:34 +01:00
#DATABASE_URL=mysql://root:@127.0.0.1:3306/part-db?serverVersion=5.7
2020-06-13 23:58:59 +02:00
2023-12-10 00:36:29 +01:00
# Set this value to 1, if you want to use SSL to connect to the MySQL server. It will be tried to use the CA certificate
# otherwise a CA bundle shipped with PHP will be used.
# Leave it at 0, if you do not want to use SSL or if your server does not support it
DATABASE_MYSQL_USE_SSL_CA = 0
# Set this value to 0, if you don't want to verify the CA certificate of the MySQL server
# Only do this, if you know what you are doing!
DATABASE_MYSQL_SSL_VERIFY_CERT = 1
2024-06-18 00:09:44 +02:00
# Emulate natural sorting of strings even on databases that do not support it (like SQLite, MySQL or MariaDB < 10.7)
2024-06-21 12:31:25 +02:00
# This can be slow on big databases and might have some problems and quirks, so use it with caution
2024-06-18 00:09:44 +02:00
DATABASE_EMULATE_NATURAL_SORT = 0
2023-01-28 20:44:50 +01:00
###################################################################################
# General settings
###################################################################################
2019-02-24 18:32:03 +01:00
2025-11-30 15:01:37 +01:00
# The public reachable URL of this Part-DB installation. This is used for generating links in SAML and email templates or when no request context is available.
2023-02-22 00:50:51 +01:00
DEFAULT_URI = "https://partdb.changeme.invalid/"
2019-12-01 12:48:59 +01:00
###################################################################################
2023-01-28 20:44:50 +01:00
# Email settings
2019-12-01 12:48:59 +01:00
###################################################################################
# The DSN of the email server that should be used for sending emails (disabled by default)
# See Transport section of https://symfony.com/doc/current/components/mailer.html for available providers and syntax
MAILER_DSN = null://null
#MAILER_DSN=smtp://user:password@smtp.mailserver.invalid:587
# The email address from which all Part-DB emails should be sent. Change this when you configure email!
EMAIL_SENDER_EMAIL = noreply@partdb.changeme
2023-01-28 20:44:50 +01:00
# The sender name which should be used for all Part-DB emails
EMAIL_SENDER_NAME = "Part-DB Mailer"
2019-12-01 12:48:59 +01:00
# Set this to 1 to allow reset of a password per email
ALLOW_EMAIL_PW_RESET = 0
2023-01-28 20:44:50 +01:00
###################################################################################
# Error pages settings
###################################################################################
# You can set an email address here, which is shown on an error page, how to contact an administrator
ERROR_PAGE_ADMIN_EMAIL = ''
# If this is set to true, solutions to common problems are shown on error pages. Disable this, if you do not want your users to see them...
ERROR_PAGE_SHOW_HELP = 1
2026-02-01 19:17:22 +01:00
###################################################################################
# Update Manager settings
###################################################################################
2026-02-03 20:16:24 +01:00
# Disable web-based updates from the Update Manager UI (0=enabled, 1=disabled).
# When disabled, use the CLI command "php bin/console partdb:update" instead.
2026-02-02 21:18:03 +01:00
DISABLE_WEB_UPDATES = 1
2026-02-01 19:17:22 +01:00
2026-02-03 20:16:24 +01:00
# Disable backup restore from the Update Manager UI (0=enabled, 1=disabled).
# Restoring backups is a destructive operation that could overwrite your database.
2026-02-02 21:18:03 +01:00
DISABLE_BACKUP_RESTORE = 1
2023-07-31 00:57:33 +02:00
Add manual backup creation and delete buttons to Update Manager (#1255)
* Add manual backup creation and delete buttons to Update Manager
- Add "Create Backup" button in the backups tab for on-demand backups
- Add delete buttons (trash icons) for update logs and backups
- New controller routes with CSRF protection and permission checks
- Use data-turbo-confirm for CSP-safe confirmation dialogs
- Add deleteLog() method to UpdateExecutor with filename validation
* Add Docker backup support: download button, SQLite restore fix, decouple from auto-update
- Decouple backup creation/restore UI from can_auto_update so Docker
and other non-git installations can use backup features
- Add backup download endpoint for saving backups externally
- Fix SQLite restore to use configured DATABASE_URL path instead of
hardcoded var/app.db (affects Docker and custom SQLite paths)
- Show Docker-specific warning about var/backups/ not being persisted
- Pass is_docker flag to template via InstallationTypeDetector
* Add tests for backup/update manager improvements
- Controller tests: auth, CSRF validation, 404 for missing backups, restore disabled check
- UpdateExecutor: deleteLog validation, non-existent file, successful deletion
- BackupManager: deleteBackup validation for missing/non-zip files
* Fix test failures: add locale prefix to URLs, correct log directory path
* Fix auth test: expect 401 instead of redirect for HTTP Basic auth
* Improve test coverage for update manager controller
Add happy-path tests for backup creation, deletion, download,
and log deletion with valid CSRF tokens. Also test the locked
state blocking backup creation.
* Fix CSRF tests: initialize session before getting tokens
* Fix CSRF tests: extract tokens from rendered page HTML
* Harden backup security: password confirmation, CSRF, env toggle
Address security review feedback from jbtronics:
- Add IS_AUTHENTICATED_FULLY to all sensitive endpoints (create/delete
backup, delete log, download backup, start update, restore)
- Change backup download from GET to POST with CSRF token
- Require password confirmation before downloading backups (backups
contain sensitive data like password hashes and secrets)
- Add DISABLE_BACKUP_DOWNLOAD env var (default: disabled) to control
whether backup downloads are allowed
- Add password confirmation modal with security warning in template
- Add comprehensive tests: auth checks, env var blocking, POST-only
enforcement, status/progress endpoint auth
* Fix download modal: use per-backup modals for CSP/Turbo compatibility
- Replace shared modal + inline JS with per-backup modals that have
filename pre-set in hidden fields (no JavaScript needed)
- Add data-turbo="false" to download forms for native browser handling
- Add data-bs-dismiss="modal" to submit button to auto-close modal
- Add hidden username field for Chrome accessibility best practice
- Fix test: GET on POST-only route returns 404 not 405
* Fixed translation keys
* Fixed text justification in download modal
* Hardenened security of deleteLogEndpoint
* Show whether backup, restores and updates are allowed or disabled by sysadmin on update manager
* Added documentation for update manager related env variables
---------
Co-authored-by: Jan Böhmer <mail@jan-boehmer.de>
2026-03-07 19:31:00 +01:00
# Disable backup download from the Update Manager UI (0=enabled, 1=disabled).
# Backups contain sensitive data including password hashes and secrets.
# When enabled, users must confirm their password before downloading.
DISABLE_BACKUP_DOWNLOAD = 1
2023-02-22 00:50:51 +01:00
###################################################################################
# SAML Single sign on-settings
###################################################################################
# Set this to 1 to enable SAML single sign on
2023-12-10 22:52:42 +01:00
# Be also sure to set the correct values for DEFAULT_URI
2023-02-22 00:50:51 +01:00
SAML_ENABLED = 0
2023-11-25 01:45:08 +01:00
# Set to 1, if your Part-DB installation is behind a reverse proxy and you want to use SAML
SAML_BEHIND_PROXY = 0
2023-02-27 23:47:42 +01:00
# A JSON encoded array of role mappings in the form { "saml_role": PARTDB_GROUP_ID, "*": PARTDB_GROUP_ID }
2023-03-04 16:52:17 +01:00
# The first match is used, so the order is important! Put the group mapping with the most privileges first.
2023-02-28 16:34:51 +01:00
# Please not to only use single quotes to enclose the JSON string
SAML_ROLE_MAPPING = '{}'
2023-02-27 23:47:42 +01:00
# A mapping could look like the following
2023-03-04 16:52:17 +01:00
#SAML_ROLE_MAPPING='{ "*": 2, "admin": 1, "editor": 3}'
2023-02-27 23:47:42 +01:00
# When this is set to 1, the group of SAML users will be updated everytime they login based on their SAML roles
SAML_UPDATE_GROUP_ON_LOGIN = 1
2023-02-22 00:50:51 +01:00
# The entity ID of your SAML IDP (e.g. the realm name of your Keycloak server)
SAML_IDP_ENTITY_ID = "https://idp.changeme.invalid/realms/master"
# The URL of your SAML IDP SingleSignOnService (e.g. the endpoint of your Keycloak server)
SAML_IDP_SINGLE_SIGN_ON_SERVICE = "https://idp.changeme.invalid/realms/master/protocol/saml"
# The URL of your SAML IDP SingleLogoutService (e.g. the endpoint of your Keycloak server)
SAML_IDP_SINGLE_LOGOUT_SERVICE = "https://idp.changeme.invalid/realms/master/protocol/saml"
# The public certificate of the SAML IDP (e.g. the certificate of your Keycloak server)
SAML_IDP_X509_CERT = "MIIC..."
# The entity of your SAML SP, must match the SP entityID configured in your SAML IDP (e.g. Keycloak).
# This should be a the domain name of your Part-DB installation, followed by "/sp"
SAML_SP_ENTITY_ID = "https://partdb.changeme.invalid/sp"
# The public certificate of the SAML SP
SAML_SP_X509_CERT = "MIIC..."
# The private key of the SAML SP
2023-08-01 15:31:40 +02:00
SAML_SP_PRIVATE_KEY = "MIIE..."
2023-02-22 00:50:51 +01:00
2023-01-28 20:44:50 +01:00
######################################################################################
# Other settings
######################################################################################
# In demo mode things it is not possible for a user to change his password and his settings.
DEMO_MODE = 0
# Change this to true, if no url rewriting (like mod_rewrite for Apache) is available
# In that case all URL contains the index.php front controller in URL
NO_URL_REWRITE_AVAILABLE = 0
2021-10-02 21:04:31 +02:00
2024-01-25 22:58:52 +01:00
# Set to 1, if Part-DB should redirect all HTTP requests to HTTPS. You dont need to configure this, if your webserver already does this.
REDIRECT_TO_HTTPS = 0
2024-03-09 00:11:00 +01:00
# Set this to zero, if you want to disable the year 2038 bug check on 32-bit systems (it will cause errors with current 32-bit PHP versions)
DISABLE_YEAR2038_BUG_CHECK = 0
2023-01-28 20:44:50 +01:00
# Set the trusted IPs here, when using an reverse proxy
2023-11-11 23:22:30 +01:00
#TRUSTED_PROXIES=127.0.0.0/8,::1,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
2023-02-11 21:55:24 +01:00
#TRUSTED_HOSTS='^(localhost|example\.com)$'
###> symfony/lock ###
# Choose one of the stores below
# postgresql+advisory://db_user:db_password@localhost/db_name
LOCK_DSN = flock
###< symfony/lock ###
2023-08-06 00:42:34 +02:00
###> nelmio/cors-bundle ###
CORS_ALLOW_ORIGIN = '^https?://(localhost|127\.0\.0\.1)(:[0-9]+)?$'
###< nelmio/cors-bundle ###
2025-07-13 16:40:14 +02:00
###> symfony/framework-bundle ###
APP_ENV = prod
2025-08-30 21:46:42 +02:00
APP_SECRET = a03498528f5a5fc089273ec9ae5b2849
2025-11-30 14:50:46 +01:00
APP_SHARE_DIR = var/share
2025-07-13 16:40:14 +02:00
###< symfony/framework-bundle ###
