# SMS Campaign Manager Configuration # Copy this file to .env and fill in your actual values # NEVER commit .env to version control! # Android Device Configuration PHONE_IP=100.107.173.66 ADB_PORT=5555 TERMUX_API_PORT=5001 # Flask Application FLASK_ENV=production DEFAULT_DELAY_SECONDS=3 # SMS Automation (ADB tap coordinates for your device) # Adjust these based on your device's screen resolution SEND_BUTTON_X=1300 SEND_BUTTON_Y=2900 # SMS Retry Configuration SMS_MAX_RETRIES=3 SMS_RETRY_BASE_DELAY=2 SMS_MAX_RETRY_DELAY=8 # ============================================================================= # SECURITY - API KEYS # ============================================================================= # Generate these keys by running: python3 src/core/auth.py # NEVER share these keys or commit them to git! # ============================================================================= # Admin API Key - Full access including database reset # Use for: Personal admin access, critical operations ADMIN_API_KEY=generate_this_with_python3_src_core_auth_py # User API Key - Regular application access # Use for: Web dashboard, normal API operations, automated campaigns USER_API_KEY=generate_this_with_python3_src_core_auth_py # Termux API Key - Android device communication # Use for: Communication between Flask server and Android Termux TERMUX_API_KEY=generate_this_with_python3_src_core_auth_py # Flask Secret Key - For session management and CSRF protection SECRET_KEY=generate_this_with_python3_src_core_auth_py # Termux API Secret - Used by Android Termux API server # Should match TERMUX_API_KEY value TERMUX_API_SECRET=same_as_termux_api_key_above # ============================================================================= # USER MANAGEMENT (Optional - for web dashboard login) # ============================================================================= # Create an initial admin user from environment variables # After first login, you can use the CLI tool: python3 manage_users.py # ============================================================================= # Default admin username and password (optional) # If set, will create this user on first run ADMIN_USERNAME=admin ADMIN_PASSWORD=change_this_password_immediately # ============================================================================= # RATE LIMITING - Configurable Rate Limits # ============================================================================= # Adjust these values to control API rate limits per IP address # Format: "X per minute/hour/day" (can specify multiple, comma-separated) # Lower values = more restrictive, Higher values = more permissive # ============================================================================= # Default rate limits (applied to all endpoints unless overridden) # Recommended: 200 per hour, 1000 per day RATE_LIMIT_DEFAULT=200 per hour, 1000 per day # Login endpoint (prevent brute force password attacks) # Recommended: 5-10 per minute (very restrictive to prevent attacks) RATE_LIMIT_LOGIN=5 per minute # SMS sending endpoints (prevent spam and abuse) # Recommended: 10 per minute, 100 per hour, 500 per day # Adjust based on your SMS sending volume needs RATE_LIMIT_SMS=10 per minute, 100 per hour, 500 per day # File upload endpoints (prevent resource exhaustion) # Recommended: 10 per hour, 50 per day # Adjust based on how often you upload contact lists RATE_LIMIT_UPLOAD=10 per hour, 50 per day # Database reset endpoint (prevent accidental/malicious data loss) # Recommended: 2 per hour (very restrictive - this is destructive) RATE_LIMIT_DATABASE_RESET=2 per hour