System Configuration

Learn more about Mintlify

Enter your email to receive updates about new features and product releases.

Overview
Environment Variables
Required Variables
JWT_SECRET
ADMIN_PASSWORD
Optional Variables
PORT
NODE_ENV
DB_SOURCE
LOG_LEVEL
DISABLE_AUTH_CHECKS
Configuration Files
Environment Configuration
Database Configuration
Database Management
SQLite Configuration
Schema Migrations
Seed Data
System Configuration Table
Security Configuration
JWT Tokens
Password Security
Session Management
Configuration Validation
Startup Checks
Health Monitoring
Production Checklist
Troubleshooting
Common Issues
Related Documentation

Overview

PROD-SYS uses environment variables for system configuration, enabling flexible deployment across development, test, and production environments. All configuration is centralized in the .env file and loaded at application startup.

Environment Variables

Required Variables

These variables are mandatory and the system will exit if they are not defined:

JWT_SECRET

JWT_SECRET=your_secret_key_minimum_32_characters_long

Purpose: Cryptographic key for signing and verifying JWT authentication tokens
Requirements: Minimum 32 characters for production security
Security: Never commit this value to version control
Location: backend/config/env.js:8

Use a cryptographically random string in production. Generate with: openssl rand -base64 32

ADMIN_PASSWORD

ADMIN_PASSWORD=secure_password_for_bootstrap

Purpose: Password for the initial system administrator during bootstrap
Usage: Only used during first-time initialization
Security: Change immediately after system initialization
Location: backend/domains/bootstrap/bootstrap.service.js:50

Optional Variables

PORT

PORT=3000

Default: 3000
Purpose: HTTP server port
Location: backend/config/env.js:18

NODE_ENV

NODE_ENV=production

Default: development
Values: development, test, production
Effects:
- Controls cookie security flags (secure flag in production)
- Determines database path (in-memory for test)
- Affects logging verbosity
Location: backend/config/env.js:21

DB_SOURCE

DB_SOURCE=mfcalidad.sqlite

Default: mfcalidad.sqlite
Purpose: SQLite database filename
Location: Database stored in backend/database/
Reference: backend/config/database.js:7

LOG_LEVEL

LOG_LEVEL=info

Default: info
Values: error, warn, info, http, verbose, debug
Purpose: Winston logger output level
Location: .env.example:23

DISABLE_AUTH_CHECKS

DISABLEAUTH_CHECKS=false

Default: true (development mode)
Purpose: Bypass role-based permission checks for development
Security: MUST be set to false in production
Effect: When true, all authenticated users have full system access
Location: backend/middlewares/authorize.js:21

Setting DISABLE_AUTH_CHECKS=true in production disables all role-based access controls. This is a critical security risk.

Configuration Files

Environment Configuration

The system validates required environment variables at startup:

// backend/config/env.js
const requiredEnv = ['JWT_SECRET', 'ADMIN_PASSWORD'];

requiredEnv.forEach((env) => {
  if (!process.env[env]) {
    console.error(`ERROR CRÍTICO: La variable de entorno ${env} es obligatoria.`);
    process.exit(1);
  }
});

Database Configuration

Database settings are derived from environment variables:

// backend/config/database.js
module.exports = {
  dbPath: path.resolve(__dirname, '../database', DB_SOURCE),
  adminPassword: ADMIN_PASSWORD
};

Database Management

SQLite Configuration

PROD-SYS uses SQLite with optimized settings for concurrency and reliability: Write-Ahead Logging (WAL)

PRAGMA journal_mode = WAL;

Enables concurrent reads during writes
Improves performance for multi-user environments

Foreign Key Enforcement

PRAGMA foreign_keys = ON;

Enforces referential integrity constraints
Prevents orphaned records

Synchronous Mode

PRAGMA synchronous = NORMAL;

Balances performance and data safety
Acceptable for most production workloads

Location: backend/database/sqlite.js:23-28

Schema Migrations

The system automatically performs schema migrations on startup:

Schema Detection: Checks existing table structure
Migration Execution: Applies schema changes transactionally
Data Preservation: Migrates existing data to new schema
Index Creation: Ensures performance indexes exist

Key migrations:

User domain redesign (persona-based access control)
Audit logging enhancements
Status field consolidation
Absence management tracking

Location: backend/database/sqlite.js:36-473

Seed Data

The following catalogs are automatically initialized: Roles (roles table):

Administrador
Inspector
Supervisor
Jefe de Operaciones
Gerencia
Operario

Areas (areas table):

Producción
Departamento de Calidad
Mantenimiento
Administración

Operational Roles (roles_operativos table):

Tejedor
Urdidor
Mecánico
Inspector de Calidad
Auxiliar
Supervisor de Planta

Location: backend/database/sqlite.js:1337-1391

System Configuration Table

The sistema_config table stores runtime system state:

Key	Values	Description
`estado_sistema`	`NO_INICIALIZADO`, `INICIALIZADO`	System initialization state

Bootstrap Process:

System starts with estado_sistema = 'NO_INICIALIZADO'
First admin user is created via bootstrap endpoint
State changes to INICIALIZADO
Normal authentication becomes available

Location: backend/domains/bootstrap/bootstrap.service.js:16-84

Security Configuration

JWT Tokens

Token Generation:

Algorithm: Configurable (default: HS256)
Expiration: 8 hours
Payload: User ID, username, role, persona information

Token Delivery:

HTTP-only cookie (browser protection)
Authorization header (API clients)

Cookie Settings:

res.cookie('token', result.token, {
  httpOnly: true,              // Prevents XSS access
  secure: NODE_ENV === 'production',  // HTTPS only in production
  sameSite: 'Strict',          // CSRF protection
  maxAge: 8 * 60 * 60 * 1000   // 8 hours
});

Location: backend/domains/auth/auth.controller.js:19-24

Password Security

Hashing:

Algorithm: bcrypt
Cost factor: 10
Random salt per password

Account Protection:

Failed login tracking
Automatic account lockout after 5 failed attempts
Timing attack mitigation (constant-time comparison)
Generic error messages (prevents user enumeration)

Location: backend/domains/auth/auth.service.js:54-75

Session Management

Real-time Session Validation: Every authenticated request verifies user account status:

const user = await sqlite.get(
  'SELECT estado_usuario FROM usuarios WHERE id = ?', 
  [decoded.usuario_id]
);

if (!user || user.estado_usuario !== 'Activo') {
  return next(new ForbiddenError('Su cuenta ha sido desactivada'));
}

Location: backend/middlewares/auth.middleware.js:34-42

Configuration Validation

Startup Checks

Environment validation: Required variables present
Database connectivity: SQLite file accessible
Schema integrity: Tables and indexes exist
Seed data: Default catalogs initialized
Logger initialization: Winston transport ready

Health Monitoring

Monitor these indicators for system health:

Database file size (growth rate)
WAL file size (should auto-checkpoint)
Failed login attempts (potential attacks)
System initialization state
Active user sessions

Production Checklist

Before deploying to production:

Troubleshooting

Common Issues

System won’t start:

Check required environment variables are set
Verify .env file exists and is readable
Review startup logs for specific error

Database errors:

Verify database file permissions
Check disk space availability
Ensure WAL mode is enabled

Authentication failures:

Verify JWT_SECRET hasn’t changed (invalidates existing tokens)
Check user account status in database
Review failed login attempt count

Permission denied errors (despite valid auth):

Verify DISABLE_AUTH_CHECKS is set correctly
Check user role assignments
Review permission mappings in backend/shared/auth/permissions.js

User Management

Managing user accounts and personnel

Roles & Permissions

Understanding the permission system

Audit Logs

Tracking system changes and user actions

Extrusor de Polipropileno (PP Extruder)

User Management

⌘I

Build docs developers (and LLMs) love

Get started for free Talk to us

Get Started

Core Features

User Guides

Production Processes

Administration

System Configuration

Overview

Environment Variables

Required Variables

JWT_SECRET

ADMIN_PASSWORD

Optional Variables

PORT

NODE_ENV

DB_SOURCE

LOG_LEVEL

DISABLE_AUTH_CHECKS

Configuration Files

Environment Configuration

Database Configuration

Database Management

SQLite Configuration

Schema Migrations

Seed Data

System Configuration Table

Security Configuration

JWT Tokens

Password Security

Session Management

Configuration Validation

Startup Checks

Health Monitoring

Production Checklist

Troubleshooting

Common Issues

User Management

Roles & Permissions

Audit Logs

Build docs developers (and LLMs) love

Get Started

Core Features

User Guides

Production Processes

Administration

​Overview

​Environment Variables

​Required Variables

​JWT_SECRET

​ADMIN_PASSWORD

​Optional Variables

​PORT

​NODE_ENV

​DB_SOURCE

​LOG_LEVEL

​DISABLE_AUTH_CHECKS

​Configuration Files

​Environment Configuration

​Database Configuration

​Database Management

​SQLite Configuration

​Schema Migrations

​Seed Data

​System Configuration Table

​Security Configuration

​JWT Tokens

​Password Security

​Session Management

​Configuration Validation

​Startup Checks

​Health Monitoring

​Production Checklist

​Troubleshooting

​Common Issues

​Related Documentation

User Management

Roles & Permissions

Audit Logs

Build docs developers (and LLMs) love

Overview

Environment Variables

Required Variables

JWT_SECRET

ADMIN_PASSWORD

Optional Variables

PORT

NODE_ENV

DB_SOURCE

LOG_LEVEL

DISABLE_AUTH_CHECKS

Configuration Files

Environment Configuration

Database Configuration

Database Management

SQLite Configuration

Schema Migrations

Seed Data

System Configuration Table

Security Configuration

JWT Tokens

Password Security

Session Management

Configuration Validation

Startup Checks

Health Monitoring

Production Checklist

Troubleshooting

Common Issues

Related Documentation