2026-05-21 20:32:29 +02:00
|
|
|
# Mimic backend — example env. Copy to .env (gitignored) and adapt.
|
|
|
|
|
|
|
|
|
|
MIMIC_ENV=development
|
|
|
|
|
MIMIC_SECRET_KEY=replace-me-with-secrets.token_urlsafe-32
|
|
|
|
|
MIMIC_FERNET_KEY=
|
|
|
|
|
|
|
|
|
|
# Database
|
|
|
|
|
POSTGRES_DB=mimic
|
|
|
|
|
POSTGRES_USER=mimic_app
|
|
|
|
|
POSTGRES_PASSWORD=mimic_dev_password
|
|
|
|
|
MIMIC_DATABASE_URL=postgresql+psycopg://mimic_app:mimic_dev_password@localhost:5432/mimic
|
|
|
|
|
MIMIC_DATABASE_AUDIT_URL=postgresql+psycopg://mimic_audit_writer:CHANGE_ME@localhost:5432/mimic
|
|
|
|
|
|
|
|
|
|
# Session / cookies
|
|
|
|
|
MIMIC_SESSION_COOKIE_SECURE=false
|
|
|
|
|
MIMIC_SESSION_COOKIE_SAMESITE=Lax
|
|
|
|
|
|
|
|
|
|
# CORS (frontend dev)
|
|
|
|
|
MIMIC_CORS_ORIGINS=http://localhost:5173
|
|
|
|
|
|
|
|
|
|
# Logging
|
|
|
|
|
MIMIC_LOG_LEVEL=DEBUG
|
|
|
|
|
MIMIC_LOG_JSON=false
|
feat(backend): add content-addressed gzip blob store (D-012)
Two on-disk pools per D-012:
- `MIMIC_BLOB_ROOT` (default `/var/lib/mimic/blobs/`) holds C2 polling
output blobs, content-addressed gzip layout `<aa>/<bb>/<sha256>.gz`.
- `MIMIC_EVIDENCE_ROOT` (default `/var/lib/mimic/evidence/`) reserved for
user-uploaded evidence (flat per-engagement, no compression). Wired only
in config + .env.example here; F8 endpoint lands later.
`mimic.storage.blob`:
- `blob_path(root, sha256_hex)` validates the digest and returns the CAS
path. Raises ValueError on a malformed digest (length != 64 or non-hex).
- `store_blob(root, data)` hashes, gzip-compresses, atomically writes to
`<aa>/<bb>/<sha256>.gz` (0o750 dir perms, 0o640 file perms). Idempotent:
duplicate writes leave mtime untouched.
5 new unit tests cover happy path, deduplication, idempotency, malformed
digest, and the two-byte-pair directory layout.
2026-05-21 20:44:59 +02:00
|
|
|
|
|
|
|
|
# Storage pools (D-012)
|
|
|
|
|
MIMIC_BLOB_ROOT=/var/lib/mimic/blobs
|
|
|
|
|
MIMIC_EVIDENCE_ROOT=/var/lib/mimic/evidence
|
