Configuration

conf.js

const path = require('path');
require('dotenv').config({ path: path.resolve(__dirname, '.env') });
module.exports = {
  host:     process.env.host,
  user:     process.env.user,
  password: process.env.password,
  dbPort:   process.env.dbPort,
  database: process.env.database,
};

This is the entire configuration surface. Only MySQL credentials are exposed; nothing else.

Required environment variables

Var	Used by	Required?	Notes
host	(in conf.js, but conf.js isn't require'd by server.js!)	unused in standalone	The standalone repo's conf.js is not required by server.js. This means conf.js is dead code in standalone mode. The production copy in someli-api/ consumes the main someli-api/conf.js instead.
user, password, dbPort, database	same	unused in standalone	same
port	server.js:5 (process.env.port \|\| 6001)	optional	Defaults to 6001
SESSION_SECRET	server.js:8	optional	Defaults to literal "change-me" — a hardcoded fallback secret is a finding. See security.md.
NODE_ENV	routes/index.js:1	required for runtime mode switching	If unset or anything other than "development", the routes will try to require("../../actions/actions") and fail — the standalone repo doesn't have an ../../actions/.

Production runtime config

When the production copy runs (i.e., these files are checked out as someli-api/dashboard/), it inherits configuration from the main someli-api:

• DB credentials from someli-api/conf.js (which reads .env)
• Session secret from the main someli-api express-session middleware (the dashboard's own session middleware overlaps)
• Process env passed through PM2's ecosystem.config.js

So in production, the configuration story for this repo is "see someli-api/configuration.md".

Local-dev runtime config

When NODE_ENV=development, the routes pull from mock/, which uses hardcoded data. No .env is required to start the server in this mode; it will boot and respond with mock data on every request.

This makes the standalone repo's primary value its mock harness, not its configurability.