Update .env.example

conf/.env.example

@@ -54,7 +54,14 @@ LOG_CHANNEL=daily
 APP_LOG_LEVEL=notice
 
 
-# Database config & credentials
+# If you're looking for performance improvements, you could install memcached.
+
+CACHE_DRIVER=file
+SESSION_DRIVER=file
+FILESYSTEM_DRIVER=local
+
+
+#### Database config & credentials ####
 
 # DB_CONNECTION=sqlite
 # DB_DATABASE="path/to/your/database.sqlite"
@@ -69,12 +76,7 @@ DB_USERNAME=__DB_USER__
 DB_PASSWORD=__DB_PWD__
 
 
-# If you're looking for performance improvements, you could install memcached.
-CACHE_DRIVER=file
-SESSION_DRIVER=file
-
-
-# Mail settings
+#### Mail settings ####
 
 # Refer your email provider documentation to configure your mail settings
 # Set a value for every available setting to avoid issue
@@ -90,6 +92,67 @@ MAIL_FROM_NAME=null
 MAIL_FROM_ADDRESS=null
 
 
+#### Authentication settings ####
+
+# The default authentication guard
+#
+# Supported:
+#   'web-guard' : The Laravel built-in auth system (default if nulled)
+#   'reverse-proxy-guard' : When 2FAuth is deployed behind a reverse-proxy that handle authentication
+#
+# WARNING
+# When using 'reverse-proxy-guard' 2FAuth only look for the dedicated headers and skip all other built-in
+# authentication checks. That means your proxy is fully responsible of the authentication process, 2FAuth will
+# trust him as long as headers are presents.
+
+AUTHENTICATION_GUARD=web-guard
+
+# Name of the HTTP headers sent by the reverse proxy that identifies the authenticated user at proxy level.
+# Check your proxy documentation to find out how these headers are named (i.e 'REMOTE_USER', 'REMOTE_EMAIL', etc...)
+# (only relevant when AUTHENTICATION_GUARD is set to 'reverse-proxy-guard')
+
+AUTH_PROXY_HEADER_FOR_USER=
+AUTH_PROXY_HEADER_FOR_EMAIL=
+
+
+#### WebAuthn settings ####
+
+# Relying Party name, aka the name of the application. If null, defaults to APP_NAME
+
+WEBAUTHN_NAME=
+
+# Relying Party ID. If null, the device will fill it internally.
+# See https://webauthn-doc.spomky-labs.com/pre-requisites/the-relying-party#how-to-determine-the-relying-party-id
+
+WEBAUTHN_ID=
+
+# Optional image data in BASE64 (128 bytes maximum) or an image url
+# See https://webauthn-doc.spomky-labs.com/pre-requisites/the-relying-party#relying-party-icon
+
+WEBAUTHN_ICON=
+
+# Use this setting to control how user verification behave during the
+# WebAuthn authentication flow.
+#
+# Most authenticators and smartphones will ask the user to actively verify
+# themselves for log in. For example, through a touch plus pin code,
+# password entry, or biometric recognition (e.g., presenting a fingerprint).
+# The intent is to distinguish one user from any other.
+#
+# Supported:
+#   'required': Will ALWAYS ask for user verification
+#   'preferred' (default) : Will ask for user verification IF POSSIBLE
+#   'discouraged' : Will NOT ask for user verification (for example, to minimize disruption to the user interaction flow)
+
+WEBAUTHN_USER_VERIFICATION=
+
+# Use this setting to declare trusted proxied.
+# Supported:
+#   '*': to trust any proxy
+#   A comma separated IP list: The list of proxies IP to trust
+
+TRUSTED_PROXIES=
+
 # Leave the following configuration vars as is.
 # Unless you like to tinker and know what you're doing.