# Configuration

[<-- Click to return to README.md](./README.md)

We recommend that you store the configuration file `config.json` in a safe place where Galvanic Corrosion can access it (the current directory).<br>
No other user on your server system should be able to access the file.

## Redis
Redis is database software and must be installed for Galvanic Corrosion.

Redis Cloud is recommended for most users, though you can opt to install<br>
your own self-hosted server using [their install guide for your platform.](https://redis.io/docs/latest/operate/oss_and_stack/install/install-stack/)

You'll need an admin user and password to connect to your Redis instance.<br>
Place the credentials in `config.json`.

The database index can be used to quickly swap persistent databases.<br>
If you are unsure of what this does, leave it unchanged.

## Network

Galvanic Corrosion listens on two ports:
* 13370/tcp(http) - for web endpoints
* 13371/tcp(http+ws) - for websockets

Currently, HTTPS and WSS are unsupported *directly* on GC. You can use a compatiblble reverse proxy solution to secure your server.<br>
[Cloudflare Tunnels](https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/) (requires a domain with Cloudflare) are recommended.

Port-forward or expose your server in some way. HTTPS is **strongly** recommended for your public address.

Once your server is reachable, the nameserver (and similar functions) need to know what the public "official" address of your server is.<br>
For example, your server listens on 10.0.0.6:13370(+13371) but is tunneled to my-gc-server(-socket).coolguy.xyz:
- Set the "public host" for `web` and `socket` in `config.json` to the "official" address of your server
    * In the example, my-gc-server.coolguy.xyz and my-gc-server-socket.coolguy.xyz
    * This includes port numbers, but not the protocol
- If your public address uses HTTPS (it should for proper authentication), enable `securepublichost`

You can test your configuration by navigating to `https://your-server.coolguy.xyz/ns`.<br>
Each field should contain your server's public address with an optional path at the end.

## Public Configuration
This section contains basic information regarding your server.

`serverName`: Somewhat invisible to players, but is an official label your server could appear as (to future server lists?)

`serverId`: Used in the authentication process, uniquely identifies your server to clients. Players should never see this.<br>
Ideally, this should be unique for every server, and can be chosen by the server administrator.<br>
Example: zombieb-cool-gc-server

`owner`: That's you! You can insert your handle for any social networking site or some form of identification here.

`motd`: Seen on the dormroom's community board, a short string that displays some message.

`levelScale`: Beginning at 1 and ending at `maxLevels`, how far apart (XP) each level is.

`maxLevels`: The maximum number of levels.

`patches`: *Currently not implemented.* Patch list sent to the client for various game preferences.

`photonRegionId`: The region to connect to when using Photon Cloud. When using the self-hosted PhotonSocketServer,<br>
this can be anything *except* for "none" or 4, since there is only one server to connect to and the game uses offline mode when the region ID is set to none.

`initialRoom`: On game startup, redirects the player to this room name instead of their DormRoom. Set to null if a "natural" startup is preferred.<br>
This room must not be private and must be matchmakeable.

## Logging
These three values expose booleans you can change to enable/disable logging various messages used for debugging or troubleshooting purposes.

## Discord
Can be `null`. Currently unused.

A Discord Bot is planned for interacting with your server outside of the game.

## Auth
Parameters used by the server's authentication mechanisms.

`secret`: Used to generate tokens. Should never be shared (the entire file) and can be a string of characters containing no words or patterns.
<br>Use secure cryptography APIs in programming languages to generate random strings.

`timeout`: The maximum age for a token.

### Auth Verification
Can be `null`. Cloudflare Turnstile is used to verify users before they create their account.

`enabled`: `true` by default. This section may also be `null`.<br>
This enables the `GET /user/verify` endpoint that is presented to users wishing to create an account.<br>
`POST /user/verify` is used for Turnstile siteverify.

`sitekey`: Turnstile sitekey from Cloudflare dashboard

`secretkey`: Turnstile secretkey from Cloudflare dashboard