-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
111 lines (94 loc) · 4.36 KB
/
.env.example
File metadata and controls
111 lines (94 loc) · 4.36 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
# =============================================================================
# SPIRITUALITY PLATFORM - ENVIRONMENT VARIABLES
# =============================================================================
# Copy this file to .env and fill in your actual values
# Never commit .env to version control!
# Database Configuration
DATABASE_URL=postgresql://user:password@localhost:5432/spirituality_platform
DATABASE_HOST=localhost
DATABASE_PORT=5432
DATABASE_NAME=spirituality_platform
DATABASE_USER=postgres
DATABASE_PASSWORD=your_secure_password
# Redis Configuration
# REQUIRED: Redis is used for session management and rate limiting (T199)
# Install Redis: https://redis.io/docs/getting-started/
REDIS_URL=redis://localhost:6379
REDIS_HOST=localhost
REDIS_PORT=6379
# Application Configuration
NODE_ENV=development
PORT=4321
BASE_URL=http://localhost:4321
# SECURITY: Generate a strong random secret (min 32 characters)
# Run: node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
SESSION_SECRET=GENERATE_A_RANDOM_32_CHAR_STRING_CHANGE_THIS
# Stripe Payment Configuration
# SECURITY: Never commit real Stripe keys to git!
# Get test keys from: https://dashboard.stripe.com/test/apikeys
STRIPE_SECRET_KEY=sk_test_REPLACE_WITH_YOUR_STRIPE_SECRET_KEY
STRIPE_PUBLISHABLE_KEY=pk_test_REPLACE_WITH_YOUR_STRIPE_PUBLISHABLE_KEY
STRIPE_WEBHOOK_SECRET=whsec_REPLACE_WITH_YOUR_WEBHOOK_SECRET
# Email Configuration (Resend)
# SECURITY: Get your API key from: https://resend.com/api-keys
RESEND_API_KEY=re_REPLACE_WITH_YOUR_RESEND_API_KEY
EMAIL_FROM=noreply@yourdomain.com
EMAIL_FROM_NAME=Spirituality Platform
# Note: Email verification is enabled by default for new registrations.
# Verification emails are sent automatically after registration.
# To require email verification before login, uncomment the check in src/pages/api/auth/login.ts
# WhatsApp Configuration (Twilio)
# SECURITY: Get credentials from https://console.twilio.com
TWILIO_ACCOUNT_SID=REPLACE_WITH_YOUR_TWILIO_ACCOUNT_SID
TWILIO_AUTH_TOKEN=REPLACE_WITH_YOUR_TWILIO_AUTH_TOKEN
# Twilio WhatsApp sender number (must be whatsapp: prefixed)
TWILIO_WHATSAPP_FROM=whatsapp:+14155238886
# Comma-separated list of admin WhatsApp numbers (format: whatsapp:+1234567890,whatsapp:+0987654321)
ADMIN_WHATSAPP_NUMBERS=whatsapp:+1234567890
# SECURITY WARNING: Never set BYPASS_ADMIN_AUTH=true in production!
# This flag is for local development ONLY when Redis is unavailable
# BYPASS_ADMIN_AUTH=false
# Admin Configuration
ADMIN_EMAIL=admin@yourdomain.com
# File Upload Configuration
UPLOAD_DIR=./uploads
MAX_FILE_SIZE=10485760
ALLOWED_FILE_TYPES=jpg,jpeg,png,pdf,mp3,mp4
# Security Configuration
BCRYPT_ROUNDS=10
# SECURITY: Generate strong random secrets (min 32 characters each)
# Run: node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
JWT_SECRET=GENERATE_A_RANDOM_32_CHAR_STRING_CHANGE_THIS
CSRF_SECRET=GENERATE_A_RANDOM_32_CHAR_STRING_CHANGE_THIS
# SECURITY: Required for download link generation - no default allowed!
DOWNLOAD_TOKEN_SECRET=GENERATE_A_RANDOM_32_CHAR_STRING_CHANGE_THIS
# Rate Limiting (T199 - Implemented)
# Rate limiting is automatically configured per endpoint type:
# - Auth endpoints (login/register): 5 requests / 15 minutes
# - Email verification: 3 requests / hour
# - Checkout: 10 requests / minute
# - Search: 30 requests / minute
# - Upload: 10 requests / 10 minutes
# - Admin API: 200 requests / minute
# See: src/lib/ratelimit.ts for all profiles
# =============================================================================
# OPTIONAL PRODUCTION SERVICES
# =============================================================================
# Cloud Storage (AWS S3 - for production file uploads)
# AWS_ACCESS_KEY_ID=your_aws_access_key
# AWS_SECRET_ACCESS_KEY=your_aws_secret_key
# AWS_REGION=us-east-1
# AWS_S3_BUCKET=your-bucket-name
# Monitoring & Error Tracking (Sentry)
# SENTRY_DSN=your_sentry_dsn
# SENTRY_ENVIRONMENT=development
# Maps API (for event locations)
# GOOGLE_MAPS_API_KEY=your_google_maps_key
# MAPBOX_API_KEY=your_mapbox_key
# Cloudflare Stream (Video Hosting - T181, T186, T191)
# SECURITY: Get credentials from https://dash.cloudflare.com/
# Create API token with Stream:Edit permissions
# Configure webhook secret for processing status notifications
# CLOUDFLARE_ACCOUNT_ID=your_cloudflare_account_id
# CLOUDFLARE_API_TOKEN=your_cloudflare_api_token
# CLOUDFLARE_WEBHOOK_SECRET=your_webhook_secret