Daily Dice Roll

A daily dice roll web app built with Next.js, Supabase, Vercel, and Tailwind. Authenticated users roll 5 six-sided dice once per day — roll 5 of a kind to enter the winner pool.

Setup

1. Environment variables

Copy the example env file:

cp .env.example .env.local

Fill in the values:

Variable	Where to get it
`NEXT_PUBLIC_SUPABASE_URL`	Supabase Dashboard > Project Settings > API > Project URL
`NEXT_PUBLIC_SUPABASE_ANON_KEY`	Supabase Dashboard > Project Settings > API > Project API keys > `anon` `public`
`SUPABASE_SERVICE_ROLE_KEY`	Supabase Dashboard > Project Settings > API > Project API keys > `service_role` `secret`
`ROLL_WINDOW_CLOSE_HOUR`	The UTC hour (0-23) when the daily roll window closes. Defaults to `21` (9pm UTC).
`CRON_SECRET`	A random secret string you generate (e.g. `openssl rand -hex 32`). Used to authenticate the daily cron job endpoint. Must match the value set in Vercel environment variables.

The NEXT_PUBLIC_ prefixed variables are exposed to the browser — this is intentional and safe. The anon key is designed to be public; it only grants access allowed by your Row Level Security policies. The SUPABASE_SERVICE_ROLE_KEY is never exposed to the browser and bypasses RLS — keep it secret.

2. Install dependencies

npm install

3. Run the dev server

npm run dev

This starts Next.js on http://localhost:3000.

Network binding and security

By default, npm run dev runs with --hostname localhost, which binds the dev server to 127.0.0.1 only. This means the server is not accessible from other devices on your network. This is intentional — on public wifi or shared networks, an exposed dev server leaks your application, environment variables in server-rendered pages, and potentially your Supabase service role key through server actions.

Exposing to your local network

If you need to access the dev server from another device (e.g. testing on a phone, or from a VM), change the dev script in package.json:

"dev": "next dev --hostname 0.0.0.0",

0.0.0.0 binds to all network interfaces, making the server accessible at your machine's local IP (e.g. http://192.168.1.x:3000).

When this is useful:

Testing on a physical mobile device
Accessing from a local VM or container
Showing your work to someone on the same network

When to avoid it:

On public or untrusted wifi (coffee shops, airports, coworking spaces)
Any time your machine is on a network you don't control

Switch it back to --hostname localhost when you're done. Don't commit the 0.0.0.0 change.

Tech stack

Next.js (App Router, TypeScript)
Supabase (auth + Postgres)
Tailwind CSS v4
Vercel (deployment target)

Name		Name	Last commit message	Last commit date
Latest commit History 16 Commits
.github/workflows		.github/workflows
app		app
public		public
utils/supabase		utils/supabase
.env.example		.env.example
.gitattributes		.gitattributes
.gitignore		.gitignore
AGENTS.md		AGENTS.md
CLAUDE.md		CLAUDE.md
README.md		README.md
eslint.config.mjs		eslint.config.mjs
next.config.ts		next.config.ts
package-lock.json		package-lock.json
package.json		package.json
postcss.config.mjs		postcss.config.mjs
proxy.ts		proxy.ts
tsconfig.json		tsconfig.json
vercel.ts		vercel.ts

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Daily Dice Roll

Setup

1. Environment variables

2. Install dependencies

3. Run the dev server

Network binding and security

Exposing to your local network

Tech stack

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

Daily Dice Roll

Setup

1. Environment variables

2. Install dependencies

3. Run the dev server

Network binding and security

Exposing to your local network

Tech stack

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Packages