# ============================================================================ # Mana Core Auth - Environment Configuration # ============================================================================ # Copy this file to .env and fill in your values. # Variables marked [REQUIRED] must be set. # Variables marked [REQUIRED IN PRODUCTION] are optional in development. # ============================================================================ # Environment NODE_ENV=development PORT=3001 # Logging # Options: debug, info, warn, error LOG_LEVEL=debug # ============================================================================ # Database [REQUIRED] # ============================================================================ DATABASE_URL=postgresql://manacore:manacore@localhost:5432/manacore_auth # ============================================================================ # Redis (Optional in development, recommended in production) # ============================================================================ REDIS_HOST=localhost REDIS_PORT=6379 REDIS_PASSWORD= # ============================================================================ # Base URL [REQUIRED IN PRODUCTION] # ============================================================================ # The public URL where this auth service is accessible # Used for email verification links, OIDC callbacks, etc. BASE_URL=http://localhost:3001 # ============================================================================ # Cross-Domain SSO [REQUIRED IN PRODUCTION] # ============================================================================ # Cookie domain for Single Sign-On across subdomains. # Set to '.mana.how' (with leading dot) to share sessions across: # - calendar.mana.how # - todo.mana.how # - chat.mana.how # - etc. # # Leave empty/unset for local development (cookies will be domain-specific) COOKIE_DOMAIN= # ============================================================================ # CORS [REQUIRED IN PRODUCTION] # ============================================================================ # Comma-separated list of allowed origins # In development, defaults to localhost ports if not set CORS_ORIGINS=http://localhost:3000,http://localhost:5173,http://localhost:5174,http://localhost:8081 # ============================================================================ # JWT Configuration # ============================================================================ # Note: Better Auth uses EdDSA keys stored in the database (JWKS). # These RSA keys are only used as fallback for legacy token generation. # You can leave these empty if using Better Auth's default JWKS. # JWT_PRIVATE_KEY= # JWT_PUBLIC_KEY= JWT_ACCESS_TOKEN_EXPIRY=15m JWT_REFRESH_TOKEN_EXPIRY=7d JWT_ISSUER=manacore JWT_AUDIENCE=manacore # ============================================================================ # Stripe (Optional - credit system won't work without it) # ============================================================================ # Get your keys from https://dashboard.stripe.com/apikeys STRIPE_SECRET_KEY=sk_test_... STRIPE_PUBLISHABLE_KEY=pk_test_... STRIPE_WEBHOOK_SECRET=whsec_... # ============================================================================ # SMTP (Optional - emails will be logged if not configured) # ============================================================================ # Using Brevo (formerly Sendinblue) SMTP relay SMTP_HOST=smtp-relay.brevo.com SMTP_PORT=587 SMTP_USER= SMTP_PASSWORD= SMTP_FROM=ManaCore # ============================================================================ # Credits # ============================================================================ CREDITS_SIGNUP_BONUS=150 CREDITS_DAILY_FREE=5 # ============================================================================ # Rate Limiting # ============================================================================ # TTL in seconds, limit is requests per TTL RATE_LIMIT_TTL=60 RATE_LIMIT_MAX=100 # ============================================================================ # AI Services (Optional) # ============================================================================ GOOGLE_GENAI_API_KEY=