till/managarten
1
0
Fork 0
mirror of https://github.com/Memo-2023/mana-monorepo.git synced 2026-05-14 22:41:09 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
managarten/.env.development
Wuesteon 4d15d9e764 🔒 security(auth): migrate to EdDSA JWT and add automated monitoring 
BREAKING: JWT keys are now auto-managed by Better Auth (EdDSA/Ed25519)
- Remove all JWT_PRIVATE_KEY, JWT_PUBLIC_KEY, JWT_SECRET references
- Keys stored in auth.jwks database table (auto-generated on first run)
- Delete obsolete generate-keys.sh and generate-staging-secrets.sh scripts
- Clean up legacy AUTH_*.md analysis files from root

Security Improvements:
- Add security_events table for audit logging
- Add SecurityEventsService for tracking auth events
- Enhanced security headers (HSTS, CSP, X-Frame-Options)
- Rate limiting configuration

Monitoring Setup:
- Add auth-health-check.sh for automated testing
- Add generate-dashboard.sh for HTML status dashboard
- Tests: health endpoint, JWKS (EdDSA), security headers, response time
- Ready for Hetzner cron deployment

Documentation:
- Update deployment docs with Better Auth notes
- Update environment variable references
- Add security improvements documentation

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-18 21:42:47 +01:00

294 lines
10 KiB
Text
Raw Blame History

# ============================================
# Mana Core Monorepo - Development Environment
# ============================================
# This is the central source of truth for all dev environment variables.
# Run `pnpm setup:env` to generate app-specific .env files.
#
# DO NOT commit real API keys or production values here.
# This file contains development/local values only.
# ============================================
# ============================================
# SHARED - Used across multiple apps
# ============================================
# Mana Core Auth Service
MANA_CORE_AUTH_URL=http://localhost:3001
# JWT Configuration
# Note: JWT keys are managed automatically by Better Auth (EdDSA/Ed25519)
# Keys are stored in auth.jwks table - no manual configuration needed
#
# Legacy keys below - kept for reference, no longer used:
# JWT_PRIVATE_KEY=""
# JWT_PUBLIC_KEY=""
# Database (shared Postgres for local Docker)
POSTGRES_USER=manacore
POSTGRES_PASSWORD=devpassword
# Redis
REDIS_HOST=localhost
REDIS_PORT=6379
REDIS_PASSWORD=devpassword
# MinIO Object Storage (local S3-compatible storage)
MINIO_ROOT_USER=minioadmin
MINIO_ROOT_PASSWORD=minioadmin
S3_ENDPOINT=http://localhost:9000
S3_REGION=us-east-1
S3_ACCESS_KEY=minioadmin
S3_SECRET_KEY=minioadmin
# Unified Storage (single bucket for all apps)
MANACORE_STORAGE_PUBLIC_URL=http://localhost:9000/manacore-storage
# ============================================
# MANA-CORE-AUTH SERVICE
# ============================================
MANA_CORE_AUTH_PORT=3001
MANA_CORE_AUTH_DATABASE_URL=postgresql://manacore:devpassword@localhost:5432/manacore
JWT_ACCESS_TOKEN_EXPIRY=15m
JWT_REFRESH_TOKEN_EXPIRY=7d
JWT_ISSUER=manacore
JWT_AUDIENCE=manacore
CORS_ORIGINS=http://localhost:3000,http://localhost:3002,http://localhost:5173,http://localhost:5174,http://localhost:5175,http://localhost:5176,http://localhost:5177,http://localhost:5178,http://localhost:5179,http://localhost:5180,http://localhost:5181,http://localhost:5182,http://localhost:5183,http://localhost:5184,http://localhost:5185,http://localhost:5186,http://localhost:5187,http://localhost:5188,http://localhost:5189,http://localhost:5190,http://localhost:8081
CREDITS_SIGNUP_BONUS=150
CREDITS_DAILY_FREE=5
RATE_LIMIT_TTL=60
RATE_LIMIT_MAX=100
# Stripe (test keys - get your own from Stripe dashboard)
STRIPE_SECRET_KEY=sk_test_YOUR_KEY
STRIPE_PUBLISHABLE_KEY=pk_test_YOUR_KEY
STRIPE_WEBHOOK_SECRET=whsec_YOUR_SECRET
# Brevo Email Service (get key from https://app.brevo.com/settings/keys/api)
BREVO_API_KEY=
EMAIL_SENDER_ADDRESS=noreply@manacore.ai
EMAIL_SENDER_NAME=ManaCore
# URLs for auth callbacks
BASE_URL=http://localhost:3001
FRONTEND_URL=http://localhost:5173
# ============================================
# CHAT PROJECT
# ============================================
# Chat Backend
CHAT_BACKEND_PORT=3002
CHAT_DATABASE_URL=postgresql://manacore:devpassword@localhost:5432/chat
DEV_BYPASS_AUTH=true
DEV_USER_ID=00000000-0000-0000-0000-000000000000
# OpenRouter API (all AI models via OpenRouter)
# Get your API key at https://openrouter.ai/keys
OPENROUTER_API_KEY=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
# ============================================
# MAERCHENZAUBER PROJECT
# ============================================
MAERCHENZAUBER_BACKEND_PORT=3013
MAERCHENZAUBER_APP_ID=8d2f5ddb-e251-4b3b-8802-84022a7ac77f
# Supabase
MAERCHENZAUBER_SUPABASE_URL=https://your-storyteller-project.supabase.co
MAERCHENZAUBER_SUPABASE_ANON_KEY=your-supabase-anon-key
MAERCHENZAUBER_JWT_SECRET=your-jwt-secret
# Azure OpenAI for story generation
MAERCHENZAUBER_AZURE_OPENAI_KEY=YOUR_KEY
MAERCHENZAUBER_AZURE_OPENAI_ENDPOINT=https://your-endpoint.openai.azure.com/openai/deployments/gpt-4o/chat/completions?api-version=2024-08-01-preview
# Replicate for image generation
MAERCHENZAUBER_REPLICATE_API_KEY=YOUR_KEY
# ============================================
# MEMORO PROJECT
# ============================================
MEMORO_SUPABASE_URL=https://your-memoro-project.supabase.co
MEMORO_SUPABASE_ANON_KEY=your-supabase-anon-key
MEMORO_MIDDLEWARE_API_URL=https://mana-core-middleware-111768794939.europe-west3.run.app
MEMORO_APPID=your-app-id
# ============================================
# MANACORE PROJECT
# ============================================
MANACORE_SUPABASE_URL=https://your-manacore-project.supabase.co
MANACORE_SUPABASE_ANON_KEY=your-supabase-anon-key
# ============================================
# MANADECK PROJECT
# ============================================
MANADECK_BACKEND_PORT=3009
MANADECK_DATABASE_URL=postgresql://manacore:devpassword@localhost:5432/manadeck
MANADECK_APP_ID=cea4bfc6-a4de-4e17-91e2-54275940156e
MANADECK_SUPABASE_URL=https://your-manadeck-project.supabase.co
MANADECK_SUPABASE_ANON_KEY=your-supabase-anon-key
# ============================================
# PICTURE PROJECT
# ============================================
PICTURE_BACKEND_PORT=3006
PICTURE_BACKEND_URL=http://localhost:3006
PICTURE_DATABASE_URL=postgresql://manacore:devpassword@localhost:5432/picture
# Replicate API Token for AI image generation
PICTURE_REPLICATE_API_TOKEN=r8_QlvkstNhIc6NBX1ktpQ6ibvzOE2d2UQ1Emamd
# Storage: Uses unified manacore-storage bucket (see MANACORE_STORAGE_PUBLIC_URL above)
# Credit System (staging only - freemium: 3 free images, then credits)
PICTURE_APP_ID=picture-app
PICTURE_MANA_CORE_SERVICE_KEY=
# OAuth (optional - leave empty to disable)
PICTURE_GOOGLE_CLIENT_ID=
PICTURE_APPLE_CLIENT_ID=
# ============================================
# NUTRIPHI PROJECT
# ============================================
NUTRIPHI_BACKEND_PORT=3012
NUTRIPHI_DATABASE_URL=postgresql://nutriphi:nutriphi_dev_password@localhost:5435/nutriphi
NUTRIPHI_APP_ID=nutriphi
NUTRIPHI_GEMINI_API_KEY=your-gemini-api-key-here
# Storage: Uses unified manacore-storage bucket
# ============================================
# ZITARE PROJECT
# ============================================
ZITARE_BACKEND_PORT=3007
ZITARE_DATABASE_URL=postgresql://manacore:devpassword@localhost:5432/zitare
# ============================================
# PRESI PROJECT
# ============================================
PRESI_BACKEND_PORT=3008
PRESI_DATABASE_URL=postgresql://manacore:devpassword@localhost:5432/presi
# ============================================
# VOXEL-LAVA PROJECT
# ============================================
VOXEL_LAVA_BACKEND_PORT=3010
VOXEL_LAVA_DATABASE_URL=postgresql://manacore:devpassword@localhost:5432/voxel_lava
VOXEL_LAVA_API_URL=http://localhost:3010
# ============================================
# CONTACTS PROJECT
# ============================================
CONTACTS_BACKEND_PORT=3015
CONTACTS_DATABASE_URL=postgresql://manacore:devpassword@localhost:5432/contacts
# Storage: Uses unified manacore-storage bucket
# Google OAuth for contacts import
# Get credentials from https://console.cloud.google.com/apis/credentials
# Required scopes: https://www.googleapis.com/auth/contacts.readonly
CONTACTS_GOOGLE_CLIENT_ID=your-google-client-id.apps.googleusercontent.com
CONTACTS_GOOGLE_CLIENT_SECRET=your-google-client-secret
CONTACTS_GOOGLE_REDIRECT_URI=http://localhost:5184/import?tab=google
# ============================================
# CALENDAR PROJECT
# ============================================
CALENDAR_BACKEND_PORT=3014
CALENDAR_DATABASE_URL=postgresql://manacore:devpassword@localhost:5432/calendar
# ============================================
# STORAGE PROJECT (Cloud Drive)
# ============================================
STORAGE_BACKEND_PORT=3016
STORAGE_DATABASE_URL=postgresql://manacore:devpassword@localhost:5432/storage
STORAGE_MAX_FILE_SIZE=104857600
STORAGE_MAX_FILES_PER_UPLOAD=10
# ============================================
# CLOCK PROJECT
# ============================================
CLOCK_BACKEND_PORT=3017
CLOCK_DATABASE_URL=postgresql://manacore:devpassword@localhost:5432/clock
# ============================================
# TODO PROJECT
# ============================================
TODO_BACKEND_PORT=3018
TODO_BACKEND_URL=http://localhost:3018
TODO_DATABASE_URL=postgresql://manacore:devpassword@localhost:5432/todo
# ============================================
# MOODLIT PROJECT
# ============================================
MOODLIT_BACKEND_PORT=3012
MOODLIT_DATABASE_URL=postgresql://manacore:devpassword@localhost:5432/moods
# ============================================
# MANA-GAMES PROJECT
# ============================================
MANA_GAMES_BACKEND_PORT=3011
# Google Gemini API (primary, fast)
MANA_GAMES_GOOGLE_GENAI_API_KEY=your_google_genai_key_here
# Anthropic Claude API (best code quality)
MANA_GAMES_ANTHROPIC_API_KEY=your_anthropic_key_here
# Azure OpenAI API (alternative)
MANA_GAMES_AZURE_OPENAI_ENDPOINT=https://your-endpoint.openai.azure.com
MANA_GAMES_AZURE_OPENAI_API_KEY=your_azure_openai_key_here
MANA_GAMES_AZURE_OPENAI_DEPLOYMENT=gpt-4o
# GitHub (for community submissions)
MANA_GAMES_GITHUB_TOKEN=your_github_token_here
MANA_GAMES_GITHUB_OWNER=tillschneider
MANA_GAMES_GITHUB_REPO=mana-games
# ============================================
# FINANCE PROJECT
# ============================================
FINANCE_BACKEND_PORT=3019
FINANCE_DATABASE_URL=postgresql://manacore:devpassword@localhost:5432/finance
# ============================================
# INVENTORY PROJECT
# ============================================
INVENTORY_BACKEND_PORT=3020
INVENTORY_DATABASE_URL=postgresql://manacore:devpassword@localhost:5432/inventory
# ============================================
# TECHBASE PROJECT
# ============================================
TECHBASE_BACKEND_PORT=3021
TECHBASE_DATABASE_URL=postgresql://manacore:devpassword@localhost:5432/techbase
# ============================================
# WORLDREAM GAME
# ============================================
WORLDREAM_SUPABASE_URL=https://gbsrekoykkesullxdvbd.supabase.co
WORLDREAM_SUPABASE_ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Imdic3Jla295a2tlc3VsbHhkdmJkIiwicm9sZSI6ImFub24iLCJpYXQiOjE3NTY1MTU3NzksImV4cCI6MjA3MjA5MTc3OX0.qQlZvHiB56oKTRD90fd8IasZeZELjXOA46f-hnOQA1g
WORLDREAM_OPENAI_API_KEY=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
WORLDREAM_GEMINI_API_KEY=AIzaSyB74aUj1KmJlcjNyT5uUiyDODQ6iYoAOjQ
WORLDREAM_REPLICATE_API_TOKEN=r8_QlvkstNhIc6NBX1ktpQ6ibvzOE2d2UQ1Emamd
Reference in a new issue View git blame Copy permalink