till/managarten
1
0
Fork 0
mirror of https://github.com/Memo-2023/mana-monorepo.git synced 2026-05-15 21:39:39 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
managarten/services/mana-core-auth/.env.example
Till-JS f03c09ff17 feat(auth): enable cross-domain SSO via shared cookies on .mana.how 
- Configure Better Auth with crossSubDomainCookies for .mana.how domain
- Add COOKIE_DOMAIN environment variable (production: .mana.how)
- Sync trustedOrigins with all production subdomains
- Users now login once and are authenticated across all apps

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-02 03:58:29 +01:00

104 lines
4.1 KiB
Text
Raw Blame History

# ============================================================================
# Mana Core Auth - Environment Configuration
# ============================================================================
# Copy this file to .env and fill in your values.
# Variables marked [REQUIRED] must be set.
# Variables marked [REQUIRED IN PRODUCTION] are optional in development.
# ============================================================================
# Environment
NODE_ENV=development
PORT=3001
# Logging
# Options: debug, info, warn, error
LOG_LEVEL=debug
# ============================================================================
# Database [REQUIRED]
# ============================================================================
DATABASE_URL=postgresql://manacore:manacore@localhost:5432/manacore_auth
# ============================================================================
# Redis (Optional in development, recommended in production)
# ============================================================================
REDIS_HOST=localhost
REDIS_PORT=6379
REDIS_PASSWORD=
# ============================================================================
# Base URL [REQUIRED IN PRODUCTION]
# ============================================================================
# The public URL where this auth service is accessible
# Used for email verification links, OIDC callbacks, etc.
BASE_URL=http://localhost:3001
# ============================================================================
# Cross-Domain SSO [REQUIRED IN PRODUCTION]
# ============================================================================
# Cookie domain for Single Sign-On across subdomains.
# Set to '.mana.how' (with leading dot) to share sessions across:
# - calendar.mana.how
# - todo.mana.how
# - chat.mana.how
# - etc.
#
# Leave empty/unset for local development (cookies will be domain-specific)
COOKIE_DOMAIN=
# ============================================================================
# CORS [REQUIRED IN PRODUCTION]
# ============================================================================
# Comma-separated list of allowed origins
# In development, defaults to localhost ports if not set
CORS_ORIGINS=http://localhost:3000,http://localhost:5173,http://localhost:5174,http://localhost:8081
# ============================================================================
# JWT Configuration
# ============================================================================
# Note: Better Auth uses EdDSA keys stored in the database (JWKS).
# These RSA keys are only used as fallback for legacy token generation.
# You can leave these empty if using Better Auth's default JWKS.
# JWT_PRIVATE_KEY=
# JWT_PUBLIC_KEY=
JWT_ACCESS_TOKEN_EXPIRY=15m
JWT_REFRESH_TOKEN_EXPIRY=7d
JWT_ISSUER=manacore
JWT_AUDIENCE=manacore
# ============================================================================
# Stripe (Optional - credit system won't work without it)
# ============================================================================
# Get your keys from https://dashboard.stripe.com/apikeys
STRIPE_SECRET_KEY=sk_test_...
STRIPE_PUBLISHABLE_KEY=pk_test_...
STRIPE_WEBHOOK_SECRET=whsec_...
# ============================================================================
# SMTP (Optional - emails will be logged if not configured)
# ============================================================================
# Using Brevo (formerly Sendinblue) SMTP relay
SMTP_HOST=smtp-relay.brevo.com
SMTP_PORT=587
SMTP_USER=
SMTP_PASSWORD=
SMTP_FROM=ManaCore <noreply@mana.how>
# ============================================================================
# Credits
# ============================================================================
CREDITS_SIGNUP_BONUS=150
CREDITS_DAILY_FREE=5
# ============================================================================
# Rate Limiting
# ============================================================================
# TTL in seconds, limit is requests per TTL
RATE_LIMIT_TTL=60
RATE_LIMIT_MAX=100
# ============================================================================
# AI Services (Optional)
# ============================================================================
GOOGLE_GENAI_API_KEY=
Reference in a new issue View git blame Copy permalink