mirror of
https://github.com/Memo-2023/mana-monorepo.git
synced 2026-05-14 21:21:10 +02:00
4d15d9e764
BREAKING: JWT keys are now auto-managed by Better Auth (EdDSA/Ed25519) - Remove all JWT_PRIVATE_KEY, JWT_PUBLIC_KEY, JWT_SECRET references - Keys stored in auth.jwks database table (auto-generated on first run) - Delete obsolete generate-keys.sh and generate-staging-secrets.sh scripts - Clean up legacy AUTH_*.md analysis files from root Security Improvements: - Add security_events table for audit logging - Add SecurityEventsService for tracking auth events - Enhanced security headers (HSTS, CSP, X-Frame-Options) - Rate limiting configuration Monitoring Setup: - Add auth-health-check.sh for automated testing - Add generate-dashboard.sh for HTML status dashboard - Tests: health endpoint, JWKS (EdDSA), security headers, response time - Ready for Hetzner cron deployment Documentation: - Update deployment docs with Better Auth notes - Update environment variable references - Add security improvements documentation 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
51 lines
1.3 KiB
Text
51 lines
1.3 KiB
Text
# ==============================================
|
|
# Mana Core Auth - Environment Variables
|
|
# ==============================================
|
|
|
|
# Application
|
|
NODE_ENV=production
|
|
PORT=3001
|
|
|
|
# Database (PostgreSQL)
|
|
POSTGRES_DB=manacore
|
|
POSTGRES_USER=manacore
|
|
POSTGRES_PASSWORD=your-secure-postgres-password-here
|
|
|
|
# Full database URL (used by app)
|
|
DATABASE_URL=postgresql://manacore:your-secure-postgres-password-here@pgbouncer:6432/manacore
|
|
|
|
# Redis
|
|
REDIS_HOST=redis
|
|
REDIS_PORT=6379
|
|
REDIS_PASSWORD=your-secure-redis-password-here
|
|
|
|
# JWT Configuration
|
|
# Note: JWT signing keys are managed automatically by Better Auth (EdDSA/Ed25519)
|
|
# Keys are stored in the auth.jwks database table - no manual configuration needed
|
|
JWT_ACCESS_TOKEN_EXPIRY=15m
|
|
JWT_REFRESH_TOKEN_EXPIRY=7d
|
|
JWT_ISSUER=manacore
|
|
JWT_AUDIENCE=manacore
|
|
|
|
# Stripe
|
|
STRIPE_SECRET_KEY=sk_test_your_stripe_secret_key
|
|
STRIPE_PUBLISHABLE_KEY=pk_test_your_stripe_publishable_key
|
|
STRIPE_WEBHOOK_SECRET=whsec_your_webhook_secret
|
|
|
|
# CORS
|
|
CORS_ORIGINS=http://localhost:3000,http://localhost:8081,https://yourdomain.com
|
|
|
|
# Traefik / SSL
|
|
ACME_EMAIL=your-email@example.com
|
|
AUTH_DOMAIN=auth.yourdomain.com
|
|
|
|
# Credits Configuration
|
|
CREDITS_SIGNUP_BONUS=150
|
|
CREDITS_DAILY_FREE=5
|
|
|
|
# Monitoring
|
|
GRAFANA_ADMIN_PASSWORD=your-secure-grafana-password
|
|
|
|
# Rate Limiting
|
|
RATE_LIMIT_TTL=60
|
|
RATE_LIMIT_MAX=100
|