mirror of
https://github.com/Memo-2023/mana-monorepo.git
synced 2026-05-15 10:21:10 +02:00
f03c09ff17
- Configure Better Auth with crossSubDomainCookies for .mana.how domain - Add COOKIE_DOMAIN environment variable (production: .mana.how) - Sync trustedOrigins with all production subdomains - Users now login once and are authenticated across all apps Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
104 lines
4.1 KiB
Text
104 lines
4.1 KiB
Text
# ============================================================================
|
|
# Mana Core Auth - Environment Configuration
|
|
# ============================================================================
|
|
# Copy this file to .env and fill in your values.
|
|
# Variables marked [REQUIRED] must be set.
|
|
# Variables marked [REQUIRED IN PRODUCTION] are optional in development.
|
|
# ============================================================================
|
|
|
|
# Environment
|
|
NODE_ENV=development
|
|
PORT=3001
|
|
|
|
# Logging
|
|
# Options: debug, info, warn, error
|
|
LOG_LEVEL=debug
|
|
|
|
# ============================================================================
|
|
# Database [REQUIRED]
|
|
# ============================================================================
|
|
DATABASE_URL=postgresql://manacore:manacore@localhost:5432/manacore_auth
|
|
|
|
# ============================================================================
|
|
# Redis (Optional in development, recommended in production)
|
|
# ============================================================================
|
|
REDIS_HOST=localhost
|
|
REDIS_PORT=6379
|
|
REDIS_PASSWORD=
|
|
|
|
# ============================================================================
|
|
# Base URL [REQUIRED IN PRODUCTION]
|
|
# ============================================================================
|
|
# The public URL where this auth service is accessible
|
|
# Used for email verification links, OIDC callbacks, etc.
|
|
BASE_URL=http://localhost:3001
|
|
|
|
# ============================================================================
|
|
# Cross-Domain SSO [REQUIRED IN PRODUCTION]
|
|
# ============================================================================
|
|
# Cookie domain for Single Sign-On across subdomains.
|
|
# Set to '.mana.how' (with leading dot) to share sessions across:
|
|
# - calendar.mana.how
|
|
# - todo.mana.how
|
|
# - chat.mana.how
|
|
# - etc.
|
|
#
|
|
# Leave empty/unset for local development (cookies will be domain-specific)
|
|
COOKIE_DOMAIN=
|
|
|
|
# ============================================================================
|
|
# CORS [REQUIRED IN PRODUCTION]
|
|
# ============================================================================
|
|
# Comma-separated list of allowed origins
|
|
# In development, defaults to localhost ports if not set
|
|
CORS_ORIGINS=http://localhost:3000,http://localhost:5173,http://localhost:5174,http://localhost:8081
|
|
|
|
# ============================================================================
|
|
# JWT Configuration
|
|
# ============================================================================
|
|
# Note: Better Auth uses EdDSA keys stored in the database (JWKS).
|
|
# These RSA keys are only used as fallback for legacy token generation.
|
|
# You can leave these empty if using Better Auth's default JWKS.
|
|
|
|
# JWT_PRIVATE_KEY=
|
|
# JWT_PUBLIC_KEY=
|
|
JWT_ACCESS_TOKEN_EXPIRY=15m
|
|
JWT_REFRESH_TOKEN_EXPIRY=7d
|
|
JWT_ISSUER=manacore
|
|
JWT_AUDIENCE=manacore
|
|
|
|
# ============================================================================
|
|
# Stripe (Optional - credit system won't work without it)
|
|
# ============================================================================
|
|
# Get your keys from https://dashboard.stripe.com/apikeys
|
|
STRIPE_SECRET_KEY=sk_test_...
|
|
STRIPE_PUBLISHABLE_KEY=pk_test_...
|
|
STRIPE_WEBHOOK_SECRET=whsec_...
|
|
|
|
# ============================================================================
|
|
# SMTP (Optional - emails will be logged if not configured)
|
|
# ============================================================================
|
|
# Using Brevo (formerly Sendinblue) SMTP relay
|
|
SMTP_HOST=smtp-relay.brevo.com
|
|
SMTP_PORT=587
|
|
SMTP_USER=
|
|
SMTP_PASSWORD=
|
|
SMTP_FROM=ManaCore <noreply@mana.how>
|
|
|
|
# ============================================================================
|
|
# Credits
|
|
# ============================================================================
|
|
CREDITS_SIGNUP_BONUS=150
|
|
CREDITS_DAILY_FREE=5
|
|
|
|
# ============================================================================
|
|
# Rate Limiting
|
|
# ============================================================================
|
|
# TTL in seconds, limit is requests per TTL
|
|
RATE_LIMIT_TTL=60
|
|
RATE_LIMIT_MAX=100
|
|
|
|
# ============================================================================
|
|
# AI Services (Optional)
|
|
# ============================================================================
|
|
GOOGLE_GENAI_API_KEY=
|