WebSite/.env.example at Current · CodeEditorLand/WebSite · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
# ===========================================================================
# WebSite environment configuration
#
# Copy this file to .env and fill in your values.
# .env is gitignored - never commit real credentials.
#
# Variable naming:
#   PUBLIC_*        Exposed to the browser (Vite/Astro import.meta.env)
#   Everything else Server-only, read via process.env at Astro build time
# ===========================================================================

# ─── Cloudflare Workers ───────────────────────────────────────────────────
# URLs for the four backend Workers. In production these are your
# *.workers.dev or custom domains. Leave as localhost for local dev.

PUBLIC_AUTH_WORKER_URL=http://localhost:8787
PUBLIC_DOWNLOAD_WORKER_URL=http://localhost:8788
PUBLIC_ANALYTICS_WORKER_URL=http://localhost:8789
PUBLIC_STATUS_WORKER_URL=http://localhost:8790

# ─── Frontend URL ─────────────────────────────────────────────────────────
# Used for OAuth redirect construction when window.location is unavailable.

PUBLIC_FRONTEND_URL=http://localhost:4321

# ─── Analytics ────────────────────────────────────────────────────────────
# PostHog project write key. Safe to expose to the browser.

PUBLIC_ANALYTICS_KEY=

# ─── Build / Deploy Environment ───────────────────────────────────────────
# Controls cache versioning and conditional build behavior.
# Values: Development | Preview | Production
# Cloudflare Pages: set per-environment in the CF Pages dashboard.

SITE_ENVIRONMENT=Development

# ─── Auth0 (Single Page Application) ─────────────────────────────────────
# This site uses Auth0 Universal Login with PKCE. SPA-type applications do
# NOT use a client secret - the PKCE flow is designed to be secret-free.
#
# Required fields:
#   AUTH0_DOMAIN      Your Auth0 tenant domain
#   AUTH0_CLIENT_ID   The Client ID from your Auth0 application
#
# These are read at Astro build time via process.env and baked into the
# static output. They end up in the browser bundle, which is intentional -
# Auth0 Client IDs are public by design (the PKCE code verifier is the
# security mechanism, not a secret).
#
# Create an application at manage.auth0.com:
#   Type: Single Page Application
#   Allowed Callback URLs: http://localhost:4321/OAuth/Success
#   Allowed Logout URLs:   http://localhost:4321
#   Allowed Web Origins:   http://localhost:4321
#
# For production (land.playform.cloud), also add:
#   Allowed Callback URLs: https://land.playform.cloud/OAuth/Success
#   Allowed Logout URLs:   https://land.playform.cloud
#   Allowed Web Origins:   https://land.playform.cloud

AUTH0_DOMAIN=
AUTH0_CLIENT_ID=

# ─── Enterprise SSO (optional) ────────────────────────────────────────────
# Required only for Okta / SAML / Azure AD enterprise connections.
#
# AUTH0_ORGANIZATION  Auth0 Organization ID (org_XXXX) for multi-tenant SSO.
#                     Enable Organizations in the Auth0 dashboard first.
# AUTH0_CONNECTION    Auth0 connection name for a specific enterprise IdP
#                     (e.g. "okta-acme", "samlp-corp"). Users can also pass
#                     ?connection=<name> in the sign-in URL.
# OKTA_DOMAIN         Informational - the Okta tenant domain. The actual
#                     Okta credentials live in the Auth0 Enterprise Connection
#                     config, not here.

# AUTH0_ORGANIZATION=
# AUTH0_CONNECTION=
# OKTA_DOMAIN=

# ─── Cloudflare Pages - per-environment reference ─────────────────────────
# Set these in CF Pages → Settings → Environment Variables for each env.
#
# Preview environment:
#   SITE_ENVIRONMENT=Preview
#   AUTH0_DOMAIN=<your-dev-tenant>.eu.auth0.com
#   AUTH0_CLIENT_ID=<dev-application-client-id>
#   PUBLIC_AUTH_WORKER_URL=https://auth.<your-workers-subdomain>.workers.dev
#   ... (repeat for other workers)
#
# Production environment:
#   SITE_ENVIRONMENT=Production
#   AUTH0_DOMAIN=<your-prod-tenant>.eu.auth0.com
#   AUTH0_CLIENT_ID=<prod-application-client-id>
#   PUBLIC_AUTH_WORKER_URL=https://auth.<your-workers-subdomain>.workers.dev
#   ... (repeat for other workers)