-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path.env.example
More file actions
90 lines (69 loc) · 3.52 KB
/
.env.example
File metadata and controls
90 lines (69 loc) · 3.52 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
########################################
# Shared (Frontend + Backend) envs #
########################################
# Public base URL of the VibeNote backend API.
# Non-secret. Used by:
# - Frontend (to call the API)
# - Backend deployment scripts (to configure NGINX and request TLS)
# Backend base URL.
# - For local dev / VPS scripts: set VIBENOTE_API_BASE in `.env`
# - For the frontend (local + Vercel production), set VITE_VIBENOTE_API_BASE so builds point at the deployed backend
VIBENOTE_API_BASE=https://api.vibenote.dev
VITE_VIBENOTE_API_BASE=https://api.vibenote.dev
########################################
# Backend API envs #
########################################
# These variables are consumed by the Express backend (server/src/index.ts)
# GitHub App slug (string). Non-secret. Used to build install URLs.
GITHUB_APP_SLUG=vibenote-app
# GitHub App numeric identifier. Non-secret. Visible on the GitHub App settings page.
GITHUB_APP_ID=123456
# GitHub App private key. SECRET. Server-only.
# Provide the PEM contents directly or base64-encode the PEM to keep it single-line.
GITHUB_APP_PRIVATE_KEY=TODO
# GitHub App OAuth Client ID. Non-secret identifier for user login.
GITHUB_OAUTH_CLIENT_ID=Iv23li0oHmO9IO1hmIz5
# GitHub App OAuth Client Secret. SECRET. Server-only.
# Used by the backend to exchange the OAuth code for a user token during login.
GITHUB_OAUTH_CLIENT_SECRET=TODO
# GitHub Webhook secret. SECRET. Server-only.
# Must match the value configured in the GitHub App’s Webhook settings.
# Generate a random value with: `npm run generate-secret`
GITHUB_WEBHOOK_SECRET=TODO
# Session JWT signing secret. SECRET. Server-only.
# Used to sign user session tokens returned to the frontend.
# Generate a random value with: `npm run generate-secret`
SESSION_JWT_SECRET=TODO
# Session store encryption key. SECRET. Server-only.
# Used to encrypt GitHub refresh tokens at rest inside sessions.json.
# Provide a 32-byte value (hex or base64). Example: `npm run generate-secret`
SESSION_ENCRYPTION_KEY=TODO
# Path to the JSON file that stores encrypted session refresh tokens.
# Defaults to ./server/data/sessions.json when unset. The API will create
# the directory if it does not exist. Ensure the path is writable in production.
SESSION_STORE_FILE=./server/data/sessions.json
# Path to the JSON file that stores share link metadata.
# Defaults to ./server/data/shares.json when unset.
SHARE_STORE_FILE=./server/data/shares.json
# CORS allow-list for the backend API. Non-secret.
# Comma-separated origins allowed to call the API from a browser.
# Example for local dev + production frontend:
ALLOWED_ORIGINS=http://localhost:3000,https://vibenote.dev
# Preview deployment origin pattern (regex). Required for preview deployments.
# If unset, preview auth is blocked.
# Example (Vercel team-scoped):
PREVIEW_URL_PATTERN=^https:\/\/vibenote-[a-z0-9]+-your-vercel-team-slug\.vercel\.app$
# GitHub logins allowed to authenticate from preview origins.
# Production origins skip this check.
PREVIEW_ALLOWED_GITHUB_USERS=your-github-user
# Port the Express server listens on (behind NGINX). Non-secret.
PORT=8787
# Base URL used when generating public share links.
# In production we serve the share viewer from the same domain.
PUBLIC_VIEWER_BASE_URL=https://vibenote.dev
########################################
# VPS (NGINX/PM2) only envs #
########################################
# Email used by Certbot for TLS provisioning. Non-secret.
# Only needed when running the VPS deployment scripts.
CERTBOT_EMAIL=you@example.com