-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy path.env.example
More file actions
76 lines (64 loc) · 2.51 KB
/
.env.example
File metadata and controls
76 lines (64 loc) · 2.51 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
# Example configurations via environment variables (see README.md | Configuration):
# Example configuration via JSON:
NEST_SERVER_CONFIG='{
"env": "dotenv",
"email": {
"mailjet": {
"api_key_private": 7,
"api_key_public": "EMAIL_MAILJET_API_KEY_PUBLIC"
},
"smtp": {
"auth": {
"pass": "EMAIL_SMTP_AUTH_PASS",
"user": "EMAIL_SMTP_AUTH_USER"
}
}
},
"jwt": {
"refresh": {
"secret": "JWT_REFRESH_SECRET"
},
"secret": "JWT_SECRET"
}
}'
# Example configuration via single Nest Server Config environment variables:
NSC__EMAIL__DEFAULT_SENDER__EMAIL=jon.doe@ethereal.email
# =============================================================================
# Better-Auth Configuration (optional - for modern authentication)
# =============================================================================
# Better-Auth secret (minimum 32 characters)
# Falls back to jwt.secret if not set, or auto-generates for development
# IMPORTANT: Set explicitly in production!
BETTER_AUTH_SECRET=your-secret-key-that-is-at-least-32-characters-long
# Better-Auth base URL (your application URL)
BETTER_AUTH_URL=http://localhost:3000
# Two-Factor Authentication
TWO_FACTOR_ENABLED=false
TWO_FACTOR_APP_NAME=MyApp
# Passkey/WebAuthn
PASSKEY_ENABLED=false
PASSKEY_RP_ID=localhost
PASSKEY_RP_NAME=MyApp
# Social Login - Google
SOCIAL_GOOGLE_CLIENT_ID=your-google-client-id
SOCIAL_GOOGLE_CLIENT_SECRET=your-google-client-secret
# Social Login - GitHub
SOCIAL_GITHUB_CLIENT_ID=your-github-client-id
SOCIAL_GITHUB_CLIENT_SECRET=your-github-client-secret
# Social Login - Apple
SOCIAL_APPLE_CLIENT_ID=your-apple-client-id
SOCIAL_APPLE_CLIENT_SECRET=your-apple-client-secret
# Rate Limiting for Better-Auth endpoints
RATE_LIMIT_ENABLED=true
RATE_LIMIT_MAX=10
RATE_LIMIT_WINDOW_SECONDS=60
RATE_LIMIT_MESSAGE="Too many requests, please try again later."
# =============================================================================
# System Setup - Initial Admin (for automated deployments)
# =============================================================================
# Auto-creates the initial admin user on server start when zero users exist.
# Only takes effect on fresh deployments. Remove after first deployment.
# IMPORTANT: Use strong passwords and remove credentials from ENV after setup!
NSC__systemSetup__initialAdmin__email=admin@example.com
NSC__systemSetup__initialAdmin__password=YourSecurePassword123!
# NSC__systemSetup__initialAdmin__name=Admin