2026-03-31 07:35:12 +08:00
|
|
|
PORT=3000
|
2026-03-19 06:58:08 +08:00
|
|
|
NODE_ENV=development
|
2026-03-31 00:19:01 +08:00
|
|
|
DEBUG=false
|
2026-03-31 07:35:12 +08:00
|
|
|
|
|
|
|
|
# REQUIRED for production — generate with: openssl rand -hex 32
|
|
|
|
|
JWT_SECRET=CHANGEME_GENERATE_WITH_openssl_rand_hex_32
|
|
|
|
|
|
|
|
|
|
# Timezone (defaults to system timezone)
|
|
|
|
|
# TZ=UTC
|
|
|
|
|
|
|
|
|
|
# CORS — comma-separated origins (leave unset for same-origin in production, allow-all in development)
|
|
|
|
|
# ALLOWED_ORIGINS=https://trek.example.com
|
|
|
|
|
|
|
|
|
|
# Force HTTPS redirect (set to true behind TLS-terminating proxy)
|
|
|
|
|
# FORCE_HTTPS=true
|
|
|
|
|
|
|
|
|
|
# Trust proxy (set to number of proxy hops, e.g. 1 for single reverse proxy)
|
|
|
|
|
# TRUST_PROXY=1
|
|
|
|
|
|
|
|
|
|
# Application URL (used for OIDC callback validation)
|
|
|
|
|
# APP_URL=https://trek.example.com
|
|
|
|
|
|
|
|
|
|
# Demo mode (enables demo login, disables registration)
|
|
|
|
|
# DEMO_MODE=false
|
|
|
|
|
|
|
|
|
|
# --- OIDC / SSO ---
|
|
|
|
|
# OIDC_ISSUER=https://auth.example.com
|
|
|
|
|
# OIDC_CLIENT_ID=
|
|
|
|
|
# OIDC_CLIENT_SECRET=
|
|
|
|
|
# OIDC_DISPLAY_NAME=SSO
|
|
|
|
|
# OIDC_ONLY=false
|
|
|
|
|
# OIDC_ADMIN_CLAIM=groups
|
|
|
|
|
# OIDC_ADMIN_VALUE=app-trek-admins
|