-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
127 lines (112 loc) · 5.37 KB
/
.env.example
File metadata and controls
127 lines (112 loc) · 5.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
# =============================================================================
# COMPETITOR WATCHER - Environment Variables
# =============================================================================
# Copy this file to .env and fill in your actual values
# Local development can run with fallbacks, but production requires:
# DATABASE_URL, SESSION_SECRET, and ALLOWED_ORIGINS
# =============================================================================
# -----------------------------------------------------------------------------
# Google Places API (for real competitor data)
# -----------------------------------------------------------------------------
# Get your API key from: https://console.cloud.google.com/
# Required APIs: Places API, Geocoding API
# Without this: Mock competitor data will be used
# Note: Current server code expects GOOGLE_API_KEY
GOOGLE_API_KEY=
# -----------------------------------------------------------------------------
# OpenAI API (for AI-powered analysis)
# -----------------------------------------------------------------------------
# Get your API key from: https://platform.openai.com/api-keys
# Without this: Basic fallback analysis will be used
OPENAI_API_KEY=
# -----------------------------------------------------------------------------
# Database (for data persistence)
# -----------------------------------------------------------------------------
# PostgreSQL connection string
# Format: postgresql://username:password@host:port/database
# Without this in local dev: In-memory storage (data lost on restart)
# In production: REQUIRED
DATABASE_URL=
# -----------------------------------------------------------------------------
# Google OAuth (for "Sign in with Google")
# -----------------------------------------------------------------------------
# Get credentials from: https://console.cloud.google.com/
# 1. Create OAuth 2.0 Client ID
# 2. Add authorized redirect URI in Google Console: https://your-domain.com/api/auth/google/callback
# (For local dev use: http://127.0.0.1:5000/api/auth/google/callback)
# Without these: Only email/password authentication available
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=
# IMPORTANT: In production, this MUST be your full site URL
# Example: https://competitor-watcher.com/api/auth/google/callback
GOOGLE_CALLBACK_URL=
# -----------------------------------------------------------------------------
# Session Secret (for secure sessions)
# -----------------------------------------------------------------------------
# Random string for session encryption
# Without this in local dev: falls back to a local dev secret
# In production: REQUIRED
SESSION_SECRET=
# Optional custom session cookie name
SESSION_COOKIE_NAME=competitor_watcher.sid
# -----------------------------------------------------------------------------
# Email Configuration (for password recovery & reports)
# -----------------------------------------------------------------------------
# Simplified configuration (recommended for Gmail)
EMAIL_SERVICE=gmail
EMAIL_USER=your-email@gmail.com
EMAIL_PASS=your-app-password
EMAIL_FROM="Radar <noreply@your-domain.com>"
# Professional configuration (for other SMTP providers)
# EMAIL_HOST=smtp.sendgrid.net
# EMAIL_PORT=587
# EMAIL_SECURE=false
# -----------------------------------------------------------------------------
# Server Configuration
# -----------------------------------------------------------------------------
# Port for the development server
PORT=5000
# Node environment
# Node environment
NODE_ENV=development
# -----------------------------------------------------------------------------
# Security & Access Control
# -----------------------------------------------------------------------------
# Comma-separated list of allowed origins for CORS
# Dev: Leave empty to allow all local origins
# Prod: REQUIRED, comma-separated exact origins
# Example: https://competitorwatcher.pt,https://www.competitorwatcher.pt
ALLOWED_ORIGINS=
# Secret for triggering cron jobs (e.g. daily cleanup)
# Must match either:
# - header x-cron-secret
# - or Authorization: Bearer <CRON_SECRET> (Vercel Cron default)
CRON_SECRET=
# Public canonical app URL used by generated sitemap/robots
# Example: https://competitorwatcher.pt
PUBLIC_APP_URL=
# Runtime controls
# Set to true only for one-off controlled migration runs in serverless
RUN_MIGRATIONS_ON_BOOT=false
# Set to true if hosting a long-running Node process but using external cron triggers
DISABLE_INTERNAL_SCHEDULER=false
# -----------------------------------------------------------------------------
# Stripe Payment Integration (for Pro subscriptions)
# -----------------------------------------------------------------------------
# Get your API keys from: https://dashboard.stripe.com/test/apikeys
# Test mode keys (for development):
# - Secret key starts with: sk_test_
# - Publishable key starts with: pk_test_
# Live mode keys (for production):
# - Secret key starts with: sk_live_
# - Publishable key starts with: pk_live_
# Without these: Payment features will not work
STRIPE_SECRET_KEY=
STRIPE_PUBLISHABLE_KEY=
# Price ID from your Stripe Product (starts with price_)
# Create in: https://dashboard.stripe.com/test/products
STRIPE_PRICE_ID=
# Webhook secret for verifying webhook signatures (starts with whsec_)
# Configure in: https://dashboard.stripe.com/test/webhooks
# For local testing, use: stripe listen --forward-to localhost:5000/api/webhook
STRIPE_WEBHOOK_SECRET=