example.env

# The port the auth server runs on
SERVER_PORT=80
# SERVER_ADDRESS="localhost"
# USE_HTTP="no" # In some cases using HTTP instead of HTTPS introduces the risk of a man-in-the-middle attack (https://wikipedia.org/wiki/Man-in-the-middle_attack). To prevent this, Oathent should be secured with HTTPS for all traffic that exits your network (This can be done with a local reverse proxy using HTTPS or by enabling HTTPS in Oathent and providing a valid key pair).
# CORS_ORIGINS="" # Comma-separated list. Leave empty to disable CORS
# TRUST_PROXY="" # Set to "local" to trust local proxies, "all" to trust all proxies, "cf" to trust cloudflare proxies, or a comma-separated list of addresses/CIDRs

# The URL to the postgres db
DATABASE_URL="postgresql://postgres:password@localhost:5432/db?schema=public"

# The base64-encoded JWT secrets (required for persistent authentication across backend restarts)
# It is recommended to use different values for each of these for additional security. They should be 256-bit
# JWT_ACCESS_SECRET=""
# JWT_REFRESH_SECRET=""
# JWT_DEVICE_CODE_SECRET=""
# JWT_VERIFY_CODE_SECRET=""

# Enable this to modify the pattern matching applied to usernames (Default: "^[A-Z0-9 ]+$")
# USERNAME_REGEX="^[A-Z0-9 ]+$"
# USERNAME_MIN_LENGTH=4
# USERNAME_MAX_LENGTH=32

# Password strength options
# PASSWORD_MIN_LEN=8 # (Default: 8)
# PASSWORD_MIN_LOWERCASE=1 # (Default: 1)
# PASSWORD_MIN_UPPERCASE=1 # (Default: 1)
# PASSWORD_MIN_NUMBERS=1 # (Default: 1)
# PASSWORD_MIN_SYMBOLS=0 # (Default: 0)

# Account verification
# DISABLE_VERIFICATION="no" # Enabling this will cause all accounts to be verified upon creation
EMAIL_HOST=""
EMAIL_USER=""
EMAIL_PASS=""
# EMAIL_SECURE="no"
# EMAIL_PORT=587
# EMAIL_NO_TLS="no"

# Email content settings
# VERIFY_EMAIL_SUBJECT="Account verification for {user}" # All instances of "{user}" will be replaced with the username
# VERIFY_EMAIL_HTML='Please click this link to verify your account:<br><a href="{url}">Verify</a>'' # All instances of "{user}" will be replaced with the username and all of "{url}" will be replaced with the verification URL
# VERIFY_EMAIL_URL="http://localhost:3000/auth/verify?code={code}" # All instances of "{code}" will be replaced with the verification code

# Password reset email content settings
# PASS_RESET_EMAIL_SUBJECT="Harmony account password reset | {user}" # All instances of "{user}" will be replaced with the username
# PASS_RESET_EMAIL_HTML='Please click this link to reset the password for your account:<br><a href="{url}">Reset</a>' # All instances of "{user}" will be replaced with the username and all of "{url}" will be replaced with the verification URL
# PASS_RESET_EMAIL_URL="http://localhost:3000/auth/reset?code={code}" # All instances of "{code}" will be replaced with the verification code

# Social login
# SOCIAL_GOOGLE_ENABLE="yes"
# SOCIAL_GOOGLE_CLIENT_ID="xxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com"

# SOCIAL_DISCORD_ENABLE="yes"
# SOCIAL_DISCORD_CLIENT_ID="xxxxxxxxxxxxxxxxxxx"
# SOCIAL_DISCORD_CLIENT_SECRET="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

# SOCIAL_GITHUB_ENABLE="yes"
# SOCIAL_GITHUB_CLIENT_ID="xxx.xxxxxxxxxxxxxxxx"
# SOCIAL_GITHUB_CLIENT_SECRET="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

# SOCIAL_OAUTH_REDIRECT="http://localhost/" # This must be changed to allow OAuth endpoints to redirect to your UI

# Use this to disable the Swagger docs (Requires restart)
# DISABLE_SWAGGER="yes"

# Rate Limits
# RATE_LIMIT_BYPASS_KEY=""
# RATE_LIMIT_TTL=60 # It is recommended to just alter request limits rather than the TTL as this will scale all rate limits
# RATE_LIMIT_GLOBAL=100 # It is recommended to alter limits for individual endpoints as this is overridden by their values
# Endpoint limit config: Use 'RATE_LIMIT_' followed by the path of the endpoint in uppercase with all / replace with _ as the key (e.g. for 'auth/login' use 'RATE_LIMIT_AUTH_LOGIN')
# RATE_LIMIT_AUTH_LOGIN=10
# ...