siftlode/.env.example
npeter83 3a5209e96c feat: M1 foundation — compose stack, FastAPI, Google OAuth, encrypted tokens
- docker-compose with Postgres 16 + slim Python API image
- FastAPI app with session middleware, health endpoint, static login page
- Google OAuth (Authlib) with email invite-list whitelist; admin role support
- User + OAuthToken models; refresh tokens encrypted at rest (Fernet)
- Alembic migrations, run automatically on container startup
- Postgres backup/restore scripts for portability between machines
2026-06-11 01:01:37 +02:00

30 lines
1.2 KiB
Text

# ---- Copy this file to .env and fill in the values ----
# Postgres (used by docker-compose for the db service and the DATABASE_URL)
POSTGRES_USER=subfeed
POSTGRES_PASSWORD=change-this-password
POSTGRES_DB=subfeed
# Host port the app is exposed on (http://localhost:<APP_PORT>)
APP_PORT=8080
# Session signing key. Generate with: python -c "import secrets;print(secrets.token_urlsafe(48))"
SECRET_KEY=change-me-session-key
# Fernet key for encrypting stored OAuth refresh tokens. Generate with:
# python -c "import base64,os;print(base64.urlsafe_b64encode(os.urandom(32)).decode())"
TOKEN_ENCRYPTION_KEY=change-me-fernet-key
# Google OAuth client (Google Cloud Console -> APIs & Services -> Credentials -> OAuth client ID, type "Web application").
# Authorized redirect URI must match OAUTH_REDIRECT_URL exactly.
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=
OAUTH_REDIRECT_URL=http://localhost:8080/auth/callback
# Invite list: only these Google account emails may sign in (comma-separated).
ALLOWED_EMAILS=
# Admin emails (subset of the above) get the admin role.
ADMIN_EMAILS=
# Optional: origin of a separately-served frontend dev server (enables CORS). Leave empty in production.
FRONTEND_ORIGIN=