auth
This commit is contained in:
51
.env.example
51
.env.example
@@ -1,30 +1,33 @@
|
|||||||
# --- VAPID Keys ---
|
# --- Application Configuration ---
|
||||||
# Generate using: npx web-push generate-vapid-keys
|
|
||||||
# The Public Key is needed by your PWA to subscribe.
|
|
||||||
VAPID_PUBLIC_KEY=YOUR_VAPID_PUBLIC_KEY
|
|
||||||
# The Private Key MUST be kept secret on the server.
|
|
||||||
VAPID_PRIVATE_KEY=YOUR_VAPID_PRIVATE_KEY
|
|
||||||
# A contact URL for the push service (mailto: or https:)
|
|
||||||
VAPID_SUBJECT=mailto:admin@yourdomain.com
|
|
||||||
|
|
||||||
# --- Application Settings ---
|
# --- VAPID Keys (REQUIRED for Web Push) ---
|
||||||
# Port the Node.js server will listen on inside the container
|
# Generate these once using npx web-push generate-vapid-keys (or other tools)
|
||||||
PORT=3000
|
# Keep the private key SECRET!
|
||||||
# Path to the JSON file storing Flic button serial -> PWA subscription mappings
|
VAPID_PUBLIC_KEY=
|
||||||
SUBSCRIPTIONS_FILE=/app/subscriptions.json
|
VAPID_PRIVATE_KEY=
|
||||||
|
|
||||||
# --- Security ---
|
# Subject claim for VAPID. Use a 'mailto:' URI or an 'https:' URL identifying your application.
|
||||||
# (Optional) A secret bearer token. If set, Flic requests must include "Authorization: Bearer <YOUR_SECRET>" header.
|
# Example: mailto:admin@yourdomain.com or https://yourdomain.com/contact
|
||||||
# Generate a strong secret, e.g., using: openssl rand -hex 32
|
VAPID_SUBJECT=mailto:admin@virtonline.eu
|
||||||
FLIC_SECRET=YOUR_OPTIONAL_FLIC_SECRET_TOKEN
|
|
||||||
|
|
||||||
# --- CORS Settings ---
|
# Flic Button Configuration
|
||||||
# Comma-separated list of allowed origins for CORS requests (e.g., your PWA's domain)
|
FLIC_BUTTON1_SERIAL=your_button1_serial
|
||||||
# Leave empty or unset to allow any origin (less secure, useful for testing)
|
FLIC_BUTTON2_SERIAL=your_button2_serial
|
||||||
# Example: ALLOWED_ORIGINS=https://pwa.yourdomain.com,http://localhost:8080
|
FLIC_BUTTON3_SERIAL=your_button3_serial
|
||||||
|
|
||||||
|
# Subscription Storage
|
||||||
|
SUBSCRIPTIONS_FILE=subscriptions.json
|
||||||
|
|
||||||
|
# CORS
|
||||||
ALLOWED_ORIGINS=https://game-timer.virtonline.eu
|
ALLOWED_ORIGINS=https://game-timer.virtonline.eu
|
||||||
# Comma-separated list of allowed HTTP methods
|
ALLOWED_METHODS=POST,OPTIONS,GET
|
||||||
ALLOWED_METHODS=POST,OPTIONS
|
|
||||||
# Comma-separated list of allowed HTTP headers
|
|
||||||
ALLOWED_HEADERS=Content-Type,Authorization
|
ALLOWED_HEADERS=Content-Type,Authorization
|
||||||
|
|
||||||
|
# Logging Configuration
|
||||||
|
LOG_LEVEL=INFO
|
||||||
|
|
||||||
|
# --- Security (Optional) ---
|
||||||
|
# If you want to add a simple security layer between Flic and this app.
|
||||||
|
# If set, configure Flic's HTTP request to include an "Authorization: Bearer YOUR_SECRET_VALUE" header.
|
||||||
|
# use e.g.: openssl rand -hex 32
|
||||||
|
FLIC_SECRET=
|
||||||
Reference in New Issue
Block a user