Files
andon/.env.example
Julien Calixte ea7384591c feat(push): owner-only subscribe/unsubscribe endpoints + VAPID config (T10)
POST/DELETE /api/subscriptions gated to the configured owner; runtime
config carries the public VAPID key, owner email and the signing secret.
2026-05-28 01:20:20 +02:00

30 lines
1.3 KiB
Plaintext

# App — session sealing key for nuxt-auth-utils (must be ≥32 chars)
NUXT_SESSION_PASSWORD=change-me-to-a-long-random-string-min-32-chars
# Database (Postgres) — Coolify-managed in prod, docker-compose in dev
DATABASE_URL=postgres://andon:andon@localhost:5432/andon
# Credentials for the bundled Postgres service in docker-compose.yml
POSTGRES_USER=andon
POSTGRES_PASSWORD=andon
POSTGRES_DB=andon
# Google OAuth (Task 9) — nuxt-auth-utils reads these exact names. Access is
# restricted server-side to verified @theodo.com emails (the `hd` claim is not
# trusted on its own). REDIRECT_URL must match an Authorized redirect URI in the
# Google Cloud console (defaults to <origin>/auth/google/callback if unset).
NUXT_OAUTH_GOOGLE_CLIENT_ID=
NUXT_OAUTH_GOOGLE_CLIENT_SECRET=
NUXT_OAUTH_GOOGLE_REDIRECT_URL=
# Web Push / VAPID (Task 10) — Nuxt binds these to runtimeConfig at runtime.
# Generate the key pair with `pnpm vapid:keys`. The public key is sent to the
# browser; the private key signs pushes server-side (T11) and must stay secret.
NUXT_PUBLIC_VAPID_PUBLIC_KEY=
NUXT_VAPID_PRIVATE_KEY=
NUXT_VAPID_SUBJECT=mailto:example@theodo.com
# Push notifications go to this single owner only (G3). Not secret — also gates
# the client-side "Enable notifications" button.
NUXT_PUBLIC_OWNER_EMAIL=