-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
194 lines (168 loc) · 8.7 KB
/
.env.example
File metadata and controls
194 lines (168 loc) · 8.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
# MentoLoop Environment Variables Template
# Copy this file to .env.local for development
#
# ============================================
# PRODUCTION DEPLOYMENT NOTES
# ============================================
# ✅ = Required in Netlify production environment
# ⚙️ = Optional (has defaults, can be omitted)
# 🧪 = Development/Testing only (DO NOT set in production)
# 📦 = Build-time only (set in Netlify Build scope, not runtime)
#
# See docs/NETLIFY_ENV_VARS.md for complete deployment guide
#
# AWS Lambda has 4KB env var limit. We've optimized by:
# - Moving Stripe price IDs to lib/stripe/pricing-config.ts
# - NEXT_PUBLIC_* vars are baked into build, not needed at runtime
# - Removed test/dev variables from production
#
# Target: ~27 runtime variables in production
# ============================================
# ✅ AUTHENTICATION (Clerk) - REQUIRED
# ============================================
CLERK_SECRET_KEY=sk_test_YOUR_CLERK_SECRET_KEY # ✅ Runtime required
CLERK_JWT_ISSUER_DOMAIN=https://your-clerk-issuer.example.com # ✅ Runtime required
CLERK_WEBHOOK_SECRET=whsec_YOUR_WEBHOOK_SECRET # ✅ Runtime required
# 📦 Build-time only (set in Netlify Build environment, not runtime)
NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=pk_test_YOUR_CLERK_PUBLISHABLE_KEY
# 📦 Clerk URLs (baked into build)
NEXT_PUBLIC_CLERK_SIGN_IN_URL=/sign-in
NEXT_PUBLIC_CLERK_SIGN_UP_URL=/sign-up
NEXT_PUBLIC_CLERK_SIGN_IN_FORCE_REDIRECT_URL=/dashboard
NEXT_PUBLIC_CLERK_SIGN_UP_FORCE_REDIRECT_URL=/dashboard
NEXT_PUBLIC_CLERK_SIGN_IN_FALLBACK_REDIRECT_URL=/dashboard
NEXT_PUBLIC_CLERK_SIGN_UP_FALLBACK_REDIRECT_URL=/dashboard
# ============================================
# ✅ DATABASE (Supabase) - REQUIRED
# ============================================
SUPABASE_URL=https://YOUR_SUPABASE_PROJECT.supabase.co # ✅ Runtime required
SUPABASE_SERVICE_ROLE_KEY=YOUR_SUPABASE_SERVICE_ROLE_KEY # ✅ Runtime required
SUPABASE_ANON_KEY=YOUR_SUPABASE_ANON_KEY # ✅ Runtime required
# 📦 Build-time only (baked into client bundle)
NEXT_PUBLIC_SUPABASE_URL=https://YOUR_SUPABASE_PROJECT.supabase.co
NEXT_PUBLIC_SUPABASE_ANON_KEY=YOUR_SUPABASE_ANON_KEY
# ⚙️ Optional (defaults provided)
SUPABASE_POOL_SIZE=10
SUPABASE_SCHEMA=public
# ============================================
# ⚙️ AI SERVICES - OPTIONAL
# ============================================
OPENAI_API_KEY=sk-proj-YOUR_OPENAI_API_KEY # ⚙️ Optional - for AI matching
GEMINI_API_KEY=YOUR_GEMINI_API_KEY # ⚙️ Optional - for AI matching
# ============================================
# ✅ PAYMENT PROCESSING (Stripe) - REQUIRED
# ============================================
# SECURITY: Price IDs are SERVER-SIDE ONLY via lib/stripe/pricing-config.ts
# NEVER expose as NEXT_PUBLIC_* variables
STRIPE_SECRET_KEY=sk_test_YOUR_STRIPE_SECRET_KEY # ✅ Runtime required
STRIPE_WEBHOOK_SECRET=whsec_YOUR_STRIPE_WEBHOOK_SECRET # ✅ Runtime required
# 📦 Build-time only (baked into client bundle)
NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=pk_test_YOUR_STRIPE_PUBLISHABLE_KEY
# ✅ Server-side Price IDs (accessed via lib/stripe/pricing-config.ts)
STRIPE_PRICE_ID_STARTER=price_starter_example # ✅ Required
STRIPE_PRICE_ID_CORE=price_core_example # ✅ Required
STRIPE_PRICE_ID_ADVANCED=price_advanced_example # ✅ Required
STRIPE_PRICE_ID_PRO=price_pro_example # ✅ Required
STRIPE_PRICE_ID_ELITE=price_elite_example # ✅ Required
STRIPE_PRICE_ID_PREMIUM=price_premium_example # ✅ Required
STRIPE_PRICE_ID_ALACARTE=price_alacarte_example # ✅ Required
STRIPE_PRICE_ID_ONECENT=price_penny_example # ✅ Required (discount code)
STRIPE_PRICE_ID_PENNY=price_penny_example # ✅ Required (discount code)
# Preceptor payout configuration
PRECEPTOR_PAYOUT_PERCENT=0.70
# ============================================
# ✅ COMMUNICATIONS - REQUIRED
# ============================================
# Twilio (SMS)
TWILIO_ACCOUNT_SID=YOUR_TWILIO_ACCOUNT_SID # ✅ Runtime required
TWILIO_AUTH_TOKEN=YOUR_TWILIO_AUTH_TOKEN # ✅ Runtime required
TWILIO_PHONE_NUMBER=+1YOUR_PHONE_NUMBER # ✅ Runtime required
# SendGrid (Email)
SENDGRID_API_KEY=SG.YOUR_SENDGRID_API_KEY # ✅ Runtime required
SENDGRID_FROM_EMAIL=support@mentoloop.com # ✅ Runtime required
EMAIL_DOMAIN=mentoloop.com # ⚙️ Optional (defaults to mentoloop.com)
# ============================================
# ✅ APPLICATION SETTINGS
# ============================================
NODE_ENV=production # ✅ Runtime required (set to 'production' in Netlify)
# 📦 Build-time only (baked into client bundle)
NEXT_PUBLIC_APP_URL=https://YOUR_DOMAIN.com
NEXT_PUBLIC_API_URL=https://YOUR_DOMAIN.com/api
NEXT_PUBLIC_EMAIL_DOMAIN=mentoloop.com
NEXT_PUBLIC_ANALYTICS_ENDPOINT=https://YOUR_DOMAIN.com/api/analytics
NEXT_PUBLIC_DATA_LAYER=supabase
# ============================================
# ✅ SECURITY SETTINGS
# ============================================
# CSRF Protection - Generate with: openssl rand -base64 32
CSRF_SECRET_KEY=YOUR_64_CHARACTER_HEX_STRING_HERE # ✅ Runtime required (min 32 chars)
# ⚙️ Rate Limiting & Job Queue (Upstash Redis) - Optional
# Used for: Rate limiting + BullMQ email queue (background job processing)
# Get credentials from: https://console.upstash.com/
# Falls back to in-memory for rate limiting if not configured
# NOTE: Email queue requires Redis - emails will be sent synchronously without it
UPSTASH_REDIS_REST_URL=https://YOUR_UPSTASH_ENDPOINT.upstash.io # ⚙️ Optional (but recommended)
UPSTASH_REDIS_REST_TOKEN=YOUR_UPSTASH_REST_TOKEN # ⚙️ Optional (but recommended)
# ⚙️ Other Security Settings - Optional (defaults provided)
ADMIN_SECRET=admin-secret-key # ⚙️ Optional
ENABLE_SECURITY_HEADERS=true # ⚙️ Optional (defaults to true)
# ============================================
# ⚙️ FEATURE FLAGS - OPTIONAL (all default to true)
# ============================================
# Only set these to 'false' to disable features
ENABLE_AI_MATCHING=true # ⚙️ Optional (defaults to true)
ENABLE_SMS_NOTIFICATIONS=true # ⚙️ Optional (defaults to true)
ENABLE_EMAIL_NOTIFICATIONS=true # ⚙️ Optional (defaults to true)
ENABLE_PAYMENT_PROCESSING=true # ⚙️ Optional (defaults to true)
# ============================================
# ⚙️ MONITORING - OPTIONAL
# ============================================
SENTRY_DSN=YOUR_SENTRY_DSN # ✅ Recommended for production (error tracking)
GOOGLE_ANALYTICS_ID=YOUR_GA_ID # ⚙️ Optional
# 📦 Build-time only
NEXT_PUBLIC_SENTRY_DSN=YOUR_SENTRY_PUBLIC_DSN # 📦 Optional (exposed to client)
# ⚙️ Social Media URLs (shown in footer if set, accessed via SOCIAL_URLS constant)
NEXT_PUBLIC_TWITTER_URL= # ⚙️ Optional (empty = not shown)
NEXT_PUBLIC_LINKEDIN_URL= # ⚙️ Optional (empty = not shown)
NEXT_PUBLIC_FACEBOOK_URL= # ⚙️ Optional (empty = not shown)
NEXT_PUBLIC_TIKTOK_URL= # ⚙️ Optional (empty = not shown)
NEXT_PUBLIC_THREADS_URL= # ⚙️ Optional (empty = not shown)
NEXT_PUBLIC_INSTAGRAM_URL= # ⚙️ Optional (empty = not shown)
# ============================================
# 🧪 TESTING - DEVELOPMENT/CI ONLY (DO NOT SET IN PRODUCTION)
# ============================================
NEXT_RUNTIME=nodejs # 🧪 Dev only
CLERK_TEST_MODE=false # 🧪 Dev only
E2E_TEST=false # 🧪 Dev only
TEST_ADMIN_EMAIL=admin@example.com # 🧪 Dev only
TEST_ADMIN_PASSWORD=changeme # 🧪 Dev only
TEST_PRECEPTOR_EMAIL=preceptor@example.com # 🧪 Dev only
TEST_PRECEPTOR_PASSWORD=changeme # 🧪 Dev only
TEST_STUDENT_EMAIL=student@example.com # 🧪 Dev only
TEST_STUDENT_PASSWORD=changeme # 🧪 Dev only
TEST_PASSWORD=changeme # 🧪 Dev only
# 🧪 CI Variables (DO NOT SET IN PRODUCTION)
CI=false # 🧪 CI only
BUILD_TIMEOUT=600 # 🧪 CI only
CACHE_MAX_AGE=3600 # 🧪 CI only
NODE_OPTIONS=--max-old-space-size=4096 # 🧪 Build only
SECRETS_SCAN_ENABLED=false # 🧪 CI only
# ============================================
# 🚀 PRODUCTION DEPLOYMENT CHECKLIST
# ============================================
# ✅ Set ~27 runtime variables in Netlify (see docs/NETLIFY_ENV_VARS.md)
# ✅ Remove all NEXT_PUBLIC_* from production runtime (keep in build scope)
# ✅ Remove all TEST_*, CI, BUILD_* variables from production
# ✅ Use production keys (pk_live_, sk_live_) for live deployment
# ✅ Generate strong CSRF_SECRET_KEY: openssl rand -base64 32
# ✅ Verify all 9 Stripe price IDs are set correctly
# ✅ Test deployment: npm run validate:env-size
#
# SECURITY NOTES:
# 1. NEVER expose Price IDs as NEXT_PUBLIC_* variables
# 2. Price IDs accessed server-side via lib/stripe/pricing-config.ts
# 3. All Stripe operations use server-side validation
# 4. NEXT_PUBLIC_* vars are PUBLIC - visible in browser
# 5. Never commit actual API keys to your repository
#
# See docs/NETLIFY_ENV_VARS.md for complete deployment guide