-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
66 lines (62 loc) · 2.83 KB
/
.env.example
File metadata and controls
66 lines (62 loc) · 2.83 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
DATABASE_URL=postgis://postgres:postgres@db:5432/book_corners
DJANGO_SECRET_KEY=change-me-in-production
DJANGO_DEBUG=true
DJANGO_ALLOWED_HOSTS=localhost,127.0.0.1,[::1]
DJANGO_SECURE_SSL_REDIRECT=false
DJANGO_SESSION_COOKIE_SECURE=false
DJANGO_CSRF_COOKIE_SECURE=false
DJANGO_SECURE_HSTS_SECONDS=0
AUTH_RATE_LIMIT_ENABLED=false
# Google OAuth (optional — leave empty to disable "Continue with Google")
# 1. Create credentials at https://console.cloud.google.com/apis/credentials
# 2. Authorized JavaScript origin:
# Local: http://localhost:8000
# Production: https://your-domain.com
# 3. Authorized redirect URI:
# Local: http://localhost:8000/accounts/google/login/callback/
# Production: https://your-domain.com/accounts/google/login/callback/
#
# Common OAuth errors and fixes:
# - redirect_uri_mismatch: the callback URL in Google Console must exactly match
# ALLOWED_HOSTS + /accounts/google/login/callback/ (scheme, host, port, path).
# - origin_mismatch / host mismatch: the Authorized JavaScript Origin in Google
# Console must match the request origin exactly (e.g. http://localhost:8000,
# not http://127.0.0.1:8000).
# - Wrong callback path: allauth expects /accounts/google/login/callback/ with
# trailing slash; a missing slash or different prefix will fail silently.
# - access_denied after consent: check that the Google Cloud project's OAuth
# consent screen is in "Testing" mode and the test user's email is listed.
GOOGLE_OAUTH_CLIENT_ID=
GOOGLE_OAUTH_CLIENT_SECRET=
# Apple Sign In (optional — leave empty to disable "Continue with Apple")
# 1. Create a Services ID at https://developer.apple.com/account/resources/identifiers
# 2. Create a Key with Sign In with Apple enabled
# 3. Return URL:
# Production: https://your-domain.com/accounts/apple/login/callback/
# Note: Apple requires HTTPS — local dev needs a tunnel (e.g. ngrok)
APPLE_CLIENT_ID=
APPLE_SECRET_KEY=
APPLE_KEY_ID=
APPLE_TEAM_ID=
# Email notifications (optional — leave empty to disable)
# Sign up at https://resend.com and create an API key
RESEND_API_KEY=
ADMIN_NOTIFICATION_EMAIL=
DEFAULT_FROM_EMAIL=Book Corners <noreply@bookcorners.org>
# Base URL for admin links in notification emails (no trailing slash)
SITE_URL=https://www.bookcorners.org
# Sentry error tracking (optional — leave empty to disable)
# Get your DSN from https://sentry.io → Project Settings → Client Keys (DSN)
SENTRY_DSN=
# Secret management strategy
# --------------------------
# Local dev:
# Use a .env file (gitignored) or .envrc (direnv) to set all variables above.
#
# CI (GitHub Actions):
# OAuth secrets are not needed — tests use mock credentials.
# DJANGO_SECRET_KEY is set inline in the workflow file.
#
# Production (Dokku):
# Set each secret with: dokku config:set book-corners KEY=value
# Values are stored on the server, never in the repository.