env.example

# TuvixRSS Environment Variables Example
# Copy this to .env and update with your values

# Better Auth Secret - REQUIRED for production (used for authentication)
# Generate a secure random string: openssl rand -base64 32
BETTER_AUTH_SECRET=change-me-in-production

# Database Path (for local/Docker deployment with SQLite)
DATABASE_PATH=./data/tuvix.db

# Server Port
PORT=3001

# CORS Origin - REQUIRED for production (allows frontend to access API)
# For local development: http://localhost:5173
# For production: https://yourdomain.com
# For multiple origins: comma-separated list (e.g., https://app.example.com,https://www.example.com)
CORS_ORIGIN=http://localhost:5173

# Frontend API URL (used by Vite frontend)
VITE_API_URL=http://localhost:3001/trpc
# Public Base URL (for generating public feed URLs - optional, defaults to window.location.origin)
# VITE_PUBLIC_URL=http://localhost:5173

# Email Service (Resend)
# Get API key from: https://resend.com/api-keys
RESEND_API_KEY=re_xxxxxxxxx
# Must be a verified domain in Resend (e.g., noreply@yourdomain.com)
EMAIL_FROM=noreply@yourdomain.com

# URL Configuration
# Frontend URL - where users are redirected after email verification
# Development: http://localhost:5173
# Production: https://feed.yourdomain.com
BASE_URL=http://localhost:5173

# API Server URL - where the API is hosted (optional in development)
# Development: Defaults to http://localhost:3001 if not set
# Production: https://api.yourdomain.com
API_URL=http://localhost:3001

# Better Auth URL - where Better Auth endpoints are hosted (optional)
# If not set, will use API_URL. Only set if Better Auth is on a different URL.
# Development: Usually not needed (uses API_URL)
# Production: Usually same as API_URL (e.g., https://api.yourdomain.com)
# BETTER_AUTH_URL=http://localhost:3001

# Cross-subdomain cookies (optional - for Cloudflare deployments)
# Set to root domain (e.g., "example.com") if frontend and API are on different subdomains
# Example: Frontend on app.example.com, API on api.example.com -> set COOKIE_DOMAIN=example.com
# Leave unset if frontend and API are on the same domain
# COOKIE_DOMAIN=example.com

# Admin User Configuration
# SECURITY: Choose how to create your initial admin user

# Option 1: Admin Bootstrap (RECOMMENDED - Secure)
# Provide credentials to create admin on startup
# All three variables must be set for bootstrap to work
ADMIN_USERNAME=admin
ADMIN_EMAIL=admin@example.com
ADMIN_PASSWORD=change-me-in-production

# Option 2: First User Auto-Promotion
# If enabled, the first user to register becomes admin automatically.
# This is convenient but has a timing consideration: if your instance is
# publicly accessible, ensure you register first before others discover it.
#
# Recommended for:
# - Local development/testing
# - Private networks or VPN-only access
# - Situations where you control who can access registration
#
# For production deployments exposed to the internet, Option 1 (bootstrap)
# is more deterministic and avoids any timing concerns.
# ALLOW_FIRST_USER_ADMIN=true

# AI Features (optional - requires Pro or Enterprise plan)
# OpenAI API key for AI-powered category suggestions
# Get your API key from: https://platform.openai.com/api-keys
# Leave unset to disable AI features
# OPENAI_API_KEY=sk-proj-xxxxxxxxxxxxx

# Sentry Configuration (optional)
# Backend Sentry DSN (for Express/Cloudflare Workers)
# SENTRY_DSN=https://xxx@xxx.ingest.sentry.io/xxx
# SENTRY_ENVIRONMENT=development
# SENTRY_RELEASE=optional-git-commit-sha

# Frontend Sentry DSN (for React/Vite - must start with VITE_)
# VITE_SENTRY_DSN=https://xxx@xxx.ingest.sentry.io/xxx
# VITE_SENTRY_ENVIRONMENT=development
# VITE_APP_VERSION=optional-git-commit-sha-or-version-tag
# VITE_SENTRY_TRACE_PROPAGATION_TARGETS=https://api.example.com,https://api2.example.com
# Optional: Comma-separated list of URLs or regex patterns for trace propagation
# If not set, automatically uses VITE_API_URL origin + common fallbacks
# Regex patterns: /^https:\/\/api\.example\.com$/