admin/honeyDueAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1347ffadf55bddef53372cbac1104fb7c23cad1b
honeyDueAPI/.env.example
T
Trey t 9ea058347f
Backend CI / Test (push) Has been cancelled
Details
Backend CI / Contract Tests (push) Has been cancelled
Details
Backend CI / Build (push) Has been cancelled
Details
Backend CI / Lint (push) Has been cancelled
Details
Backend CI / Secret Scanning (push) Has been cancelled
Details
Fix Apple Sign In: update bundle IDs from old com.tt.honeyDue.* to com.myhoneydue.* 
The iOS app was renamed (MyCrib → Casera → honeyDue) and the bundle ID
was updated to com.myhoneydue.honeyDue (release) / .dev (debug), but
APPLE_CLIENT_ID and APNS_TOPIC across env templates and k3s configs
still pointed at the old com.tt.honeyDue.honeyDueDev value. This made
verifyAudience reject every Apple identity token (aud claim mismatch).

Updated:
- deploy/prod.env.example: bundle ID + comment that empty client_id
  rejects all tokens with DEBUG=false
- .env.example: add Sign in with Apple block (was missing entirely)
- deploy-k3s{,-dev}/config.yaml.example: apple_auth.client_id default
- deploy-k3s-dev/scripts/00-init.sh: same
- docker-compose.dev.yml: APNS_TOPIC fallback
- docs/deployment/10-secrets-config.md: doc reference

The live deploy/prod.env and local .env are .gitignored — they were
edited in place and need to ship via deploy_prod.sh to take effect.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-24 23:58:44 -05:00

74 lines
2.2 KiB
Bash
Raw Blame History

# Server Settings
PORT=8000
DEBUG=true
ALLOWED_HOSTS=localhost,127.0.0.1
TIMEZONE=UTC
SECRET_KEY=your-secret-key-here-change-this-in-production
# Database Settings (PostgreSQL)
POSTGRES_DB=honeydue
POSTGRES_USER=postgres
POSTGRES_PASSWORD=change-this-secure-password
DB_HOST=localhost
DB_PORT=5432
DB_SSLMODE=disable
DB_MAX_OPEN_CONNS=25
DB_MAX_IDLE_CONNS=10
DB_MAX_LIFETIME=600s
# Redis Settings
REDIS_URL=redis://localhost:6379/0
REDIS_DB=0
# Email Settings (SMTP)
EMAIL_HOST=smtp.gmail.com
EMAIL_PORT=587
EMAIL_USE_TLS=true
EMAIL_HOST_USER=your-email@gmail.com
EMAIL_HOST_PASSWORD=your-app-password
DEFAULT_FROM_EMAIL=honeyDue <noreply@honeyDue.treytartt.com>
# Sign in with Apple
# APPLE_CLIENT_ID must equal the iOS bundle ID of the build hitting this
# backend. The Apple identity-token `aud` claim is checked against it
# (see internal/services/apple_auth.go::verifyAudience). With DEBUG=false
# an empty value rejects every Apple token.
# Release builds: com.myhoneydue.honeyDue
# Debug builds: com.myhoneydue.honeyDue.dev
APPLE_CLIENT_ID=com.myhoneydue.honeyDue.dev
APPLE_TEAM_ID=V3PF3M6B6U
# APNs Settings (iOS Push Notifications)
# Direct APNs integration - no external push server needed
APNS_AUTH_KEY_PATH=/path/to/AuthKey_XXXXXX.p8
APNS_AUTH_KEY_ID=XXXXXXXXXX
APNS_TEAM_ID=XXXXXXXXXX
APNS_TOPIC=com.myhoneydue.honeyDue.dev
APNS_PRODUCTION=false # Set to true for production APNs, false for sandbox
# FCM Settings (Android Push Notifications)
# Direct FCM integration using legacy HTTP API
FCM_SERVER_KEY=your-firebase-server-key
# Worker Settings (Background Jobs - UTC hours)
TASK_REMINDER_HOUR=14
OVERDUE_REMINDER_HOUR=15
DAILY_DIGEST_HOUR=3
# Storage Settings (File Uploads)
STORAGE_UPLOAD_DIR=./uploads
STORAGE_BASE_URL=/uploads
STORAGE_MAX_FILE_SIZE=10485760
STORAGE_ALLOWED_TYPES=image/jpeg,image/png,image/gif,image/webp,application/pdf
# 64-char hex key for file encryption at rest. Generate with: openssl rand -hex 32
STORAGE_ENCRYPTION_KEY=
# Feature Flags (Kill Switches)
# Set to false to disable. All default to true (enabled).
FEATURE_PUSH_ENABLED=true
FEATURE_EMAIL_ENABLED=true
FEATURE_WEBHOOKS_ENABLED=true
FEATURE_ONBOARDING_EMAILS_ENABLED=true
FEATURE_PDF_REPORTS_ENABLED=true
FEATURE_WORKER_ENABLED=true
Reference in New Issue View Git Blame Copy Permalink