-
Notifications
You must be signed in to change notification settings - Fork 76
/
.env.example
242 lines (202 loc) · 12.5 KB
/
.env.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
# This file is intended to be used as a starting point for local
# development. You should be able to copy it as-is into a file
# named `.env` as a sibling of this file, and be able to run
# passport-server
##################################################################
##################################################################
##################################################################
# Configuration shared by both Podbox.dev and Zupass.org
##################################################################
##################################################################
# The passport server needs to know where it itself can be accessed in order
# to be able to create URLs that point to itself.
PASSPORT_SERVER_URL="http://localhost:3002"
PASSPORT_CLIENT_URL="http://localhost:3000"
# To enable notifications from the server to be sent to Discord
#
# DISCORD_TOKEN=
# DISCORD_ALERTS_CHANNEL_ID=
# The port on which this server runs. We recommend `3002` for convenient
# local integration with the rest of the services that run within this
# repository.
PORT=3002
# The following environment variables connect the passport server
# to a postgres database that runs on the developer's machine. You
# can start a postgres instance locally by running the following
# commands from within the passport server application directory:
#
# yarn localdb:init
# yarn localdb:up
#
# To stop the postgres instance, you can run `yarn localdb:down`
#
# Alternatively, you could start a local postgres instance a different
# way. In any case, make sure these environment variables point to a
# working postgres database, and that the credentials you set here are
# correct, as that is necessary even for local development.
#
DATABASE_HOST=localhost
DATABASE_USERNAME=admin
DATABASE_PASSWORD=password
DATABASE_DB_NAME=postgres
DATABASE_SSL=false
# To enable honeycomb tracing set this API key
#
# HONEYCOMB_API_KEY=
# To enable error reporting, both these environment variables must be set
#
# ROLLBAR_TOKEN=
# ROLLBAR_ENV_NAME=
##################################################################
##################################################################
# api.zupass.org (localhost:3002)
# specifically, zupass related features only
##################################################################
##################################################################
# If this is set to a valid ISO date string, the server will not issue Devconnect ticket PCDs
# after that date, unless a user's `extra_issuance` flag is set to `true`, in which case they
# would be able to get re-issued their tickets precisely once more.
# This is likely not useful to set in local development, but is set in staging/production.
# TICKET_ISSUANCE_CUTOFF_DATE=
# Disable rate-limiting locally by setting this to "true"
# useful for local dev
GENERIC_RATE_LIMIT_DISABLED="true"
# lets you turn off the semaphore service to prevent logspam
# turn semaphore service on if you need to work locally with zupoll
# SEMAPHORE_SERVICE_DISABLED="true"
# WARNING! Never set this environment variable in production!
# This variables tells the passport server to let anyone register
# even if they use a fake and invalid email. This is intended
# for development purposes only, so that you can run the entire
# application stack locally without depending on 3rd party services.
BYPASS_EMAIL_REGISTRATION=true
# To enable server-issued PCDs, the server needs an RSA and an EdDSA private key. You can generate both
# using the following commands at the root of the project, after installing dependencies and building
# the project:
# node -e 'console.log(Buffer.from(new (require("node-rsa"))({b:2048}).exportKey("private")).toString("base64"))' | pbcopy
SERVER_RSA_PRIVATE_KEY_BASE64="LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBanNGdkt0MGF4R0tBV1pTVUVKeWVNU21iTGpLYkpVTllucXpTcFNSZThPR1kvKzI1CmFHa01QcDlzb2ZhTGp3S0Myam14MmQ2ZkM4RDVVYVRDU3d5K1laL29pcUFTeXVob2kzTkVRbGUzS3Nwclcrd1MKS0xaL3N1K1Z3bm9US3NaLzRjNFo1K25CYUlhZjd2c2Vxd0diRHhNME92d3N0d3l4cHVzQUlvSzRPa25LU0ZMcApkdzlhMzZYVWNLUVNCK1NkRHc1a213UVI0YUllcVg3Yjk2Tk5sUjBQbGRZeWp6alNQSlZrTkQreklndWcwdkVMCk4xN1lSY3hjYlplK2JhK0RUN2ZkWWVHK3EwTkJxTXBFc0tYUm5mdzlieWlUWDdLc3dMaDBsOG01cFlTbjZZTTIKeHVDOHJURVZpa3F5dStMNGJXNjNQTzN2OE4rSUxIWm5QaDVsdndJREFRQUJBb0lCQURpaDFrY3I1ZVdJcWlCZgppQW03Q0NxNnRid3pDVWRVRzBEL2tLVkE4NFVlQ2tObGZJdEdPVHhTcEpid0p0YzZDTTBuM0QxeFNxa3dDZmh3Cm96K0FzN29vNU9peHJpTGU1aktFTE0wZzNTSlZvUmViWkd6UVVZS2I5MDVxZlZZWDN6Mm1OTExERWg0MFloZzkKZVNJZ0JmS0tETXRscFJ1TkpxRHdVMkpkZDFadnZCUHRyM1dmaEJyRG1iM0Z5dkg5OEFuS20xN1oxbFBoR2tUZgpENTM5Skt1YmZGcFV5TUhHY2MzRDBKOXhOY1B4MWFIVkQxUi9MbXBVcDRkTFJuVWIyVnVqdytUaEgyQ1JPMEhJCmJpQ2FzZElTa040Um1kcWJEK2N5NE8wS3FzcWJNL2JXZHNMU3M0MU9jT1ZzajBmQzVUbEdWdmpaNHk3ekFqSlEKL2ZqNm5Ca0NnWUVBMzBuSDNYelBWemcvRWIyOTNuQzRJeHJoZTFNY3JjdTlzWUpZdmxpOWs2ZGZzeDVIRytlKwpiR2NBYTF2WWp3S0p2dllRejZEV2hWbTN5bkk3bTFQKzQ0WEIrcHF1clJGbWRFYkF2eVJpQ0ExVnQrUTU2QWlDCkFJL2RzUXk2R1hGTEdtNXQ0S2Y2NWprbW02TVdaK2dhRUlRL2o0Q2VHdjVnd0UxTm5oeU5RdU1DZ1lFQW82dGEKSlNScHhDa2thTjEvK2tRaEZXbmRYQW1tN0lnZUlDYytmYXhTRDZvMTdDdEwwM0kwMWhBaUZyZVlqSWpBUTZSagpyckJCcC8yK2pXVFdnSjV5bmEvUkZZZll3NEJhbjN6MThCUER3akU1VXY2RUlXMlNkcCtGbVphQnVCNVlpejdICmFqYnl4YmxVdnlBbThYeU5lTzNPZUQwc3Y0L3JjaFhrOHpjcUhIVUNnWUVBZ3oxaWRCUi82Y3Z0aGdmNEtWNG4KWExyWC9SeUVwc0l4NUx1d1hYRGJQSVlNQWNPeUYvekdPQUR5aGllZHliQzhOYmw3ZUE0WkNKZ0xKcnF0dmtaSQpjb0tUMlRCQnF3ZW5LSURObVl0UTgxcWpIMHJObmt3aDNTS3lNdlpBQytSRE9HM2Z0MFFFZkh6cTdGK1hNOHVBClJtVDAxdXZLQWlPeHlsV2xZV0YyeGZFQ2dZQmZDTkl4R3ZHbkMxU3U1MTYyVFBVQTRCVytxWVFaZC9nMkoxTnIKMmJGVWt6cjRSVE9rTlg1a2hiMmxmem0rOEhEalZnTGpua2loYVA5S1RyRVd3ZW8va2FWUVlTOEdaZk01QkhBeAoxT2dvVERqQzdqSit6b2JyQmptbk12TmptNHRDWDFPZll3U1l0c0owc0JDc3krdkJ1aVBYUVg1SVJTTXJmWGNSCm1vaURPUUtCZ1FDNVZXN1l4MWUrRnE2VjVjUHkvWDJrK0FnNW95bjVESDVxNVVFbEllSjFPSFVOZVA5U0J3THAKZEgrNkxUMnFmVzZUaVpvVG9RZmVKTE42NTUwSXFQZlNrcW9VRWpobFUxbzZDaXdEaDh1MUdCdnlzZnZvTHlwTwpPdUIzbUNuMTdlTTVlZS9yN1h1Z21TZGw2bU1ZZ0VUNW5UM2sxL1lySEV1UXFHbDkvRHh2VkE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ=="
# node -e 'console.log(require("@pcd/eddsa-pcd").newEdDSAPrivateKey())' | pbcopy
SERVER_EDDSA_PRIVATE_KEY="860d116de20c1cb5bd7cb68fdb786da9d9fb35bf96c336d6dcaef64733701f20"
# Account resets are strictly rate-limited. However, this can be turned off
# by setting the following environment variable to 'true'.
# If GENERIC_RATE_LIMIT_DISABLED='true' then *all* rate-limiting is disabled,
# irrespective of whether ACCOUNT_RESET_RATE_LIMIT_DISABLED is set.
ACCOUNT_RESET_RATE_LIMIT_DISABLED='true'
# Set this to an integer value between 1 and the number of
# CPU cores you have available. The server offloads CPU-bound
# tasks to these workers
WORKER_QUANTITY=1
##################################################################
##################################################################
# Frogcrypto
##################################################################
##################################################################
# A stringified JSON array of email addresses whose Zupass user can manage FrogCrypto via UI and api routes
# e.g. '["[email protected]"]'
# FROGCRYPTO_ADMIN_USER_EMAILS=
# The base URL for frogcrypto assets
# FROGCRYPTO_ASSETS_URL=
##################################################################
##################################################################
# Podbox.dev (localhost:3002) (client on localhost:3005)
##################################################################
##################################################################
# So that Podbox server knows the url of where its corresponding client lives.
#
GENERIC_ISSUANCE_CLIENT_URL="http://localhost:3005"
# To enable server-issued PCDs using the generic issuance feature, the server needs an an EdDSA
# private key. You can generate one using the following command at the root of the project,
# after installing dependencies and building the project:
#
# node -e 'console.log(require("@pcd/eddsa-pcd").newEdDSAPrivateKey())' | pbcopy
GENERIC_ISSUANCE_EDDSA_PRIVATE_KEY="129806f9d68c3cf87450a968748fd31f01ba4e6f2078d80f24ebab23d98df7cf"
# To recognise email PCD credentials, generic issuance needs to know the Zupass public key.
# https://api.zupass.org/issue/eddsa-public-key as quoted JSON
# e.g. '["233423ad", "ab454545"]' (except with much longer strings!)
#
# node -e 'require("@pcd/eddsa-pcd").getEdDSAPublicKey("PRIVATE KEY").then(k => console.log(JSON.stringify(k))).catch(console.log)' | pbcopy
GENERIC_ISSUANCE_ZUPASS_PUBLIC_KEY=["00f669040a1c31ff18b8e221b94ac36580da68a05c69c21298569e97e193ca45","2b2a9ae6ed7d5ca397637bbe7180849ac6e828171790644ed723abf2decb96c2"]
# for ease of use in local development, lets you specify a user to be an admin
# in the generic issuance service
# e.g. you could set the value to be ["[email protected]"] to make the server
# set the user with that email address to be an admin on start-up.
#
GENERIC_ISSUANCE_ADMINS=["[email protected]", "[email protected]"]
# if true, and both `STYTCH_PROJECT_ID` and `STYTCH_SECRET` are
# not set, lets anyone log in as any user just by providing an
# email address. this feature is disabled in prod.
STYTCH_BYPASS=true
# get these from a stytch.com account
STYTCH_PROJECT_ID=
STYTCH_SECRET=
##################################################################
##################################################################
# Telegram
##################################################################
##################################################################
# If true, you have set up a local cert for dev.local for hot reloading locally with https
# https://github.com/proofcarryingdata/zupass/blob/main/bot.md#6-optional-hot-reloading-for-tg-development
IS_LOCAL_HTTPS=false
# For Telegram-gated authentication and anonymous message posting
# TELEGRAM_BOT_TOKEN=
# TELEGRAM_BOT_START_DELAY_MS=0
# Another way to turn off the bot in local development
# TELEGRAM_BOT_DISABLED=
# For anonymous message posting rate limit (per topic)
#
# MAX_DAILY_ANON_TOPIC_POSTS_PER_USER=3
# url for anon-message-client
# TELEGRAM_BOT_ANON_WEBSITE=
# generated telegram web app for anon-message-client
# TELEGRAM_ANON_BOT_WEBAPP=
# The Telegram Bot Direct Link, created by DMing Botfather with /newapp
# eg: https://t.me/cha0sg0d_bot/anon
# Make sure that the web app url is set to PASSPORT_SERVER_URL/telegram/anon
# eg: https://dev.local:3002/telegram/anon
# TELEGRAM_ANON_BOT_DIRECT_LINK=
# The anonymous message client, like https://dev.local:4000 or https://zk-tg.com
# TELEGRAM_ANON_WEBSITE=
##################################################################
##################################################################
# Legacy Integration
##################################################################
##################################################################
# Zuzalu 2023
#
# PRETIX_TOKEN=
# PRETIX_ORG_URL=
# PRETIX_ZU_EVENT_ID=
# PRETIX_VISITOR_EVENT_ID=
# Zuconnect "mock" tickets will be issued to email addresses in this stringified JSON array
# ZUCONNECT_MOCK_TICKETS='["[email protected]", "[email protected]"]'
# Devconnect 2023
#
# To disable syncing tickets from Pretix for local development
# PRETIX_SYNC_DISABLED=
# authenticates zupass server to be able to access devcon-specific podbox api
# DEVCON_PODBOX_API_KEY =
# env var on zupass server end to talk to self-hosted podbox server
# DEVCON_PODBOX_API_URL =
# the id of the pipeline on the podbox server end that corresponds to the devcon event
# DEVCON_PIPELINE_ID =
# If true, the passport server will save pipeline loads to local files.
# For this to actually work on the hosted provider (e.g. render.com), it
# is necessary to attach a persistent volume to the server.
# LOCAL_FILE_SERVICE_ENABLED="true"
# If true, the passport server will run in self-hosted podbox mode, which means
# that it will not start most of the services implemented by this application.
# For example, since this server does not handle Zupass users, there is no need
# to start `UserService`.
# SELF_HOSTED_PODBOX_MODE="true"
# If true, the generic issuance service will not schedule pipeline loads on a loop,
# but will instead load pipelines on demand.
# GENERIC_ISSUANCE_TEST_MODE="true"
# The list of Pretix organizer urls to enable batching order requests for. If
# batching is enabled for an organizer, the server will fetch 30 pages of orders
# at a time, rather than sequentially one page at a time. Instead of checking
# whether we've loaded all orders by checking that the last page does not have the
# `next` field in its response, we instead know that we've loaded all orders when
# there are 404 errors for pages that are not the first page, and no other errors.
# PRETIX_BATCH_ENABLED_FOR=[""]
# The number of database connections to keep open.
# DB_POOL_SIZE=32