mirror of
https://github.com/johannesjo/super-productivity.git
synced 2026-01-23 02:36:05 +00:00
9c0a728ef4
Authentication changes: - Add passkey (WebAuthn) as primary login method - Add email magic link as fallback for devices without passkey support - Remove password-based authentication entirely New features: - Passkey registration and login via @simplewebauthn/server - Magic link login with 15-minute expiry tokens - Passkey recovery via email link - Self-hosted simplewebauthn-browser.min.js for reliability Database changes: - Add Passkey model for WebAuthn credentials - Add PasskeyChallenge model for registration/auth challenges - Add loginToken and loginTokenExpiresAt fields for magic links - Add passkeyRecoveryToken fields for passkey recovery UI changes: - Login form: email + "Login with Passkey" + "Send Login Link" - Register form: email + terms checkbox + "Register with Passkey" - Consistent token display UI for both passkey and magic link login - Remove password fields and forgot password flow Security: - CSP-compliant magic link redirect using external script - Rate limiting on all auth endpoints - Single-use magic link tokens
67 lines
2 KiB
Text
67 lines
2 KiB
Text
# SuperSync Server Configuration
|
|
# Copy this file to .env and customize the values
|
|
|
|
# Server port (default: 1900)
|
|
PORT=1900
|
|
|
|
# Data directory for storing sync files and database (default: ./data)
|
|
DATA_DIR=./data
|
|
|
|
# Public URL (used for email links). Set to your public host (with protocol).
|
|
# Example: https://sync.example.com
|
|
PUBLIC_URL=http://localhost:1900
|
|
|
|
# JWT Secret for signing authentication tokens
|
|
# REQUIRED in production (NODE_ENV=production)
|
|
# Use a long, random string (e.g., generated with: openssl rand -base64 32)
|
|
JWT_SECRET=change-me-in-production
|
|
|
|
# PostgreSQL connection (used by Prisma)
|
|
# Example assumes local Postgres; adjust user/password/host/db as needed.
|
|
DATABASE_URL=postgresql://supersync:superpassword@localhost:5432/supersync_db
|
|
|
|
# Environment mode
|
|
# Set to "production" for production deployments
|
|
# NODE_ENV=production
|
|
|
|
# CORS Configuration
|
|
# Enable/disable CORS (default: true)
|
|
CORS_ENABLED=true
|
|
|
|
# Allowed CORS origins (comma-separated, default: *)
|
|
# Use "*" to allow all origins, or specify domains like "https://example.com"
|
|
CORS_ORIGINS=*
|
|
|
|
# Email
|
|
SMTP_HOST=smtp.gmail.com
|
|
SMTP_PORT=587
|
|
SMTP_SECURE=false
|
|
SMTP_USER=your-email@gmail.com
|
|
SMTP_PASS=your-app-password
|
|
SMTP_FROM="SuperSync <your-email@gmail.com>"
|
|
|
|
# Privacy Policy - Address for German legal requirements (Impressum)
|
|
# These values are injected into privacy.html on server startup
|
|
PRIVACY_CONTACT_NAME=Your Name
|
|
PRIVACY_ADDRESS_STREET=Street 123
|
|
PRIVACY_ADDRESS_CITY=12345 City
|
|
PRIVACY_ADDRESS_COUNTRY=Germany
|
|
PRIVACY_CONTACT_EMAIL=contact@example.com
|
|
|
|
# WebAuthn / Passkey Configuration
|
|
# RP (Relying Party) Name shown to users during passkey registration
|
|
WEBAUTHN_RP_NAME=Super Productivity Sync
|
|
|
|
# RP ID must match your domain (without protocol/port)
|
|
# For local development: localhost
|
|
# For production: your-domain.com
|
|
WEBAUTHN_RP_ID=localhost
|
|
|
|
# Origin must match where users access the auth UI (with protocol)
|
|
# For local development: http://localhost:1900
|
|
# For production: https://your-domain.com
|
|
WEBAUTHN_ORIGIN=http://localhost:1900
|
|
|
|
# GITHUB DEPLOY
|
|
GHCR_USER=uuuser
|
|
GHCR_TOKEN=TOOOOKEN
|