-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
45 lines (39 loc) · 1.72 KB
/
.env.example
File metadata and controls
45 lines (39 loc) · 1.72 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# Database
DATABASE_URL="postgresql://postgres:password@localhost:5432/c4_events"
# BetterAuth
BETTER_AUTH_URL="http://localhost:3000/"
BETTER_AUTH_SECRET="change-me-in-production"
# OIDC Provider
# For development: mock-oauth2-server (docker compose up mock-oauth2)
# For production: Keycloak, Authentik, etc.
BETTER_AUTH_OIDC_CLIENT_ID="c4-events-app"
BETTER_AUTH_OIDC_CLIENT_SECRET="unused-for-mock"
BETTER_AUTH_OIDC_ISSUER="http://localhost:8080/default"
# OIDC claim-based permissions
# Prefix for permission claims (e.g., "c4:admin", "c4:space:myspace")
OIDC_CLAIM_PREFIX="c4"
# Scopes to request from OIDC provider (space-separated)
OIDC_SCOPES="openid profile email"
# Claim path(s) to read roles from (comma-separated, dot-notation)
# Examples: "realm_access.roles" (Keycloak), "roles", "groups"
OIDC_ROLES_CLAIM="roles"
# Claim patterns:
# <prefix>:admin → sets isAdmin=true
# <prefix>:space:<slug> → grants access to space
# <prefix>:event-type:<slug> → grants access to event type
# <prefix>:space:<s>:event-type:<e> → grants access to event type in space
#
# Pre-configured test users (mock-oauth2-server):
# admin → c4:admin (full admin access)
# space-manager → c4:space:demo, c4:space:events
# event-editor → c4:space:demo:event-type:meetup, c4:event-type:workshop
# viewer → no permissions
# Auth configuration
NEXT_PUBLIC_AUTH_EMAIL_ENABLED=false
NEXT_PUBLIC_AUTH_SSO_ENABLED=true
NEXT_PUBLIC_AUTH_SSO_NAME="Single Sign-On"
# App URL (for iCal feeds, callbacks, etc.)
NEXT_PUBLIC_APP_URL="http://localhost:3000"
# IANA timezone used for RRULE expansion and date formatting (e.g. "Europe/Berlin")
# Defaults to "UTC" if not set.
NEXT_PUBLIC_APP_TIMEZONE="Europe/Berlin"