alvis/oO
1
0
Fork 0
Code Issues 34 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0474ad4deb9f222a92d2d0d52493409369c32eee
oO/.env.example
alvis e96ceb7ee1 feat(auth): token-based admin authentication for Playwright/CI (#105) 
Add POST /api/auth/token — validates ADMIN_TOKEN env var, creates a 24h
session and sets the sid cookie so automated tools can access the admin
panel without Google OAuth. Admin login page gains a token input form.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-26 12:07:43 +00:00

74 lines
3.1 KiB
Plaintext
Raw Blame History

# Copy to .env.local and fill in values — never commit .env.local
# API
SESSION_SECRET=change-me-to-a-random-32-char-string
PORT=3078
NODE_ENV=development
DATABASE_PATH=./data/oo.db
# API_BASE_URL = public origin only, no path suffix (used to build OAuth redirect URIs)
API_BASE_URL=http://localhost:3078
WEB_BASE_URL=http://localhost:3000
ML_SERVING_URL=http://localhost:8000
# MLflow (mlops profile) — http://localhost:5000/mlflow in dev, https://o.alogins.net/mlflow in prod.
# MLFLOW_ADMIN_PASSWORD seeds the admin account on first boot (changing it after first run
# requires the MLflow UI or API — see infra/mlflow/basic_auth.ini).
MLFLOW_URL=http://localhost:5000
MLFLOW_ADMIN_PASSWORD=change-me
# Public URL shown as link in the admin sidebar (must be NEXT_PUBLIC_ to reach the browser).
NEXT_PUBLIC_MLFLOW_URL=http://localhost:5000
# Airflow (mlops profile) — http://localhost:8080/airflow in dev.
# Start with: docker compose --profile full --profile mlops up
AIRFLOW_URL=http://localhost:8080
AIRFLOW_ADMIN_PASSWORD=change-me
AIRFLOW_DB_PASSWORD=airflow
AIRFLOW_SECRET_KEY=change-me-in-prod
AIRFLOW_FERNET_KEY=
AIRFLOW_BASE_URL=https://o.alogins.net/airflow
# Public URL shown as link in the admin sidebar (must be NEXT_PUBLIC_ to reach the browser).
NEXT_PUBLIC_AIRFLOW_URL=http://localhost:8080
# Shared secret for Airflow→API internal callbacks. Generate: openssl rand -hex 32
INTERNAL_API_TOKEN=
# Static token for automated/service access to the admin panel (e.g. Playwright tests).
# Leave empty to disable token-based login. Generate: openssl rand -hex 32
ADMIN_TOKEN=
# AI stack — shared Agap services (ollama + litellm + langfuse). Not run from oO.
# Prod: https://llm.alogins.net | Dev: http://host.docker.internal:4000 from containers,
# http://localhost:4000 from host. Ollama: http://host.docker.internal:11434 / :11434.
LITELLM_URL=https://llm.alogins.net
LITELLM_MASTER_KEY=sk-oo-dev
OLLAMA_URL=http://host.docker.internal:11434
# Google OAuth — https://console.cloud.google.com/
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=
# VAPID (Web Push) — generate: node -e "const wp=require('web-push');console.log(JSON.stringify(wp.generateVAPIDKeys()))"
VAPID_PUBLIC_KEY=
VAPID_PRIVATE_KEY=
VAPID_SUBJECT=mailto:you@example.com
# Todoist OAuth — https://developer.todoist.com/appconsole.html
TODOIST_CLIENT_ID=
TODOIST_CLIENT_SECRET=
# Event bus — leave NATS_URL empty for in-process bus only (no JetStream bridge).
# Set to nats://nats:4222 (compose service name) or nats://localhost:4222 (host)
# to mirror every publish to durable JetStream streams (signals.>, feedback.>).
# Start the broker with: docker compose --profile events up nats
NATS_URL=
# How often the background scheduler refreshes Todoist tasks per active user (ms).
TODOIST_SYNC_INTERVAL_MS=900000
# Tip prompt selection — empty = use ml/serving default (v1).
# Pin a single variant: "v2-mentor"
# Rotate uniformly across variants: "v1,v2-mentor,v3-few-shot"
# Buckets show up in the admin reward-analytics dashboard (#92).
TIP_PROMPT_VERSION=
# Default version on the Python side when the API doesn't specify one.
DEFAULT_PROMPT_VERSION=v1
Reference in New Issue View Git Blame Copy Permalink