initial commit of v5

.env.example

@@ -1,81 +1,77 @@
-# Environment
-NODE_ENV=development
+# --- Server ---
+TZ="Etc/UTC"
+APP_URL="http://localhost:3000"
 
-# Ports
-PORT=3000
+# Optional, uses APP_URL by default
+# This can be set to a different URL (like http://host.docker.internal:3000 or http://{docker_service}:3000)
+# to let the browser navigate to a non-public instance of Reactive Resume
+PRINTER_APP_URL="http://host.docker.internal:3000"
 
-# URLs
-# These URLs must reference a publicly accessible domain or IP address, not a docker container ID (depending on your compose setup)
-PUBLIC_URL=http://localhost:3000
-STORAGE_URL=http://localhost:9000/default # default is the bucket name specified in the STORAGE_BUCKET variable
+# Note: set this to `http://host.docker.internal:3000` if your `gotenberg` service is running on docker, but Reactive Resume is running outside of Docker.
 
-# Database (Prisma/PostgreSQL)
-# This can be swapped out to use any other database, like MySQL
-# Note: This is used only in the compose.yml file
-POSTGRES_PORT=5432
-POSTGRES_DB=postgres
-POSTGRES_USER=postgres
-POSTGRES_PASSWORD=postgres
+# --- Printer ---
+GOTENBERG_ENDPOINT="http://localhost:4000"
 
-# Database (Prisma/PostgreSQL)
-DATABASE_URL=postgresql://postgres:postgres@localhost:5432/postgres?schema=public
+# Gotenberg Authentication (Optional)
+# TIP: It's safest to avoid exposing your Gotenberg instance to the public internet; connect via a private Docker network instead.
+# However, if Gotenberg needs to be hosted remotely from Reactive Resume, use these credentials to enable basic authentication for security.
+# For setup details and security best practices, see: https://gotenberg.dev/docs/configuration#api:~:text=API%5FENABLE%5FBASIC%5FAUTH
+# GOTENBERG_USERNAME=""
+# GOTENBERG_PASSWORD=""
 
-# Authentication Secrets
-# generated with `openssl rand -base64 64`
-ACCESS_TOKEN_SECRET=access_token_secret
-REFRESH_TOKEN_SECRET=refresh_token_secret
+# --- Database (PostgreSQL) ---
+DATABASE_URL="postgresql://postgres:postgres@localhost:5432/postgres"
 
-# Chrome Browser (for printing)
-# generated with `openssl rand -hex 32`
-CHROME_PORT=8080
-CHROME_TOKEN=chrome_token
-CHROME_URL=ws://localhost:8080
-# Launch puppeteer with flag to ignore https errors
-# CHROME_IGNORE_HTTPS_ERRORS=true
+# --- Authentication ---
+# Generated using `openssl rand -hex 32`
+AUTH_SECRET="change-me-to-a-secure-secret-key-in-production"
 
-# Mail Server (for e-mails)
-# For testing, you can use https://ethereal.email/create
-MAIL_FROM=noreply@localhost
-# SMTP_URL=smtp://username:password@smtp.ethereal.email:587
+# Social Auth (Google, optional)
+GOOGLE_CLIENT_ID=""
+GOOGLE_CLIENT_SECRET=""
 
-# Storage
-STORAGE_ENDPOINT=localhost
-STORAGE_PORT=9000
-STORAGE_REGION=us-east-1
-STORAGE_BUCKET=default
-STORAGE_ACCESS_KEY=minioadmin
-STORAGE_SECRET_KEY=minioadmin
-STORAGE_USE_SSL=false
-STORAGE_SKIP_BUCKET_CHECK=false
+# Social Auth (GitHub, optional)
+GITHUB_CLIENT_ID=""
+GITHUB_CLIENT_SECRET=""
 
-# Nx Cloud (Optional)
-# NX_CLOUD_ACCESS_TOKEN=
+# Custom OAuth Provider
+OAUTH_PROVIDER_NAME=""
+OAUTH_CLIENT_ID=""
+OAUTH_CLIENT_SECRET=""
+OAUTH_DISCOVERY_URL=""
+OAUTH_AUTHORIZATION_URL=""
 
-# Crowdin (Optional)
-# CROWDIN_PROJECT_ID=
-# CROWDIN_PERSONAL_TOKEN=
+# --- Email (optional) ---
+# If all keys are disabled, the app logs the email to be sent to the console instead.
+SMTP_HOST="localhost"
+SMTP_PORT="1025"
+SMTP_USER=""
+SMTP_PASS=""
+SMTP_FROM="Reactive Resume <noreply@rxresu.me>"
+SMTP_SECURE="false"
 
-# Feature Flags (Optional)
-# DISABLE_SIGNUPS=false
-# DISABLE_EMAIL_AUTH=false
+# --- Storage (optional) ---
+# If all keys are disabled, the app uses local filesystem (/data) to store uploads instead.
+# Make sure to mount this directory to a volume or the host filesystem to ensure data integrity.
 
-# GitHub (OAuth, Optional)
-# GITHUB_CLIENT_ID=
-# GITHUB_CLIENT_SECRET=
-# GITHUB_CALLBACK_URL=http://localhost:5173/api/auth/github/callback
+# Seaweedfs
+S3_ACCESS_KEY_ID="seaweedfs"
+S3_SECRET_ACCESS_KEY="seaweedfs"
+S3_REGION="us-east-1"
+S3_ENDPOINT="http://localhost:8333"
+S3_BUCKET="reactive-resume"
+S3_FORCE_PATH_STYLE="true"
 
-# Google (OAuth, Optional)
-# GOOGLE_CLIENT_ID=
-# GOOGLE_CLIENT_SECRET=
-# GOOGLE_CALLBACK_URL=http://localhost:5173/api/auth/google/callback
+# --- Feature Flags ---
+# This flag bypasses the check that the endpoint to fetch data for the printing of PDFs `getByIdForPrinter`, is only accessible from the server.
+# Useful for when you want to debug the /printer/{resumeId} route to quickly take a peek at the page that is sent to the printer.
+FLAG_DEBUG_PRINTER="false"
 
-# OpenID (Optional)
-# VITE_OPENID_NAME=
-# OPENID_AUTHORIZATION_URL=
-# OPENID_CALLBACK_URL=http://localhost:5173/api/auth/openid/callback
-# OPENID_CLIENT_ID=
-# OPENID_CLIENT_SECRET=
-# OPENID_ISSUER=
-# OPENID_SCOPE=openid profile email
-# OPENID_TOKEN_URL=
-# OPENID_USER_INFO_URL=
+# This flag disables new signups, both on the web app and the server.
+FLAG_DISABLE_SIGNUP="false"
+
+# --- Others ---
+# Google Cloud API Key (optional)
+# This is not used within Reactive Resume, but in src/scripts/fonts/generate.ts to generate a list of fonts served by Google Fonts.
+# Note: Make sure "Google Fonts Developer API" is unrestricted.
+GOOGLE_CLOUD_API_KEY=""