57364fae32
- README rewritten end-to-end: stack, quick start, dev workflow, full
/api/v1 endpoint table, error and pagination envelopes, auth
quick-start (browser + bot bearer), configuration table, deployment
notes, backup/restore pointer. Stale "next features" section dropped
now that all eight feat branches are in.
- .env.example now lists every env var the backend reads, with
inline explanations:
- COOKIE_SECURE / COOKIE_DOMAIN / SESSION_TTL_DAYS (auth)
- CORS_ALLOWED_ORIGINS (same-origin by default)
- MAX_REQUEST_BYTES / MAX_FILE_BYTES (upload caps)
- Postgres + storage + log vars carried over.
- docker-compose.yml forwards all of the above into the backend
service with `${VAR:-default}` so an unset value falls back to the
same default the code uses, and any `.env` override flows through
without a compose edit.
- docs/backup.md: step-by-step backup, restore, and smoke-test drill
for both stateful volumes (postgres-data + storage-data), plus a
list of what's deliberately *not* in the backup (e.g., .env).
- playwright.config.ts: pins the e2e dev server to port 5174 with
`--strictPort` so it neither reuses nor silently bumps off
collision with another vite instance on 5173. Drops the flaky
manual-start workflow the earlier branches needed.
- docker-compose syntax (both prod and dev) validates cleanly against
.env.example with no undefined-variable warnings.
No version bump — this is documentation, config, and tooling.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
52 lines
2.0 KiB
Plaintext
52 lines
2.0 KiB
Plaintext
# Copy to .env for `docker compose up --build`. Local-dev runs (cargo run
|
|
# / npm run dev) read backend/.env if present, or pick up the variables
|
|
# from your shell.
|
|
|
|
# ----- Postgres -----
|
|
# These are read by the Postgres container *and* by DATABASE_URL below;
|
|
# changing them after the first boot won't migrate existing data, so set
|
|
# them up front for any new deployment.
|
|
POSTGRES_USER=mangalord
|
|
POSTGRES_PASSWORD=mangalord
|
|
POSTGRES_DB=mangalord
|
|
|
|
# ----- Backend -----
|
|
DATABASE_URL=postgres://mangalord:mangalord@postgres:5432/mangalord
|
|
BIND_ADDRESS=0.0.0.0:8080
|
|
STORAGE_DIR=/var/lib/mangalord/storage
|
|
RUST_LOG=info,mangalord=debug
|
|
|
|
# ----- Auth / cookies -----
|
|
# COOKIE_SECURE controls whether the `Secure` flag is set on the session
|
|
# cookie. Keep `true` in production (HTTPS); set to `false` if you're
|
|
# serving over plain HTTP locally (e.g., behind a dev reverse proxy).
|
|
COOKIE_SECURE=true
|
|
# COOKIE_DOMAIN scopes the session cookie. Leave empty to default to the
|
|
# requesting host. Set when serving the API and frontend on subdomains of
|
|
# a shared parent (e.g., `.example.com`) so the cookie is shared.
|
|
COOKIE_DOMAIN=
|
|
# Session lifetime in days. Expired sessions are no longer accepted and
|
|
# get reaped lazily.
|
|
SESSION_TTL_DAYS=30
|
|
|
|
# ----- CORS -----
|
|
# Comma-separated origins allowed to call the API with credentials.
|
|
# Default is empty: same-origin only. Set when frontend and backend live
|
|
# on different hosts. Example: https://app.example.com,https://app.example.de
|
|
CORS_ALLOWED_ORIGINS=
|
|
|
|
# ----- Upload limits -----
|
|
# Per-request body cap. axum rejects oversized requests with 413 before
|
|
# our handlers run. Default 200 MiB.
|
|
MAX_REQUEST_BYTES=209715200
|
|
# Per-image-part cap. Enforced after reading each part, so a single
|
|
# oversized image is rejected even when the total request fits.
|
|
# Default 20 MiB.
|
|
MAX_FILE_BYTES=20971520
|
|
|
|
# ----- Frontend -----
|
|
# Public base URL the browser uses to reach the API. Behind a reverse
|
|
# proxy that serves /api/* from the frontend host, set this to /api so
|
|
# the calls stay same-origin.
|
|
PUBLIC_API_BASE=http://localhost:8080/api
|