docs: split configuration and development references
This commit is contained in:
Daniel Volz
GitHub
@@ -0,0 +1,113 @@
|
||||
# Configuration
|
||||
|
||||
Configure MedAssist with environment variables in `.env`. Start from `.env.example`.
|
||||
|
||||
## General
|
||||
|
||||
| Variable | Default | Description |
|
||||
|----------|---------|-------------|
|
||||
| `PUID` | `1000` | User ID for container file permissions |
|
||||
| `PGID` | `1000` | Group ID for container file permissions |
|
||||
| `PORT` | `3000` | Backend API port |
|
||||
| `CORS_ORIGINS` | `http://localhost:4174` | Allowed origins for CORS |
|
||||
| `TZ` | `Europe/Berlin` | Server default timezone for scheduled reminders |
|
||||
| `PUBLIC_APP_URL` | — | Public base URL for notification action links |
|
||||
| `LOG_LEVEL` | `info` | Log level: `debug`, `info`, `warn`, `error`, or `silent` |
|
||||
| `RATE_LIMIT_MAX` | `100` | Maximum requests per minute per IP |
|
||||
| `OPENAPI_DOCS_ENABLED` | `auto` | Explicitly enable or disable `/docs` and `/docs/json` |
|
||||
|
||||
API docs behavior:
|
||||
|
||||
- If `OPENAPI_DOCS_ENABLED` is unset, docs are enabled outside production and disabled in production.
|
||||
- `OPENAPI_DOCS_ENABLED=true` enables `/docs` and `/docs/json`.
|
||||
- `OPENAPI_DOCS_ENABLED=false` disables the docs only.
|
||||
|
||||
## Authentication
|
||||
|
||||
| Variable | Default | Description |
|
||||
|----------|---------|-------------|
|
||||
| `AUTH_ENABLED` | `false` | Enable user authentication |
|
||||
| `REGISTRATION_ENABLED` | `false` | Allow new user registrations |
|
||||
| `FORM_LOGIN_ENABLED` | `true` | Enable username/password login |
|
||||
| `JWT_SECRET` | — | Access token signing key; required when auth is enabled |
|
||||
| `REFRESH_SECRET` | — | Refresh token signing key; required when auth is enabled |
|
||||
| `COOKIE_SECRET` | — | Cookie signing key; required when auth is enabled |
|
||||
| `ACCESS_TOKEN_TTL_MINUTES` | `15` | Access token lifetime |
|
||||
| `REFRESH_TOKEN_TTL_DAYS` | `7` | Refresh token lifetime |
|
||||
|
||||
Generate secrets with `openssl rand -hex 32`.
|
||||
|
||||
## API Keys
|
||||
|
||||
When `AUTH_ENABLED=true`, authenticated users can create API keys and call protected endpoints with:
|
||||
|
||||
```text
|
||||
Authorization: Bearer ma_...
|
||||
```
|
||||
|
||||
Available scopes:
|
||||
|
||||
- `read`: read-only access (`GET`, `HEAD`, `OPTIONS`)
|
||||
- `write`: read and write access
|
||||
|
||||
Notes:
|
||||
|
||||
- The token is shown only once after creation.
|
||||
- Creating a new key deactivates previously active keys for the same user.
|
||||
- API keys are stored hashed in the database.
|
||||
|
||||
API reference:
|
||||
|
||||
- Interactive docs: `/docs`
|
||||
- OpenAPI JSON: `/docs/json`
|
||||
- Key management endpoints:
|
||||
- `GET /auth/api-keys`
|
||||
- `POST /auth/api-keys`
|
||||
- `DELETE /auth/api-keys/:id`
|
||||
|
||||
## OIDC / SSO
|
||||
|
||||
| Variable | Default | Description |
|
||||
|----------|---------|-------------|
|
||||
| `OIDC_ENABLED` | `false` | Enable OIDC authentication |
|
||||
| `OIDC_ISSUER_URL` | — | OIDC provider URL |
|
||||
| `OIDC_CLIENT_ID` | — | OIDC client ID |
|
||||
| `OIDC_CLIENT_SECRET` | — | OIDC client secret |
|
||||
| `OIDC_REDIRECT_URI` | — | OIDC callback URL |
|
||||
| `OIDC_SCOPES` | `openid profile email` | Requested scopes |
|
||||
| `OIDC_USERNAME_CLAIM` | `preferred_username` | Username claim |
|
||||
| `OIDC_AUTO_CREATE_USERS` | `true` | Auto-create users on first SSO login |
|
||||
| `OIDC_PROVIDER_NAME` | `SSO` | Login button label |
|
||||
|
||||
## Email (SMTP)
|
||||
|
||||
| Variable | Default | Description |
|
||||
|----------|---------|-------------|
|
||||
| `SMTP_HOST` | — | SMTP server hostname |
|
||||
| `SMTP_PORT` | `587` | SMTP server port |
|
||||
| `SMTP_USER` | — | SMTP username |
|
||||
| `SMTP_PASS` | — | SMTP password |
|
||||
| `SMTP_TOKEN` | — | OAuth2 or app token; takes precedence over `SMTP_PASS` |
|
||||
| `SMTP_FROM` | — | Sender email address |
|
||||
| `SMTP_SECURE` | `false` | Use TLS |
|
||||
|
||||
## Reminders
|
||||
|
||||
| Variable | Default | Description |
|
||||
|----------|---------|-------------|
|
||||
| `REMINDER_DAYS_BEFORE` | `7` | Days before stock runs out to send reminder |
|
||||
| `REMINDER_HOUR` | `6` | Hour to send daily reminders (24h format) |
|
||||
| `REMINDER_MINUTES_BEFORE` | `15` | Minutes before intake to send reminder |
|
||||
| `EXPIRY_WARNING_DAYS` | `30` | Days before expiry warning |
|
||||
|
||||
Reminder timing uses IANA timezones. `TZ` is the server default. Users can override it in Settings.
|
||||
|
||||
## Push Notifications
|
||||
|
||||
Push notification setup, provider support, and URL examples are documented in [PUSH_NOTIFICATIONS.md](PUSH_NOTIFICATIONS.md).
|
||||
|
||||
Recommended provider: `ntfy`, especially for intake reminders with direct actions.
|
||||
|
||||
## Default User Settings
|
||||
|
||||
Default values for newly created users are documented in [DEFAULT_USER_SETTINGS.md](DEFAULT_USER_SETTINGS.md).
|
||||
Reference in New Issue
Block a user