Daniel Volz
733fe2f38a
* fix: stabilize e2e suite and align dev runtime config * fix: harden forbidden-settings e2e assertion * fix: make forbidden settings e2e assertion robust
145 lines
5.3 KiB
Bash
145 lines
5.3 KiB
Bash
# =============================================================================
|
|
# MedAssist-ng Configuration
|
|
# =============================================================================
|
|
# Copy this file to .env and adjust values for your setup
|
|
# =============================================================================
|
|
|
|
# Container user/group IDs (for bind mount permissions)
|
|
# Set to your host user's UID/GID: id -u && id -g
|
|
PUID=1000
|
|
PGID=1000
|
|
|
|
PORT=3000
|
|
CORS_ORIGINS=http://localhost:4174
|
|
LOG_LEVEL=warn
|
|
|
|
# Levels: debug, info, warn, error, silent
|
|
# Controls: backend Fastify logging, frontend nginx access logs (Docker),
|
|
# and frontend browser console (via build-time injection)
|
|
#
|
|
# Behavior per level:
|
|
# debug — all app logs + all HTTP request logs (including polling endpoints)
|
|
# info — all app logs + HTTP request logs, EXCEPT high-frequency polling
|
|
# (GET /doses/taken, GET /share/:token/doses, GET /health are hidden)
|
|
# warn — only warnings and errors
|
|
# error — only errors
|
|
# silent — no logs
|
|
|
|
# Rate limit: max requests per minute per IP (default: 100)
|
|
# Increase for development/testing environments
|
|
# RATE_LIMIT_MAX=100
|
|
|
|
# API documentation UI + OpenAPI JSON
|
|
# Default behavior: enabled outside production, disabled in production
|
|
# OPENAPI_DOCS_ENABLED=true
|
|
|
|
# Timezone for scheduled reminders (e.g., Europe/Berlin, America/New_York)
|
|
TZ=Europe/Berlin
|
|
|
|
# =============================================================================
|
|
# Authentication (optional - disabled by default for easy setup)
|
|
# =============================================================================
|
|
# Enable authentication (default: false = open access)
|
|
AUTH_ENABLED=false
|
|
|
|
# Allow new user registrations (auto-enabled when no users exist)
|
|
# REGISTRATION_ENABLED=false
|
|
|
|
# Disable username/password form login (useful for OIDC-only setups)
|
|
# FORM_LOGIN_ENABLED=true
|
|
|
|
# JWT Secrets - REQUIRED when AUTH_ENABLED=true
|
|
# Generate with: openssl rand -hex 32
|
|
# JWT_SECRET=
|
|
# REFRESH_SECRET=
|
|
# COOKIE_SECRET=
|
|
|
|
# Token TTL (optional - defaults shown)
|
|
# ACCESS_TOKEN_TTL_MINUTES=15
|
|
# REFRESH_TOKEN_TTL_DAYS=7
|
|
|
|
# =============================================================================
|
|
# OIDC SSO (optional - for Pocket ID, Authelia, Authentik, etc.)
|
|
# =============================================================================
|
|
# Enable OIDC authentication
|
|
# OIDC_ENABLED=false
|
|
|
|
# OIDC Provider URL (discovery endpoint will be auto-detected)
|
|
# OIDC_ISSUER_URL=https://auth.example.com
|
|
|
|
# Client credentials (from your OIDC provider)
|
|
# OIDC_CLIENT_ID=medassist
|
|
# OIDC_CLIENT_SECRET=your-client-secret
|
|
|
|
# Callback URL (must match what's configured in your OIDC provider)
|
|
# OIDC_REDIRECT_URI=https://medassist.example.com/api/auth/oidc/callback
|
|
|
|
# OIDC scopes to request (default: openid profile email)
|
|
# OIDC_SCOPES=openid profile email
|
|
|
|
# Claim to use as username (options: preferred_username, email, sub)
|
|
# OIDC_USERNAME_CLAIM=preferred_username
|
|
|
|
# Auto-create users on first SSO login (default: true)
|
|
# OIDC_AUTO_CREATE_USERS=true
|
|
|
|
# Provider name for login button (e.g., "Pocket ID", "Authelia", "SSO")
|
|
# OIDC_PROVIDER_NAME=SSO
|
|
|
|
# SMTP (optional - for email notifications and password reset)
|
|
SMTP_HOST=
|
|
SMTP_PORT=587
|
|
SMTP_USER=
|
|
SMTP_PASS= # Traditional password auth
|
|
SMTP_TOKEN= # OAuth2/App token auth (takes precedence over SMTP_PASS)
|
|
SMTP_FROM=
|
|
SMTP_SECURE=false
|
|
|
|
# Admin settings default value only - frontend settings (stored in settings.json) take precedence
|
|
REMINDER_DAYS_BEFORE=7
|
|
|
|
# Admin settings (not editable in UI)
|
|
REMINDER_HOUR=6 # 24h format (0-23), e.g. 6 = 6:00 AM, 18 = 6:00 PM
|
|
REMINDER_MINUTES_BEFORE=15 # Minutes before intake to send reminder
|
|
EXPIRY_WARNING_DAYS=30 # Days before expiry to show yellow warning
|
|
|
|
# =============================================================================
|
|
# Default User Settings (applied when new user is created)
|
|
# =============================================================================
|
|
# These ENV values are only used as DEFAULTS when a new user is created.
|
|
# Once a user saves their settings in the app, these ENV values are ignored
|
|
# for that user - their saved preferences take precedence.
|
|
#
|
|
# Useful for server admins to pre-configure settings for all new users.
|
|
# =============================================================================
|
|
|
|
# Email notifications (requires SMTP config above)
|
|
# DEFAULT_EMAIL_ENABLED=false
|
|
# DEFAULT_NOTIFICATION_EMAIL=
|
|
# DEFAULT_EMAIL_STOCK_REMINDERS=true
|
|
# DEFAULT_EMAIL_INTAKE_REMINDERS=true
|
|
|
|
# Push notifications (ntfy/gotify via Shoutrrr)
|
|
# DEFAULT_SHOUTRRR_ENABLED=false
|
|
# DEFAULT_SHOUTRRR_URL=
|
|
# DEFAULT_SHOUTRRR_STOCK_REMINDERS=true
|
|
# DEFAULT_SHOUTRRR_INTAKE_REMINDERS=true
|
|
|
|
# Repeat/nagging reminders for missed doses
|
|
# DEFAULT_REPEAT_REMINDERS_ENABLED=false
|
|
# DEFAULT_REMINDER_REPEAT_INTERVAL_MINUTES=30
|
|
# DEFAULT_MAX_NAGGING_REMINDERS=5
|
|
# DEFAULT_SKIP_REMINDERS_FOR_TAKEN_DOSES=false
|
|
|
|
# Stock reminder settings
|
|
# DEFAULT_REPEAT_DAILY_REMINDERS=false
|
|
|
|
# Stock thresholds (days of supply)
|
|
# DEFAULT_LOW_STOCK_DAYS=30
|
|
# DEFAULT_NORMAL_STOCK_DAYS=90
|
|
# DEFAULT_HIGH_STOCK_DAYS=180
|
|
|
|
# UI defaults
|
|
# DEFAULT_LANGUAGE=en # en or de
|
|
# DEFAULT_STOCK_CALCULATION_MODE=automatic # automatic or manual
|
|
# DEFAULT_SHARE_STOCK_STATUS=true # Show stock status on shared schedule links |