# Production Environment Variables Template # Copy this to .env and fill in your actual values # ============================================================================= # SERVER CONFIGURATION # ============================================================================= NODE_ENV=production PORT=3000 HOST=0.0.0.0 # ============================================================================= # DATABASE # ============================================================================= # Production MongoDB connection (MongoDB Atlas or remote server) MONGODB_URI=mongodb+srv://username:password@cluster.mongodb.net/turbotrades?retryWrites=true&w=majority # ============================================================================= # STEAM AUTHENTICATION # ============================================================================= # Get your Steam API key from: https://steamcommunity.com/dev/apikey STEAM_API_KEY=YOUR_STEAM_API_KEY_HERE # Steam OAuth URLs - MUST match your production domain STEAM_REALM=https://api.turbotrades.dev STEAM_RETURN_URL=https://api.turbotrades.dev/auth/steam/return # ============================================================================= # CORS & COOKIES # ============================================================================= # Frontend domain - where requests come from CORS_ORIGIN=https://turbotrades.dev # Cookie configuration for production COOKIE_DOMAIN=.turbotrades.dev COOKIE_SECURE=true COOKIE_SAME_SITE=none # ============================================================================= # JWT SECRETS # ============================================================================= # Generate secure random strings for production! # You can use: openssl rand -base64 32 JWT_ACCESS_SECRET=your-super-secret-jwt-access-key-change-this-in-production JWT_REFRESH_SECRET=your-super-secret-jwt-refresh-key-change-this-in-production JWT_ACCESS_EXPIRY=15m JWT_REFRESH_EXPIRY=7d # Session secret SESSION_SECRET=your-super-secret-session-key-change-this-in-production # ============================================================================= # RATE LIMITING # ============================================================================= RATE_LIMIT_MAX=100 RATE_LIMIT_TIMEWINDOW=60000 # ============================================================================= # WEBSOCKET # ============================================================================= WS_PING_INTERVAL=30000 WS_MAX_PAYLOAD=1048576 # ============================================================================= # EMAIL (Optional - for future features) # ============================================================================= SMTP_HOST=smtp.gmail.com SMTP_PORT=587 SMTP_USER=your-email@gmail.com SMTP_PASS=your-app-password EMAIL_FROM=noreply@turbotrades.com # ============================================================================= # IMPORTANT NOTES # ============================================================================= # # 1. STEAM_REALM and STEAM_RETURN_URL must use your API domain (api.turbotrades.dev) # 2. CORS_ORIGIN should be your frontend domain (turbotrades.dev) # 3. COOKIE_DOMAIN should start with a dot for subdomain support (.turbotrades.dev) # 4. COOKIE_SECURE must be true in production (requires HTTPS) # 5. COOKIE_SAME_SITE should be 'none' for cross-domain cookies with HTTPS # 6. Generate new JWT secrets for production (never use the defaults!) # # =============================================================================