iDefineHD/TurboTrades
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4e6fef197e25aa973bb2b538f1f84a7bb342d5a3
TurboTrades/ENV_SETUP.md
iDefineHD e7ea8f12b6
All checks were successful
Build Frontend / Build Frontend (push) Successful in 22s
Details
Fix login button and improve CORS 
- Fixed login URL from /auth/steam to /api/auth/steam
- Updated all Steam login buttons to custom green design with 'Login to Steam' text
- Enhanced CORS configuration with explicit preflight handling
- Added Steam image proxy endpoint for CORS-free image loading
- Improved environment variable management with .env.local support
- Added ENV_SETUP.md guide for environment configuration
2026-01-11 01:39:35 +00:00

214 lines
5.4 KiB
Markdown
Raw Blame History

# Environment Variables Setup Guide
This guide explains how to manage environment variables for local development vs. production deployment.
## 📁 File Structure
```
TurboTrades/
├── .env # Production/deployment settings (COMMITTED to git)
├── .env.local # Local development overrides (NOT committed)
├── .env.example # Template for reference
└── .env.tunnel # Cloudflare tunnel settings (optional)
```
## 🔄 How It Works
The application loads environment variables in this order:
1. **`.env.local`** - Loaded first (highest priority)
2. **`.env`** - Loaded second (fallback values)
This means:
- Variables in `.env.local` **override** those in `.env`
- `.env.local` is in `.gitignore` and **never gets pushed** to git
- `.env` contains your production settings and **is committed** to git
## 🚀 Quick Setup
### For Local Development
1. **Copy the template:**
```bash
# .env.local is already created for you!
# Just add your Steam API key
```
2. **Add your Steam API Key to `.env.local`:**
```env
STEAM_API_KEY=your_actual_steam_api_key_here
```
Get your key from: https://steamcommunity.com/dev/apikey
3. **Start the server:**
```bash
npm run dev
```
The server will automatically use:
- Local MongoDB (`mongodb://localhost:27017/turbotrades`)
- Local frontend (`http://localhost:5173`)
- No HTTPS required (`COOKIE_SECURE=false`)
### For Production/Deployment
Your `.env` file should contain production settings:
- Production MongoDB connection (MongoDB Atlas or remote server)
- Production domain for CORS
- Secure cookies enabled (`COOKIE_SECURE=true`)
- Production Steam return URL
**Never commit sensitive production credentials!** Use environment variables in your hosting platform instead.
## 🔧 Common Scenarios
### Scenario 1: Switching Between Local and Production MongoDB
**Problem:** You keep changing `MONGODB_URI` in `.env` and forgetting to change it back.
**Solution:**
- Keep production MongoDB URI in `.env`
- Put local MongoDB URI in `.env.local`
- Never edit `.env` for local development!
```env
# .env (production - committed)
MONGODB_URI=mongodb+srv://user:pass@cluster.mongodb.net/turbotrades
# .env.local (local dev - not committed)
MONGODB_URI=mongodb://localhost:27017/turbotrades
```
### Scenario 2: Testing with Cloudflare Tunnel
Use `.env.tunnel` for tunnel-specific settings:
```bash
# Copy tunnel settings
cp .env.tunnel .env.local
# Or manually edit .env.local with your tunnel URL
```
### Scenario 3: Team Development
**Each developer should:**
1. Keep their own `.env.local` (never commit it!)
2. Share the `.env` file with production-like defaults
3. Update `.env.example` when adding new variables
## 📝 Environment Variables Reference
### Database
```env
MONGODB_URI=mongodb://localhost:27017/turbotrades
```
### Server
```env
NODE_ENV=development # or 'production'
PORT=3000
HOST=0.0.0.0
```
### Steam OAuth
```env
STEAM_API_KEY=your_key_here
STEAM_REALM=http://localhost:3000
STEAM_RETURN_URL=http://localhost:3000/api/auth/steam/return
```
### CORS & Cookies
```env
CORS_ORIGIN=http://localhost:5173
COOKIE_DOMAIN=localhost
COOKIE_SECURE=false # true for production
COOKIE_SAME_SITE=lax
```
### JWT & Sessions
```env
JWT_ACCESS_SECRET=your-secret-here
JWT_REFRESH_SECRET=your-secret-here
JWT_ACCESS_EXPIRY=15m
JWT_REFRESH_EXPIRY=7d
SESSION_SECRET=your-session-secret
```
### Rate Limiting
```env
RATE_LIMIT_MAX=100
RATE_LIMIT_TIMEWINDOW=60000
```
## ⚠️ Important Notes
### ✅ DO:
- Use `.env.local` for local development
- Commit `.env` with safe default values
- Keep sensitive keys in `.env.local`
- Update `.env.example` when adding new variables
- Use your hosting platform's environment variables for production secrets
### ❌ DON'T:
- Commit `.env.local` to git (it's in `.gitignore`)
- Store real API keys in `.env` (use placeholders)
- Edit `.env` for local development
- Share your `.env.local` file with others
- Commit sensitive credentials to the repository
## 🔍 Troubleshooting
### "Authentication failed" MongoDB Error
**Cause:** Using production MongoDB URI with credentials locally.
**Fix:** Make sure `.env.local` has:
```env
MONGODB_URI=mongodb://localhost:27017/turbotrades
```
### "CORS Error" in Browser
**Cause:** Backend and frontend origins don't match.
**Fix:** Check `.env.local`:
```env
CORS_ORIGIN=http://localhost:5173
```
### "Steam authentication failed"
**Cause:** Missing or invalid Steam API key.
**Fix:** Add your key to `.env.local`:
```env
STEAM_API_KEY=your_actual_key_from_steam
```
Get it here: https://steamcommunity.com/dev/apikey
### Changes not taking effect
**Cause:** Server not restarting or wrong file being edited.
**Fix:**
1. Make sure you're editing `.env.local` (not `.env`)
2. Restart the server: `npm run dev`
3. Clear `node_modules/.cache` if needed
## 📚 Additional Resources
- [dotenv documentation](https://github.com/motdotla/dotenv)
- [Steam Web API documentation](https://steamcommunity.com/dev)
- [MongoDB Connection Strings](https://www.mongodb.com/docs/manual/reference/connection-string/)
## 🤝 Contributing
When adding new environment variables:
1. Add it to `config/index.js` with a sensible default
2. Add it to `.env.example` with a placeholder value
3. Document it in this file
4. Update `API_ENDPOINTS.md` if it affects API behavior
---
**Last Updated:** 2024
**Maintainer:** TurboTrades Development Team
Reference in New Issue View Git Blame Copy Permalink