cc3c5ad444
Some checks failed
Deploy to Production / deploy (push) Failing after 1m8s
GitHub: /v1/auth/github + /callback — authorization-code flow, fetches the verified primary email via /user/emails, reuses upsertOAuthLogin. SMS: phone is now a first-class login identity. - schema: users.email nullable, users.phone added, new sms_codes table. - @bmm/auth: issueSmsCode / consumeSmsCode — 6-digit code, hashed at rest, 10-min TTL, per-phone rate limit, 5-attempt cap, get-or-create user by phone. - apps/api: /v1/auth/sms/request + /verify, Twilio REST send (no SDK), per-IP throttle. /v1/auth/providers now reports google/github/sms. - login UI: Google + GitHub buttons, Email|Phone toggle, two-step SMS (number -> 6-digit code with one-time-code autofill). SMS link was rejected in favour of an OTP code — carrier link-scanners consume magic-link tokens before the user taps them. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
72 lines
2.3 KiB
Plaintext
72 lines
2.3 KiB
Plaintext
# ---- Core ----
|
|
NODE_ENV=development
|
|
|
|
# ---- Database ----
|
|
DATABASE_URL=postgresql://bmm:bmm@localhost:5440/bmm
|
|
REDIS_URL=redis://localhost:6390
|
|
|
|
# ---- Auth (Better-Auth) ----
|
|
BETTER_AUTH_SECRET=replace-me-with-32-bytes-of-random-hex-1234567890abcdef
|
|
BETTER_AUTH_URL=http://localhost:3001
|
|
NEXT_PUBLIC_APP_URL=http://localhost:3001
|
|
NEXT_PUBLIC_API_URL=http://localhost:4000
|
|
|
|
# ---- GitHub OAuth ("Continue with GitHub") ----
|
|
# Create at https://github.com/settings/applications/new
|
|
# Authorized callback URL: <CONTROL_PLANE_PUBLIC_URL>/v1/auth/github/callback
|
|
GITHUB_OAUTH_ID=
|
|
GITHUB_OAUTH_SECRET=
|
|
|
|
# ---- Twilio SMS (phone one-time-code login) ----
|
|
# Credentials + a verified sender number from the Twilio console.
|
|
TWILIO_ACCOUNT_SID=
|
|
TWILIO_AUTH_TOKEN=
|
|
TWILIO_SMS_FROM=
|
|
|
|
# ---- Google OAuth (optional — "Continue with Google") ----
|
|
# Create at https://console.cloud.google.com/apis/credentials
|
|
# Authorized redirect URI must be: <CONTROL_PLANE_PUBLIC_URL>/v1/auth/google/callback
|
|
# e.g. dev: http://localhost:4000/v1/auth/google/callback
|
|
# prod: https://api.buildmymcp.com/v1/auth/google/callback
|
|
GOOGLE_OAUTH_ID=
|
|
GOOGLE_OAUTH_SECRET=
|
|
|
|
# Public URL of this API, used to build the OAuth redirect URI.
|
|
CONTROL_PLANE_PUBLIC_URL=http://localhost:4000
|
|
|
|
# ---- Anthropic ----
|
|
ANTHROPIC_API_KEY=
|
|
|
|
# ---- Crypto ----
|
|
# 32-byte hex for AES-256-GCM; generate with: openssl rand -hex 32
|
|
SECRETS_ENCRYPTION_KEY=0000000000000000000000000000000000000000000000000000000000000000
|
|
|
|
# ---- Admin bootstrap ----
|
|
# On API boot, an admin user is upserted with these credentials (idempotent).
|
|
ADMIN_EMAIL=
|
|
ADMIN_PASSWORD=
|
|
ADMIN_NAME=Admin
|
|
|
|
# ---- OAuth signing (RS256 JWKS) ----
|
|
# Path to PEM keypair; auto-generated on api boot if missing
|
|
OAUTH_KEY_DIR=./keys
|
|
|
|
# ---- Runner / Generator ----
|
|
# Where MCP runtime containers bind (host machine reachable from API)
|
|
RUNNER_HOST=localhost
|
|
# Range of host ports used for generated MCP containers
|
|
RUNNER_PORT_RANGE_START=4100
|
|
RUNNER_PORT_RANGE_END=4999
|
|
# Public URL template — $SLUG and $PORT are interpolated
|
|
RUNNER_PUBLIC_URL_TEMPLATE=http://localhost:$PORT
|
|
# Control plane URL reachable from runner containers
|
|
CONTROL_PLANE_URL=http://host.docker.internal:4000
|
|
|
|
# ---- Stripe (Sprint 4) ----
|
|
STRIPE_SECRET_KEY=
|
|
STRIPE_WEBHOOK_SECRET=
|
|
|
|
# ---- Observability (optional) ----
|
|
SENTRY_DSN=
|
|
OTEL_EXPORTER_OTLP_ENDPOINT=
|