Pedro Gomes
1bc837e606
# O que mudou 1 Schema: failedAttempts + lockedUntil em User; migration auth_v0_2_lockout aplicada; crypto.ts com hashSecret/verifySecret (Node scrypt nativo, zero deps) 2 packages/api/src/auth.ts — authenticateCredential com lockout de 5 tentativas 3 Seed reescrito: admin hashed admin1234, operadores hashed 1111/2222/3333 4 Porta das traseiras fechada: AUTH_DEV_AUTOLOGIN ignorado quando NODE_ENV=production, em ambas as apps 5 operator-pwa: Credentials provider usa PIN + allowedRoles:['OPERATOR']; cookies fieldops-op.* 6 Picker em 2 estados: lista → teclado PIN (botões grandes, dots de progresso, mensagem de erro sem dar pistas) 7 admin-web: Auth.js completo (auth.config, auth.ts, route handler, middleware, /login page, AUTH_SECRET no env) com cookies fieldops-admin.* 8 scripts/auth-smoke.ts (11/11 ✓); .env.example e README atualizados
47 lines
2.0 KiB
Plaintext
47 lines
2.0 KiB
Plaintext
# ---------------------------------------------------------------------------
|
|
# FieldOps — environment variables
|
|
# ---------------------------------------------------------------------------
|
|
# Copy this file to .env (cp .env.example .env) and adjust as needed for your
|
|
# local environment. Never commit .env.
|
|
|
|
# Postgres connection string. Matches docker-compose.yml defaults.
|
|
DATABASE_URL="postgresql://fieldops:fieldops@localhost:5432/fieldops?schema=public"
|
|
|
|
# Auth.js v5 — secret used to sign session tokens.
|
|
# In production, set this to a strong random value: `openssl rand -base64 32`.
|
|
AUTH_SECRET="dev-secret-do-not-use-in-production-please-change-me"
|
|
|
|
# Dev-only auto sign-in.
|
|
# When set to "true", the app will silently sign in as the seed admin user
|
|
# (admin@demo.local of the "Demo Factory" tenant) on every request that has
|
|
# no session. This skips the login UI in local development and CI/E2E.
|
|
#
|
|
# !!! NEVER set this to "true" in production. !!!
|
|
# Even if set to "true", this flag is IGNORED when NODE_ENV=production.
|
|
# The default of "false" here is intentional — a developer setting up locally
|
|
# must consciously opt in by editing their .env. See README "Auth" section.
|
|
AUTH_DEV_AUTOLOGIN="false"
|
|
|
|
# Base URL of the operator-pwa app — used by Auth.js for callback URLs.
|
|
NEXT_PUBLIC_APP_URL="http://localhost:3000"
|
|
AUTH_URL="http://localhost:3000"
|
|
|
|
# Pino log level — one of: fatal, error, warn, info, debug, trace.
|
|
LOG_LEVEL="info"
|
|
|
|
# Node environment — intentionally NOT set here.
|
|
# Next.js sets NODE_ENV automatically (development/production/test).
|
|
# Setting it via dotenv-cli before `next build` forces the dev runtime and
|
|
# breaks static page generation.
|
|
|
|
# MinIO / S3-compatible object storage. Matches docker-compose.yml defaults.
|
|
# S3_FORCE_PATH_STYLE=true is required for MinIO (and other self-hosted S3 impls).
|
|
S3_ENDPOINT="http://localhost:9000"
|
|
S3_REGION="us-east-1"
|
|
S3_BUCKET="fieldops"
|
|
S3_ACCESS_KEY="fieldops"
|
|
S3_SECRET_KEY="fieldops123"
|
|
S3_FORCE_PATH_STYLE="true"
|
|
MINIO_ROOT_USER="fieldops"
|
|
MINIO_ROOT_PASSWORD="fieldops123"
|