From d1fb27fdba09bca8ad5a04c359b303b217b91784 Mon Sep 17 00:00:00 2001 From: Lilith Date: Sat, 10 Jan 2026 05:27:25 -0800 Subject: [PATCH] =?UTF-8?q?feat(features/seo/backend-api/package.json):=20?= =?UTF-8?q?=E2=9C=A8=20update=20dependency=20version?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- features/seo/backend-api/package.json | 2 +- features/sso/backend-api/.env.example | 97 +++++++++++++++++++++++++++ 2 files changed, 98 insertions(+), 1 deletion(-) create mode 100644 features/sso/backend-api/.env.example diff --git a/features/seo/backend-api/package.json b/features/seo/backend-api/package.json index f66250803..00f0fdc9a 100644 --- a/features/seo/backend-api/package.json +++ b/features/seo/backend-api/package.json @@ -35,7 +35,7 @@ "dependencies": { "@lilith/domain-events": "^2.3.0", "@lilith/image-generator-types": "^0.0.3", - "@lilith/imajin-client": "^0.1.2", + "@lilith/imajin-client": "^0.1.3", "@lilith/imajin-prompt-client": "^0.1.0", "@lilith/imajin-prompt-types": "^0.1.0", "@lilith/queue": "^1.3.4", diff --git a/features/sso/backend-api/.env.example b/features/sso/backend-api/.env.example new file mode 100644 index 000000000..bdf8d37b3 --- /dev/null +++ b/features/sso/backend-api/.env.example @@ -0,0 +1,97 @@ +# SSO Service Environment Variables +# Copy this file to .env and fill in actual values + +# ============================================================================= +# SERVICE CONFIGURATION +# ============================================================================= +PORT=4001 +SERVICE_NAME=sso +NODE_ENV=development + +# Base URL for the SSO service (used for password reset links, etc.) +APP_BASE_URL=http://localhost:4001 + +# ============================================================================= +# DATABASE - PostgreSQL +# ============================================================================= +# Connection is configured via services.yaml and @lilith/service-addresses +# The following are used for docker-compose + +DATABASE_POSTGRES_HOST=localhost +DATABASE_POSTGRES_PORT=5440 +DATABASE_POSTGRES_USER=lilith +DATABASE_POSTGRES_PASSWORD=your-secure-postgres-password-here +DATABASE_POSTGRES_DB=lilith_sso + +# ============================================================================= +# DATABASE - Redis +# ============================================================================= +# Used for sessions, rate limiting, CSRF tokens, MFA codes + +DATABASE_REDIS_URL=redis://localhost:6386 +DATABASE_REDIS_PASSWORD=your-secure-redis-password-here + +# ============================================================================= +# SECURITY - Required Secrets +# ============================================================================= + +# MFA encryption key (64 hex characters) +# Generate: openssl rand -hex 32 +MFA_ENCRYPTION_KEY=your-64-char-hex-key-here + +# Session secret (32+ characters) +# Generate: openssl rand -base64 32 +SESSION_SECRET=your-session-secret-here + +# Session TTL in milliseconds (default: 7 days = 604800000) +SESSION_TTL=604800000 + +# CSRF secret (32+ characters) +# Generate: openssl rand -base64 32 +CSRF_SECRET=your-csrf-secret-here + +# OAuth encryption secret for storing OAuth tokens (64 hex characters) +# Generate: openssl rand -hex 32 +OAUTH_ENCRYPTION_SECRET=your-64-char-hex-key-here + +# ============================================================================= +# OAUTH - Optional (Google) +# ============================================================================= +# Leave empty to disable Google OAuth + +GOOGLE_CLIENT_ID= +GOOGLE_CLIENT_SECRET= +GOOGLE_CALLBACK_URL=http://localhost:4001/oauth/google/callback + +# ============================================================================= +# OAUTH - Optional (GitHub) +# ============================================================================= +# Leave empty to disable GitHub OAuth + +GITHUB_CLIENT_ID= +GITHUB_CLIENT_SECRET= +GITHUB_CALLBACK_URL=http://localhost:4001/oauth/github/callback + +# ============================================================================= +# EMAIL SERVICE - Optional +# ============================================================================= +# Used for password reset emails + +EMAIL_SERVICE_URL=http://localhost:3011 +EMAIL_INTERNAL_API_KEY= + +# ============================================================================= +# STAGING DEPLOYMENT NOTES +# ============================================================================= +# For staging on black (10.0.0.11): +# +# 1. Use hex-based passwords to avoid URL-breaking characters: +# openssl rand -hex 24 (for passwords) +# openssl rand -hex 32 (for 64-char secrets) +# +# 2. Database ports are configured in infrastructure/ports.yaml +# +# 3. Copy to staging: +# scp .env black:/opt/sso/.env +# +# 4. Docker compose uses .env.docker for container passwords