-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path.env.example
More file actions
282 lines (224 loc) · 10.8 KB
/
.env.example
File metadata and controls
282 lines (224 loc) · 10.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
# ThyWill Environment Configuration
# ========================================
# REQUIRED CONFIGURATION
# ========================================
# AI Provider for prayer generation (options: anthropic, openai)
# Defaults to Anthropic for backward compatibility
AI_PROVIDER=anthropic
# Anthropic API Key for prayer generation (REQUIRED when AI_PROVIDER=anthropic)
# Get your API key from: https://console.anthropic.com/
ANTHROPIC_API_KEY=your_anthropic_api_key_here
# OpenAI configuration (used when AI_PROVIDER=openai)
# Get your API key from: https://platform.openai.com/
OPENAI_API_KEY=
# Default model to use when OpenAI provider is selected
OPENAI_MODEL=gpt-4o-mini
# Optional override for OpenAI API base URL (leave empty for default)
OPENAI_API_BASE=
# Production Mode (REQUIRED for file-based database)
# Must be set to "1" to use persistent SQLite database instead of in-memory database
# NEVER set this to anything other than "1" in production
PRODUCTION_MODE=1
# ========================================
# SERVER CONFIGURATION
# ========================================
# Server port (default: 8000)
# The port on which the ThyWill server will listen
PORT=8000
# Auto-migrate database on startup (production only)
# When true, runs database migrations automatically when the server starts
# Only applies in production mode - ignored in development
AUTO_MIGRATE_ON_STARTUP=true
# ========================================
# AUTHENTICATION & SECURITY
# ========================================
# JWT Secret for token generation (used by generate_token.py)
# Defaults to "changeme" if not set - CHANGE THIS IN PRODUCTION
JWT_SECRET=changeme
# Multi-Device Authentication Configuration
# Enable or disable the multi-device authentication system
# When disabled, users can login directly without approval
MULTI_DEVICE_AUTH_ENABLED=true
# Whether existing users need approval for new devices
# When false, existing users can login directly from new devices
REQUIRE_APPROVAL_FOR_EXISTING_USERS=true
# Number of peer approvals required for authentication
# Can be any positive integer (default: 2)
PEER_APPROVAL_COUNT=2
# Enhanced Security: Verification Code Display
# Controls how verification codes are displayed during authentication
#
# When false (default - Standard Mode):
# - Verification codes are shown in both the requesting device AND approval notifications
# - Convenient for trusted environments where users can see the code in notifications
# - Easier approval process as code is visible in the notification dropdown
#
# When true (Enhanced Security Mode):
# - Verification codes are ONLY shown on the requesting device
# - Approving users must get the code directly from the person requesting access
# - Prevents unauthorized approvals even if someone gains access to an approval device
# - Recommended for high-security environments
REQUIRE_VERIFICATION_CODE=false
# Invite Token Expiration Hours
# How many hours invite links remain valid (default: 12)
# After expiration, invite links become unusable and must be regenerated
INVITE_TOKEN_EXPIRATION_HOURS=12
# Invite Link Authentication Control
# Controls whether existing users must go through verification when logging in via invite links
#
# When false (default - Convenience Mode):
# - Existing users can login directly via invite links without verification
# - Only applies when MULTI_DEVICE_AUTH_ENABLED=false OR REQUIRE_APPROVAL_FOR_EXISTING_USERS=false
# - Maintains backward compatibility and ease of use for invite-based logins
#
# When true (Secure Mode):
# - Forces existing users to go through verification process even via invite links
# - Ensures consistent security policy regardless of login method
# - Recommended when you want all existing user logins to require approval
REQUIRE_INVITE_LOGIN_VERIFICATION=false
# Default maximum uses for new invite tokens (default: 1)
# Controls how many times a newly created invite token can be used
DEFAULT_INVITE_MAX_USES=1
# Session Management
# Session duration in days (default: 90)
SESSION_DAYS=90
# ========================================
# TEXT ARCHIVE SYSTEM
# ========================================
# Enable or disable the text archive system (default: true)
# Text archives provide human-readable backups and disaster recovery
TEXT_ARCHIVE_ENABLED=true
# Base directory for text archive files (default: ./text_archives)
# Must be writable by the application
TEXT_ARCHIVE_BASE_DIR=./text_archives
# Days after which archive files are compressed (default: 365)
TEXT_ARCHIVE_COMPRESSION_AFTER_DAYS=365
# ========================================
# PRAYER SYSTEM
# ========================================
# Enable or disable prayer mode functionality (default: true)
PRAYER_MODE_ENABLED=true
# Daily Priority System (default: false)
# Enables prayer prioritization with daily rotation and visibility controls
DAILY_PRIORITY_ENABLED=false
# Daily Priority Auto-Expiration (default: false)
# When enabled, daily priorities automatically expire at midnight each day
# When disabled, priorities persist until manually removed by admin
DAILY_PRIORITY_AUTO_EXPIRE=false
# Prayer Person Differentiation (default: false)
# When enabled, AI distinguishes between individual and collective prayer requests
# Individual requests ("help me") → community prays FOR the person (third person)
# Collective requests ("help us") → community prays TOGETHER (second person)
PRAYER_PERSON_DIFFERENTIATION_ENABLED=false
# Prayer Categorization System (default: false for all)
# Master toggle for entire categorization system
PRAYER_CATEGORIZATION_ENABLED=false
# Core UI Features
PRAYER_CATEGORY_BADGES_ENABLED=false # Show category badges on prayer cards
PRAYER_CATEGORY_FILTERING_ENABLED=false # Enable category filtering in feeds
SPECIFICITY_BADGES_ENABLED=false # Show specificity badges (Personal/Community)
# AI and Processing
AI_CATEGORIZATION_ENABLED=false # Use AI for categorization (requires ANTHROPIC_API_KEY)
KEYWORD_FALLBACK_ENABLED=false # Use keyword matching when AI unavailable
CATEGORIZATION_CIRCUIT_BREAKER_ENABLED=false # Circuit breaker pattern for AI failures
# Safety and Moderation
SAFETY_SCORING_ENABLED=false # Calculate and use safety scores
HIGH_SAFETY_FILTER_ENABLED=false # Show "High Safety Only" filter option
SAFETY_BADGES_VISIBLE=false # Show safety indicators (admin/moderation)
# Advanced Features
CATEGORY_FILTER_DROPDOWN_ENABLED=false # Enable category dropdown filter
FILTER_PERSISTENCE_ENABLED=false # Persist filters in URL parameters
CATEGORIZATION_METADATA_EXPORT=false # Include categorization in text archives
HISTORICAL_CATEGORIZATION_ENABLED=false # Allow re-categorizing existing prayers
ADMIN_CATEGORIZATION_OVERRIDE=false # Allow admin manual categorization override
# Performance and Scaling
CATEGORIZATION_CACHING_ENABLED=false # Cache categorization results
BACKGROUND_CATEGORIZATION_ENABLED=false # Process categorization in background
BATCH_CATEGORIZATION_ENABLED=false # Allow bulk categorization operations
# ========================================
# MEMBERSHIP APPLICATION SYSTEM
# ========================================
# Enable or disable membership applications (default: true)
# When enabled, allows non-registered users to submit membership applications
# Applications are reviewed by admins who can approve or reject them
# Includes dedicated application page (/apply) and status checking (/apply/status)
MEMBERSHIP_APPLICATIONS_ENABLED=true
# ========================================
# PAYMENT CONFIGURATION (OPTIONAL)
# ========================================
# Configure your personal payment accounts for accepting donations
# These will be used on the /donate page
# PayPal Username (for paypal.me links)
# Example: If your PayPal.me link is https://paypal.me/johndoe, set this to "johndoe"
# Leave empty to disable PayPal donations
PAYPAL_USERNAME=
# Venmo Handle (without the @ symbol)
# Example: If your Venmo handle is @johndoe, set this to "johndoe"
# Leave empty to disable Venmo donations
VENMO_HANDLE=
# ========================================
# EXPORT SYSTEM
# ========================================
# Rate limit for database exports in minutes (default: 2)
# Prevents abuse of export functionality
EXPORT_RATE_LIMIT_MINUTES=2
# Cache TTL for export files in minutes (default: 15)
# How long export files are cached before regeneration
EXPORT_CACHE_TTL_MINUTES=15
# ========================================
# ADMINISTRATION & DEVELOPMENT
# ========================================
# Environment setting (default: development)
# Set to "production" for production deployments
ENVIRONMENT=development
# Base URL for generating claim links (default: http://127.0.0.1:8000)
# Used by create_admin_token.py for generating invitation links
BASE_URL=http://127.0.0.1:8000
# ========================================
# DEVELOPMENT & DEBUGGING
# ========================================
# Enable changelog debug mode (default: false)
# Shows detailed debug information for changelog generation
CHANGELOG_DEBUG=false
# Disable AI changelog generation (default: false)
# When enabled, disables AI-powered changelog generation to prevent performance issues
# Falls back to basic commit message cleanup
CHANGELOG_AI_DISABLED=false
# Custom database path override (advanced use only)
# Overrides the default database location - use with caution
# Leave empty to use default database path determination
DATABASE_PATH=
# ========================================
# EMAIL AUTHENTICATION SYSTEM
# ========================================
# Enable email-based authentication and recovery (default: false)
# When enabled, users can associate email addresses for account recovery
EMAIL_AUTH_ENABLED=false
# Email database path (default: email.db)
# Separate database file for email data security isolation
EMAIL_DATABASE_PATH=email.db
# Email encryption key for storing email addresses securely
# Generate with: python -c "from cryptography.fernet import Fernet; print('EMAIL_ENCRYPTION_KEY=' + Fernet.generate_key().decode())"
# REQUIRED when EMAIL_AUTH_ENABLED=true
# Example format: EMAIL_ENCRYPTION_KEY=wECQ9DURQkh_RAAk3CVEeksGJs4yTxcbcMuCjmgjrKw=
EMAIL_ENCRYPTION_KEY=
# Base URL for email verification and recovery links
# Used in email templates for clickable links
BASE_URL=https://thywill.live
# SMTP Configuration for sending emails
SMTP_HOST=localhost
SMTP_PORT=25
SMTP_USE_TLS=false
SMTP_USERNAME=
SMTP_PASSWORD=
SMTP_FROM_EMAIL=admin@thywill.live
# ========================================
# DATABASE PROTECTION (USE WITH CAUTION)
# ========================================
# Allow database initialization in production (default: false)
# DANGER: Only set to "true" if you understand the risks
# This can overwrite existing production data
INIT_DATABASE=false
# Skip confirmation prompts for dangerous operations (default: false)
# DANGER: Only use in automated scripts where you're certain of the consequences
FORCE_YES=false