/* |-------------------------------------------------------------------------- | Environment variables service |-------------------------------------------------------------------------- | | The `Env.create` method creates an instance of the Env service. The | service validates the environment variables and also cast values | to JavaScript data types. | */ import { Env } from '@adonisjs/core/env' export default await Env.create(new URL('../', import.meta.url), { // Node NODE_ENV: Env.schema.enum(['development', 'production', 'test', 'test_e2e'] as const), PORT: Env.schema.number(), HOST: Env.schema.string({ format: 'host' }), LOG_LEVEL: Env.schema.string(), // App APP_KEY: Env.schema.secret(), APP_URL: Env.schema.string({ format: 'url', tld: false }), // Session SESSION_DRIVER: Env.schema.enum(['cookie', 'memory', 'database'] as const), // Database DB_CONNECTION: Env.schema.enum.optional(['postgres', 'sqlite'] as const), PG_HOST: Env.schema.string.optional({ format: 'host' }), PG_PORT: Env.schema.number.optional(), PG_USER: Env.schema.string.optional(), PG_PASSWORD: Env.schema.string.optional(), PG_DB_NAME: Env.schema.string.optional(), // Redis (BullMQ + cache) REDIS_HOST: Env.schema.string.optional({ format: 'host' }), REDIS_PORT: Env.schema.number.optional(), REDIS_PASSWORD: Env.schema.string.optional(), // Storage (MinIO via S3 driver) DRIVE_DISK: Env.schema.enum.optional(['s3', 'fs'] as const), S3_ENDPOINT: Env.schema.string.optional({ format: 'url', tld: false }), S3_REGION: Env.schema.string.optional(), S3_BUCKET: Env.schema.string.optional(), S3_ACCESS_KEY: Env.schema.string.optional(), S3_SECRET_KEY: Env.schema.string.optional(), S3_FORCE_PATH_STYLE: Env.schema.boolean.optional(), // Mail MAIL_FROM_ADDRESS: Env.schema.string.optional(), MAIL_FROM_NAME: Env.schema.string.optional(), MAIL_DRIVER: Env.schema.enum.optional(['smtp', 'resend'] as const), SMTP_HOST: Env.schema.string.optional({ format: 'host' }), SMTP_PORT: Env.schema.number.optional(), RESEND_API_KEY: Env.schema.string.optional(), // OCR OCR_PROVIDER: Env.schema.enum.optional(['mock', 'mistral'] as const), MISTRAL_API_KEY: Env.schema.string.optional(), // Stripe — secret key + webhook signing secret. Optional en dev sans // billing actif. La commande `stripe:setup` et le webhook handler les // exigent au runtime. STRIPE_SECRET_KEY: Env.schema.string.optional(), STRIPE_WEBHOOK_SECRET: Env.schema.string.optional(), // Web (URL du SPA pour redirects post-checkin) WEB_URL: Env.schema.string.optional({ format: 'url', tld: false }), // Landing public (lien dans le footer des emails — branding) LANDING_URL: Env.schema.string.optional({ format: 'url', tld: false }), // Auth ACCESS_TOKEN_TTL_MINUTES: Env.schema.number.optional(), REFRESH_TOKEN_TTL_DAYS: Env.schema.number.optional(), COOKIE_DOMAIN: Env.schema.string.optional(), COOKIE_SECURE: Env.schema.boolean.optional(), // Google SSO (Ally) GOOGLE_CLIENT_ID: Env.schema.string.optional(), GOOGLE_CLIENT_SECRET: Env.schema.string.optional(), GOOGLE_CALLBACK_URL: Env.schema.string.optional({ format: 'url', tld: false }), // Microsoft SSO (Ally) MICROSOFT_CLIENT_ID: Env.schema.string.optional(), MICROSOFT_CLIENT_SECRET: Env.schema.string.optional(), MICROSOFT_TENANT: Env.schema.string.optional(), MICROSOFT_CALLBACK_URL: Env.schema.string.optional({ format: 'url', tld: false }), /* |---------------------------------------------------------- | Variables for configuring the limiter package |---------------------------------------------------------- */ LIMITER_STORE: Env.schema.enum(['redis', 'memory'] as const), /* |---------------------------------------------------------- | Sentry — error monitoring (cf. apps/api/start/sentry.ts) |---------------------------------------------------------- | Optionnels en dev local. Si non définis, Sentry est no-op. */ SENTRY_DSN_API: Env.schema.string.optional(), APP_VERSION: Env.schema.string.optional(), /* |---------------------------------------------------------- | Banking — agrégation bancaire (lecture seule, AISP) |---------------------------------------------------------- | V1 : un seul provider supporté (Powens). On garde les flags | BANKING_ENABLED / BANKING_PROVIDER pour pouvoir kill-switch | la feature en prod sans redéploiement de code et pour | anticiper un éventuel multi-provider (Bridge, Tink…). | | Flux Powens : on init un user Powens par organization, on | génère un code temporaire, on ouvre la webview Powens, le | user choisit sa banque, Powens redirige sur POWENS_REDIRECT_URI | (qui pointe sur notre API), on stocke la connection. | | En dev : POWENS_REDIRECT_URI doit pointer sur un tunnel HTTPS | (Cloudflare Quick Tunnel, ngrok, …) parce que Powens refuse | http://. Voir /docs/tech/banking-setup.md. | | POWENS_DOMAIN = slug du domaine (ex : 'rubis-sandbox'). | POWENS_API_BASE_URL = URL complète optionnelle pour override | (sinon calculée : https://.biapi.pro/2.0/). */ BANKING_ENABLED: Env.schema.boolean.optional(), /** * Teaser "Bientôt disponible" affiché dans /parametres pour les * Pro/Business quand BANKING_ENABLED=false. Permet d'annoncer la * feature aux users payants pendant la fenêtre KYC Powens. Si false, * la section est complètement cachée. */ BANKING_TEASER_ENABLED: Env.schema.boolean.optional(), BANKING_PROVIDER: Env.schema.enum.optional(['powens'] as const), POWENS_DOMAIN: Env.schema.string.optional(), POWENS_API_BASE_URL: Env.schema.string.optional({ format: 'url', tld: false }), POWENS_CLIENT_ID: Env.schema.string.optional(), POWENS_CLIENT_SECRET: Env.schema.secret.optional(), POWENS_REDIRECT_URI: Env.schema.string.optional({ format: 'url', tld: false }), POWENS_WEBHOOK_SECRET: Env.schema.secret.optional(), })