# Node TZ=UTC PORT=3333 HOST=0.0.0.0 NODE_ENV=development # App LOG_LEVEL=info APP_KEY= # APP_URL est l'URL publique (utilisée dans les emails check-in/relance, # les redirects, etc.). Volontairement découplée de HOST : on bind sur # 0.0.0.0 mais on expose `localhost` (en dev) ou le vrai domaine (en prod). APP_URL=http://localhost:3333 # Session SESSION_DRIVER=cookie #-------------------------------------------------------------------- # CORS (configure allowed origins for API access) #-------------------------------------------------------------------- # CORS_ORIGIN=http://localhost:5173,http://localhost:3000 #-------------------------------------------------------------------- # Database (Postgres via docker-compose.dev.yml) #-------------------------------------------------------------------- DB_CONNECTION=postgres PG_HOST=localhost PG_PORT=5433 PG_USER=rubis PG_PASSWORD=rubis PG_DB_NAME=rubis_dev #-------------------------------------------------------------------- # Redis (BullMQ + cache) #-------------------------------------------------------------------- REDIS_HOST=localhost REDIS_PORT=6380 REDIS_PASSWORD= #-------------------------------------------------------------------- # Storage (MinIO via S3 driver) #-------------------------------------------------------------------- DRIVE_DISK=s3 S3_ENDPOINT=http://localhost:9100 S3_REGION=fr-par S3_BUCKET=rubis-invoices S3_ACCESS_KEY=rubis S3_SECRET_KEY=rubis-dev-secret S3_FORCE_PATH_STYLE=true #-------------------------------------------------------------------- # Mail (Resend par défaut, Mailpit en fallback dev via MAIL_DRIVER=smtp) #-------------------------------------------------------------------- MAIL_FROM_ADDRESS=rubis@arthurbarre.fr MAIL_FROM_NAME=Rubis sur l'ongle MAIL_DRIVER=resend RESEND_API_KEY= # Fallback Mailpit (si MAIL_DRIVER=smtp) SMTP_HOST=localhost SMTP_PORT=1025 #-------------------------------------------------------------------- # OCR (Mistral) #-------------------------------------------------------------------- OCR_PROVIDER=mistral MISTRAL_API_KEY= #-------------------------------------------------------------------- # Web (URL du SPA, utilisée pour les redirects post-checkin) #-------------------------------------------------------------------- WEB_URL=http://localhost:5173 #-------------------------------------------------------------------- # Landing publique — lien dans le footer des emails ("Rubis sur l'ongle" # pointe vers ce domaine). #-------------------------------------------------------------------- LANDING_URL=https://rubis.pro #-------------------------------------------------------------------- # Auth (refresh tokens) #-------------------------------------------------------------------- ACCESS_TOKEN_TTL_MINUTES=30 REFRESH_TOKEN_TTL_DAYS=30 COOKIE_DOMAIN= COOKIE_SECURE=false #-------------------------------------------------------------------- # Google SSO (Ally) — créer un OAuth Client ID web sur Google Cloud # Console, puis ajouter les redirect URIs : # - http://localhost:3333/api/v1/auth/google/callback (dev) # - https://app.rubis.pro/api/v1/auth/google/callback (prod) #-------------------------------------------------------------------- GOOGLE_CLIENT_ID= GOOGLE_CLIENT_SECRET= GOOGLE_CALLBACK_URL=http://localhost:3333/api/v1/auth/google/callback #-------------------------------------------------------------------- # Microsoft SSO (Ally) — App registration sur https://portal.azure.com # (Microsoft Entra ID → App registrations → New registration → Web), # redirect URIs à enregistrer : # - http://localhost:3333/api/v1/auth/microsoft/callback (dev) # - https://app.rubis.pro/api/v1/auth/microsoft/callback (prod) # Tenant : 'common' (work + perso), 'organizations' (M365 only) ou un GUID. #-------------------------------------------------------------------- MICROSOFT_CLIENT_ID= MICROSOFT_CLIENT_SECRET= MICROSOFT_TENANT=common MICROSOFT_CALLBACK_URL=http://localhost:3333/api/v1/auth/microsoft/callback LIMITER_STORE=redis #-------------------------------------------------------------------- # Banking — agrégation bancaire (AISP, lecture seule) #-------------------------------------------------------------------- # Setup complet : /docs/tech/banking-setup.md # # 1. Créer un compte sur https://console.powens.com/ + demander un # domaine sandbox (gratuit). Récupérer client_id / client_secret. # 2. Whitelister les redirect_uri dans la console Powens : # - https://.trycloudflare.com/api/v1/banking/powens/callback (dev) # - https://app.rubis.pro/api/v1/banking/powens/callback (prod) # 3. En dev : lancer `cloudflared tunnel --url http://localhost:3333` # et coller l'URL dans POWENS_REDIRECT_URI. # # POWENS_DOMAIN = slug du domaine (ex : 'rubis-sandbox'). # POWENS_API_BASE_URL = override optionnel ; sinon calculée comme # https://.biapi.pro/2.0/. #-------------------------------------------------------------------- BANKING_ENABLED=true BANKING_PROVIDER=powens POWENS_DOMAIN= POWENS_API_BASE_URL= POWENS_CLIENT_ID= POWENS_CLIENT_SECRET= POWENS_REDIRECT_URI=https://CHANGEME.trycloudflare.com/api/v1/banking/powens/callback POWENS_WEBHOOK_SECRET=