Skip to content

ENV.md

Latest commit

 

History

History
78 lines (51 loc) · 3.97 KB

ENV.md

File metadata and controls

78 lines (51 loc) · 3.97 KB

Environment configuration for devsoc-backend-26

This project supports three environments: development, staging, production.

Common env vars (see .env.example):

  • FRONTEND_URL: frontend origin (e.g. http://localhost:3000)
  • BACKEND_URL: backend origin (e.g. http://localhost:8080)
  • COOKIE_DOMAIN: optional override for cookie Domain (e.g. .codechefvit.com)
  • ENV: one of development|staging|production

Recommended settings:

  1. Development (local)

Notes: In development the backend will NOT set secure cross-site cookies. Instead the backend returns tokens in JSON (or for OAuth redirect flow it will redirect back to the frontend with tokens in the URL fragment). The frontend reads tokens and stores them in memory/axios headers.

  1. Staging

Notes: Enable HTTPS for staging backend. Cookies will be set with SameSite=None and Secure=true to allow cross-site cookie usage from the frontend origin.

  1. Production

Notes: Backend must be served over HTTPS. COOKIE_DOMAIN set to parent domain allows sharing cookies between isheep.codechefvit.com and sixseven.codechefvit.com.

CORS The backend enables CORS when ENV != production and FRONTEND_URL is set. In production it assumes your proxy/ingress will handle CORS.

Frontend Set NEXT_PUBLIC_API_URL to your backend URL in the frontend .env or deployment environment. For local development use http://localhost:8080.

OAuth / NextAuth

  • The NextAuth flow in this repo exchanges provider tokens with the backend. The backend returns tokens in JSON which NextAuth stores in the session. In development the redirect-based OAuth flow returns tokens in the URL fragment for the client to pick up.

Security

  • For staging/production ensure HTTPS is enabled and env var SECURE=true or the URLs use https so the backend will set Secure and SameSite=None on cookies.

Google Redirect URI The Google redirect URI (the OAuth2 callback) is the exact URL Google will redirect users to after they approve the app. The backend in this repo exposes the following routes which are used for Google OAuth:

  • GET /auth/google — start the OAuth flow (redirects to Google)
  • GET /auth/google/callback — backend callback that handles the provider response
  • POST /auth/google — backend endpoint to exchange provider tokens (used by some client flows)

Per-environment recommended GOOGLE_REDIRECT_URI values (must match exactly in Google Cloud Console):

  • Development (local backend): http://localhost:8080/auth/google/callback
  • Staging: https://api.devsoc-26.upayan.dev/auth/google/callback
  • Production: https://sixseven.codechefvit.com/auth/google/callback

How to configure

  1. In your Google Cloud Console (APIs & Services → Credentials) edit your OAuth 2.0 Client ID and add the exact URI above to Authorized redirect URIs.
  2. In this project's .env, set GOOGLE_REDIRECT_URI to the matching value for the environment you run (example for local dev: GOOGLE_REDIRECT_URI=C).
  3. Restart your backend so the new env var is picked up.

Notes

  • The scheme, host, port and path must match exactly. Trailing slash differences, http vs https, or wrong port will cause Google to reject the callback.
  • If the frontend (Next.js) uses NextAuth and relies on the backend to exchange tokens, ensure NEXTAUTH_URL (frontend) and BACKEND_URL (backend) are set consistently. For local development NEXTPUBLIC_API_URL / FRONTEND_URL should point to the frontend and BACKEND_URL to the backend.
  • After updating the redirect URIs in Google Console, test the login flow and inspect browser network logs and backend logs for errors.