.env.example

# ─── Backend (.env at repo root — read by the openstudy container) ─────────

# PostgREST endpoint that fronts the Postgres database.
# Default points at the postgrest service inside docker-compose.
POSTGREST_URL=http://postgrest:3000
POSTGREST_API_KEY=internal

# Send Authorization: Bearer <key> to PostgREST? Keep `false` for the
# default self-hosted stack (PostgREST has JWT auth disabled and only
# accepts internal-network traffic). Flip to `true` if you point this app
# at an externally hosted PostgREST that validates JWTs.
POSTGREST_AUTH=false

# Argon2id hash of the password that gates the app. Generate with:
#   docker run --rm python:3.12-slim sh -c \
#     'pip install -q argon2-cffi && python -c "from argon2 import PasswordHasher; print(PasswordHasher().hash(input(\"password: \")))"'
APP_PASSWORD_HASH=

# Random secret for session signing. REQUIRED — app refuses to start without one.
# Generate with:
#   python3 -c 'import secrets; print(secrets.token_urlsafe(48))'
SESSION_SECRET=

# Expose FastAPI's auto-generated /api/docs + /api/openapi.json. Default OFF.
# Set to `true` only in dev — the schema is recon assist for any attacker.
EXPOSE_DOCS=false

# Comma-separated list of origins allowed to hit the API in CORS.
CORS_ORIGINS=http://localhost:5173

# Public URL of your deployed app. Used to construct OAuth callbacks and MCP
# resource identifiers. Leave blank in local dev — it's derived from the
# inbound request when unset.
PUBLIC_URL=

# Where course files live on disk. The openstudy container bind-mounts this
# path; storage operations (browse, upload, delete) read/write here.
STUDY_ROOT=/opt/courses

# Shared secret for /api/internal/* endpoints (used by webhook callers and
# cron jobs). Generate with:
#   python3 -c 'import secrets; print(secrets.token_urlsafe(32))'
INTERNAL_API_SECRET=

# Optional: Telegram bot for notifications (notify_telegram MCP tool, etc.)
TELEGRAM_BOT_TOKEN=
TELEGRAM_CHAT_ID=
TELEGRAM_WEBHOOK_SECRET=

# ─── Frontend (web/.env.production for prod, web/.env.local for dev) ───────

# In dev, the frontend talks to the backend at the URL below; in production,
# leave this empty so the app uses same-origin requests through Caddy/nginx.
VITE_API_BASE_URL=http://localhost:8000

# Public URL + display name. Consumed by:
#   - canonical / OG / JSON-LD / twitter tags in index.html
#   - robots.txt, sitemap.xml, manifest.webmanifest (regenerated on build)
# Set these to your own domain + name when self-hosting so search engines
# don't treat your instance as a duplicate of someone else's.
VITE_SITE_URL=https://your-domain.tld
VITE_SITE_NAME=OpenStudy

# Show the public marketing landing page at `/`. Self-hosters typically
# want false so `/` goes straight to the app (and /login if not signed in).
VITE_SHOW_LANDING=false

# ─── Compose-time vars (.env.docker — separate file, never committed) ─────
# These belong in a SEPARATE file at .env.docker, not here, because compose
# substitutes them into docker-compose.yml at parse time. The example
# values are documented here for completeness:
#
#   POSTGRES_USER=openstudy
#   POSTGRES_PASSWORD=<generate with: openssl rand -hex 24>
#   POSTGRES_DB=openstudy
#
#   # Public identity baked into the frontend image at build time.
#   # Set to YOUR domain so canonical / OG / sitemap / manifest point at
#   # your deploy, not someone else's. Defaults to http://localhost:8080
#   # if unset (fine for first-run dev, wrong for production).
#   PUBLIC_SITE_URL=https://your-domain.tld
#   PUBLIC_SITE_NAME=OpenStudy
#   PUBLIC_SHOW_LANDING=false
#
#   # Google Search Console verification token — paste the value of
#   # `content="..."` from Search Console's "HTML tag" verification method,
#   # then ./deploy.sh to rebuild the frontend with the token baked into
#   # <meta name="google-site-verification">. Leave empty until you've added
#   # your domain at https://search.google.com/search-console/.
#   PUBLIC_GOOGLE_SITE_VERIFICATION=