senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/apps/web/.env.example
senke aceba5d991 fix(security): add JWT auth to HLS endpoints (audit 1.3, P0) 
- Add hls_auth_middleware in stream server (Bearer + ?token=)
- Apply auth to /hls/:track_id/* routes
- Update frontend hlsService to use stream server URL + pass JWT via xhrSetup
- Add getHLSXhrSetup() and getHLSURLWithToken() for hls.js integration
- Add VITE_HLS_BASE_URL config (derived from VITE_STREAM_URL when unset)
- Add unit tests for token extraction and HLS helpers
- Mark audit item 1.3 as done
2026-02-15 12:48:58 +01:00

80 lines
2.7 KiB
Text
Raw Blame History

# Veza Frontend Environment Variables
# Copy this file to .env.local and update with your values
# --- DOMAIN (single source of truth for frontend) ---
# All service URLs derive from this. Must match APP_DOMAIN in backend .env.
# Change this + /etc/hosts to switch domain.
VITE_DOMAIN=veza.fr
# --- BACKEND PORT (Vite proxy target) ---
# Must match PORT_BACKEND in docker-compose / config.mk. Default 18080 avoids conflicts.
VITE_BACKEND_PORT=18080
# API Configuration
# Base URL for the REST API (can be absolute URL or path starting with /)
# DEV: use /api/v1 so the Vite proxy forwards to the backend (same-origin cookies).
VITE_API_URL=/api/v1
# WebSocket Configuration
# WebSocket URL for real-time features (can be absolute URL or path starting with /)
# If omitted, auto-derived from VITE_DOMAIN: ws://<domain>:8081/ws
VITE_WS_URL=/ws
# Stream Server Configuration
# Stream server URL for audio streaming (can be absolute URL or path starting with /)
# If omitted, auto-derived from VITE_DOMAIN: ws://<domain>:8082/stream
VITE_STREAM_URL=/stream
# HLS Base URL (optional)
# HTTP base URL for HLS streaming (master.m3u8, playlists, segments). Auth required (JWT).
# If omitted, derived from VITE_STREAM_URL: ws://host:8082 -> http://host:8082
# VITE_HLS_BASE_URL=http://localhost:8082
# CDN Configuration (optional)
# Base URL for CDN when serving assets/audio from edge. Backend typically provides CDN URLs for tracks.
# VITE_CDN_URL=https://cdn.veza.com
# VITE_CDN_ENABLED=false
# Upload Configuration
# Upload endpoint URL (can be absolute URL or path starting with /)
VITE_UPLOAD_URL=/upload
# Hyperswitch (Payments)
# Publishable key from Hyperswitch Control Center - for payment widget
# Leave empty if payments disabled
VITE_HYPERSWITCH_PUBLISHABLE_KEY=
# Application Configuration
# Application name
VITE_APP_NAME=Veza
# API Version
# API version to use
VITE_API_VERSION=v1
# Debug Mode
# Enable verbose API request/response logging in console (true/1 or false/0)
VITE_DEBUG=false
# Mock Service Worker
# Enable MSW for API mocking in development (true/1 or false/0)
VITE_USE_MSW=0
# Firebase Cloud Messaging
# VAPID key for push notifications (optional)
# VITE_FCM_VAPID_KEY=your-vapid-key-here
# Sentry Error Tracking
# Sentry DSN for error tracking (optional)
# VITE_SENTRY_DSN=https://your-sentry-dsn@sentry.io/project-id
# --- Feature Flags (optional, defaults in parens) ---
# Override feature flags without rebuild. Values: true, 1, yes = enabled; else disabled.
# VITE_FEATURE_TWO_FACTOR_AUTH=true
# VITE_FEATURE_PLAYLIST_COLLABORATION=true
# VITE_FEATURE_PLAYLIST_SEARCH=false
# VITE_FEATURE_PLAYLIST_SHARE=false
# VITE_FEATURE_PLAYLIST_RECOMMENDATIONS=false
# VITE_FEATURE_HLS_STREAMING=false
# VITE_FEATURE_ROLE_MANAGEMENT=false
# VITE_FEATURE_NOTIFICATIONS=false
Reference in a new issue View git blame Copy permalink