-
Notifications
You must be signed in to change notification settings - Fork 1
/
.env.example
63 lines (53 loc) · 2.67 KB
/
.env.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
# Superuser connection string (to a _different_ database), so databases can be
# dropped/created (may not be necessary in production)
DB_ROOT_URL=postgres://postgres:postgres@localhost:5432/postgres
DB_HOST=localhost
DB_PORT=5432
DB_NAME=app
# `DB_OWNER` is the role that owns the database (**not** the
# database cluster, just the individual database); i.e. it's the role that runs
# all the migrations and owns the resulting schemas, tables and functions.
# The `DB_OWNER` role is also used for certain "elevated privilege"
# operations such as login and user registration. Note that `SECURITY DEFINER`
# functions adopt the security level of the role that defined the function (as
# opposed to `SECURITY INVOKER` which uses the security of the role that is
# invoking the function), so you should therefore **make sure to create all
# schema, tables, etc. with the `DB_OWNER` in all environments** (local,
# dev, production), not with your own user role nor the default superuser role
# (often named `postgres`). This ensures that the system behaves as expected
# when graduating from your local dev environment to hosted database systems in
# production.
# `DB_OWNER_PASSWORD` can be generated with:
# openssl rand -base64 30 | tr '+/' '-_'
DB_OWNER=app_owner
DB_OWNER_PASSWORD=
# `DB_AUTHENTICATOR` is the role that PostGraphile connects to the
# database with; it has absolutely minimal permissions (only enough to run the
# introspection queries, and the ability to "switch to" `DB_VISITOR`
# below). When a GraphQL request comes in, we connect to the database as
# `DB_AUTHENTICATOR` and then start a transaction and evaluate the
# equivalent of `SET LOCAL role TO 'DB_VISITOR'`. You might choose to add
# more visitor-like roles (such as an admin role), but the maintainer finds that
# the single role solution tends to be more straightforward and has been
# sufficient for all his needs.
DB_AUTHENTICATOR=app_authenticator
DB_AUTHENTICATOR_PASSWORD=
# `DB_VISITOR` is the role that the SQL generated from GraphQL
# queries runs as, it's what the vast majority of your `GRANT`s will reference
# and the row level security policies will apply to. It represents both logged
# in AND logged out users to your GraphQL API - it's assumed that your Row Level
# Security policies will differentiate between these states (and any other
# "application roles" the user may have) to determine what they are permitted to
# do.
DB_VISITOR=app_visitor
PORT=3000
GRAPHILE_TURBO=1
NEXTAUTH_URL=http://localhost:3000/api/auth
NEXTAUTH_URL_INTERNAL=http://localhost:3000/api/auth
# openssl rand -base64 30 | tr '+/' '-_'
NEXTAUTH_SECRET=
GITHUB_ID=
GITHUB_SECRET=
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=
ROOT_URL=http://localhost:3000