# dev 模式(本机开发,brief 实施原则 5) # 二者必须同时设置;后端启动期校验,缺一即 panic CDROP_AUTH_MODE=dev CDROP_DEV_TOKEN=replace-with-32-byte-random-base64 # prod 模式所需(填入你的 OIDC provider,如自建 Casdoor / Keycloak) # CDROP_AUTH_MODE=prod # CDROP_OIDC_AUTHORIZE_URL=https://your-idp.example/login/oauth/authorize # CDROP_OIDC_TOKEN_URL=https://your-idp.example/api/login/oauth/access_token # CDROP_OIDC_JWKS_URL=https://your-idp.example/.well-known/jwks # CDROP_OIDC_ISSUER=https://your-idp.example/ # prod 强制非空:填你的 OAuth client_id(多值逗号分隔,web + 桌面端共用时填同一个) # CDROP_OIDC_AUDIENCE=your-client-id # CDROP_OIDC_CLIENT_ID=your-client-id # CDROP_OIDC_REDIRECT_URI=https://your-domain.example/oauth/callback # CDROP_OIDC_SCOPES=openid profile email # CDROP_HS256_SECRET= # CDROP_TURN_URL=stun:your-stun.example:3478 # 通用 CDROP_DB_PATH=./cdrop.db CDROP_LISTEN=:8080 # Device row max age (sliding via auth-middleware UPSERT and SSE keepalive). # Bound by brief §2 refresh_token sliding window (196h ≈ 8 days). Default 196. CDROP_DEVICE_TTL_HOURS=196 # Cloudflare Realtime TURN(可选;不配则 /api/calls/credentials 返回 STUN-only fallback)。 # 申请:dash.cloudflare.com → Realtime → TURN → "Create TURN App",拿到 Key ID 与 API Token。 # CDROP_CF_TURN_KEY_ID= # CDROP_CF_TURN_API_TOKEN=