Files
Commilitia-Drop/.env.example
T
admin e903b03afe docs:补充浏览器免重登 + CDROP_SESSION_SECRET 配置
- README:已落地补「浏览器免重登 + PWA」一项;prod 配置清单新增
  CDROP_SESSION_SECRET(prod 强制非空,缺则拒启动)
- .env.example、docker/compose.snippet.yaml:补 CDROP_SESSION_SECRET 模板项
2026-06-16 01:08:05 +08:00

34 lines
1.6 KiB
Bash
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# dev 模式(本机开发,brief 实施原则 5)
# 二者必须同时设置;后端启动期校验,缺一即 panic
CDROP_AUTH_MODE=dev
CDROP_DEV_TOKEN=replace-with-32-byte-random-base64
# prod 模式所需(填入你的 OIDC provider,如自建 Casdoor / Keycloak
# CDROP_AUTH_MODE=prod
# CDROP_OIDC_AUTHORIZE_URL=https://your-idp.example/login/oauth/authorize
# CDROP_OIDC_TOKEN_URL=https://your-idp.example/api/login/oauth/access_token
# CDROP_OIDC_JWKS_URL=https://your-idp.example/.well-known/jwks
# CDROP_OIDC_ISSUER=https://your-idp.example/
# prod 强制非空:填你的 OAuth client_id(多值逗号分隔,web + 桌面端共用时填同一个)
# CDROP_OIDC_AUDIENCE=your-client-id
# CDROP_OIDC_CLIENT_ID=your-client-id
# CDROP_OIDC_REDIRECT_URI=https://your-domain.example/oauth/callback
# CDROP_OIDC_SCOPES=openid profile email
# prod 强制非空:浏览器免重登会话的 refresh_token 落盘加密密钥(任意长度高熵串,
# 内部 SHA-256 派生为 32 字节 AES-256 密钥)。留空则 prod 启动期校验失败、拒启动。
# CDROP_SESSION_SECRET=
# CDROP_HS256_SECRET=
# CDROP_TURN_URL=stun:your-stun.example:3478
# 通用
CDROP_DB_PATH=./cdrop.db
CDROP_LISTEN=:8080
# Device row max age (sliding via auth-middleware UPSERT and SSE keepalive).
# Bound by brief §2 refresh_token sliding window (196h ≈ 8 days). Default 196.
CDROP_DEVICE_TTL_HOURS=196
# Cloudflare Realtime TURN(可选;不配则 /api/calls/credentials 返回 STUN-only fallback)。
# 申请:dash.cloudflare.com → Realtime → TURN → "Create TURN App",拿到 Key ID 与 API Token。
# CDROP_CF_TURN_KEY_ID=
# CDROP_CF_TURN_API_TOKEN=