WWorkbase
Create account

Environment Variables

Code-derived runtime environment contract grouped by usage.

This is the runtime environment contract derived from src/lib/env.ts and direct process.env usage.

Required runtime variables

| Variable | Used by | Notes | | --- | --- | --- | | DATABASE_URL | Prisma datasource | Must be a valid PostgreSQL URL. | | NEXTAUTH_URL | NextAuth/session URLs | Should match actual app origin (http://localhost:3030 in local dev). | | NEXTAUTH_SECRET | NextAuth + fallback secrets | Must be at least 32 chars. Also used as fallback for storefront session/OTP secrets. | | UPLOAD_DIR | File uploads and file asset paths | Base folder for physical uploads. |

Auth and API behavior

| Variable | Used by | Notes | | --- | --- | --- | | EMAIL_AUTH_ENABLED | src/lib/auth.ts | Enables optional Google provider when true and credentials are present. | | GOOGLE_CLIENT_ID | src/lib/auth.ts | Required with GOOGLE_CLIENT_SECRET for Google sign-in. | | GOOGLE_CLIENT_SECRET | src/lib/auth.ts | Required with GOOGLE_CLIENT_ID for Google sign-in. | | WORKBASE_STOREFRONT_SESSION_SECRET | storefront customer cookie signing | Recommended (>=32 chars). Falls back to NEXTAUTH_SECRET. | | WORKBASE_OTP_PEPPER | OTP hashing | Optional pepper for email OTP codes. | | API_KEY_MAP | bearer auth fallback | Comma-separated key:ROLE list. DB API keys are checked first. | | WORKBASE_AUTH_DEBUG | auth/storefront debug logs | Set to 1 to enable verbose auth diagnostics. |

Proxy/CORS/rate-limit controls

| Variable | Used by | Notes | | --- | --- | --- | | API_ALLOWED_ORIGINS | proxy.ts | Comma-separated allowed origins for /api/v1/*. | | API_RATE_LIMIT | proxy.ts | In-memory request limit per minute for /api/v1/* (default 60). |

Integration and feature flags

| Variable | Used by | Notes | | --- | --- | --- | | MOYSKLAD_API_BASE_URL | MoySklad client fallback | Prefer DB-stored company credentials where possible. | | MOYSKLAD_API_USERNAME | MoySklad client fallback | Legacy aliases are also supported. | | MOYSKLAD_API_PASSWORD | MoySklad client fallback | Legacy aliases are also supported. | | MOYSKLAD_API_URL | MoySklad legacy fallback | Legacy alias for base URL. | | MOYSKLAD_LOGIN | MoySklad legacy fallback | Legacy alias for username. | | MOYSKLAD_PASSWORD | MoySklad legacy fallback | Legacy alias for password. | | MOYSKLAD_REQUEST_TIMEOUT_MS | MoySklad client | Overrides default request timeout. | | MOYSKLAD_VISIBILITY_ATTR_ID | storefront catalog filtering | Used to build visibility filter for remote assortment requests. | | USE_LOCAL_PRODUCTS | storefront product/catalog sources | When true, storefront product/catalog APIs use local DB instead of MoySklad. | | USE_LOCAL_CATEGORIES | storefront categories route | Enables local category source in storefront categories endpoint. | | YARVET_API | Yarvet module admin routes | Required for Yarvet export/update actions. | | DISCOUNT_MODE | Discounts module | final_price (default) or delta. |

Seed-only variables (prisma/seed.ts)

| Variable | Default | | --- | --- | | SEED_COMPANY_SLUG | default | | SEED_COMPANY_NAME | Default Company | | ADMIN_EMAIL | admin@example.com | | ADMIN_PASSWORD | changeMe123! | | ADMIN_NAME | Administrator |