83 lines
4.1 KiB
Plaintext
83 lines
4.1 KiB
Plaintext
# =============================================================================
|
|
# Horux 360 — API .env template
|
|
# =============================================================================
|
|
# Copiá este archivo a `.env` en producción y rellená cada variable.
|
|
# Las marcadas REQUIRED son obligatorias — la app no arranca sin ellas (Zod).
|
|
# Las opcionales pueden quedar comentadas; sus features se desactivan en runtime.
|
|
#
|
|
# Validación: apps/api/src/config/env.ts
|
|
# =============================================================================
|
|
|
|
# ----- Runtime ---------------------------------------------------------------
|
|
NODE_ENV=production # development | production | test
|
|
PORT=4000 # default 4000
|
|
|
|
# ----- BD central (Prisma) — REQUIRED ----------------------------------------
|
|
DATABASE_URL=postgresql://user:password@localhost:5432/horux360
|
|
|
|
# ----- JWT — REQUIRED --------------------------------------------------------
|
|
# Generar con: `openssl rand -hex 64`
|
|
JWT_SECRET= # min 32 chars
|
|
JWT_EXPIRES_IN=15m # access token TTL
|
|
JWT_REFRESH_EXPIRES_IN=7d # refresh token TTL
|
|
|
|
# ----- CORS / URLs -----------------------------------------------------------
|
|
CORS_ORIGIN=https://horuxfin.com # comma-separated si son varios
|
|
FRONTEND_URL=https://horuxfin.com # usado por MP back_url, emails, etc.
|
|
|
|
# ----- FIEL (cifrado de credenciales SAT) — REQUIRED -------------------------
|
|
# Generar con: `openssl rand -hex 64` (DISTINTA al JWT_SECRET — rotación independiente)
|
|
FIEL_ENCRYPTION_KEY= # min 32 chars
|
|
FIEL_STORAGE_PATH=/var/horux/fiel # path donde se guardan archivos FIEL temporales
|
|
|
|
# ----- MercadoPago (suscripciones self-serve) --------------------------------
|
|
MP_ACCESS_TOKEN= # producción: APP_USR-...
|
|
MP_ACCESS_TOKEN_SANDBOX= # opcional: TEST-... para dev local sin cobro
|
|
MP_USE_SANDBOX=false # true → usa MP_ACCESS_TOKEN_SANDBOX
|
|
MP_WEBHOOK_SECRET= # firma HMAC del webhook MP (Settings → Notifs)
|
|
MP_NOTIFICATION_URL=https://api.horuxfin.com/api/webhooks/mercadopago
|
|
# Solo dev/staging — override del payer_email cuando el owner = collector. Vacío en prod.
|
|
MP_TEST_PAYER_EMAIL=
|
|
|
|
# ----- SMTP (Nodemailer) — opcional pero recomendado -------------------------
|
|
SMTP_HOST=smtp.gmail.com # default
|
|
SMTP_PORT=587 # default
|
|
SMTP_USER= # cuenta Gmail Workspace
|
|
SMTP_PASS= # app password (NO la password de la cuenta)
|
|
SMTP_FROM=Horux360 <noreply@horuxfin.com>
|
|
|
|
# ----- Notificaciones admin --------------------------------------------------
|
|
ADMIN_EMAIL=carlos@horuxfin.com # destino de "nuevo cliente" + alertas internas
|
|
|
|
# ----- Facturapi (emisión CFDI) — opcional -----------------------------------
|
|
# Sin esto, los tenants no pueden emitir facturas, pero la app arranca.
|
|
FACTURAPI_USER_KEY= # sk_user_... (cuenta maestra Horux 360)
|
|
|
|
# ----- Cloudflare Tunnel (BYO-DB connector) — opcional -----------------------
|
|
CLOUDFLARE_API_TOKEN=
|
|
CLOUDFLARE_ACCOUNT_ID=
|
|
CLOUDFLARE_TUNNEL_DOMAIN=tunnel.horux.mx
|
|
|
|
# ----- KMS para cifrar conexiones BYO-DB y tokens connector ------------------
|
|
CONNECTOR_ENCRYPTION_KEY= # generar con `openssl rand -hex 64`
|
|
|
|
# ----- Metabase (auto-registro BDs tenant para BI) — opcional ----------------
|
|
# Sin METABASE_PASSWORD/PG_PASSWORD el service skipea silenciosamente.
|
|
METABASE_URL=
|
|
METABASE_USERNAME=
|
|
METABASE_PASSWORD=
|
|
METABASE_PG_HOST=
|
|
METABASE_PG_PORT=
|
|
METABASE_PG_USER=
|
|
METABASE_PG_PASSWORD=
|
|
|
|
# ----- Cron control en dev (opcional) ----------------------------------------
|
|
# ENABLE_CRONS_IN_DEV=1 # activa SAT sync, weekly emails, etc. en NODE_ENV=development
|
|
|
|
# ----- Watchdog SAT thresholds (opcional, defaults razonables) ---------------
|
|
# STALE_PENDING_HOURS=12 # marca pending como failed si nextRetryAt > N h atrás
|
|
# STALE_RUNNING_HOURS=4 # marca running como failed si startedAt > N h atrás
|
|
|
|
# ----- SAT Playwright headless toggle (debug temporal) ----------------------
|
|
# SAT_HEADLESS=false # solo dev — muestra browser para debug de scrapers
|