Bert Hausmans
1fa424efb9
- Implement OAuth 2.0 and PAT authentication methods - Add user management, roles, and profile functionality - Add database migrations and admin user scripts - Update services for authentication and user settings - Add protected routes and permission hooks - Update documentation for authentication and database access
3.6 KiB
3.6 KiB
Authentication System Environment Variables
This document describes the new environment variables required for the authentication and authorization system.
Application Branding
# Application name displayed throughout the UI
APP_NAME=CMDB Insight
# Application tagline/subtitle displayed in header and login pages
APP_TAGLINE=Management console for Jira Assets
# Copyright text displayed in the footer (use {year} as placeholder for current year)
APP_COPYRIGHT=© {year} Zuyderland Medisch Centrum
Note: The {year} placeholder in APP_COPYRIGHT will be automatically replaced with the current year. If not set, defaults to © {current_year} Zuyderland Medisch Centrum.
Email Configuration (Nodemailer)
# SMTP Configuration
SMTP_HOST=smtp.example.com
SMTP_PORT=587
SMTP_SECURE=false
SMTP_USER=your-email@example.com
SMTP_PASSWORD=your-password
SMTP_FROM=noreply@example.com
Encryption
# Encryption Key (32 bytes, base64 encoded)
# Generate with: openssl rand -base64 32
ENCRYPTION_KEY=your-32-byte-encryption-key-base64
Local Authentication
# Enable local authentication (email/password)
LOCAL_AUTH_ENABLED=true
# Allow public registration (optional, default: false)
REGISTRATION_ENABLED=false
Password Requirements
# Password minimum length
PASSWORD_MIN_LENGTH=8
# Password complexity requirements
PASSWORD_REQUIRE_UPPERCASE=true
PASSWORD_REQUIRE_LOWERCASE=true
PASSWORD_REQUIRE_NUMBER=true
PASSWORD_REQUIRE_SPECIAL=false
Session Configuration
# Session duration in hours
SESSION_DURATION_HOURS=24
Initial Admin User
# Create initial administrator user (optional)
ADMIN_EMAIL=admin@example.com
ADMIN_PASSWORD=SecurePassword123!
ADMIN_USERNAME=admin
ADMIN_DISPLAY_NAME=Administrator
Complete Example
# Email Configuration
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_SECURE=false
SMTP_USER=your-email@gmail.com
SMTP_PASSWORD=your-app-password
SMTP_FROM=noreply@example.com
# Encryption
ENCRYPTION_KEY=$(openssl rand -base64 32)
# Local Auth
LOCAL_AUTH_ENABLED=true
REGISTRATION_ENABLED=false
# Password Requirements
PASSWORD_MIN_LENGTH=8
PASSWORD_REQUIRE_UPPERCASE=true
PASSWORD_REQUIRE_LOWERCASE=true
PASSWORD_REQUIRE_NUMBER=true
PASSWORD_REQUIRE_SPECIAL=false
# Session
SESSION_DURATION_HOURS=24
# Initial Admin
ADMIN_EMAIL=admin@example.com
ADMIN_PASSWORD=ChangeMe123!
ADMIN_USERNAME=admin
ADMIN_DISPLAY_NAME=Administrator
Important Notes
User-Specific Configuration (REMOVED from ENV)
The following environment variables have been REMOVED from the codebase and are NOT configurable via environment variables:
JIRA_PAT: Configure in User Settings > Jira PATANTHROPIC_API_KEY: Configure in User Settings > AI SettingsOPENAI_API_KEY: Configure in User Settings > AI SettingsTAVILY_API_KEY: Configure in User Settings > AI Settings
These are now user-specific settings only. Each user must configure their own API keys in their profile settings. This provides:
- Better security (keys not in shared config files)
- Per-user API key management
- Individual rate limiting per user
- Better audit trails
- Encrypted storage in the database
Required Configuration
SESSION_SECRET: Should be a secure random string in production (generate withopenssl rand -base64 32)ENCRYPTION_KEY: Must be exactly 32 bytes when base64 decoded (generate withopenssl rand -base64 32)JIRA_SCHEMA_ID: Required for Jira Assets integration
Application Branding
- The
{year}placeholder inAPP_COPYRIGHTwill be automatically replaced with the current year