Skip to content

Commit c9a18b7

Browse files
liudmylasovetovsliudmylasovetovs
committed
(SP: 1)[SHOP] clarify shop provider and shipping env example documentation
1 parent c32f9d7 commit c9a18b7

1 file changed

Lines changed: 61 additions & 26 deletions

File tree

frontend/.env.example

Lines changed: 61 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,20 @@
11
# --- Core / Environment
2-
APP_ADDITIONAL_ORIGINS=https://admin.example.test
2+
# Main runtime environment label (for example: local, develop, production).
33
APP_ENV=
4+
5+
# Canonical application origin / base URL.
46
APP_ORIGIN=https://example.test
57
APP_URL=
68
NEXT_PUBLIC_SITE_URL=
79

10+
# Additional trusted browser origins, comma-separated if multiple.
11+
APP_ADDITIONAL_ORIGINS=https://admin.example.test
12+
813
# --- Database
14+
# Primary database URL used by the app runtime.
915
DATABASE_URL=
16+
17+
# Local-only database URL used for strict local development/testing flows.
1018
DATABASE_URL_LOCAL=
1119

1220
# --- Upstash Redis (REST)
@@ -46,40 +54,62 @@ CLOUDINARY_UPLOAD_FOLDER=
4654
CLOUDINARY_URL=
4755

4856
# --- Payments (Stripe)
57+
# Public Stripe key for browser checkout flows.
4958
NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=
50-
# Options: test, live (defaults to test in development, live in production)
59+
60+
# Allowed values: test, live.
61+
# In local/development, test mode is expected.
62+
# In production-like runtime, invalid or placeholder Stripe config must fail closed.
5163
STRIPE_MODE=
64+
65+
# Toggle Stripe payments for Shop checkout flows.
5266
STRIPE_PAYMENTS_ENABLED=
67+
68+
# Required when Stripe payments are enabled.
69+
# In production-like runtime, invalid or placeholder config must fail closed.
5370
STRIPE_SECRET_KEY=
5471
STRIPE_WEBHOOK_SECRET=
5572

5673
# --- Payments (Monobank)
57-
# Optional; set explicitly in production for clarity
74+
# Optional API base override. Leave empty to use code defaults unless a custom base is required.
5875
MONO_API_BASE=
76+
77+
# Optional invoice timeout override in milliseconds.
5978
MONO_INVOICE_TIMEOUT_MS=
6079

61-
# Required for Monobank checkout/webhooks
80+
# Required when Monobank checkout/webhooks are enabled.
81+
# In production-like runtime, invalid or placeholder config must fail closed.
6282
MONO_MERCHANT_TOKEN=
6383
MONO_PUBLIC_KEY=
6484

65-
# Optional webhook/runtime tuning (defaults in code if omitted)
85+
# Optional Monobank webhook/runtime tuning.
6686
MONO_REFUND_ENABLED=0
6787
MONO_WEBHOOK_CLAIM_TTL_MS=
6888
MONO_WEBHOOK_MODE=
6989

90+
# Global payments toggle for Shop checkout flows.
7091
PAYMENTS_ENABLED=
7192

7293
# --- Shipping (Nova Poshta)
73-
# Toggles (optional; defaults are handled in code)
94+
# Shipping feature toggles.
7495
SHOP_SHIPPING_ENABLED=0
7596
SHOP_SHIPPING_NP_ENABLED=0
7697

77-
# Retention (optional; days, used for cleanup/retention policies)
98+
# Optional retention in days for cleanup / retention jobs.
7899
SHOP_SHIPPING_RETENTION_DAYS=
79100

80-
# Required when shipping is enabled (SHOP_SHIPPING_ENABLED=1 and SHOP_SHIPPING_NP_ENABLED=1).
81-
# If shipping is enabled without required NP config, app throws NovaPoshtaConfigError at runtime.
82-
# Optional if code has a default; set explicitly in production for clarity
101+
# Authoritative flat shipping prices used by Shop checkout and shipping-method resolution.
102+
# Values are stored in minor units for UAH.
103+
# Example: 500 = 5.00 UAH
104+
# Required whenever Nova Poshta shipping methods are enabled.
105+
# Missing or invalid values must fail closed.
106+
SHOP_SHIPPING_NP_WAREHOUSE_AMOUNT_MINOR=
107+
SHOP_SHIPPING_NP_LOCKER_AMOUNT_MINOR=
108+
SHOP_SHIPPING_NP_COURIER_AMOUNT_MINOR=
109+
110+
# Required Nova Poshta provider config when shipping is enabled
111+
# (SHOP_SHIPPING_ENABLED=1 and SHOP_SHIPPING_NP_ENABLED=1).
112+
# In production-like runtime, invalid or placeholder config must fail closed.
83113
NP_API_BASE=
84114
NP_API_KEY=
85115
NP_SENDER_WAREHOUSE_REF=
@@ -89,7 +119,7 @@ NP_SENDER_NAME=
89119
NP_SENDER_PHONE=
90120
NP_SENDER_REF=
91121

92-
# Optional tuning (override only if needed; otherwise code defaults apply)
122+
# Optional Nova Poshta runtime tuning.
93123
NP_MAX_RETRIES=
94124
NP_RETRY_DELAY_MS=
95125
NP_TIMEOUT_MS=
@@ -100,18 +130,18 @@ INTERNAL_JANITOR_MIN_INTERVAL_SECONDS=
100130
INTERNAL_JANITOR_SECRET=
101131
JANITOR_URL=
102132

103-
# Optional internal/admin runtime secrets & tuning (used by internal endpoints/jobs)
133+
# Optional internal/admin runtime secrets & tuning.
104134
INTERNAL_SECRET=
105135
JANITOR_TIMEOUT_MS=
106136

107-
# Optional instance IDs for webhook multi-instance diagnostics/claiming
137+
# Optional instance IDs for webhook multi-instance diagnostics / claiming.
108138
STRIPE_WEBHOOK_INSTANCE_ID=
109139
WEBHOOK_INSTANCE_ID=
110140

111141
# --- Quiz
112142
QUIZ_ENCRYPTION_KEY=
113143

114-
# --- Web3Forms (feedback form)
144+
# --- Web3Forms / Sponsors / Feedback
115145
GITHUB_SPONSORS_TOKEN=
116146
NEXT_PUBLIC_WEB3FORMS_KEY=
117147

@@ -125,44 +155,49 @@ GMAIL_APP_PASSWORD=
125155
GMAIL_USER=
126156

127157
# --- Shop / Internal
128-
# Optional public/base URL used by shop services/links
158+
# Optional absolute base URL used by Shop links/services.
159+
# Set explicitly in production to avoid incorrect absolute URLs.
129160
SHOP_BASE_URL=
161+
162+
# Policy/consent version labels used by Shop flows.
130163
SHOP_PRIVACY_VERSION=privacy-v1
131164
SHOP_TERMS_VERSION=terms-v1
132165

133-
# Required for signed shop status tokens (if status endpoint/token flow is enabled)
166+
# Required for signed Shop status-token flows.
134167
SHOP_STATUS_TOKEN_SECRET=
135168

136169
# --- Security
137170
CSRF_SECRET=
138171

172+
# Checkout route rate limiting.
139173
CHECKOUT_RATE_LIMIT_MAX=10
140174
CHECKOUT_RATE_LIMIT_WINDOW_SECONDS=300
141175

142-
# Stripe webhook rate limit envs (applied per reason; reason-specific overrides generic).
176+
# Stripe webhook rate-limit envs.
143177
# Missing signature has its own envs with fallback to generic, then legacy invalid_sig.
144178
STRIPE_WEBHOOK_MISSING_SIG_RL_MAX=30
145179
STRIPE_WEBHOOK_MISSING_SIG_RL_WINDOW_SECONDS=60
146180

147-
# Generic Stripe webhook rate limit fallback (applies to missing_sig and invalid_sig).
181+
# Generic Stripe webhook rate-limit fallback.
148182
STRIPE_WEBHOOK_RL_MAX=30
149183
STRIPE_WEBHOOK_RL_WINDOW_SECONDS=60
150184

151-
# Invalid signature envs (canonical for invalid_sig, legacy fallback for missing_sig).
185+
# Invalid-signature envs.
152186
STRIPE_WEBHOOK_INVALID_SIG_RL_MAX=30
153187
STRIPE_WEBHOOK_INVALID_SIG_RL_WINDOW_SECONDS=60
154188

155-
# SECURITY: If true, trust Cloudflare's cf-connecting-ip header for rate limiting.
156-
# Enable ONLY when traffic is fronted by Cloudflare (header is set by Cloudflare at the edge).
157-
# Default: false (0). Keep 0 in untrusted environments to avoid IP spoofing.
189+
# SECURITY:
190+
# Trust Cloudflare's cf-connecting-ip header for rate limiting only when traffic is fronted by Cloudflare.
191+
# Default: 0
158192
TRUST_CF_CONNECTING_IP=0
159193

160-
# SECURITY: If true, trust x-real-ip / x-forwarded-for headers for rate limiting.
161-
# Enable ONLY behind Cloudflare or a trusted reverse proxy that overwrites these headers.
162-
# Default: false (empty/0/false).
194+
# SECURITY:
195+
# Trust x-real-ip / x-forwarded-for only behind Cloudflare or another trusted reverse proxy.
196+
# Default: 0
163197
TRUST_FORWARDED_HEADERS=0
164198

165-
# emergency switch
199+
# Emergency switch for rate limiting.
166200
RATE_LIMIT_DISABLED=0
167201

202+
# --- AI / External
168203
GROQ_API_KEY=

0 commit comments

Comments
 (0)