forked from chaosarium/lwt
-
-
Notifications
You must be signed in to change notification settings - Fork 20
Expand file tree
/
Copy path.env.example
More file actions
220 lines (199 loc) · 7.33 KB
/
.env.example
File metadata and controls
220 lines (199 loc) · 7.33 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
# LWT Configuration
# Copy this file to .env and update the values for your environment.
#
# Docker users: This file is automatically read by docker compose.
# The defaults below work out-of-the-box with docker compose up.
# Database server hostname or IP address
# Examples:
# localhost (default for local installations)
# db (default for Docker - this is the container name)
# 127.0.0.1
# localhost:8889 (for MAMP)
#
# Docker note: Use "db" to connect to the MariaDB container.
DB_HOST=localhost
# Database username
DB_USER=root
# Database password (leave empty for no password)
DB_PASSWORD=
# Database name
DB_NAME=learning-with-texts
# Database socket (optional, usually not needed)
# Uncomment and set if your MySQL uses a non-standard socket
# DB_SOCKET=/var/run/mysqld/mysqld.sock
# Application URL (recommended for production)
# The full URL where LWT is accessible, without trailing slash.
# Used for password-reset emails and OAuth redirect URIs.
# If not set, LWT will auto-detect from HTTP_HOST (less secure).
#
# Examples:
# APP_URL=https://lwt.example.com
# APP_URL=http://localhost:8000
#
# APP_URL=
# Application Base Path (optional)
# Set this if LWT is installed in a subdirectory (e.g., /lwt)
# This allows LWT to coexist with other web applications on the same server.
#
# Examples:
# APP_BASE_PATH=/lwt - Access at http://yourserver.com/lwt/
# APP_BASE_PATH=/apps/lwt - Access at http://yourserver.com/apps/lwt/
# (empty or unset) - Access at http://yourserver.com/ (root)
#
# Note: Do NOT include a trailing slash. The path must start with /
#
# APP_BASE_PATH=
# Multi-user mode (optional)
# Set to true to enable user_id-based data isolation.
# When enabled:
# - Users must authenticate to access their data
# - Each user's data is automatically filtered by user_id
# - Table prefix-based isolation is replaced by user_id columns
#
# MULTI_USER_ENABLED=false
# YouTube API Key (optional)
# Required for importing text from YouTube videos.
# Get your API key from: https://console.cloud.google.com/apis/credentials
# Enable the YouTube Data API v3 in your Google Cloud project.
#
# YT_API_KEY=
# Email Configuration (optional)
# Required for password reset functionality.
# If not configured, password reset tokens will be logged instead of emailed.
#
# SMTP server hostname
# MAIL_HOST=smtp.example.com
#
# SMTP port (587 for TLS, 465 for SSL)
# MAIL_PORT=587
#
# SMTP authentication username
# MAIL_USERNAME=
#
# SMTP authentication password
# MAIL_PASSWORD=
#
# SMTP encryption (tls or ssl)
# MAIL_ENCRYPTION=tls
#
# From email address
# MAIL_FROM_ADDRESS=noreply@example.com
#
# From name
# MAIL_FROM_NAME=LWT
#
# Enable email sending (set to false to disable and log tokens instead)
# MAIL_ENABLED=true
# Content Security Policy - Media Sources (optional)
# Controls which external sources can serve audio/video content.
# This affects whether external audio URLs (e.g., from language learning sites) can play.
#
# Options:
# self - Only allow media from this server (strictest, default)
# https - Allow any HTTPS source (recommended for self-hosted instances)
# <domains> - Comma-separated list of allowed domains
# Example: https://example.com,https://other-site.org
#
# Security note: For multi-user servers, 'self' prevents user tracking via
# external media URLs. Use 'https' only if you trust your users or proxy media.
#
# CSP_MEDIA_SOURCES=self
# Google OAuth (optional)
# Enable "Login with Google" functionality.
# Get credentials at: https://console.cloud.google.com/apis/credentials
# 1. Create a new project (or use existing)
# 2. Enable Google+ API
# 3. Create OAuth 2.0 Client ID (Web application)
# 4. Add authorized redirect URI: http://localhost:8000/google/callback
#
# GOOGLE_CLIENT_ID=your-client-id.apps.googleusercontent.com
# GOOGLE_CLIENT_SECRET=your-client-secret
# GOOGLE_REDIRECT_URI=http://localhost:8000/google/callback
# Microsoft OAuth (optional)
# Enable "Login with Microsoft" functionality.
# Get credentials at: https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade
# 1. Register a new application
# 2. Add a Web redirect URI: http://localhost:8000/microsoft/callback
# 3. Create a client secret under "Certificates & secrets"
# 4. Use "common" tenant for personal + work accounts, or your tenant ID for single-tenant
#
# MICROSOFT_CLIENT_ID=your-client-id
# MICROSOFT_CLIENT_SECRET=your-client-secret
# MICROSOFT_REDIRECT_URI=http://localhost:8000/microsoft/callback
# MICROSOFT_TENANT=common
# WordPress Integration (optional)
# Enable "Login with WordPress" when LWT is installed as a subdirectory
# under a WordPress installation (e.g., /var/www/wordpress/lwt/).
# LWT expects wp-load.php in the parent directory of the project root.
#
# WORDPRESS_ENABLED=true
# Backup Restore Security (optional)
# Controls whether database restore from uploaded files is allowed.
#
# IMPORTANT: In multi-user mode, backup restore is DISABLED by default for security.
# Malicious backup files could contain arbitrary SQL that affects other users' data.
#
# Options:
# true - Enable backup restore (use with caution in multi-user mode)
# false - Disable backup restore completely
#
# Default behavior:
# - Multi-user mode: disabled (false)
# - Single-user mode: enabled (true)
#
# Security notes:
# - When enabled, restore validates SQL against a whitelist of allowed statements
# - Only DROP TABLE, CREATE TABLE, and INSERT INTO for LWT tables are permitted
# - Dangerous patterns (LOAD_FILE, INTO OUTFILE, stored procedures) are blocked
#
# BACKUP_RESTORE_ENABLED=false
# Application Environment (optional)
# Controls error verbosity and debug behavior.
#
# APP_ENV options:
# production - Minimal error output (default)
# development - Verbose errors and warnings
# local - Same as development
#
# APP_DEBUG overrides APP_ENV for debug mode:
# true/1 - Show detailed errors regardless of APP_ENV
# false/0 - Use APP_ENV to determine behavior (default)
#
# APP_ENV=production
# APP_DEBUG=false
# Asset Mode (optional, development only)
# Controls how frontend assets (JS/CSS) are loaded.
#
# LWT_ASSET_MODE options:
# auto - Use Vite if manifest exists, otherwise legacy (default)
# vite - Always use Vite-built assets
# legacy - Always use legacy PHP-minified assets
#
# VITE_DEV_MODE: Set to any non-empty value to enable the Vite dev server
# for Hot Module Replacement during frontend development.
# Requires `npm run dev` to be running.
#
# LWT_ASSET_MODE=auto
# VITE_DEV_MODE=
# =============================================================================
# Docker Configuration
# =============================================================================
# Host port for accessing LWT (default: 8010)
# WEB_PORT=8010
# Internal Apache port inside the container (default: 80)
# Set to a port >= 1024 (e.g., 8080) to run the container as a non-root user.
# APACHE_PORT=80
# =============================================================================
# Docker Quick Start
# =============================================================================
# For Docker installations, copy this file to .env and set these values:
#
# DB_HOST=db
# DB_USER=root
# DB_PASSWORD=your_secure_password
# DB_NAME=learning-with-texts
#
# Then run: docker compose up
# Access at: http://localhost:8010/
#
# If you don't create a .env file, docker compose will use sensible defaults.