codalware-auth
Version:
Complete authentication system with enterprise security, attack protection, team workspaces, waitlist, billing, UI components, 2FA, and account recovery - production-ready in 5 minutes. Enhanced CLI with verification, rollback, and App Router scaffolding.
142 lines (121 loc) • 5.84 kB
text/typescript
/**
* Environment variable configuration
* Centralized environment variable access with type safety
*/
// Try to load dotenv if available (do not crash if it's missing)
(async () => {
try {
const dotenv = await import('dotenv');
dotenv.config();
} catch {
// dotenv not installed or failed to load — proceed using process.env
}
})();
// Helper to get environment variable with optional fallback
function getEnv(key: string, fallback?: string): string | undefined {
return process.env[key] ?? fallback;
}
/**
* Environment variables with type-safe access
* Add your custom environment variables here
*/
export const env = {
// Node environment
NODE_ENV: getEnv('NODE_ENV', 'development'),
// Database
DATABASE_URL: getEnv('DATABASE_URL', ''),
// Email configuration
GMAIL_ACCOUNT_EMAIL: getEnv('GMAIL_ACCOUNT_EMAIL'),
GOOGLE_PASS: getEnv('GOOGLE_PASS'),
EMAIL_SERVER_HOST: getEnv('EMAIL_SERVER_HOST'),
EMAIL_SERVER_PORT: getEnv('EMAIL_SERVER_PORT'),
EMAIL_SERVER_USER: getEnv('EMAIL_SERVER_USER'),
EMAIL_SERVER_PASSWORD: getEnv('EMAIL_SERVER_PASSWORD'),
EMAIL_FROM: getEnv('EMAIL_FROM'),
// Admin setup
ADMIN_EMAIL: getEnv('ADMIN_EMAIL'),
ADMIN_PASSWORD: getEnv('ADMIN_PASSWORD'),
ADMIN_NAME: getEnv('ADMIN_NAME'),
// AuthCore setup
SKIP_AUTHCORE_WIZARD: getEnv('SKIP_AUTHCORE_WIZARD') === 'true' || getEnv('SKIP_AUTHCORE_WIZARD') === '1',
// Multi-tenancy
ENABLE_MULTI_TENANCY: getEnv('ENABLE_MULTI_TENANCY'),
DEFAULT_TENANT_DOMAIN: getEnv('DEFAULT_TENANT_DOMAIN'),
// Features
ENABLE_SOCIAL_LOGIN: getEnv('ENABLE_SOCIAL_LOGIN'),
ENABLE_ACCOUNT_APPROVAL: getEnv('ENABLE_ACCOUNT_APPROVAL'),
REQUIRE_TENANT_APPROVAL: getEnv('REQUIRE_TENANT_APPROVAL'),
FORCE_2FA_ON_REGISTRATION: getEnv('FORCE_2FA_ON_REGISTRATION'),
ALLOW_EMAIL_OTP_DEFAULT: getEnv('ALLOW_EMAIL_OTP_DEFAULT'),
ALLOW_AUTHENTICATOR_DEFAULT: getEnv('ALLOW_AUTHENTICATOR_DEFAULT'),
ENABLE_MAGIC_LINK_LOGIN_DEFAULT: getEnv('ENABLE_MAGIC_LINK_LOGIN_DEFAULT'),
SUGGEST_MAGIC_LINK_LOGIN_DEFAULT: getEnv('SUGGEST_MAGIC_LINK_LOGIN_DEFAULT'),
ENABLE_SUSPICIOUS_LOGIN_ALERTS_DEFAULT: getEnv('ENABLE_SUSPICIOUS_LOGIN_ALERTS_DEFAULT'),
// UI Features
ENABLE_MODAL_AUTH: getEnv('ENABLE_MODAL_AUTH'),
SHOW_SOCIAL_PROVIDERS: getEnv('SHOW_SOCIAL_PROVIDERS'),
// Security & Password Policy
PASSWORD_MIN_LENGTH: getEnv('PASSWORD_MIN_LENGTH'),
PASSWORD_MAX_LENGTH: getEnv('PASSWORD_MAX_LENGTH'),
PASSWORD_REQUIRE_UPPERCASE: getEnv('PASSWORD_REQUIRE_UPPERCASE'),
PASSWORD_REQUIRE_LOWERCASE: getEnv('PASSWORD_REQUIRE_LOWERCASE'),
PASSWORD_REQUIRE_NUMBERS: getEnv('PASSWORD_REQUIRE_NUMBERS'),
PASSWORD_REQUIRE_SYMBOLS: getEnv('PASSWORD_REQUIRE_SYMBOLS'),
PASSWORD_MIN_SCORE: getEnv('PASSWORD_MIN_SCORE'),
// 2FA Settings
SUGGEST_2FA_AFTER_DAYS: getEnv('SUGGEST_2FA_AFTER_DAYS'),
FORCE_2FA_FOR_ADMINS: getEnv('FORCE_2FA_FOR_ADMINS'),
// Email Verification
ENABLE_EMAIL_VERIFICATION: getEnv('ENABLE_EMAIL_VERIFICATION'),
ACCOUNT_DELETION_RETENTION_DAYS: getEnv('ACCOUNT_DELETION_RETENTION_DAYS'),
// Security Settings
SIGN_UP_MODE: getEnv('SIGN_UP_MODE') as 'PUBLIC' | 'RESTRICTED' | 'WAITLIST' | undefined,
ENABLE_EMAIL_VERIFICATION_SECURITY: getEnv('ENABLE_EMAIL_VERIFICATION_SECURITY'),
ENABLE_USER_ENUMERATION_PROTECTION: getEnv('ENABLE_USER_ENUMERATION_PROTECTION'),
ENABLE_BOT_PROTECTION: getEnv('ENABLE_BOT_PROTECTION'),
BLOCK_DISPOSABLE_EMAILS: getEnv('BLOCK_DISPOSABLE_EMAILS'),
BLOCK_EMAIL_SUBADDRESSES: getEnv('BLOCK_EMAIL_SUBADDRESSES'),
APPLY_TO_SIGN_IN: getEnv('APPLY_TO_SIGN_IN'),
ENABLE_LOCKOUT_POLICY: getEnv('ENABLE_LOCKOUT_POLICY'),
MAX_LOGIN_ATTEMPTS: getEnv('MAX_LOGIN_ATTEMPTS'),
LOCKOUT_DURATION: getEnv('LOCKOUT_DURATION'),
RESET_AFTER: getEnv('RESET_AFTER'),
PASSWORD_REQUIRE_SPECIAL_CHARS: getEnv('PASSWORD_REQUIRE_SPECIAL_CHARS'),
PASSWORD_EXPIRY_DAYS: getEnv('PASSWORD_EXPIRY_DAYS'),
SESSION_TIMEOUT_MINUTES: getEnv('SESSION_TIMEOUT_MINUTES'),
MAX_CONCURRENT_SESSIONS: getEnv('MAX_CONCURRENT_SESSIONS'),
ENABLE_REMOTE_LOGOUT: getEnv('ENABLE_REMOTE_LOGOUT'),
ENABLE_IP_WHITELIST: getEnv('ENABLE_IP_WHITELIST'),
ENABLE_IP_BLACKLIST: getEnv('ENABLE_IP_BLACKLIST'),
REQUIRE_MFA_FOR_ADMINS: getEnv('REQUIRE_MFA_FOR_ADMINS'),
// Feature Management
ENABLE_FEATURE_MANAGEMENT: getEnv('ENABLE_FEATURE_MANAGEMENT'),
ALLOW_TENANT_OVERRIDES: getEnv('ALLOW_TENANT_OVERRIDES'),
ENABLE_USAGE_TRACKING: getEnv('ENABLE_USAGE_TRACKING'),
// Branding
APP_NAME: getEnv('APP_NAME'),
APP_URL: getEnv('APP_URL'),
// Checkout & Billing
AUTHCORE_CHECKOUT_SECRET: getEnv('AUTHCORE_CHECKOUT_SECRET'),
CHECKOUT_WEBHOOK_SECRET: getEnv('CHECKOUT_WEBHOOK_SECRET'),
// Social Providers
GOOGLE_CLIENT_ID: getEnv('GOOGLE_CLIENT_ID'),
GOOGLE_CLIENT_SECRET: getEnv('GOOGLE_CLIENT_SECRET'),
GITHUB_ID: getEnv('GITHUB_ID'),
GITHUB_SECRET: getEnv('GITHUB_SECRET'),
} as const;
export type Env = typeof env;
// Export individual properties for backward compatibility
export const NODE_ENV = env.NODE_ENV;
export const DATABASE_URL = env.DATABASE_URL;
export const GMAIL_ACCOUNT_EMAIL = env.GMAIL_ACCOUNT_EMAIL;
export const GOOGLE_PASS = env.GOOGLE_PASS;
export const EMAIL_SERVER_HOST = env.EMAIL_SERVER_HOST;
export const EMAIL_SERVER_PORT = env.EMAIL_SERVER_PORT;
export const EMAIL_SERVER_USER = env.EMAIL_SERVER_USER;
export const EMAIL_SERVER_PASSWORD = env.EMAIL_SERVER_PASSWORD;
export const EMAIL_FROM = env.EMAIL_FROM;
export const ADMIN_EMAIL = env.ADMIN_EMAIL;
export const ADMIN_PASSWORD = env.ADMIN_PASSWORD;
export const ADMIN_NAME = env.ADMIN_NAME;
export const SKIP_AUTHCORE_WIZARD = env.SKIP_AUTHCORE_WIZARD;