2026-06-04 19:09:31 +03:30
|
|
|
|
# ──────────────────────────────────────────────────────────────────────────
|
|
|
|
|
|
# Barg-e Vasat — ENV_FILE
|
|
|
|
|
|
# Paste the contents of this file (filled in) into the Gitea repo secret:
|
|
|
|
|
|
# https://git.soroushasadi.com/soroushdes/HokmPlay/settings/secrets → ENV_FILE
|
|
|
|
|
|
# The deploy job writes it verbatim to `.env`, which docker compose reads.
|
|
|
|
|
|
#
|
|
|
|
|
|
# NOTE: NEXT_PUBLIC_SERVER_URL is baked into the web bundle at BUILD time —
|
|
|
|
|
|
# changing it requires a new CI run (push a commit) to take effect.
|
|
|
|
|
|
# ──────────────────────────────────────────────────────────────────────────
|
|
|
|
|
|
|
|
|
|
|
|
# Host ports (1500–1600 range so the stack coexists with manual dev on 3000/5005)
|
|
|
|
|
|
WEB_PORT=1500
|
|
|
|
|
|
API_PORT=1505
|
|
|
|
|
|
DB_PORT=1510
|
|
|
|
|
|
|
|
|
|
|
|
# Database (postgres container)
|
|
|
|
|
|
POSTGRES_PASSWORD=change-me-strong-password
|
|
|
|
|
|
|
|
|
|
|
|
# JWT — generate with: openssl rand -hex 32
|
|
|
|
|
|
JWT_KEY=CHANGE-ME-to-a-32+char-random-secret
|
|
|
|
|
|
JWT_ISSUER=hokm
|
|
|
|
|
|
JWT_AUDIENCE=hokm-clients
|
|
|
|
|
|
|
|
|
|
|
|
# Browser-facing API origin (host-mapped api port).
|
|
|
|
|
|
# If the browser is NOT on the deploy host, use the host LAN IP instead of
|
|
|
|
|
|
# localhost, e.g. http://172.28.144.1:1505 (localhost can be VPN-hijacked).
|
|
|
|
|
|
NEXT_PUBLIC_SERVER_URL=http://localhost:1505
|
|
|
|
|
|
|
|
|
|
|
|
# Origins allowed by the API's CORS (comma-separated). Must include the web URL.
|
|
|
|
|
|
CORS_ORIGINS=http://localhost:1500
|
|
|
|
|
|
|
2026-06-05 08:53:46 +03:30
|
|
|
|
# Package mirrors used during Docker builds. Default to the plain-HTTP Nexus
|
|
|
|
|
|
# (no SSL) because the HTTPS mirror serves a partial cert chain that fresh
|
|
|
|
|
|
# container trust stores reject. Override only if your Nexus moves.
|
|
|
|
|
|
# NUGET_INDEX=http://171.22.25.73:8081/repository/nuget-group/index.json
|
|
|
|
|
|
# NPM_REGISTRY=http://171.22.25.73:8081/repository/npm-group/
|
|
|
|
|
|
|
2026-06-04 19:09:31 +03:30
|
|
|
|
# ZarinPal (sandbox for now — switch in admin/panel later)
|
|
|
|
|
|
ZARINPAL_MERCHANT_ID=299685fb-cadf-4dfc-98e2-d4af5d81528d
|
|
|
|
|
|
ZARINPAL_SANDBOX=true
|
|
|
|
|
|
ZARINPAL_CALLBACK_URL=http://localhost:1505/api/coins/pay/callback
|
|
|
|
|
|
ZARINPAL_CLIENT_RETURN_URL=http://localhost:1500
|
2026-06-06 18:39:24 +03:30
|
|
|
|
|
|
|
|
|
|
# Store in-app billing (Cafe Bazaar / Myket) — fill from the developer panels.
|
|
|
|
|
|
# SKU == coin-pack id (p1/p2/…). Coins are credited only after the purchase
|
|
|
|
|
|
# token verifies server-to-server.
|
|
|
|
|
|
IAB_PACKAGE_NAME=com.bargevasat.hokm
|
|
|
|
|
|
# Cafe Bazaar (pardakht dev API): create an OAuth client, do the one-time consent
|
|
|
|
|
|
# to obtain a refresh_token. https://pardakht.cafebazaar.ir/
|
|
|
|
|
|
IAB_BAZAAR_CLIENT_ID=
|
|
|
|
|
|
IAB_BAZAAR_CLIENT_SECRET=
|
|
|
|
|
|
IAB_BAZAAR_REFRESH_TOKEN=
|
|
|
|
|
|
# Myket developer panel → API access token.
|
|
|
|
|
|
IAB_MYKET_ACCESS_TOKEN=
|
|
|
|
|
|
# DEV ONLY: credit purchases WITHOUT verifying (set true to test before you have
|
|
|
|
|
|
# store creds). NEVER true in production.
|
|
|
|
|
|
IAB_ALLOW_UNVERIFIED=false
|
