Env & secrets
All secrets live in hono-backend/.env.
The file src/config/env.ts reads them once at startup and exports one env object.
Rule: Never read process.env randomly in routes — import { env } from config/env.ts so validation stays in one place.
Required variables (server won’t start without these)
| Variable | What it means |
|---|---|
MONGODB_URI | Address of your MongoDB database |
GOOGLE_CLIENT_ID / GOOGLE_CLIENT_SECRET | Google login for web/admin |
JWT_ACCESS_SECRET | Password used to sign short access tokens |
REFRESH_TOKEN_SECRET | Password used to hash refresh tokens in DB |
YOUTUBE_API_KEY | YouTube Data API for video metadata |
Common optional / defaulted
| Variable | Default | Meaning |
|---|---|---|
PORT | 3000 | HTTP port |
JWT_REFRESH_DAYS | 30 | How long refresh tokens last (must be 1–365) |
ALLOWED_ORIGIN | '' | Production web origin for CORS |
OAUTH_REDIRECT_URIS | '' | Comma-separated extra redirect URIs allowed by POST /auth/google/code (use for preview environments) |
NOTIFICATION_DRY_RUN | true in dev | Skip real FCM pushes when true |
STREAK_WARNING_START_HOUR_IST | 20 | First IST hour (0–23) the worker may send streak warnings |
STREAK_WARNING_END_HOUR_IST | 22 | Last IST hour (0–23) the worker may send streak warnings |
Feature flags (boolean-ish)
Parsed by parseBool(...) in env.ts (accepts 1, true, yes, on):
NOTIFICATION_DRY_RUN— log pushes instead of sending.
Rate limiting
| Variable | Default | Meaning |
|---|---|---|
RATE_LIMIT_STORE | memory | Counter backend. memory is fast and single-instance; mongo shares counters across instances and survives restarts. |
RATE_LIMIT_EVENT_SAMPLE_RATE | 0.01 | Fraction (0–1) of allowed requests that write a sampled event. Blocked and shadow violations are always recorded. |
See API rate limiting for the policy / store / admin-UI story.
Current affairs search (optional Atlas features)
These are read directly by services/current-affairs-search/* from process.env — they are not on the env object, so they can be toggled per environment without restarting code that does not care.
| Variable | Default | Meaning |
|---|---|---|
MONGO_ATLAS_SEARCH_ENABLED | unset (regex) | Truthy → use Atlas $search for CA text search instead of regex |
CA_SEARCH_WINDOW_DAYS | 60 | Look-back window for CA text search |
MONGO_ATLAS_VECTOR_SEARCH_ENABLED | unset (in-app) | Truthy → use Atlas Vector Search instead of in-app similarity |
EMBEDDING_MODEL | default | Name of the embedding model used to index CA items |
EMBEDDING_VERSION | 1 | Bump when re-indexing with a new model |
Internal / worker
| Variable | Used by |
|---|---|
NOTIFICATION_WORKER_KEY | /internal/notifications + internal-key.middleware.ts |
FIREBASE_PROJECT_ID + FIREBASE_SERVICE_ACCOUNT_JSON | FCM push sender (services/notifications/fcm-sender.service.ts) |
Helpers inside env.ts
| Function | Purpose |
|---|---|
require_(key) | Must exist or crash |
parsePositiveInt(key, fallback) | Number > 0 or use default |
parseBool(key, fallback) | 1/true/yes/on → true |
parseRateLimitStore() | 'mongo' if env says so, else 'memory' |
parseSampleRate(key, fallback) | Clamps to [0, 1] |
parseCsv(key) | Trims and filters empty entries (used by OAUTH_REDIRECT_URIS) |
See Config folder for file-level detail on env.ts and db.ts.
Last updated on