init: scaffold from k-template with postgres + worker

2026-05-31 03:08:38 +02:00
commit f9cb142c3b
70 changed files with 5269 additions and 0 deletions
--- a/.env.example
+++ b/.env.example
@@ -0,0 +1,65 @@
+# ============================================================================
+# K-Template Configuration
+# ============================================================================
+# Copy this file to .env and adjust values for your environment.
+
+# ============================================================================
+# Server
+# ============================================================================
+HOST=127.0.0.1
+PORT=3000
+
+# ============================================================================
+# Database
+# ============================================================================
+# SQLite (default)
+DATABASE_URL=sqlite:data.db?mode=rwc
+
+# PostgreSQL (requires postgres feature flag)
+# DATABASE_URL=postgres://user:password@localhost:5432/mydb
+
+DB_MAX_CONNECTIONS=5
+DB_MIN_CONNECTIONS=1
+
+# ============================================================================
+# Cookie Secret
+# ============================================================================
+# Used to encrypt the OIDC state cookie (CSRF token, PKCE verifier, nonce).
+# Must be at least 64 characters in production.
+COOKIE_SECRET=your-cookie-secret-key-must-be-at-least-64-characters-long-for-security!!
+
+# Set to true when serving over HTTPS
+SECURE_COOKIE=false
+
+# ============================================================================
+# JWT
+# ============================================================================
+# Must be at least 32 characters in production.
+JWT_SECRET=your-jwt-secret-key-at-least-32-chars
+
+# Optional: embed issuer/audience claims in tokens
+# JWT_ISSUER=your-app-name
+# JWT_AUDIENCE=your-app-audience
+
+# Token lifetime in hours (default: 24)
+JWT_EXPIRY_HOURS=24
+
+# ============================================================================
+# OIDC (optional — requires auth-oidc feature flag)
+# ============================================================================
+# OIDC_ISSUER=https://your-oidc-provider.com
+# OIDC_CLIENT_ID=your-client-id
+# OIDC_CLIENT_SECRET=your-client-secret
+# OIDC_REDIRECT_URL=http://localhost:3000/api/v1/auth/callback
+# OIDC_RESOURCE_ID=your-resource-id   # optional audience claim to verify
+
+# ============================================================================
+# CORS
+# ============================================================================
+CORS_ALLOWED_ORIGINS=http://localhost:5173,http://localhost:3000
+
+# ============================================================================
+# Production Mode
+# ============================================================================
+# Set to true/production/1 to enforce minimum secret lengths and other checks.
+PRODUCTION=false