Rustelo/info/why_env.md

Current Setup

The project already has:
- **`.env`** file (exists but protected from reading)
- **`.env.example`** file (exists but protected from reading)
- **`dotenvy`** crate integration in `main.rs` and config loading

## Why .env Files Are Important

The application uses environment variables for several critical configurations:

### 1. **JWT Configuration**
```template/server/src/auth/jwt.rs#L36-54
let secret = env::var("JWT_SECRET")
    .unwrap_or_else(|_| "your-super-secret-jwt-key-change-this-in-production".to_string());
let issuer = env::var("JWT_ISSUER").unwrap_or_else(|_| "rustelo-auth".to_string());
let access_token_expires_in = Duration::minutes(
    env::var("JWT_ACCESS_TOKEN_EXPIRES_IN")
        .unwrap_or_else(|_| "15".to_string())
        .parse()
        .unwrap_or(15),
);
```

### 2. **OAuth Configuration**
```template/server/src/auth/oauth.rs#L105-115
let client_id = env::var("GOOGLE_CLIENT_ID").map_err(|_| {
    anyhow!("Google OAuth not configured: missing GOOGLE_CLIENT_ID")
})?;
let client_secret = env::var("GOOGLE_CLIENT_SECRET").map_err(|_| {
    anyhow!("Google OAuth not configured: missing GOOGLE_CLIENT_SECRET")
})?;
```

### 3. **Server Configuration Overrides**
```template/server/src/config/mod.rs#L304-346
// Server overrides
if let Ok(protocol) = env::var("SERVER_PROTOCOL") { ... }
if let Ok(host) = env::var("SERVER_HOST") { ... }
if let Ok(port) = env::var("SERVER_PORT") { ... }
if let Ok(database_url) = env::var("DATABASE_URL") { ... }
if let Ok(session_secret) = env::var("SESSION_SECRET") { ... }
```

## Key Environment Variables You Should Set

Based on the code analysis, here are the important environment variables:

### **Authentication & Security**
- `JWT_SECRET` - JWT signing secret (critical for security)
- `JWT_ISSUER` - JWT issuer name
- `JWT_ACCESS_TOKEN_EXPIRES_IN` - Access token expiration (minutes)
- `JWT_REFRESH_TOKEN_EXPIRES_IN` - Refresh token expiration (days)
- `SESSION_SECRET` - Session cookie secret

### **Database**
- `DATABASE_URL` - PostgreSQL connection string

### **OAuth (if using social login)**
- `OAUTH_REDIRECT_BASE_URL` - OAuth callback base URL
- `GOOGLE_CLIENT_ID` & `GOOGLE_CLIENT_SECRET`
- `GITHUB_CLIENT_ID` & `GITHUB_CLIENT_SECRET`
- `DISCORD_CLIENT_ID` & `DISCORD_CLIENT_SECRET`
- `MICROSOFT_CLIENT_ID`, `MICROSOFT_CLIENT_SECRET`, `MICROSOFT_TENANT_ID`

### **Server Configuration**
- `ENVIRONMENT` - Runtime environment (development/production)
- `SERVER_PROTOCOL` - HTTP or HTTPS
- `SERVER_HOST` - Server bind address
- `SERVER_PORT` - Server port
- `LOG_LEVEL` - Logging level
- `CONFIG_FILE` - Custom config file path
- `TLS_CERT_PATH` & `TLS_KEY_PATH` - For HTTPS

## How It Works

1. **Environment Loading**: The app uses `dotenvy::dotenv().ok()` to load `.env` files
2. **Config Hierarchy**: TOML files provide defaults, environment variables override them
3. **Fallback Values**: Most settings have sensible defaults if env vars aren't set

The `.env` file is essential for keeping sensitive credentials like database passwords, JWT secrets, and OAuth keys separate from your code and configuration files.
feat: add dark mode functionality and improve navigation system - Add complete dark mode system with theme context and toggle - Implement dark mode toggle component in navigation menu - Add client-side routing with SSR-safe signal handling - Fix language selector styling for better dark mode compatibility - Add documentation system with mdBook integration - Improve navigation menu with proper external/internal link handling - Add comprehensive project documentation and configuration - Enhance theme system with localStorage persistence - Fix arena panic issues during server-side rendering - Add proper TypeScript configuration and build optimizations 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-07-11 20:53:20 +01:00			`Current Setup`

			`The project already has:`
			- `.env` file (exists but protected from reading)
			- `.env.example` file (exists but protected from reading)
			- `dotenvy` crate integration in `main.rs` and config loading

			`## Why .env Files Are Important`

			`The application uses environment variables for several critical configurations:`

			`### 1. JWT Configuration`
			```template/server/src/auth/jwt.rs#L36-54
			`let secret = env::var("JWT_SECRET")`
			`.unwrap_or_else(\|_\| "your-super-secret-jwt-key-change-this-in-production".to_string());`
			`let issuer = env::var("JWT_ISSUER").unwrap_or_else(\|_\| "rustelo-auth".to_string());`
			`let access_token_expires_in = Duration::minutes(`
			`env::var("JWT_ACCESS_TOKEN_EXPIRES_IN")`
			`.unwrap_or_else(\|_\| "15".to_string())`
			`.parse()`
			`.unwrap_or(15),`
			`);`
			```

			`### 2. OAuth Configuration`
			```template/server/src/auth/oauth.rs#L105-115
			`let client_id = env::var("GOOGLE_CLIENT_ID").map_err(\|_\| {`
			`anyhow!("Google OAuth not configured: missing GOOGLE_CLIENT_ID")`
			`})?;`
			`let client_secret = env::var("GOOGLE_CLIENT_SECRET").map_err(\|_\| {`
			`anyhow!("Google OAuth not configured: missing GOOGLE_CLIENT_SECRET")`
			`})?;`
			```

			`### 3. Server Configuration Overrides`
			```template/server/src/config/mod.rs#L304-346
			`// Server overrides`
			`if let Ok(protocol) = env::var("SERVER_PROTOCOL") { ... }`
			`if let Ok(host) = env::var("SERVER_HOST") { ... }`
			`if let Ok(port) = env::var("SERVER_PORT") { ... }`
			`if let Ok(database_url) = env::var("DATABASE_URL") { ... }`
			`if let Ok(session_secret) = env::var("SESSION_SECRET") { ... }`
			```

			`## Key Environment Variables You Should Set`

			`Based on the code analysis, here are the important environment variables:`

			`### Authentication & Security`
			- `JWT_SECRET` - JWT signing secret (critical for security)
			- `JWT_ISSUER` - JWT issuer name
			- `JWT_ACCESS_TOKEN_EXPIRES_IN` - Access token expiration (minutes)
			- `JWT_REFRESH_TOKEN_EXPIRES_IN` - Refresh token expiration (days)
			- `SESSION_SECRET` - Session cookie secret

			`### Database`
			- `DATABASE_URL` - PostgreSQL connection string

			`### OAuth (if using social login)`
			- `OAUTH_REDIRECT_BASE_URL` - OAuth callback base URL
			- `GOOGLE_CLIENT_ID` & `GOOGLE_CLIENT_SECRET`
			- `GITHUB_CLIENT_ID` & `GITHUB_CLIENT_SECRET`
			- `DISCORD_CLIENT_ID` & `DISCORD_CLIENT_SECRET`
			- `MICROSOFT_CLIENT_ID`, `MICROSOFT_CLIENT_SECRET`, `MICROSOFT_TENANT_ID`

			`### Server Configuration`
			- `ENVIRONMENT` - Runtime environment (development/production)
			- `SERVER_PROTOCOL` - HTTP or HTTPS
			- `SERVER_HOST` - Server bind address
			- `SERVER_PORT` - Server port
			- `LOG_LEVEL` - Logging level
			- `CONFIG_FILE` - Custom config file path
			- `TLS_CERT_PATH` & `TLS_KEY_PATH` - For HTTPS

			`## How It Works`

			1. Environment Loading: The app uses `dotenvy::dotenv().ok()` to load `.env` files
			`2. Config Hierarchy: TOML files provide defaults, environment variables override them`
			`3. Fallback Values: Most settings have sensible defaults if env vars aren't set`

			The `.env` file is essential for keeping sensitive credentials like database passwords, JWT secrets, and OAuth keys separate from your code and configuration files.