Merge pull request #244 from objectstack-ai/copilot/fix-sign-up-error

Author: hotlong

.env.example

@@ -0,0 +1,69 @@
+# ─── ObjectStack Authentication Configuration ──────────────────────────────
+
+# Required: Secret key for session encryption and JWT signing
+# Generate a secure random string (e.g., using `openssl rand -base64 32`)
+AUTH_SECRET=your-super-secret-key-change-this-in-production
+
+# Optional: Base URL for the application (defaults to http://localhost:5320)
+# BETTER_AUTH_URL=http://localhost:5320
+
+# ─── Database Configuration ─────────────────────────────────────────────────
+
+# Optional: Database connection URL (defaults to SQLite: objectstack.db)
+# Examples:
+# - PostgreSQL: postgres://user:password@localhost:5432/objectstack
+# - MongoDB: mongodb://localhost:27017/objectstack
+# - SQLite: sqlite:objectstack.db (or omit for default)
+# OBJECTQL_DATABASE_URL=sqlite:objectstack.db
+
+# ─── OAuth Provider Configuration ───────────────────────────────────────────
+
+# Google OAuth
+# GOOGLE_CLIENT_ID=your-google-client-id
+# GOOGLE_CLIENT_SECRET=your-google-client-secret
+
+# GitHub OAuth
+# GITHUB_CLIENT_ID=your-github-client-id
+# GITHUB_CLIENT_SECRET=your-github-client-secret
+
+# Microsoft OAuth
+# MICROSOFT_CLIENT_ID=your-microsoft-client-id
+# MICROSOFT_CLIENT_SECRET=your-microsoft-client-secret
+
+# ─── Enterprise SSO Configuration ───────────────────────────────────────────
+
+# Microsoft Entra ID (Azure AD)
+# AZURE_AD_CLIENT_ID=your-azure-client-id
+# AZURE_AD_CLIENT_SECRET=your-azure-client-secret
+# AZURE_AD_TENANT_ID=your-azure-tenant-id
+
+# Auth0
+# AUTH0_CLIENT_ID=your-auth0-client-id
+# AUTH0_CLIENT_SECRET=your-auth0-client-secret
+# AUTH0_DOMAIN=your-tenant.auth0.com
+
+# Okta
+# OKTA_CLIENT_ID=your-okta-client-id
+# OKTA_CLIENT_SECRET=your-okta-client-secret
+# OKTA_ISSUER=https://your-domain.okta.com
+
+# Keycloak
+# KEYCLOAK_CLIENT_ID=your-keycloak-client-id
+# KEYCLOAK_CLIENT_SECRET=your-keycloak-client-secret
+# KEYCLOAK_ISSUER=https://your-keycloak-server/realms/your-realm
+
+# ─── Two-Factor Authentication ──────────────────────────────────────────────
+
+# Optional: 2FA issuer name (defaults to "ObjectStack")
+# BETTER_AUTH_2FA_ISSUER=ObjectStack
+
+# ─── Server Configuration ───────────────────────────────────────────────────
+
+# Server port (defaults to 5320)
+# PORT=5320
+
+# CORS origins (comma-separated, defaults to http://localhost:5321,http://localhost:5320)
+# CORS_ORIGINS=http://localhost:5321,http://localhost:5320
+
+# Log level (defaults to 'info')
+# LOG_LEVEL=info

README.md

@@ -144,6 +144,37 @@ cd objectos
 pnpm install
 ```
 
+### Environment Setup
+
+Before running the application, you need to configure environment variables. Copy the example file and update it with your settings:
+
+```bash
+cp .env.example .env
+```
+
+**Required Configuration:**
+
+At minimum, you need to set the `AUTH_SECRET` for authentication to work:
+
+```bash
+# Generate a secure random secret (32+ characters recommended)
+export AUTH_SECRET=$(openssl rand -base64 32)
+```
+
+Or add it to your `.env` file:
+
+```env
+AUTH_SECRET=your-super-secret-key-change-this-in-production
+```
+
+**Optional Configuration:**
+
+- **Database**: Defaults to SQLite (`objectstack.db`). Set `OBJECTQL_DATABASE_URL` for PostgreSQL or MongoDB.
+- **OAuth Providers**: Configure `GOOGLE_CLIENT_ID`, `GITHUB_CLIENT_ID`, etc. for social login.
+- **Enterprise SSO**: Set up Auth0, Okta, Keycloak, or Azure AD via environment variables.
+
+See `.env.example` for all available options.
+
 ### Development
 
 ```bash

objectstack.config.ts

@@ -66,7 +66,16 @@ export default defineStack({
     new StoragePlugin(),
 
     // Core
-    new AuthPlugin(),
+    new AuthPlugin({
+      secret: process.env.AUTH_SECRET || (() => {
+        const defaultSecret = 'dev-secret-change-in-production-min-32-chars';
+        if (process.env.NODE_ENV === 'production') {
+          console.error('WARNING: Using default AUTH_SECRET in production! Set AUTH_SECRET environment variable.');
+        }
+        return defaultSecret;
+      })(),
+      baseUrl: process.env.BETTER_AUTH_URL || 'http://localhost:5320',
+    }),
     new PermissionsPlugin(),
     new AuditLogPlugin(),