Files
WYGIWYH/.env.example
T
obervinov 4273c541c5 Add API tokens and OAuth2 client support for external integrations
- Personal API tokens (model, user-settings UI, admin, management command,
  DRF auth class) for non-interactive API access from automations like n8n.
  Raw token shown once; only a SHA-256 hash is stored; last_used_at writes
  are throttled.
- OAuth2 authorization server via django-oauth-toolkit with authorization
  server metadata and optional, off-by-default Dynamic Client Registration
  (RFC 7591), so remote OAuth/MCP clients can authenticate and self-register.
- Tests for token auth, DCR gating and the management commands, plus
  .env.example and README documentation.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-24 19:15:31 +04:00

59 lines
2.2 KiB
Bash

SERVER_NAME=wygiwyh_server
DB_NAME=wygiwyh_pg
TZ=UTC # Change to your timezone. This only affects some async tasks.
DEBUG=false
URL = https://...
HTTPS_ENABLED=true
SECRET_KEY=<GENERATE A SAFE SECRET KEY AND PLACE IT HERE>
DJANGO_ALLOWED_HOSTS=localhost 127.0.0.1 [::1]
OUTBOUND_PORT=9005
# Uncomment these variables to automatically create an admin account using these credentials on startup.
# After your first successfull login you can remove these variables from your file for safety reasons.
#ADMIN_EMAIL=<ENTER YOUR EMAIL>
#ADMIN_PASSWORD=<YOUR SAFE PASSWORD>
SQL_DATABASE=wygiwyh
SQL_USER=wygiwyh
SQL_PASSWORD=<INSERT A SAFE PASSWORD HERE>
SQL_HOST=${DB_NAME}
SQL_PORT=5432
# Gunicorn
WEB_CONCURRENCY=4
# App Configs
# Enable this if you want to keep deleted transactions in the database
ENABLE_SOFT_DELETE=false
# If ENABLE_SOFT_DELETE is true, transactions deleted for more than KEEP_DELETED_TRANSACTIONS_FOR days will be truly deleted. Set to 0 to keep all.
KEEP_DELETED_TRANSACTIONS_FOR=365
TASK_WORKERS=1 # This only work if you're using the single container option. Increase to have more open queues via procrastinate, you probably don't need to increase this.
# OIDC Configuration. Uncomment the lines below if you want to add OIDC login to your instance
#OIDC_CLIENT_NAME=""
#OIDC_CLIENT_ID=""
#OIDC_CLIENT_SECRET=""
#OIDC_SERVER_URL=""
#OIDC_ALLOW_SIGNUP=true
# Personal access tokens. How often (seconds) a token's last_used_at is rewritten.
#API_TOKEN_LAST_USED_UPDATE_INTERVAL=600
# MCP OAuth Application. Uncomment to auto-create/update the OAuth client
# used by remote MCP integrations after migrations complete.
#MCP_OAUTH_CLIENT_NAME="WYGIWYH MCP"
#MCP_OAUTH_CLIENT_ID="mcp-wygiwyh"
#MCP_OAUTH_CLIENT_SECRET="<INSERT A SAFE SECRET HERE>"
#MCP_OAUTH_REDIRECT_URIS="http://127.0.0.1:8765/callback"
#MCP_OAUTH_SKIP_AUTHORIZATION=false
# Dynamic Client Registration (RFC 7591). Disabled by default because an open
# registration endpoint lets anyone create OAuth applications. Enable only if
# remote MCP clients must self-register, and optionally require an initial
# access token (sent as "Authorization: Bearer <token>" on /oauth/register/).
#OAUTH2_DCR_ENABLED=false
#OAUTH2_DCR_INITIAL_ACCESS_TOKEN=""