soroushdes/HokmPlay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fd7bef36d81ec80bea217c156878101b62071894
HokmPlay/deploy/ENV_FILE.example
T
soroush.asadi e49df07c0f
CI/CD / CI - API (dotnet build + engine sim) (push) Successful in 7m47s
Details
CI/CD / CI - Web (tsc + next build) (push) Successful in 1m9s
Details
CI/CD / Deploy - local stack (db + server + web) (push) Failing after 1s
Details
Prod hardening: one-game-per-player, selectable music, bargevasat.ir config 
- One running game per player: server rejects a 2nd matchmake while in a live
  room (re-syncs the existing game); client guards Home vs-computer + Lobby
  random/create — resumes the running match + notifies instead of starting another
  (game-store hasActiveMatch()).
- Background music is now selectable: santoor (سنتی, calm Persian loop) and
  playful (bouncy UNO-like) — sound.ts TRACKS + setMusicTrack (persisted),
  sound-store musicTrack, picker in Profile → Audio. i18n added.
- Production config for bargevasat.ir (prepare-only; no live deploy):
  appsettings.Production.example (CORS + ZarinPal + IAB to the domain),
  docker-compose.caddy.yml + Caddyfile (auto-HTTPS reverse proxy
  bargevasat.ir→web, api.bargevasat.ir→server), ENV_FILE PRODUCTION block,
  PRODUCTION.md go-live + Cafe Bazaar publish/IAB checklist. Fixed IAB package
  name to match Capacitor appId (com.bargevasat.app).

Verified: tsc + next build + dotnet build all pass.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-06 23:05:52 +03:30

76 lines
4.0 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# ──────────────────────────────────────────────────────────────────────────
# Barg-e Vasat — ENV_FILE
# Paste the contents of this file (filled in) into the Gitea repo secret:
# https://git.soroushasadi.com/soroushdes/HokmPlay/settings/secrets → ENV_FILE
# The deploy job writes it verbatim to `.env`, which docker compose reads.
#
# NOTE: NEXT_PUBLIC_SERVER_URL is baked into the web bundle at BUILD time —
# changing it requires a new CI run (push a commit) to take effect.
# ──────────────────────────────────────────────────────────────────────────
# Host ports (15001600 range so the stack coexists with manual dev on 3000/5005)
WEB_PORT=1500
API_PORT=1505
DB_PORT=1510
# Database (postgres container)
POSTGRES_PASSWORD=change-me-strong-password
# JWT — generate with: openssl rand -hex 32
JWT_KEY=CHANGE-ME-to-a-32+char-random-secret
JWT_ISSUER=hokm
JWT_AUDIENCE=hokm-clients
# Browser-facing API origin (host-mapped api port).
# If the browser is NOT on the deploy host, use the host LAN IP instead of
# localhost, e.g. http://172.28.144.1:1505 (localhost can be VPN-hijacked).
NEXT_PUBLIC_SERVER_URL=http://localhost:1505
# Origins allowed by the API's CORS (comma-separated). Must include the web URL.
CORS_ORIGINS=http://localhost:1500
# Package mirrors used during Docker builds. Default to the plain-HTTP Nexus
# (no SSL) because the HTTPS mirror serves a partial cert chain that fresh
# container trust stores reject. Override only if your Nexus moves.
# NUGET_INDEX=http://171.22.25.73:8081/repository/nuget-group/index.json
# NPM_REGISTRY=http://171.22.25.73:8081/repository/npm-group/
# ZarinPal (sandbox for now — switch in admin/panel later)
ZARINPAL_MERCHANT_ID=299685fb-cadf-4dfc-98e2-d4af5d81528d
ZARINPAL_SANDBOX=true
ZARINPAL_CALLBACK_URL=http://localhost:1505/api/coins/pay/callback
ZARINPAL_CLIENT_RETURN_URL=http://localhost:1500
# Store in-app billing (Cafe Bazaar / Myket) — fill from the developer panels.
# SKU == coin-pack id (p1/p2/…). Coins are credited only after the purchase
# token verifies server-to-server.
IAB_PACKAGE_NAME=com.bargevasat.app
# Cafe Bazaar (pardakht dev API): create an OAuth client, do the one-time consent
# to obtain a refresh_token. https://pardakht.cafebazaar.ir/
IAB_BAZAAR_CLIENT_ID=
IAB_BAZAAR_CLIENT_SECRET=
IAB_BAZAAR_REFRESH_TOKEN=
# Myket developer panel → API access token.
IAB_MYKET_ACCESS_TOKEN=
# DEV ONLY: credit purchases WITHOUT verifying (set true to test before you have
# store creds). NEVER true in production.
IAB_ALLOW_UNVERIFIED=false
# ──────────────────────────────────────────────────────────────────────────
# PRODUCTION (bargevasat.ir) — use these values instead of the local ones above,
# and deploy with the Caddy overlay (see PRODUCTION.md). DNS: bargevasat.ir,
# www, api → server IP; open 80/443. Caddy fronts TLS, so host ports are internal.
# ──────────────────────────────────────────────────────────────────────────
# WEB_PORT=1500
# API_PORT=1505
# DB_PORT=1510
# POSTGRES_PASSWORD=<strong>
# JWT_KEY=<openssl rand -hex 32>
# NEXT_PUBLIC_SERVER_URL=https://api.bargevasat.ir # baked at web build time
# CORS_ORIGINS=https://bargevasat.ir,https://www.bargevasat.ir
# ZARINPAL_MERCHANT_ID=<live-merchant-id>
# ZARINPAL_SANDBOX=false
# ZARINPAL_CALLBACK_URL=https://api.bargevasat.ir/api/coins/pay/callback
# ZARINPAL_CLIENT_RETURN_URL=https://bargevasat.ir
# IAB_ALLOW_UNVERIFIED=false # fill the IAB_* creds from the Bazaar panel post-publish
Reference in New Issue View Git Blame Copy Permalink