# --- Runtime --- NODE_ENV=development AUTO_MIGRATE=false # --- Ports (host bindings) --- BIND_IP=127.0.0.1 API_PORT=8201 WEB_PORT=3201 # Public API URL used by the frontend (browser). Set to http(s)://: VITE_API_URL=http://localhost:8201 VITE_CLEANUP_ENABLED=false # Allow Vite dev server to accept requests for these hostnames (comma-separated) VITE_ALLOWED_HOSTS=localhost,docker # If running behind a reverse proxy (e.g. Nginx Proxy Manager), enable this TRUST_PROXY=false WEB_BASE_URL=https://mailcleaner.srv.medeba-media.de # --- Database / Queue --- DATABASE_URL=postgresql://mailcleaner:mailcleaner@postgres:5432/mailcleaner REDIS_URL=redis://redis:6379 # JWT signing secret for auth JWT_SECRET=dev-change-me # Allowed CORS origins (comma-separated). Required in production. CORS_ORIGINS=http://localhost:3201 # Enable Swagger docs (/docs). Keep false in production. ENABLE_SWAGGER=false # Global rate limit RATE_LIMIT_MAX=300 RATE_LIMIT_WINDOW=1 minute # Auth-specific rate limit RATE_LIMIT_AUTH_MAX=10 RATE_LIMIT_AUTH_WINDOW=1 minute # Short-lived SSE token TTL (seconds) SSE_TOKEN_TTL_SECONDS=300 # OAuth state TTL (seconds) OAUTH_STATE_TTL_SECONDS=600 # Cleanup scan limit (0 = no limit) CLEANUP_SCAN_LIMIT=0 # Newsletter detection (comma-separated lists) NEWSLETTER_THRESHOLD=2 NEWSLETTER_SUBJECT_TOKENS=newsletter,unsubscribe,update,news,digest NEWSLETTER_FROM_TOKENS=newsletter,no-reply,noreply,news,updates NEWSLETTER_HEADER_KEYS=list-unsubscribe,list-id,list-help,list-archive,list-post,list-owner,list-subscribe,list-unsubscribe-post NEWSLETTER_WEIGHT_HEADER=1 NEWSLETTER_WEIGHT_PRECEDENCE=1 NEWSLETTER_WEIGHT_SUBJECT=1 NEWSLETTER_WEIGHT_FROM=1 # EMA smoothing for ETA/metrics (0.05-0.95) METRICS_EMA_ALPHA=0.3 # Max attachment size for download (bytes) ATTACHMENT_MAX_BYTES=10485760 # Unsubscribe history (cross-job dedupe window) UNSUBSCRIBE_HISTORY_TTL_DAYS=180 # Unsubscribe method preference: auto | http | mailto UNSUBSCRIBE_METHOD_PREFERENCE=http # Disallow custom IMAP/SMTP hosts unless explicitly enabled ALLOW_CUSTOM_MAIL_HOSTS=false # Block private network targets for unsubscribe HTTP BLOCK_PRIVATE_NETWORKS=true # Encryption key for sensitive secrets (set in production) ENCRYPTION_KEY=change-me-please # --- Google OAuth (Gmail) --- GOOGLE_CLIENT_ID= GOOGLE_CLIENT_SECRET= # Must match the OAuth redirect URL configured in Google Cloud Console GOOGLE_REDIRECT_URI=http://localhost:8201/oauth/gmail/callback # --- Export jobs --- # Where export ZIPs are stored by the worker EXPORT_DIR=/tmp/mailcleaner-exports # How long export files are kept (hours) EXPORT_TTL_HOURS=24 # --- Seed admin account --- SEED_ADMIN_EMAIL=admin@simplemailcleaner.local SEED_ADMIN_PASSWORD=change-me-now SEED_TENANT=Default Tenant SEED_TENANT_ID=seed-tenant SEED_ENABLED=true SEED_FORCE_PASSWORD_UPDATE=false