commit 5f123c88a8fe1571c4b1a8333a453f9e385c1ca8 · bretton.dev/coves

+46

.env.example

···

       1
       +
       # Coves Environment Configuration

     

       2
       +
       # Copy this file to .env and update values for your deployment

     

       3
       +
       

     

       4
       +
       # === Database Configuration ===

     

       5
       +
       DATABASE_URL=postgres://dev_user:dev_password@localhost:5433/coves_dev?sslmode=disable

     

       6
       +
       

     

       7
       +
       # === PDS Configuration ===

     

       8
       +
       PDS_URL=http://localhost:3001

     

       9
       +
       

     

       10
       +
       # === Server Configuration ===

     

       11
       +
       APPVIEW_PORT=8081

     

       12
       +
       API_BASE_URL=https://api.coves.social

     

       13
       +
       

     

       14
       +
       # === Identity Resolution ===

     

       15
       +
       IDENTITY_PLC_URL=https://plc.directory

     

       16
       +
       IDENTITY_CACHE_TTL=1h

     

       17
       +
       

     

       18
       +
       # === Jetstream Configuration ===

     

       19
       +
       JETSTREAM_URL=wss://jetstream2.us-east.bsky.network/subscribe?wantedCollections=app.bsky.actor.profile

     

       20
       +
       JETSTREAM_PDS_FILTER=  # Optional: filter to specific PDS

     

       21
       +
       

     

       22
       +
       # === OAuth Configuration ===

     

       23
       +
       OAUTH_COOKIE_SECRET=  # Base64-encoded 32-byte secret (generate with: openssl rand -base64 32)

     

       24
       +
       OAUTH_PRIVATE_JWK=  # Private JWK for signing OAuth tokens (generate with: cmd/genjwks)

     

       25
       +
       

     

       26
       +
       # === Verification Service (DID Configuration) ===

     

       27
       +
       # DID for signing phone verifications (e.g., did:web:coves.social)

     

       28
       +
       VERIFICATION_SERVICE_DID=did:web:coves.social

     

       29
       +
       

     

       30
       +
       # Private key for signing verifications (PEM format, P-256 EC key)

     

       31
       +
       # Generate with: openssl ecparam -name prime256v1 -genkey -noout

     

       32
       +
       VERIFICATION_PRIVATE_KEY=  # Base64-encoded PEM or plain PEM

     

       33
       +
       

     

       34
       +
       # === SMS Provider (Telnyx) ===

     

       35
       +
       TELNYX_API_KEY=  # Your Telnyx API key

     

       36
       +
       TELNYX_MESSAGING_PROFILE_ID=  # Your Telnyx messaging profile ID

     

       37
       +
       TELNYX_FROM_NUMBER=  # Phone number to send SMS from (E.164 format)

     

       38
       +
       

     

       39
       +
       # === Security Configuration ===

     

       40
       +
       # Secret pepper for hashing phone numbers (generate with: openssl rand -base64 32)

     

       41
       +
       PHONE_HASH_PEPPER=  # NEVER change this after initial setup!

     

       42
       +
       

     

       43
       +
       # === Rate Limiting ===

     

       44
       +
       # Phone verification rate limits

     

       45
       +
       PHONE_VERIFICATION_RATE_LIMIT_PER_PHONE=3  # Max requests per phone per hour

     

       46
       +
       PHONE_VERIFICATION_RATE_LIMIT_PER_DID=5    # Max requests per user per day

+35

.well-known/did.json

···

       1
       +
       {

     

       2
       +
         "@context": [

     

       3
       +
           "https://www.w3.org/ns/did/v1",

     

       4
       +
           "https://w3id.org/security/suites/jws-2020/v1"

     

       5
       +
         ],

     

       6
       +
         "id": "did:web:coves.social",

     

       7
       +
         "verificationMethod": [

     

       8
       +
           {

     

       9
       +
             "id": "did:web:coves.social#verification-key-1",

     

       10
       +
             "type": "JsonWebKey2020",

     

       11
       +
             "controller": "did:web:coves.social",

     

       12
       +
             "publicKeyJwk": {

     

       13
       +
               "kty": "EC",

     

       14
       +
               "crv": "P-256",

     

       15
       +
               "x": "REPLACE_WITH_ACTUAL_X_COORDINATE",

     

       16
       +
               "y": "REPLACE_WITH_ACTUAL_Y_COORDINATE",

     

       17
       +
               "use": "sig",

     

       18
       +
               "alg": "ES256"

     

       19
       +
             }

     

       20
       +
           }

     

       21
       +
         ],

     

       22
       +
         "authentication": [

     

       23
       +
           "did:web:coves.social#verification-key-1"

     

       24
       +
         ],

     

       25
       +
         "assertionMethod": [

     

       26
       +
           "did:web:coves.social#verification-key-1"

     

       27
       +
         ],

     

       28
       +
         "service": [

     

       29
       +
           {

     

       30
       +
             "id": "did:web:coves.social#verification-service",

     

       31
       +
             "type": "VerificationService",

     

       32
       +
             "serviceEndpoint": "https://api.coves.social/xrpc/social.coves.verification"

     

       33
       +
           }

     

       34
       +
         ]

     

       35
       +
       }