feat: add registration and authentication

2026-05-21 00:01:35 +03:00
parent 13dd8fa426
commit 35c3554742
37 changed files with 2162 additions and 81 deletions
--- a/.env.example
+++ b/.env.example
@@ -30,6 +30,33 @@ API_PORT=3001
 # Прод: https://ваш-домен  — несколько origin через запятую: https://a.ru,https://www.a.ru
 CORS_ORIGIN=http://localhost:5173

+# ─── Auth / sessions ─────────────────────────────────────────
+# APP_BASE_URL is the only source for verify/reset email links.
+APP_BASE_URL=http://localhost:5173
+SESSION_SECRET=replace_with_32plus_char_random_secret
+# Production defaults to __Host-sid + Secure cookies. Local dev can stay insecure over http.
+# SESSION_COOKIE_NAME=__Host-sid
+# SESSION_COOKIE_SECURE=true
+# SESSION_TTL_DAYS=30
+
+# ─── Cloudflare Turnstile ────────────────────────────────────
+TURNSTILE_SECRET_KEY=replace_with_turnstile_secret
+# Local tests/dev only, never production:
+# TURNSTILE_BYPASS_TOKEN=mock-turnstile-token
+
+# ─── SMTP email ──────────────────────────────────────────────
+SMTP_HOST=smtp.example.com
+SMTP_PORT=587
+SMTP_SECURE=false
+SMTP_USER=replace_with_smtp_user
+SMTP_PASSWORD=replace_with_smtp_password
+SMTP_FROM=Calendar Run <no-reply@example.com>
+
+# ─── Seed after auth ─────────────────────────────────────────
+# Required once users exist, so seed never creates ownerless races or overwrites user edits.
+# SEED_OWNER_USER_ID=
+# SEED_OWNER_EMAIL=
+
 # ─── Версия API (опционально) ─────────────────────────────────
 # Если в образе не удаётся прочитать package.json, подставьте вручную (видно в GET /health).
 # APP_VERSION=1.0.0