2023-07-24 23:24:33 +03:00
|
|
|
# local, heroku, stage, production
|
|
|
|
APP_ENV=local
|
2018-02-01 01:59:13 +03:00
|
|
|
SERVER_URL=http://localhost:6060
|
2018-02-07 22:16:39 +03:00
|
|
|
PORT=6060
|
2023-08-01 17:53:53 +03:00
|
|
|
NEXTAUTH_URL=http://localhost:6060
|
2018-09-21 19:00:27 +03:00
|
|
|
|
2018-08-24 00:13:45 +03:00
|
|
|
# 1: disables the dockerflow endpoints
|
|
|
|
# see: https://github.com/mozilla-services/Dockerflow#containerized-app-requirements
|
|
|
|
DISABLE_DOCKERFLOW=
|
|
|
|
|
|
|
|
# Database server
|
2021-10-15 21:58:00 +03:00
|
|
|
DATABASE_URL=postgres://postgres@localhost:5432/blurts
|
2018-08-26 23:11:54 +03:00
|
|
|
# How many seconds can unverified subscribers remain in the database
|
|
|
|
DELETE_UNVERIFIED_SUBSCRIBERS_TIMER=86400
|
2018-08-03 23:58:08 +03:00
|
|
|
|
2019-02-07 01:12:08 +03:00
|
|
|
# How many seconds until page tokens expire?
|
|
|
|
PAGE_TOKEN_TIMER=0
|
|
|
|
|
2018-08-24 00:13:45 +03:00
|
|
|
# Email server
|
2021-10-15 21:58:00 +03:00
|
|
|
SMTP_URL=
|
2018-08-24 00:13:45 +03:00
|
|
|
# From: address used in emails
|
2021-10-15 21:58:00 +03:00
|
|
|
EMAIL_FROM=
|
2018-08-24 00:13:45 +03:00
|
|
|
# https://docs.aws.amazon.com/ses/latest/DeveloperGuide/using-configuration-sets.html
|
2021-10-15 21:58:00 +03:00
|
|
|
SES_CONFIG_SET=
|
2018-08-24 00:13:45 +03:00
|
|
|
# 1: only log messages coming back from SES
|
|
|
|
SES_NOTIFICATION_LOG_ONLY=
|
2018-02-07 22:16:39 +03:00
|
|
|
|
2023-06-23 23:31:43 +03:00
|
|
|
# s3 bucket for cdn
|
|
|
|
AWS_ACCESS_KEY_ID=
|
|
|
|
AWS_SECRET_ACCESS_KEY=
|
|
|
|
AWS_REGION=
|
|
|
|
S3_BUCKET=
|
|
|
|
|
2018-08-24 00:13:45 +03:00
|
|
|
# Firefox Accounts OAuth
|
2023-11-10 16:05:00 +03:00
|
|
|
FXA_SETTINGS_URL=https://accounts.stage.mozaws.net/settings
|
2023-06-23 06:30:16 +03:00
|
|
|
|
2020-04-03 22:48:07 +03:00
|
|
|
OAUTH_CLIENT_ID=edd29a80019d61a1
|
2021-02-24 00:56:29 +03:00
|
|
|
OAUTH_CLIENT_SECRET=get-this-from-groovecoder-or-fxmonitor-engineering
|
2021-10-15 21:58:00 +03:00
|
|
|
OAUTH_AUTHORIZATION_URI=https://oauth.stage.mozaws.net/v1/authorization
|
|
|
|
OAUTH_PROFILE_URI=https://profile.stage.mozaws.net/v1/profile
|
|
|
|
OAUTH_TOKEN_URI=https://oauth.stage.mozaws.net/v1/token
|
2023-04-15 03:46:36 +03:00
|
|
|
OAUTH_ACCOUNT_URI = "https://oauth.accounts.firefox.com/v1"
|
2023-06-23 06:30:16 +03:00
|
|
|
OAUTH_API_URI="https://api-accounts.stage.mozaws.net/v1"
|
2018-02-06 01:06:05 +03:00
|
|
|
|
2018-08-24 00:13:45 +03:00
|
|
|
# HIBP API for breach data
|
|
|
|
# How many seconds to wait before refreshing upstream breach data from HIBP
|
|
|
|
HIBP_RELOAD_BREACHES_TIMER=600
|
|
|
|
# HIBP API for range search and subscription
|
2024-06-18 00:49:17 +03:00
|
|
|
HIBP_KANON_API_ROOT=https://enterprise.stage-api.haveibeenpwned.com
|
2020-04-03 22:48:07 +03:00
|
|
|
HIBP_KANON_API_TOKEN=
|
2021-10-15 21:58:00 +03:00
|
|
|
HIBP_API_ROOT=https://haveibeenpwned.com/api/v2
|
2020-04-03 22:48:07 +03:00
|
|
|
HIBP_API_TOKEN=
|
2018-09-20 23:18:41 +03:00
|
|
|
# How many milliseconds to wait before retrying an HIBP request
|
2018-09-20 17:40:49 +03:00
|
|
|
HIBP_THROTTLE_DELAY=2000
|
|
|
|
# Max number of times to try an HIBP request before throwing error
|
|
|
|
HIBP_THROTTLE_MAX_TRIES=5
|
2018-09-24 20:05:03 +03:00
|
|
|
# Authorization token for HIBP to present to /hibp/notify endpoint
|
2021-10-15 21:58:00 +03:00
|
|
|
HIBP_NOTIFY_TOKEN=unsafe-default-token-for-dev
|
2023-04-18 16:24:22 +03:00
|
|
|
# Domains we prefer to not link to
|
2023-04-13 16:06:26 +03:00
|
|
|
HIBP_BREACH_DOMAIN_BLOCKLIST=a-blocked-domain.com,another-blocked-domain.org
|
2018-10-30 00:28:19 +03:00
|
|
|
|
2023-04-13 16:55:07 +03:00
|
|
|
# OneRep API for exposure scanning
|
2024-01-26 15:25:43 +03:00
|
|
|
ONEREP_API_BASE=https://mozilla.api.onerep.com
|
2023-04-13 16:55:07 +03:00
|
|
|
ONEREP_API_KEY=
|
2023-12-30 01:32:22 +03:00
|
|
|
ONEREP_WEBHOOK_SECRET="unsafe-default-secret-for-dev"
|
2018-10-30 00:28:19 +03:00
|
|
|
|
2019-04-04 20:55:35 +03:00
|
|
|
# Firefox Remote Settings
|
2021-10-15 21:58:00 +03:00
|
|
|
FX_REMOTE_SETTINGS_WRITER_SERVER=https://settings-writer.prod.mozaws.net/v1
|
|
|
|
FX_REMOTE_SETTINGS_WRITER_USER=
|
|
|
|
FX_REMOTE_SETTINGS_WRITER_PASS=
|
2019-04-04 20:55:35 +03:00
|
|
|
|
2018-10-31 00:24:44 +03:00
|
|
|
# DSN for Sentry error and event capturing
|
2019-10-10 19:03:00 +03:00
|
|
|
# e.g., SENTRY_DSN=https://{key}@sentry.prod.mozaws.net/408
|
2021-10-15 21:58:00 +03:00
|
|
|
SENTRY_DSN=
|
2023-02-03 22:46:06 +03:00
|
|
|
SENTRY_DSN_LEGACY=
|
2020-01-09 21:06:41 +03:00
|
|
|
|
|
|
|
BREACH_RESOLUTION_ENABLED=1
|
2020-03-06 20:50:22 +03:00
|
|
|
PRODUCT_PROMOS_ENABLED=1
|
2020-04-14 00:52:10 +03:00
|
|
|
|
|
|
|
# Experiment Flag
|
2020-04-16 07:50:23 +03:00
|
|
|
EXPERIMENT_ACTIVE=0
|
2020-07-11 04:24:13 +03:00
|
|
|
|
2020-09-18 22:06:31 +03:00
|
|
|
REDIS_URL=redis-mock
|
2020-10-06 23:55:51 +03:00
|
|
|
|
2022-08-07 06:54:26 +03:00
|
|
|
SUPPORTED_LOCALES=cak,cs,cy,da,de,el,en,en-CA,en-GB,es-AR,es-CL,es-ES,es-MX,fi,fr,fy-NL,gn,hu,kab,ia,id,it,ja,nb-NO,nl,nn-NO,pt-BR,pt-PT,ro,ru,sk,sl,sq,sv-SE,tr,uk,vi,zh-CN,zh-TW
|
|
|
|
|
2021-11-19 23:06:30 +03:00
|
|
|
# Locales blocked from viewing Mozilla VPN promos. Use CSV without whitespace.
|
|
|
|
VPN_PROMO_BLOCKED_LOCALES=zh-CN
|
|
|
|
|
|
|
|
# MaxMind GeoLite2 geolocation service used for VPN Banner
|
|
|
|
# For Heroku deploys, the following 3 vars are generated automatically via Buildpack https://github.com/HiMamaInc/heroku-buildpack-geoip-geolite2
|
|
|
|
# Staging and production environments will need variables set manually
|
|
|
|
# Local environment uses a test database with limited data (preset here)
|
|
|
|
GEOIP_GEOLITE2_PATH=./tests/mmdb/
|
|
|
|
GEOIP_GEOLITE2_CITY_FILENAME=GeoLite2-City-Test.mmdb
|
|
|
|
GEOIP_GEOLITE2_COUNTRY_FILENAME=GeoLite2-Country-Test.mmdb
|
2022-01-12 07:37:39 +03:00
|
|
|
|
|
|
|
# Educational video src urls, hosted by SRE team on a CDN
|
|
|
|
EDUCATION_VIDEO_URL_RELAY=https://monitor.cdn.mozilla.net/videos/FF_Relay_version_02.mp4
|
|
|
|
EDUCATION_VIDEO_URL_VPN=https://monitor.cdn.mozilla.net/videos/Mozilla_VPN.mp4
|
2022-08-26 07:58:16 +03:00
|
|
|
|
|
|
|
# Email addresses that are allowed to test and send emails
|
|
|
|
ADMINS=
|
|
|
|
|
|
|
|
# Enable monthly cron-job, currently for sending unresolved breach reminder emails
|
2023-02-11 03:52:05 +03:00
|
|
|
MONTHLY_CRON_ENABLED=
|
|
|
|
|
2023-03-01 23:57:59 +03:00
|
|
|
# E2E Tests
|
2023-08-29 18:03:54 +03:00
|
|
|
E2E_TEST_ENV=
|
2023-03-01 23:57:59 +03:00
|
|
|
E2E_TEST_BASE_URL=
|
|
|
|
E2E_TEST_ACCOUNT_EMAIL=
|
2023-05-05 18:35:33 +03:00
|
|
|
E2E_TEST_ACCOUNT_PASSWORD=
|
2023-06-14 23:20:53 +03:00
|
|
|
|
2024-07-12 04:25:50 +03:00
|
|
|
E2E_TEST_ACCOUNT_EMAIL_ZERO_BROKERS=
|
|
|
|
E2E_TEST_ACCOUNT_EMAIL_ZERO_BREACHES_ZERO_BROKERS=
|
2024-05-31 10:07:09 +03:00
|
|
|
E2E_TEST_ACCOUNT_EMAIL_EXPOSURES_STARTED=
|
|
|
|
|
2024-06-01 05:57:41 +03:00
|
|
|
E2E_TEST_PAYPAL_LOGIN =
|
|
|
|
E2E_TEST_PAYPAL_PASSWORD =
|
|
|
|
|
2023-06-14 23:20:53 +03:00
|
|
|
# Monitor Premium features
|
|
|
|
# Link to start user on the subscription process. PREMIUM_ENABLED must be set to `true`.
|
2023-10-05 00:19:02 +03:00
|
|
|
FXA_SUBSCRIPTIONS_URL=https://accounts.stage.mozaws.net/subscriptions
|
|
|
|
PREMIUM_PRODUCT_ID=prod_NErZh679W62lai
|
|
|
|
PREMIUM_PLAN_ID_MONTHLY_US=price_1MUNq0Kb9q6OnNsL4BoJgepf
|
|
|
|
PREMIUM_PLAN_ID_YEARLY_US=
|
2024-01-24 19:22:25 +03:00
|
|
|
SUBSCRIPTION_BILLING_AMOUNT_YEARLY_US=13.37
|
|
|
|
SUBSCRIPTION_BILLING_AMOUNT_MONTHLY_US=42.42
|
|
|
|
|
2023-10-17 18:38:38 +03:00
|
|
|
# This date is used to direct users who signed up after data broker scanning
|
|
|
|
# was released to the welcome flow. Users who had signed up before and thus
|
|
|
|
# have seen data breach results before, will be able to see their known breaches
|
|
|
|
# first:
|
2024-02-08 17:18:35 +03:00
|
|
|
BROKER_SCAN_RELEASE_DATE=2024-02-06
|
2023-08-02 07:03:14 +03:00
|
|
|
|
2023-09-11 23:16:24 +03:00
|
|
|
MONTHLY_SUBSCRIBERS_QUOTA=
|
2023-08-02 07:03:14 +03:00
|
|
|
MONTHLY_SCANS_QUOTA=
|
|
|
|
STATS_TOKEN=
|
2023-08-18 19:07:09 +03:00
|
|
|
|
2023-09-09 03:02:53 +03:00
|
|
|
# GCP PubSub Project ID and subscription name
|
|
|
|
GCP_PUBSUB_PROJECT_ID=
|
2023-09-12 22:13:53 +03:00
|
|
|
GCP_PUBSUB_TOPIC_NAME=
|
|
|
|
GCP_PUBSUB_SUBSCRIPTION_NAME=
|
2023-09-20 17:22:30 +03:00
|
|
|
|
|
|
|
# Randomly-generated UUIDv5 namespace, until/unless we are approved to use FxA UID for Nimbus User ID.
|
|
|
|
NIMBUS_UUID_NAMESPACE=00000000-0000-0000-0000-000000000000
|
2023-09-21 23:26:54 +03:00
|
|
|
NIMBUS_SIDECAR_URL=http://localhost:8001
|
2023-09-24 06:44:19 +03:00
|
|
|
|
|
|
|
# The maximum number of jobs that the email breach alert worker will process.
|
|
|
|
EMAIL_BREACH_ALERT_MAX_MESSAGES = 10000
|
2024-01-05 19:02:46 +03:00
|
|
|
|
|
|
|
# The maximum number of scans and profiles allowed. May be used for alerts, and for redirecting to waitlist.
|
|
|
|
MAX_MANUAL_SCANS=100
|
|
|
|
MAX_INITIAL_SCANS=100
|
|
|
|
MAX_PROFILES_ACTIVATED=100
|
|
|
|
MAX_PROFILES_CREATED=100
|
2024-01-09 19:22:32 +03:00
|
|
|
|
2024-01-25 01:27:15 +03:00
|
|
|
# Used during CI to upload sourcemaps to Sentry.
|
|
|
|
UPLOAD_SENTRY_SOURCEMAPS=false
|
|
|
|
SENTRY_AUTH_TOKEN=
|
2024-01-27 04:22:08 +03:00
|
|
|
|
|
|
|
# Whether GA4 sends data or not. NOTE: must be set in build environment.
|
|
|
|
NEXT_PUBLIC_GA4_DEBUG_MODE=true
|
2024-06-05 04:02:18 +03:00
|
|
|
|
2024-06-12 19:56:03 +03:00
|
|
|
CURRENT_COUPON_CODE_ID=
|