shad0w/pelagia-portal
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions 5
pelagia-portal/App/.env.example
Hardik e193e26368 feat(crewing): EPFO/UAN assisted verification (GstService pattern, flagged) 
Scaffolds EPFO/UAN verification the same way GST works — a standalone Playwright
proxy microservice + an /api proxy + an assisted affordance that records the
result. Aadhaar stays manual (UIDAI-restricted). Stacks on the follow-ups branch.
Behind NEXT_PUBLIC_CREWING_ENABLED.

What's in
- EpfoService/ (new microservice, GstService pattern): Express + Playwright.
  POST /otp {uan} → session + OTP request; POST /verify {sessionId,uan,otp} →
  member record; GET /health. EPFO is OTP-gated (no anonymous captcha lookup like
  GST), so the handshake is two steps. Live portal navigation is gated behind
  EPFO_LIVE (default STUB: OTP 000000 → matched) until real selectors/OTP are
  validated. README documents the differences + that Aadhaar is out of scope.
- App: /api/epfo/otp + /api/epfo proxies (gated by verify_bank_epf) to
  EPFO_SERVICE_URL. EpfDetail += epfoMemberName + epfoCheckedAt (migration
  crewing_epfo_check). recordEpfoCheck action persists the EPFO result + audit.
- UI: an "EPFO check" affordance on the verification EPF rows — request OTP →
  enter OTP → matched member → record. Aadhaar noted as manual-only.

Tests & docs
- Integration: verification.test.ts gains recordEpfoCheck (records name+timestamp,
  Accounts-only gating). type-check clean; full unit (245) + integration (213)
  green (RESEND_API_KEY unset).
- .env.example (EPFO_SERVICE_URL/EPFO_LIVE), CLAUDE.md, EpfoService/README.

Note: the EpfoService live portal selectors/OTP are stubbed and must be validated
against a real EPFO session before enabling EPFO_LIVE.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-22 22:43:24 +05:30

68 lines
3.7 KiB
Text
Raw Blame History

# =============================================================
# Pelagia Portal — Environment Variables
# Copy this file to .env.local and fill in your values
#
# DEVELOPMENT (NODE_ENV=development, i.e. `pnpm dev`):
# - File uploads are stored locally in .dev-uploads/ — no R2 needed
# - Emails are logged to the terminal — no Resend key needed
# - Only AUTH + DATABASE vars are required to run the app locally
#
# PRODUCTION (NODE_ENV=production, i.e. `pnpm build && pnpm start`):
# - All sections below must be filled in
# =============================================================
# ── Auth ─────────────────────────────────────────────────────
NEXTAUTH_SECRET=your-32-char-secret-here-generate-with-openssl
NEXTAUTH_URL=http://localhost:3000
# ── Microsoft Entra ID (Azure AD) SSO ────────────────────────
# Register an app at https://entra.microsoft.com
# Required redirect URI: {NEXTAUTH_URL}/api/auth/callback/microsoft-entra-id
# Grant: openid, profile, email (Microsoft Graph delegated permissions)
AZURE_AD_CLIENT_ID=your-azure-app-client-id
AZURE_AD_CLIENT_SECRET=your-azure-app-client-secret
AZURE_AD_TENANT_ID=your-azure-tenant-id
# ── Database ──────────────────────────────────────────────────
# Local PostgreSQL or Supabase
DATABASE_URL="postgresql://postgres:postgres@localhost:5432/pelagia_portal"
# Supabase connection pooling URL (use for serverless deployments)
# DATABASE_POOL_URL=
# ── Cloudflare R2 Storage (production only) ──────────────────
# Not required in development — files are stored in .dev-uploads/
R2_ACCOUNT_ID=your-cloudflare-account-id
R2_ACCESS_KEY_ID=your-r2-access-key-id
R2_SECRET_ACCESS_KEY=your-r2-secret-access-key
R2_BUCKET_NAME=pelagia-portal
R2_PUBLIC_URL=https://your-bucket.your-account.r2.cloudflarestorage.com
# ── Email / Resend (production only) ─────────────────────────
# Not required in development — emails are printed to the terminal
RESEND_API_KEY=re_xxxxxxxxxxxxxxxxxxxx
EMAIL_FROM=noreply@pelagiaportal.com
EMAIL_FROM_NAME="Pelagia Portal"
# ── GST Lookup microservice ───────────────────────────────────
# Run the GstService/ microservice alongside the app.
# Development default (localhost:3002) is used if this is unset.
# Start the service with: cd GstService && npm run dev
GST_SERVICE_URL=http://localhost:3003
# ── EPFO / UAN lookup microservice (crewing) ──────────────────
# Run the EpfoService/ microservice alongside the app (default localhost:3004).
# Start with: cd EpfoService && npm run dev
# Runs in STUB mode unless EPFO_LIVE=true (the live portal selectors/OTP must be
# validated against a real session first). Aadhaar is NOT handled here (manual).
EPFO_SERVICE_URL=http://localhost:3004
# ── Forgejo issue reporting (Report Issue button) ─────────────
# Token needs write:issue scope on the repo below.
FORGEJO_URL=https://git.pelagiamarine.com
FORGEJO_REPO=shad0w/pelagia-portal
FORGEJO_TOKEN=
# ── Non-production banner ─────────────────────────────────────
# When set, a fixed "internal dev / staging" banner is shown (EnvBanner).
# Leave UNSET in production. Staging sets this automatically.
# NEXT_PUBLIC_ENV_LABEL="INTERNAL DEV / STAGING - NOT PRODUCTION"
Reference in a new issue View git blame Copy permalink