Files
2026-07-13 13:00:08 +08:00

43 lines
1.7 KiB
TOML

# Account service for reasonix.io — email/password auth, sessions, profiles.
# First deploy:
# wrangler d1 create reasonix-accounts # paste database_id below
# wrangler d1 migrations apply reasonix-accounts --remote
# wrangler secret put SESSION_PEPPER # any long random string
# wrangler secret put RESEND_API_KEY # only if EMAIL_PROVIDER=resend
# wrangler deploy
name = "reasonix-accounts"
main = "src/index.ts"
compatibility_date = "2026-06-01"
routes = [{ pattern = "id.reasonix.io", custom_domain = true }]
[vars]
# Where the web frontend lives — used for email links and post-verify redirects.
APP_ORIGIN = "https://reasonix.io"
# Browsers that may call this API with credentials (comma-separated).
ALLOWED_ORIGINS = "https://reasonix.io,https://www.reasonix.io"
# Cookie scope. ".reasonix.io" lets the apex + any subdomain (and the future CLI)
# share the session. Leave empty for host-only (local dev).
COOKIE_DOMAIN = ".reasonix.io"
# "stub" logs email links to the worker console (local dev); "resend" sends real
# mail via RESEND_API_KEY.
EMAIL_PROVIDER = "resend"
# From-domain must match a verified Resend domain — send.reasonix.io is verified
# (DKIM), the apex is not, and Resend rejects sends from an unverified domain.
MAIL_FROM = "Reasonix <no-reply@send.reasonix.io>"
# Comma-separated emails minted as admins on first sign-up.
ADMIN_EMAILS = ""
[[d1_databases]]
binding = "DB"
database_name = "reasonix-accounts"
database_id = "bae20011-a6fe-4fad-ae61-a3aaac605e0c"
migrations_dir = "migrations"
# Per-IP throttle for the sensitive auth endpoints (login/register/forgot/reset).
[[unsafe.bindings]]
name = "AUTH_LIMITER"
type = "ratelimit"
namespace_id = "2001"
simple = { limit = 10, period = 60 }