43 lines
1.7 KiB
TOML
43 lines
1.7 KiB
TOML
# Account service for reasonix.io — email/password auth, sessions, profiles.
|
|
# First deploy:
|
|
# wrangler d1 create reasonix-accounts # paste database_id below
|
|
# wrangler d1 migrations apply reasonix-accounts --remote
|
|
# wrangler secret put SESSION_PEPPER # any long random string
|
|
# wrangler secret put RESEND_API_KEY # only if EMAIL_PROVIDER=resend
|
|
# wrangler deploy
|
|
name = "reasonix-accounts"
|
|
main = "src/index.ts"
|
|
compatibility_date = "2026-06-01"
|
|
|
|
routes = [{ pattern = "id.reasonix.io", custom_domain = true }]
|
|
|
|
[vars]
|
|
# Where the web frontend lives — used for email links and post-verify redirects.
|
|
APP_ORIGIN = "https://reasonix.io"
|
|
# Browsers that may call this API with credentials (comma-separated).
|
|
ALLOWED_ORIGINS = "https://reasonix.io,https://www.reasonix.io"
|
|
# Cookie scope. ".reasonix.io" lets the apex + any subdomain (and the future CLI)
|
|
# share the session. Leave empty for host-only (local dev).
|
|
COOKIE_DOMAIN = ".reasonix.io"
|
|
# "stub" logs email links to the worker console (local dev); "resend" sends real
|
|
# mail via RESEND_API_KEY.
|
|
EMAIL_PROVIDER = "resend"
|
|
# From-domain must match a verified Resend domain — send.reasonix.io is verified
|
|
# (DKIM), the apex is not, and Resend rejects sends from an unverified domain.
|
|
MAIL_FROM = "Reasonix <no-reply@send.reasonix.io>"
|
|
# Comma-separated emails minted as admins on first sign-up.
|
|
ADMIN_EMAILS = ""
|
|
|
|
[[d1_databases]]
|
|
binding = "DB"
|
|
database_name = "reasonix-accounts"
|
|
database_id = "bae20011-a6fe-4fad-ae61-a3aaac605e0c"
|
|
migrations_dir = "migrations"
|
|
|
|
# Per-IP throttle for the sensitive auth endpoints (login/register/forgot/reset).
|
|
[[unsafe.bindings]]
|
|
name = "AUTH_LIMITER"
|
|
type = "ratelimit"
|
|
namespace_id = "2001"
|
|
simple = { limit = 10, period = 60 }
|