The Spades Online server reads all of its configuration from environment variables at startup — there are no config files to edit orDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/Antonelli-Tech-Solutions/spades/llms.txt
Use this file to discover all available pages before exploring further.
.env schemas to maintain. Set the variables in your shell, your hosting platform’s dashboard, or a process manager before running npm start. Only DATABASE_URL and REDIS_URL are strictly required; every other variable has a sensible default.
Required
PostgreSQL connection string. The server uses this to connect the shared
pg pool used by all route handlers.Example: postgresql://user:password@localhost:5432/spadesRedis connection string. Used for sessions, lobby state, presence tracking, pub/sub notifications, and the rate limiter.Example:
redis://localhost:6379Server & WebSocket
HTTP server port. Default:
3000WebSocket server port. Default: same as
PORT (the WebSocket server shares the HTTP server).When set to the same value as PORT, the WebSocket server attaches to the existing HTTP server. When set to a different value, the WebSocket server starts on its own dedicated HTTP server.When
WS_PORT differs from PORT, a reverse proxy must be configured to route WebSocket upgrade requests from the public HTTP port to WS_PORT. Without this, browser clients connecting to the standard HTTP port will not be able to establish WebSocket connections.Full WebSocket base URL. Default: derived from the incoming request origin.Set this in split-host deployments where the WebSocket server runs on a different host than the frontend (for example, a Vercel frontend paired with a Railway WebSocket server). When set, the server injects
window.__WS_URL__ into the served HTML so the browser client connects to the correct host.Example: wss://my-app.up.railway.appApplication
Environment name. Typical values:
development, production. Default: unset.Public base URL of the application. Used to construct absolute URLs in outbound emails (email verification links, password reset links) and in shareable join/spectator link responses. Default:
http://localhost:3000Example: https://spades.example.comEmail (SMTP)
The server uses Nodemailer to send transactional emails (account verification and password reset). IfEMAIL_HOST is not set, emails are logged to stdout instead of being delivered — useful for local development without an SMTP server.
SMTP hostname. If unset, verification and password reset emails are printed to stdout instead of being sent.Example:
smtp.mailgun.orgSMTP port. Default:
587Set to
true to enable TLS on port 465. Default: falseSMTP username for authentication. Default: unset.
SMTP password for authentication. Default: unset.
The
From address used on all outbound emails. Default: noreply@spades.onlineExample: Spades Online <noreply@spades.example.com>Authentication
Maximum number of requests allowed per window for unauthenticated auth endpoints (
/api/auth/*). Default: 10Rate limit window duration in seconds. Default:
900 (15 minutes)Set to
true to skip email verification on registration. When active, POST /api/auth/register marks new accounts as verified immediately, creates a session, and returns it — no email is sent and no token is required.The flag is read at request time, so it can be toggled without restarting the server.Default: unset (email verification is enforced).CI / Build Info
The current Git branch name. Typically set by your CI system. Default: unset.
The full Git commit SHA of the running build. Exposed (as a 7-character short SHA) via
GET /api/build-info. Default: unset.If not set, the server automatically checks VERCEL_GIT_COMMIT_SHA (Vercel), then COMMIT_REF (Netlify), then falls back to running git rev-parse HEAD. If none of these are available, GET /api/build-info returns { commitShort: null }.API key for the push notification service. Default: unset.