Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Eleazarguitar18/kantuta_pos_back/llms.txt

Use this file to discover all available pages before exploring further.

Kantuta POS Backend reads all runtime settings from environment variables loaded by @nestjs/config at startup. This keeps secrets out of source code and makes the application trivially portable across local, staging, and production environments — you only change a .env file (or your platform’s secret store) without touching any application code.
Copy .env.example to .env in the project root if it exists, or create .env from scratch using the reference below. @nestjs/config loads this file automatically when NODE_ENV is not production, and ConfigModule.forRoot({ isGlobal: true }) makes every value available throughout all modules.
cp .env.example .env
# then edit .env with your actual credentials

Database (PostgreSQL)

The TypeORM connection is configured in src/config/database.config.ts. All DATABASE_* variables are read via ConfigService at bootstrap time.
DATABASE_HOST
string
required
Hostname or IP address of your PostgreSQL server.Default: localhost
DATABASE_PORT
number
required
TCP port PostgreSQL is listening on.Default: 5432
DATABASE_USER
string
required
PostgreSQL username with read/write access to the target database.
DATABASE_PASSWORD
string
required
Password for the PostgreSQL user. Treated as a secret — never log or expose this value.
DATABASE_NAME
string
required
Name of the PostgreSQL database to connect to. The database must already exist; TypeORM will create tables automatically via synchronize: true.
DATABASE_SSL
string
Set to 'true' to enable SSL/TLS for the PostgreSQL connection. Required when connecting to managed cloud databases (e.g. Supabase, AWS RDS, Railway).Default: false
Accepted values: 'true' | 'false'

Redis

The Redis cache is configured in src/config/redis.config.ts using @keyv/redis and @nestjs/cache-manager. If REDIS_URL is set it is used as-is; otherwise the URL is constructed from the individual host/port/password variables.
REDIS_HOST
string
required
Hostname or IP of your Redis instance.Default: localhost
REDIS_PORT
number
required
TCP port Redis is listening on.Default: 6379
REDIS_PASSWORD
string
Password for Redis authentication. Leave empty if your local Redis instance has no password configured.
REDIS_USER
string
Username for Redis ACL authentication (Redis 6+). Leave empty for default-user access.
REDIS_URL
string
Full Redis connection URL (e.g. redis://:password@host:6379). When provided, this takes precedence over the individual REDIS_HOST, REDIS_PORT, REDIS_USER, and REDIS_PASSWORD variables.

JWT

JWT configuration lives in src/config/jwt.config.ts. The JWT_SECRET is mandatory — the application throws an explicit error at startup if it is missing.
JWT_SECRET
string
required
Secret key used to sign and verify access tokens. Use a cryptographically random string of at least 32 characters.
# Generate a suitable secret on macOS/Linux:
node -e "console.log(require('crypto').randomBytes(48).toString('hex'))"
JWT_EXPIRES_IN
string
Lifespan of the access token expressed as a Vercel ms string.Default: '8h'
Example values: '1h', '15m', '24h'
JWT_REFRESH_SECRET
string
Separate secret used to sign refresh tokens. If omitted, the application may fall back to JWT_SECRET depending on service implementation — it is strongly recommended to set this to a distinct value.
JWT_REFRESH_EXPIRES_IN
string
Lifespan of the refresh token.Default: '7d'
Example values: '7d', '30d'

Server

PORT
number
The TCP port the HTTP server binds to. The main.ts bootstrap calls app.listen(process.env.PORT ?? 3000, '0.0.0.0').Default: 3000
NODE_ENV
string
Runtime environment identifier. Affects logging verbosity and may influence future synchronize guards.Default: development
Accepted values: development | production | test

Mail

Kantuta supports two mail backends configured in src/mail/mail.module.ts. Use either the Nodemailer SMTP variables or the Resend API key, depending on your preferred provider.

Nodemailer (SMTP)

EMAIL_HOST
string
SMTP server hostname (e.g. smtp.gmail.com, smtp.mailgun.org).
EMAIL_PORT
number
TCP port of the SMTP server.Common values: 587 (STARTTLS), 465 (SSL), 25
EMAIL_SECURE
string
Set to 'true' to enable SSL on the SMTP connection (typically used with port 465). For STARTTLS on port 587, leave this 'false'.Accepted values: 'true' | 'false'
EMAIL_USER
string
SMTP authentication username (usually the sending email address).
EMAIL_PASSWORD
string
SMTP authentication password or app-specific password.
EMAIL_REJECT_UNAUTHORIZED
string
Set to 'true' to enforce strict TLS certificate validation. Set to 'false' to allow self-signed certificates (useful in local or Debian-hosted environments where certificate chains may be incomplete).Accepted values: 'true' | 'false'

Resend

RESEND_API_KEY
string
API key from your Resend account. When configured, the MailService uses the Resend SDK to send transactional emails.

AI Services

GEMINI_API_KEY
string
API key for Google Gemini (@google/genai). Required if the GeminiModule or AiAssistantModule is active.
GROQ_API_KEY
string
API key for Groq (groq-sdk). Used as an alternative or complementary LLM provider in the AI assistant features.

Complete .env Example

# ── Database ──────────────────────────────────────────────
DATABASE_HOST=localhost
DATABASE_PORT=5432
DATABASE_USER=kantuta_user
DATABASE_PASSWORD=super_secret_password
DATABASE_NAME=kantuta_pos
DATABASE_SSL=false

# ── Redis ─────────────────────────────────────────────────
REDIS_HOST=localhost
REDIS_PORT=6379
REDIS_PASSWORD=

# ── JWT ───────────────────────────────────────────────────
JWT_SECRET=change_me_to_a_long_random_hex_string
JWT_EXPIRES_IN=8h
JWT_REFRESH_SECRET=change_me_to_another_long_random_hex_string
JWT_REFRESH_EXPIRES_IN=7d

# ── Server ────────────────────────────────────────────────
PORT=3000
NODE_ENV=development

# ── Mail (SMTP) ───────────────────────────────────────────
EMAIL_HOST=smtp.example.com
EMAIL_PORT=587
EMAIL_SECURE=false
EMAIL_USER=[email protected]
EMAIL_PASSWORD=smtp_password
EMAIL_REJECT_UNAUTHORIZED=false

# ── Mail (Resend — alternative to SMTP) ──────────────────
# RESEND_API_KEY=re_xxxxxxxxxxxxxxxxxxxx

# ── AI Services ───────────────────────────────────────────
GEMINI_API_KEY=your_google_gemini_key
GROQ_API_KEY=your_groq_key
Never commit your .env file to version control. It contains database credentials, JWT secrets, and API keys. Ensure .env is listed in your .gitignore. Use platform-native secret management (e.g. Railway variables, AWS Secrets Manager, Doppler) in deployed environments instead of shipping a .env file.
synchronize: true is enabled in database.config.ts. This means TypeORM automatically applies schema changes (creates tables, adds columns) every time the server starts, based on your entity definitions. This is convenient for development but can be destructive in production — consider setting DATABASE_SSL=true and disabling synchronize (or using migrations) before going live.

Build docs developers (and LLMs) love