Every secret and deployment-specific value in HealtyHelp is driven by environment variables loaded viaDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/JuanSebasSV/healtyhelp/llms.txt
Use this file to discover all available pages before exploring further.
dotenv on the server and Vite’s import.meta.env on the client. Never hard-code these values — and never commit a .env file to version control.
Server variables
Create a.env file in the server/ directory (or set these as environment variables on your hosting platform).
Core — required
Full MongoDB connection string. For MongoDB Atlas this looks like:
mongodb+srv://<user>:<password>@cluster0.xxxxx.mongodb.net/<dbname>?retryWrites=true&w=majoritySecret key used to sign and verify JSON Web Tokens. Use at least 32 random characters. Generate one with:
Token expiry duration passed directly to
jsonwebtoken. Examples: 7d, 24h, 30d.Port the Express server listens on. Defaults to
5000 when not set.The origin of your frontend application (no trailing slash). Used to configure CORS and OAuth redirect targets.
- Development:
http://localhost:5173 - Production:
https://your-app.netlify.app
The public base URL of the server itself (no trailing slash). Used to build the Google OAuth callback URL inside
passport.js — the strategy constructs the callback as `${process.env.BACKEND_URL}/api/auth/google/callback`.- Development:
http://localhost:5000 - Production:
https://api.your-domain.com
API key for the Groq service that powers the LLaMA-based AI chatbot. Obtain one from the Groq developer console.
Runtime environment. Set to
production on your server host. Accepted values: development, production.Affects behaviour in several places — most notably the auth rate limiter (see note below) and the error handler (stack traces are hidden in production).Rate limiting in production. The
Always set
/api/auth/login route uses an express-rate-limit limiter whose max is determined at startup by NODE_ENV:NODE_ENV | Max requests per 15 min |
|---|---|
development | 200 |
production | 20 |
NODE_ENV=production on your live server to protect against brute-force attacks.Google OAuth — needed for Google login
These variables configure thepassport-google-oauth20 strategy in server/config/passport.js. The callback URL is constructed automatically from BACKEND_URL — you do not need a separate GOOGLE_CALLBACK_URL variable in your environment.
OAuth 2.0 client ID from Google Cloud Console.
OAuth 2.0 client secret from Google Cloud Console.
Cloudinary — needed for image uploads
Used inserver/config/cloudinary.js to upload user avatars and recipe review images.
Your Cloudinary cloud name, visible on the Cloudinary dashboard.
Cloudinary API key.
Cloudinary API secret. Treat this like a password — never expose it client-side.
Email — needed for verification emails
HealtyHelp uses Resend to send transactional email (account verification, password reset, etc.) viaserver/utils/emailService.js.
API key from your Resend account. Requests are authenticated with
Authorization: Bearer <RESEND_API_KEY>.The sender address that appears in outgoing emails.
Example:
HealtyHelp <noreply@your-domain.com>This domain must be verified in your Resend account.Super-admin bootstrap — needed for initSuperAdmin script
These variables are only consumed by server/scripts/initSuperAdmin.js and are safe to remove from the environment after the script has run once.
Display name for the initial super-admin user.
Email address for the initial super-admin user.
Initial password. Change this immediately after the first login.
Client variable
Create a.env file in the client/ directory (or set it in your static-host’s build settings).
Base URL of the backend REST API. All Axios requests in the client are relative to this value.
- Development:
http://localhost:5000/api - Production:
https://api.your-domain.com/api
VITE_, this is the only variable available in the browser bundle.Complete server .env example
Copy this template into server/.env and fill in your values:
client/.env: