Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/ProyectoFerretek/FerreMarket/llms.txt

Use this file to discover all available pages before exploring further.

All runtime configuration in FerreMarket is supplied through a single .env file placed at the project root. There is no server-side config layer — every variable is read at build time by Vite and injected into the browser bundle via import.meta.env. The project ships with a .env.example template that lists every required variable; copy it to .env and fill in your credentials before starting the development server.
Never commit your real .env file to version control. It is already listed in .gitignore, but double-check before pushing to a shared repository. Leaking your Supabase anon key or Cloudflare Worker API key can expose your database and file storage to unauthorized access.

Environment Variables

VITE_AUTH0_DOMAIN_NAME
string
The domain of your Auth0 tenant (e.g. your-tenant.us.auth0.com). This variable is included for backward compatibility with the @auth0/auth0-react package that is still present in package.json. Supabase Auth is the primary authentication provider used throughout the application; Auth0 integration is legacy and not required for a standard deployment. If you are not using Auth0, you may leave this blank.
VITE_AUTH0_CLIENT_ID
string
The Client ID of your Auth0 application, found in Auth0 Dashboard → Applications → your app → Settings. Like VITE_AUTH0_DOMAIN_NAME, this is a legacy variable and is not required unless you are actively using Auth0 as an auth provider.
VITE_SUPABASE_URL
string
required
The unique HTTPS URL of your Supabase project (e.g. https://xyzcompany.supabase.co). This is used by @supabase/supabase-js to route all database queries, auth calls, and realtime subscriptions. Found in Supabase Dashboard → Project Settings → API → Project URL.
VITE_SUPABASE_ANON_KEY
string
required
The public anon key for your Supabase project. This JWT is safe to expose in the browser — Supabase Row-Level Security policies govern what an anonymous or authenticated client is actually allowed to read or write. Found in Supabase Dashboard → Project Settings → API → Project API Keys → anon public.
VITE_CLOUDFLARE_CDN_URL
string
required
The base URL of your Cloudflare R2 public bucket (e.g. https://pub-xxxx.r2.dev). FerreMarket appends product image filenames to this URL to display product photos throughout the catalog and sales modules. The bucket must have public access enabled.
VITE_CLOUDFLARE_WORKERS_URL
string
required
The full HTTPS URL of your deployed Cloudflare Worker (e.g. https://ferremarket-uploads.yoursubdomain.workers.dev). This Worker acts as an authenticated proxy for file uploads: the frontend sends product images to this endpoint along with the API key, and the Worker writes the file to R2 on behalf of the caller — keeping your R2 bucket credentials private.
VITE_CLOUDFLARE_WORKERS_API_KEY
string
required
A secret API key used to authenticate requests from the FerreMarket frontend to your Cloudflare Worker. The Worker checks this key on every incoming request and rejects anything that does not match. Set this to a long, randomly generated string and store it as an environment secret in both your .env file and your Worker’s Cloudflare dashboard settings.

Example .env File

# Auth0 (legacy — not required for standard Supabase-only deployments)
VITE_AUTH0_DOMAIN_NAME = "your-tenant.us.auth0.com"
VITE_AUTH0_CLIENT_ID   = "abc123def456ghi789"

# Supabase — required
VITE_SUPABASE_URL      = "https://xyzcompany.supabase.co"
VITE_SUPABASE_ANON_KEY = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSJ9.placeholder"

# Cloudflare R2 & Workers — required for product image functionality
VITE_CLOUDFLARE_CDN_URL         = "https://pub-a1b2c3d4e5f6.r2.dev"
VITE_CLOUDFLARE_WORKERS_URL     = "https://ferremarket-uploads.acme.workers.dev"
VITE_CLOUDFLARE_WORKERS_API_KEY = "sk_live_a1b2c3d4e5f6g7h8i9j0"

Supabase Setup

  1. Sign in at supabase.com and open your project (or create a new one).
  2. Go to Project Settings (gear icon in the left sidebar) → API.
  3. Copy the Project URL — this is your VITE_SUPABASE_URL.
  4. Under Project API Keys, copy the anon public key — this is your VITE_SUPABASE_ANON_KEY. Do not use the service_role key in a browser-side app.
  5. Navigate to Authentication → Users and add at least one user so you can log in to the FerreMarket admin panel.
  6. Review Authentication → Policies on your database tables. FerreMarket relies on Row-Level Security policies to restrict data access per user role — make sure RLS is enabled on all tables that store sensitive business data.

Cloudflare R2 Setup

Cloudflare R2 is used to store and serve product images. The setup involves two components: an R2 bucket for storage and a Worker for authenticated uploads. Creating the R2 Bucket:
  1. Log in to dash.cloudflare.com and navigate to R2 Object Storage.
  2. Click Create bucket and give it a name (e.g. ferremarket-images).
  3. Once created, open the bucket settings and enable Public access. Cloudflare will assign a public URL in the format https://pub-xxxx.r2.dev — use this as VITE_CLOUDFLARE_CDN_URL.
Deploying the Upload Worker:
  1. Go to Workers & Pages → Create application → Create Worker.
  2. Write or paste your Worker script. The Worker should:
    • Accept POST requests containing a file payload.
    • Validate the Authorization header against a stored secret (your VITE_CLOUDFLARE_WORKERS_API_KEY).
    • Use the R2 binding to write the file to your bucket.
    • Return the public CDN URL of the uploaded object.
  3. Under Settings → Variables, add your API key as an encrypted environment variable with the same value you will use for VITE_CLOUDFLARE_WORKERS_API_KEY.
  4. Under Settings → Bindings, add an R2 Bucket binding pointing to the bucket you created above.
  5. Deploy the Worker and copy its route URL to use as VITE_CLOUDFLARE_WORKERS_URL.

Vite and the VITE_ Prefix

Vite enforces a strict naming convention for environment variables: only variables prefixed with VITE_ are exposed to your client-side code. Any variable in .env that does not start with VITE_ is available to Vite’s Node.js build process but is deliberately excluded from the browser bundle for security reasons. Inside the FerreMarket source code, variables are read like this:
import { createClient } from '@supabase/supabase-js';

const supabaseUrl  = import.meta.env.VITE_SUPABASE_URL;
const supabaseKey  = import.meta.env.VITE_SUPABASE_ANON_KEY;

export const supabase = createClient(supabaseUrl, supabaseKey);
Vite statically replaces import.meta.env.VITE_* references at build time. This means:
  • The values are baked into the compiled JavaScript bundle — treat them accordingly.
  • If you change a value in .env, you must restart the dev server (npm run dev) or rebuild (npm run build) for the change to take effect.
  • There is no runtime config injection; .env is a build-time concern.

Build docs developers (and LLMs) love