Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Renzo717/Aula-Virtual-Universidad-Radiolocucion/llms.txt

Use this file to discover all available pages before exploring further.

The NuestraVoz API reads all runtime configuration from environment variables stored in apps/api/.env. There is no separate frontend .env file — the Astro frontend proxies all /api requests to the Express backend, so only the API needs environment configuration. This page documents every variable, its default value, and what breaks if it is missing or wrong.

Complete .env file

apps/api/.env
SUPABASE_URL=https://kdiebefyguycbjlsnjsm.supabase.co
SUPABASE_SERVICE_ROLE_KEY=your_service_role_key_here
PORT=3001
NODE_ENV=development
CORS_ORIGIN=http://localhost:4321
SESSION_COOKIE_NAME=nv_session
Copy apps/api/.env.example to apps/api/.env and fill in your actual Supabase credentials before starting the API.
Never commit apps/api/.env to version control. The SUPABASE_SERVICE_ROLE_KEY bypasses all Row Level Security policies and must be kept secret. It should only ever be present in the server-side environment.

Variable Reference

SUPABASE_URL
string
required
The full URL of your Supabase project, e.g. https://abcdefghijkl.supabase.co. Found in Project Settings → API → Project URL in the Supabase dashboard. The API uses this to initialise both the admin client (service role) and ephemeral user-scoped clients.
SUPABASE_SERVICE_ROLE_KEY
string
required
The service_role secret key for your Supabase project. Found in Project Settings → API → Project API Keys → service_role. This key grants full unrestricted access to your database and must never be exposed client-side. The API uses it for all database operations.
PORT
number
The TCP port on which the Express API listens. Defaults to 3001 if not set. In production you can bind to any available port and configure your reverse proxy accordingly.
NODE_ENV
string
Runtime environment flag. Set to production in live deployments. When not production, the config.isDev flag is true, which disables the secure flag on session cookies (allowing HTTP during local development). All other behavior is identical.
CORS_ORIGIN
string
The exact origin the API allows cross-origin requests from — the frontend URL. In development this is http://localhost:4321. In production set this to your Astro deployment URL, e.g. https://campus.nuestravoz.edu. Must match the Origin header sent by the browser exactly (no trailing slash).
The name of the session cookie set by POST /api/auth/login. Defaults to nv_session. The middleware reads this cookie on every request to authenticate the user. Change it only if you have a reason to namespace cookies (e.g. multiple deployments on the same domain).

How configuration is loaded

The API loads variables via the dotenv package at startup (import 'dotenv/config' in apps/api/src/lib/config.ts). The config object is then imported by the server entry point and all route modules:
apps/api/src/lib/config.ts
import 'dotenv/config';

export const config = {
  port: parseInt(process.env.PORT || '3001', 10),
  corsOrigin: process.env.CORS_ORIGIN || 'http://localhost:4321',
  sessionCookieName: process.env.SESSION_COOKIE_NAME || 'nv_session',
  isDev: process.env.NODE_ENV !== 'production',
};
SUPABASE_URL and SUPABASE_SERVICE_ROLE_KEY are read directly in apps/api/src/lib/supabase.ts and not exposed through the config object.

Local vs production settings

VariableLocal developmentProduction
SUPABASE_URLCloud or local Supabase instanceYour Supabase cloud project URL
SUPABASE_SERVICE_ROLE_KEYObtained from Supabase dashboardSame — never changes per environment unless you use separate projects
PORT3001Any available port
NODE_ENVdevelopmentproduction
CORS_ORIGINhttp://localhost:4321Your production frontend URL
SESSION_COOKIE_NAMEnv_sessionnv_session (or your preferred name)
In production, set NODE_ENV=production to enable secure: true on the session cookie, which restricts cookie transmission to HTTPS. Without this, browsers will reject the cookie on HTTPS origins.

Build docs developers (and LLMs) love