Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/vanegasjoseignacio2-cyber/Eco-It/llms.txt

Use this file to discover all available pages before exploring further.

Eco-It splits its configuration across two environments: the backend (Node.js/Express) reads variables through dotenv, which loads a .env file located in the backend/ directory at startup. The frontend (React + Vite) uses Vite’s built-in environment variable system — only variables prefixed with VITE_ are exposed to browser code. Understanding which variables belong to which layer, and why each one is required, is essential before running Eco-It locally or deploying it to production.

Backend environment variables

These variables are loaded by dotenv in backend/index.js before any other module is imported. All secrets must be kept in backend/.env and never committed to version control.
MONGODB_URI
string
required
MongoDB connection string. Use a MongoDB Atlas connection string for production (e.g. mongodb+srv://user:pass@cluster0.mongodb.net/ecoit?retryWrites=true&w=majority) or a local URI such as mongodb://localhost:27017/ecoit for development.
JWT_SECRET
string
required
Secret used to sign and verify JSON Web Tokens. It is also reused as the express-session secret. Must be a long, random, unpredictable string — see the tip below for a quick generation command.
PORT
number
default:"3000"
HTTP port the Express server listens on. Railway injects this automatically at runtime; you only need to set it explicitly if self-hosting or overriding the default.
GOOGLE_CLIENT_ID
string
required
OAuth 2.0 client ID from the Google Cloud Console. Required to enable Google Sign-In via Passport’s passport-google-oauth20 strategy.
GOOGLE_CLIENT_SECRET
string
required
OAuth 2.0 client secret from the Google Cloud Console. Pair it with GOOGLE_CLIENT_ID — both must match the same credential object.
FRONT_URL
string
required
The base URL of the deployed frontend (e.g. https://eco-it.netlify.app). The backend uses this value to build the Google OAuth callback redirect URI and to populate the CORS origin allowlist. In development, set it to http://localhost:5173.
CLOUDINARY_CLOUD_NAME
string
required
Your Cloudinary cloud name (visible in the Cloudinary dashboard). Used by backend/utils/cloudinary.js to initialize the Cloudinary SDK for image uploads and transformations.
CLOUDINARY_API_KEY
string
required
Cloudinary API key. Found under Settings → Access Keys in the Cloudinary dashboard.
CLOUDINARY_API_SECRET
string
required
Cloudinary API secret. Treat this like a password — it allows signed upload and management operations on your Cloudinary account.
EMAIL_USER
string
required
Gmail address used by backend/utils/emailService.js as the Nodemailer SMTP sender. This account must have an App Password configured (standard Gmail passwords are rejected by Google’s SMTP when 2-Step Verification is enabled). Example: ecoit.system@gmail.com.
EMAIL_PASS
string
required
Gmail App Password for the account specified in EMAIL_USER. Generate one in Google Account → Security → App passwords. Used as the SMTP authentication credential when sending welcome emails and password-recovery codes via smtp.gmail.com:587.
OPENROUTER_API_KEY
string
required
API key for OpenRouter, used by the /api/ai routes to power EcoBot, Eco-It’s environmental AI assistant. Generate a key from the OpenRouter dashboard.
NODE_ENV
string
default:"development"
Runtime environment flag. Accepted values are development and production. When set to development, the global error handler returns the full error object in the response body, which is useful for debugging but must never be enabled in production.

Frontend environment variables

Vite only exposes variables whose names start with VITE_ to the client bundle. Place these in frontend/.env (development) or frontend/.env.production (production build).
VITE_BACKEND_URL
string
Backend API base URL, including the /api path segment (e.g. https://backend-production-1e6e.up.railway.app/api). In local development you can leave this variable unset — Vite’s dev server proxy automatically forwards all /api/* requests to http://localhost:3000, as configured in frontend/vite.config.js. In production builds, this must point to your live Railway deployment.
VITE_SOCKET_URL
string
WebSocket server base URL without the /api path (e.g. https://backend-production-1e6e.up.railway.app). The Socket.IO client connects to this URL for real-time features such as online user presence and admin notifications. In development, leave this unset — the Vite proxy handles WebSocket upgrades automatically.

Sample backend .env file

Place this file at backend/.env. Fill in every value before starting the server. 
# ── Database ────────────────────────────────────────────────
MONGODB_URI=mongodb+srv://<user>:<password>@cluster0.mongodb.net/ecoit?retryWrites=true&w=majority

# ── Auth ────────────────────────────────────────────────────
JWT_SECRET=replace_with_a_long_random_string_at_least_64_chars

# ── Server ──────────────────────────────────────────────────
PORT=3000
NODE_ENV=development

# ── Google OAuth ────────────────────────────────────────────
GOOGLE_CLIENT_ID=123456789-abcdefghij.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=GOCSPX-xxxxxxxxxxxxxxxxxxxxxxxx

# ── CORS / OAuth redirect base URL ──────────────────────────
FRONT_URL=http://localhost:5173

# ── Cloudinary ──────────────────────────────────────────────
CLOUDINARY_CLOUD_NAME=your_cloud_name
CLOUDINARY_API_KEY=123456789012345
CLOUDINARY_API_SECRET=abcdefghijklmnopqrstuvwxyz012345

# ── Email (Nodemailer / Gmail SMTP) ─────────────────────────
EMAIL_USER=ecoit.system@gmail.com
EMAIL_PASS=xxxx xxxx xxxx xxxx

# ── OpenRouter (EcoBot) ─────────────────────────────────────
OPENROUTER_API_KEY=sk-or-v1-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Never commit .env files to version control. Ensure backend/.env and frontend/.env*.local are listed in your root .gitignore. Exposing secrets in a public repository can lead to unauthorized database access, API abuse, and account takeover.
Generate a cryptographically strong JWT_SECRET in one command:
openssl rand -hex 64
This produces a 128-character hexadecimal string — well above the minimum length recommended for HMAC-SHA256 JWT signing.

Build docs developers (and LLMs) love

Get started for freeTalk to us