pediatric-ai-scribe-v3/.env.example
ifedan-ed ac8e7bb890 v3.0.0: Auth, admin panel, security fixes, per-tab model selector
- Add authMiddleware to all AI/transcribe routes (were unauthenticated)
- Add full admin panel: user management, registration toggle, stats
- Fix XSS in email verification (escape user.name in HTML)
- Fix missing APP_URL fallback in password reset email
- Add per-tab model selector (respects OpenRouter/Bedrock/Azure lists)
- Fix transcribeAudio to send Authorization header
- Fix labs input: textarea instead of single-line input
- Add structured logging: audit_log, api_log, access_log tables
- Add admin CLI (admin-cli.js) for Docker exec management
- Fix duplicate var duration declaration in ai.js catch block
- Fix RETURNING check case-sensitivity in database.js
2026-03-21 19:25:51 -04:00

51 lines
1.6 KiB
Text

# ============================================================
# AI PROVIDER (choose one)
# ============================================================
# Option 1: OpenRouter (default, cheapest, NOT HIPAA)
AI_PROVIDER=openrouter
OPENROUTER_API_KEY=sk-or-v1-your-key
# Option 2: AWS Bedrock (HIPAA compliant with BAA)
# AI_PROVIDER=bedrock
# AWS_BEDROCK_REGION=us-east-1
# AWS_ACCESS_KEY_ID=AKIA...
# AWS_SECRET_ACCESS_KEY=...
# (Or use IAM role — no keys needed if running on EC2/ECS)
# Option 3: Azure OpenAI (HIPAA compliant with BAA)
# AI_PROVIDER=azure
# AZURE_OPENAI_ENDPOINT=https://your-resource.openai.azure.com
# AZURE_OPENAI_API_KEY=your-key
# AZURE_DEPLOYMENT_NAME=gpt-4o-mini
# AZURE_OPENAI_API_VERSION=2024-02-01
# ============================================================
# Whisper (always OpenAI for now)
# ============================================================
OPENAI_API_KEY=sk-your-openai-key
# Optional
ELEVENLABS_API_KEY=
# App
PORT=3000
APP_URL=https://your-domain.com
JWT_SECRET=generate-a-random-64-char-string-here
SESSION_SECRET=generate-another-random-string-here
# Email (for verification & password reset)
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_USER=your-email@gmail.com
SMTP_PASS=your-app-password
SMTP_FROM=noreply@yourdomain.com
# Nextcloud (optional)
NEXTCLOUD_URL=https://cloud.yourdomain.com
# ============================================================
# DATABASE
# ============================================================
DATABASE_URL=postgresql://pedscribe:<password>@postgres:5432/pedscribe
DB_PASSWORD=pedscribe_secret_change_me