herocode/freezone
12
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a5b46bffb1
freezone/portal-server/SETUP.md
Timur Gordon a5b46bffb1 portal, platform, and server fixes
2025-06-30 17:01:40 +02:00

198 lines
4.9 KiB
Markdown
Raw Blame History

# Portal Server Setup Guide
This guide will help you set up the portal-server quickly and resolve common 401 authentication errors.
## Quick Setup (5 minutes)
### 1. Copy Environment File
```bash
cd portal-server
cp .env.example .env
```
### 2. Edit Your .env File
Open `.env` in your editor and replace the placeholder values:
```bash
# Required: Replace with your actual Stripe keys
STRIPE_SECRET_KEY=sk_test_your_actual_stripe_secret_key_here
STRIPE_PUBLISHABLE_KEY=pk_test_your_actual_stripe_publishable_key_here
# Required: Replace with your actual Identify API key
IDENTIFY_API_KEY=your_actual_identify_api_key_here
# Required: Set API keys for authentication (prevents 401 errors)
API_KEYS=dev_key_123,another_key_456
# Optional: Webhook secrets (for production)
STRIPE_WEBHOOK_SECRET=whsec_your_webhook_secret_here
IDENTIFY_WEBHOOK_SECRET=your_identify_webhook_secret_here
```
### 3. Start the Server
```bash
cargo run -- --from-env --verbose
```
### 4. Test API Access
```bash
# This should work (replace dev_key_123 with your actual API key)
curl -X GET http://localhost:3001/api/health \
-H "x-api-key: dev_key_123"
# This will return 401 Unauthorized (no API key)
curl -X GET http://localhost:3001/api/health
```
## Troubleshooting
### Getting 401 Unauthorized Errors?
**Problem**: All API calls return `401 Unauthorized`
**Solution**: Make sure you include the `x-api-key` header in all requests:
```bash
# ✅ Correct - includes API key header
curl -X POST http://localhost:3001/api/kyc/create-verification-session \
-H "Content-Type: application/json" \
-H "x-api-key: dev_key_123" \
-d '{"user_id": "test123", "email": "test@example.com"}'
# ❌ Wrong - missing API key header
curl -X POST http://localhost:3001/api/kyc/create-verification-session \
-H "Content-Type: application/json" \
-d '{"user_id": "test123", "email": "test@example.com"}'
```
### Server Won't Start?
**Problem**: Server fails to start with environment variable errors
**Solutions**:
1. Check that your `.env` file exists: `ls -la .env`
2. Verify all required variables are set: `cat .env`
3. Make sure API keys are valid (no extra spaces or quotes)
### Can't Find .env File?
The server looks for `.env` files in this order:
1. `.env` (current directory)
2. `portal-server/.env` (if running from parent directory)
You can also specify a custom location:
```bash
cargo run -- --from-env --env-file /path/to/your/.env
```
## Development vs Production
### Development Setup (Default)
- Uses `.env` file for configuration
- Allows all CORS origins (`*`)
- API keys are optional (but recommended)
```bash
# Development mode
cargo run -- --from-env --verbose
```
### Production Setup
- Requires all security configurations
- Restricted CORS origins
- API keys are mandatory
```bash
# Production build
cargo build --release --features prod --no-default-features
# Production run
./target/release/portal-server --from-env --cors-origins "https://yourdomain.com"
```
## API Key Management
### For Development
Use simple, memorable keys in your `.env`:
```bash
API_KEYS=dev_key_123,test_key_456
```
### For Production
Use strong, random keys:
```bash
API_KEYS=prod_a1b2c3d4e5f6,prod_x9y8z7w6v5u4,prod_m3n4o5p6q7r8
```
### Multiple Keys
You can configure multiple API keys for different clients:
```bash
API_KEYS=frontend_key_123,mobile_app_456,admin_panel_789
```
## Integration Examples
### Frontend JavaScript
```javascript
const apiKey = 'dev_key_123'; // From your .env API_KEYS
const response = await fetch('http://localhost:3001/api/kyc/create-verification-session', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'x-api-key': apiKey
},
body: JSON.stringify({
user_id: 'user123',
email: 'user@example.com'
})
});
```
### Python
```python
import requests
api_key = 'dev_key_123' # From your .env API_KEYS
response = requests.post(
'http://localhost:3001/api/kyc/create-verification-session',
headers={
'Content-Type': 'application/json',
'x-api-key': api_key
},
json={
'user_id': 'user123',
'email': 'user@example.com'
}
)
```
### Rust
```rust
use reqwest::Client;
use serde_json::json;
let client = Client::new();
let api_key = "dev_key_123"; // From your .env API_KEYS
let response = client
.post("http://localhost:3001/api/kyc/create-verification-session")
.header("Content-Type", "application/json")
.header("x-api-key", api_key)
.json(&json!({
"user_id": "user123",
"email": "user@example.com"
}))
.send()
.await?;
```
## Next Steps
1. **Set up webhooks**: Configure `STRIPE_WEBHOOK_SECRET` and `IDENTIFY_WEBHOOK_SECRET` for production
2. **Configure CORS**: Set specific origins for production: `CORS_ORIGINS=https://yourdomain.com`
3. **Add rate limiting**: Consider implementing rate limiting for production use
4. **Monitor logs**: Use `--verbose` flag to see detailed request logs
For more details, see the main [README.md](README.md).
Reference in New Issue View Git Blame Copy Permalink