The Horse Trust platform requires environment variables to be configured for both the server (backend) and client (frontend) applications.
Server Environment Variables
Create a .env file in the server/ directory with the following variables:
Database Configuration
MongoDB connection string for your database.MONGO_URI=mongodb+srv://username:[email protected]/horsetrust?retryWrites=true&w=majority
mongodb+srv://<username>:<password>@<cluster>/<database> Server Configuration
Port number where the Express server will run. NODE_ENV
string
default:"development"
Environment mode for the application.NODE_ENV=development # or production
development, production, test Authentication & Security
Secret key used to sign JWT tokens for authentication.JWT_SECRET=your-super-secret-jwt-key-change-this-in-production
Use a strong, random string in production. Never commit this value to version control.
JWT token expiration time.Format: Use time notation like 10d (10 days), 24h (24 hours), 30m (30 minutes) Number of salt rounds for bcrypt password hashing.Higher values increase security but also increase processing time. 12 is a good balance for production.
CORS Configuration
Comma-separated list of allowed origins for CORS.# Development
CORS_ORIGINS=*
# Production
CORS_ORIGINS=https://horsetrust.com,https://www.horsetrust.com
In production, replace * with specific allowed origins for better security.
Client Environment Variables
Create a .env.local file in the client/ directory with the following variables:
API Configuration
Base URL for the backend API.# Development
NEXT_PUBLIC_API_URL=http://localhost:8031/api
# Production
NEXT_PUBLIC_API_URL=https://api.horsetrust.com/api
The NEXT_PUBLIC_ prefix makes this variable accessible in the browser.
Cloudinary Configuration
NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME
Your Cloudinary cloud name for image uploads.NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME=di2agiylz
NEXT_PUBLIC_CLOUDINARY_UPLOAD_PRESET
Cloudinary upload preset for handling image uploads.NEXT_PUBLIC_CLOUDINARY_UPLOAD_PRESET=horse_trust_uploads
You need to create this upload preset in your Cloudinary dashboard with unsigned upload enabled.
Example Configuration Files
Server .env Example
# ================================
# SERVER CONFIGURATION
# ================================
PORT=8031
NODE_ENV=development
# ================================
# DATABASE
# ================================
MONGO_URI=mongodb+srv://username:[email protected]/horsetrust
# ================================
# AUTHENTICATION
# ================================
JWT_SECRET=your-super-secret-jwt-key-change-this
JWT_EXPIRES_IN=10d
BCRYPT_SALT_ROUNDS=12
# ================================
# CORS
# ================================
CORS_ORIGINS=*
Client .env.local Example
# ==========================================
# CLIENT CONFIGURATION
# ==========================================
# API URL
NEXT_PUBLIC_API_URL=http://localhost:8031/api
# Cloudinary
NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME=di2agiylz
NEXT_PUBLIC_CLOUDINARY_UPLOAD_PRESET=horse_trust_uploads
Security Best Practices
Never commit .env files to version control!Ensure .env, .env.local, and .env.production are listed in your .gitignore file.
Use Strong Secrets
Generate strong, random strings for JWT_SECRET using a password generator or: Restrict CORS Origins
In production, never use CORS_ORIGINS=*. Specify exact domains.
Use Environment-Specific Files
Maintain separate configuration files for development, staging, and production.
Rotate Secrets Regularly
Update sensitive credentials like JWT_SECRET periodically and after any security incident.
Validation
The server validates required environment variables on startup. If any required variable is missing, the application will fail to start with an error message:
MONGO_URI is not defined in environment variables
