Skip to main content
CampusBite uses environment variables to configure backend services. You must set these variables before starting the server.

Required variables

These variables are validated at startup and will prevent the server from starting if missing.
JWT_SECRET
string
required
Secret key for signing JWT access tokens. Must be at least 32 characters long.
# Generate a secure random string
openssl rand -base64 48
JWT_REFRESH_SECRET
string
required
Secret key for signing JWT refresh tokens. Must be at least 32 characters long and different from JWT_SECRET.
openssl rand -base64 48
MONGODB_URI
string
required
MongoDB connection string. Supports both standard and SRV formats.
# MongoDB Atlas (SRV)
mongodb+srv://username:[email protected]/campusbite

# Standard connection string
mongodb://username:password@host:27017/campusbite
If using MongoDB Atlas behind restrictive DNS, you may need to use a non-SRV connection string to avoid DNS lookup failures.
FRONTEND_URL
string
required
URL where your frontend is hosted. Used for CORS configuration and email links.
# Production
https://campusbite.example.com

# Development (automatically allowed)
http://localhost:5173

Optional core variables

PORT
number
default:"5000"
Port number for the HTTP server.
PORT=8080
NODE_ENV
string
default:"development"
Runtime environment. Set to production to enable production optimizations:
  • Serves frontend static files from frontend/dist
  • Uses combined logging format
  • Enables stricter security headers
NODE_ENV=production
APP_URL
string
Alternative URL for your application. Used as fallback for CORS and payment UPI links.
APP_URL=https://campusbite.fly.dev
MONGODB_DB_NAME
string
Database name to use if not specified in MONGODB_URI.
MONGODB_DB_NAME=campusbite
DATABASE_URL
string
Alternative to MONGODB_URI. If both are set, MONGODB_URI takes precedence.

JWT token expiration

JWT_EXPIRES_IN
string
default:"1h"
Access token expiration time. Uses vercel/ms format.
# Examples
JWT_EXPIRES_IN=1h
JWT_EXPIRES_IN=30m
JWT_EXPIRES_IN=2h
JWT_REFRESH_EXPIRES_IN
string
default:"7d"
Refresh token expiration time. Uses vercel/ms format.
JWT_REFRESH_EXPIRES_IN=7d
JWT_REFRESH_EXPIRES_IN=14d

Email configuration (SMTP)

Email features are optional. If SMTP variables are incomplete, the server will start but skip email functionality (registration verification, password reset).
SMTP_HOST
string
SMTP server hostname.
# Gmail
SMTP_HOST=smtp.gmail.com

# SendGrid
SMTP_HOST=smtp.sendgrid.net
SMTP_PORT
number
default:"587"
SMTP server port. Common values:
  • 587 - STARTTLS (recommended)
  • 465 - SSL/TLS
  • 25 - Unencrypted (not recommended)
SMTP_USER
string
SMTP authentication username.
SMTP_USER=apikey  # SendGrid
SMTP_USER=[email protected]  # Gmail
SMTP_PASS
string
SMTP authentication password or API key.
For Gmail, use an App Password, not your regular password.
FROM_EMAIL
string
Email address used in the “From” field. Falls back to SMTP_USER if not set.
FROM_EMAIL=[email protected]

Order management

These variables control order lifecycle timeouts and no-show restrictions.
CHECKOUT_TOKEN_SECRET
string
Secret for signing checkout tokens. Falls back to JWT_SECRET if not set.
openssl rand -base64 48
UNPAID_ORDER_TIMEOUT_MINUTES
number
default:"8"
Minutes before unpaid orders are automatically cancelled.
READY_NO_SHOW_TIMEOUT_MINUTES
number
default:"20"
Minutes before a ready order is marked as no-show if not picked up.
ORDER_COMMITMENT_TIMEOUT_MINUTES
number
default:"4"
Minutes for vendors to accept or reject orders before automatic cancellation.
NO_SHOW_WARNING_THRESHOLD
number
default:"2"
Number of no-shows before warning the user.
NO_SHOW_RESTRICTION_THRESHOLD
number
default:"3"
Number of no-shows before temporarily restricting ordering.
NO_SHOW_RESTRICTION_DAYS
number
default:"14"
Days to restrict ordering after hitting the no-show threshold.

Payment

UPI_MERCHANT_CODE
string
Merchant UPI ID for generating UPI payment links.
UPI_MERCHANT_CODE=merchant@paytm

File uploads

UPLOAD_DIR
string
default:"/data/uploads or backend/public/uploads"
Directory for storing uploaded files (menu images, store logos). The application automatically:
  1. Checks if /data exists (Fly.io volume mount)
  2. Uses /data/uploads if available
  3. Falls back to backend/public/uploads
# Custom path
UPLOAD_DIR=/var/www/uploads

# Fly.io (set in fly.toml)
UPLOAD_DIR=/data/uploads

Fly.io specific

FLY_APP_NAME
string
Automatically set by Fly.io. Used to construct the default CORS origin https://{FLY_APP_NAME}.fly.dev.

Database type

DB_TYPE
string
default:"mongodb"
Database type identifier. CampusBite only supports MongoDB. Setting this to any other value will log a warning but not prevent startup.

Development setup

For local development, create a .env file in the backend/ directory:
backend/.env
JWT_SECRET=your-super-secret-jwt-key-at-least-32-chars-long-abc123
JWT_REFRESH_SECRET=your-super-secret-refresh-key-different-from-jwt-abc123
MONGODB_URI=mongodb://localhost:27017/campusbite
FRONTEND_URL=http://localhost:5173

# Optional: Email (for testing verification flows)
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_USER=[email protected]
SMTP_PASS=your-app-password
FROM_EMAIL=[email protected]
Never commit .env files to version control. Add .env to your .gitignore.

Build docs developers (and LLMs) love

Get started for freeTalk to us