Environment Configuration

Copy the template below into a .env file in your root directory. Fill in the values using the guide below.

.env

# --- SYSTEM ---
PORT=3001
SESSION_SECRET=your_random_string
JWT_SECRET=your_random_string
GDPR_DELETE_KEY=your_secure_master_key

# --- DATABASE ---
MONGODB_URI=your_connection_string
ADMIN_ID=admin_user_object_id

# --- GOOGLE AUTH ---
GOOGLE_CLIENT_ID=xxx
GOOGLE_CLIENT_SECRET=xxx
GOOGLE_REDIRECT_URI=http://localhost:3001/google/callback

# --- DISCORD AUTH ---
DISCORD_CLIENT_ID=xxx
DISCORD_CLIENT_SECRET=xxx
DISCORD_REDIRECT_URI=http://localhost:3001/auth/discord/callback

# --- EMAIL (V2 Required) ---
EMAIL=your_email@gmail.com
GMAIL_REFRESH_TOKEN=xxx
# EPASS=legacy_app_password_only

# --- LOGGING WEBHOOKS ---
ERROR_WEBHOOK=discord_webhook_url
USER_AUTH_WEBTOKEN=discord_webhook_url
WEB_LOGS=discord_webhook_url
WEB_TOKEN=discord_webhook_url

System Secrets

SESSION_SECRET

Signs session cookies to prevent tampering.

openssl rand -hex 32

JWT_SECRET

Signs JSON Web Tokens for API authentication.

openssl rand -hex 64

GDPR_DELETE_KEY

Master password required to nuke/delete user data.

PORT

The port the server runs on.

3001

Database

MONGODB_URI

Login to MongoDB Atlas.
Click Connect on your Cluster.
Select Drivers (Node.js).
Copy connection string.
Crucial: Replace <password> with your actual DB user password.

Example mongodb+srv://user:pass123@cluster.mongodb.net/sentralia?retryWrites=true&w=majority

ADMIN_ID

The _id of the super-admin. Required for dashboard access.

Launch App -> Create Account -> Go to MongoDB Atlas -> Copy your User ID -> Paste here -> Restart App.

Social Authentication

Google Configuration

1. Go to Google Cloud Console > APIs & Services > Credentials.

2. Create Credentials > OAuth Client ID.

3. Application Type: Web Application.

4. Important: Add this exactly to "Authorized redirect URIs":

http://localhost:3001/google/callback

5. Copy Client ID and Secret to .env

REQUIRED VARIABLES GOOGLE_CLIENT_ID GOOGLE_CLIENT_SECRET GOOGLE_REDIRECT_URI

Discord Configuration

1. Go to Discord Developer Portal > New Application.

2. Navigate to the OAuth2 tab.

3. Under "Redirects", add exactly:

http://localhost:3001/auth/discord/callback

4. Copy Client ID. Reset and Copy Client Secret.

REQUIRED VARIABLES DISCORD_CLIENT_ID DISCORD_CLIENT_SECRET DISCORD_REDIRECT_URI

Email Service

OAuth2 Secure Setup

Required (v2)

The Gmail address used to send system emails. Must match the account used to generate the token below.

GMAIL_REFRESH_TOKEN

Required to send emails securely without app passwords.

How to generate token:

Go to the Google OAuth Playground.
Click the Gear Icon (Top Right). Check "Use your own OAuth credentials".
Paste your GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET from Step 3.
In the scopes list (left), find "Gmail API v1" and select: https://mail.google.com/.
Click Authorize APIs. Login with the email you put in EMAIL above.
Click "Exchange authorization code for tokens".
Copy the value of Refresh Token (bottom box) into your .env.

Legacy

EPASS

Old App Password method. Only use this if you are running Sentralia v1.x. The new system requires the Refresh Token above.

Logging Webhooks

How to get: In Discord, go to Channel Settings > Integrations > Webhooks > New Webhook > Copy URL.

ERROR_WEBHOOK

Logs critical server errors and crashes.

https://discord.com/api/webhooks/...

USER_AUTH_WEBTOKEN

Logs new user registrations and logins.

https://discord.com/api/webhooks/...

WEB_LOGS

General API usage logs and traffic monitoring.

https://discord.com/api/webhooks/...

WEB_TOKEN

System status updates and token refreshes.

https://discord.com/api/webhooks/...

Copied!

System Secrets

Database

Social Authentication

Email Service

OAuth2 Secure Setup

How to generate token:

Logging Webhooks