Environment Variables

Relevant source files - .env.example - config/env.js

The Subscription Tracker API utilizes a centralized environment variable management system to handle sensitive credentials, server configurations, and third-party service integrations. This page serves as a technical reference for all variables defined in the system and the mechanism used to load them based on the application's runtime environment.

Environment Loading Mechanism

The application uses the dotenv package to manage environment variables. Instead of a single .env file, the system implements a dynamic naming convention to support multiple environments (development, production, etc.) simultaneously.

File Naming Convention

The configuration logic in config/env.js determines which file to load using the NODE_ENV variable. The pattern followed is: .env.[NODE_ENV].local

By default, if NODE_ENV is not provided, it defaults to development, resulting in the application attempting to load .env.development.local[config/env.js:3-3].

Implementation Flow

The variables are extracted from process.env and exported as named constants to ensure a consistent interface throughout the codebase.

[Flowchart Diagram]

Sources:

config/env.js[1-22]
.env.example[1-16]

Variable Reference

The following table details every environment variable required for the application to function correctly. These are mirrored from the template provided in .env.example.

Variable	Description	Typical Value
`PORT`	The port on which the Express server listens.	`5500`
`NODE_ENV`	Defines the environment (development, production, test).	`production`
`DB_URI`	Connection string for the MongoDB database.	`mongodb+srv://...`
`JWT_SECRET`	Secret key used for signing JSON Web Tokens.	`[Secure String]`
`JWT_EXPIRES_IN`	Duration for which a JWT remains valid.	`1d`
`SERVER_URL`	The base URL of the running server, used for workflow callbacks.	`http://127.0.0.1:8080`
`ARCJET_KEY`	API key for Arcjet security services (WAF/Rate Limiting).	`aj_...`
`ARCJET_ENV`	Arcjet environment mode (development or production).	`production`
`QSTASH_URL`	Endpoint for the Upstash QStash message broker.	`https://qstash.upstash.io`
`QSTASH_TOKEN`	Authentication token for Upstash QStash.	`[Token]`
`QSTASH_CURRENT_SIGNING_KEY`	Key used to verify signatures from Upstash.	`[Key]`
`QSTASH_NEXT_SIGNING_KEY`	Key used for signature rotation in Upstash.	`[Key]`
`ACCOUNT_EMAIL`	The "From" email address for system notifications.	`noreply@domain.com`
`BREVO_LOGIN`	SMTP login username for the Brevo email service.	`[Login]`
`BREVO_SMTP_KEY`	SMTP password/API key for the Brevo email service.	`[Key]`
`EMAIL_PASSWORD`	Legacy or alternative email password field.	`[Password]`

Sources:

.env.example[1-16]
config/env.js[5-22]

System Integration Map

Environment variables act as the bridge between the application logic and external infrastructure. The diagram below illustrates how specific code entities consume these variables.

[Flowchart Diagram]

Data Flow Details

Authentication: The JWT_SECRET is used by the authorize middleware in middlewares/auth.middleware.js to validate incoming requests.
Security: The ARCJET_KEY is passed to the Arcjet client in config/arcjet.js to enable the Shield WAF and Bot detection [config/env.js:12-12].
Notifications: The BREVO_SMTP_KEY and BREVO_LOGIN are used in config/nodemailer.js to establish an SMTP connection for sending renewal reminders [config/env.js:20-21].
Workflows: The QSTASH_URL and QSTASH_TOKEN are utilized by config/upstash.js to trigger the asynchronous subscription lifecycle workflows [config/env.js:13-14].

Sources:

config/env.js[5-22]
.env.example[1-16]