Skip to content
Quipthread Documentation

Environment Variables

All configuration is loaded from environment variables (or a .env file in the working directory). Variables without a default are optional unless otherwise noted.

Required

Section titled “Required”
VariableDefaultDescription
JWT_SECRETRequired. Secret key used to sign session tokens. Generate with openssl rand -hex 32.

Server

Section titled “Server”
VariableDefaultDescription
PORT8080TCP port the HTTP server listens on.
BASE_URLhttp://localhost:8080Public base URL of the backend. Must match the OAuth redirect URI registered with your provider.

Database

Section titled “Database”
VariableDefaultDescription
DATABASE_URL./data/comments.dbPath to the SQLite database file, or a libsql:// URL for a Turso database.

Auth — OAuth

Section titled “Auth — OAuth”
VariableDefaultDescription
GITHUB_CLIENT_IDGitHub OAuth app client ID.
GITHUB_CLIENT_SECRETGitHub OAuth app client secret.
GOOGLE_CLIENT_IDGoogle OAuth client ID.
GOOGLE_CLIENT_SECRETGoogle OAuth client secret.

See OAuth Setup for how to create these credentials.

Auth — Email

Section titled “Auth — Email”
VariableDefaultDescription
EMAIL_AUTH_ENABLEDfalseSet to true to enable email+password registration and login.
SMTP_HOSTSMTP server hostname.
SMTP_PORT587SMTP server port.
SMTP_USERSMTP authentication username.
SMTP_PASSSMTP authentication password.
SMTP_FROMSender address for all outgoing email.
EMAIL_PROVIDERTransactional email API provider. Accepted values: resend, postmark, sendgrid.
EMAIL_API_KEYAPI key for the configured EMAIL_PROVIDER.

See Email Authentication for details.

CORS

Section titled “CORS”
VariableDefaultDescription
ALLOWED_ORIGINSComma-separated list of allowed CORS origins (e.g. https://example.com,https://www.example.com). Leave unset to allow all origins.

Rate limiting

Section titled “Rate limiting”
VariableDefaultDescription
RATE_LIMIT_COMMENTS5/10mRate limit for comment submissions. Format: count/duration where duration uses Go time syntax (e.g. 10m, 1h). 5/10m means 5 requests per 10 minutes per IP.
RATE_LIMIT_AUTH10/5mRate limit for auth endpoints. Same format as above.

Spam filtering

Section titled “Spam filtering”
VariableDefaultDescription
SPAM_MAX_LINKS3Maximum number of links (hrefs or bare URLs) allowed in a comment before it is auto-rejected as spam.

Notifications

Section titled “Notifications”
VariableDefaultDescription
NOTIFY_BATCH_SIZE5Number of pending comments to accumulate before sending a notification.
NOTIFY_COOLDOWN_HOURS24Minimum hours between notification sends.
NOTIFY_EMAIL_TOFallback notification recipient email address, used when the site owner has no email address on their account.
TELEGRAM_BOT_TOKENTelegram bot token.
TELEGRAM_CHAT_IDTelegram chat, group, or channel ID to post notifications to.
SLACK_WEBHOOK_URLSlack incoming webhook URL.
DISCORD_WEBHOOK_URLDiscord channel webhook URL.
WEBHOOK_URLGeneric HTTP endpoint to POST notification payloads to.

See Notifications for details on each channel.

Bot protection

Section titled “Bot protection”
VariableDefaultDescription
TURNSTILE_SITE_KEYCloudflare Turnstile site key. Served to the embed widget to render the challenge.
TURNSTILE_SECRET_KEYCloudflare Turnstile secret key. Used for server-side token verification.

Both variables must be set to enable Turnstile bot protection. Leave both unset to disable it.

Turso / libSQL

Section titled “Turso / libSQL”
VariableDefaultDescription
TURSO_AUTH_TOKENAuth token appended to libsql:// database connections. Required when DATABASE_URL is a Turso URL.

Cloud / billing

Section titled “Cloud / billing”
VariableDefaultDescription
CLOUD_MODEfalseSet to true to enable plan enforcement, Stripe billing, and multi-tenant provisioning.
STRIPE_SECRET_KEYStripe secret API key.
STRIPE_WEBHOOK_SECRETStripe webhook signing secret for verifying incoming events.
STRIPE_PRICE_STARTER_MONTHLYStripe price ID for the Starter monthly plan.
STRIPE_PRICE_STARTER_YEARLYStripe price ID for the Starter yearly plan.
STRIPE_PRICE_PRO_MONTHLYStripe price ID for the Pro monthly plan.
STRIPE_PRICE_PRO_YEARLYStripe price ID for the Pro yearly plan.
STRIPE_PRICE_BUSINESS_MONTHLYStripe price ID for the Business monthly plan.
STRIPE_PRICE_BUSINESS_YEARLYStripe price ID for the Business yearly plan.
MASTER_DATABASE_URLTurso URL for the cloud master database. When unset, a local SQLite file is used.
TENANT_DATA_DIRdata/tenantsDirectory for per-tenant SQLite database files.
TURSO_API_TOKENTurso Platform API management token for provisioning per-tenant databases.
TURSO_ORGANIZATIONTurso organization slug used for database provisioning.