Spaces:

aditya2001
/

VidSimplify

Running

App Files Files Community

VidSimplify / DEPLOYMENT.md

Adityahulk

Restoring repo state for deployment

6fc3143 5 days ago

preview code

raw

history blame contribute delete

2.41 kB

Deployment Configuration Guide

Environment Variables

For a secure production deployment, you must set the following environment variables.

1. Frontend (Next.js)

These variables should be set in your Vercel project settings or .env.production.

Variable	Description	Example Value
`NEXTAUTH_URL`	The canonical URL of your site	`https://your-app.com`
`NEXTAUTH_SECRET`	A random string used to hash tokens	`openssl rand -base64 32`
`GOOGLE_CLIENT_ID`	OAuth Client ID from Google Cloud	`123...apps.googleusercontent.com`
`GOOGLE_CLIENT_SECRET`	OAuth Client Secret from Google Cloud	`GOCSPX-...`
`INTERNAL_API_KEY`	CRITICAL: Shared secret to talk to Python backend	`long-random-string-shared-with-backend`
`PYTHON_API_URL`	URL of your deployed Python backend	`https://api.your-app.com`
`DATABASE_URL`	Connection string for your production DB (e.g., Postgres)	`postgresql://user:pass@host:5432/db`

Note on Database: Currently, the app uses SQLite (file:./dev.db). For production, you should switch the provider in prisma/schema.prisma to postgresql or mysql and use a real database URL.

2. Backend (Python / FastAPI)

These variables should be set in your backend hosting service (e.g., Railway, Render, AWS).

Variable	Description	Example Value
`INTERNAL_API_KEY`	CRITICAL: Must match the Frontend key exactly	`long-random-string-shared-with-backend`
`OPENAI_API_KEY`	For generating animation code	`sk-...`
`ELEVENLABS_API_KEY`	For generating voiceovers	`...`
`ANTHROPIC_API_KEY`	(Optional) If using Claude models	`sk-ant-...`
`CODE_GEN_MODEL`	Model to use for code generation	`gpt-4o` or `claude-3-5-sonnet-20240620`

Security Checklist

Generate a Strong INTERNAL_API_KEY: Use openssl rand -hex 32 to generate a secure key. Set this on BOTH frontend and backend.
HTTPS Everywhere: Ensure both your frontend and backend are served over HTTPS.
Database: Do not use SQLite in production if you have multiple server instances (serverless). Use a managed Postgres database (e.g., Supabase, Neon, Railway).
CORS: In api_server.py, update allow_origins to only allow your production frontend domain, not * or localhost.