Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/owasp/nest/llms.txt

Use this file to discover all available pages before exploring further.

Copy frontend/.env.example to frontend/.env and fill in the values before starting the app. 
cp frontend/.env.example frontend/.env
Variables prefixed with NEXT_PUBLIC_ are embedded into the client-side JavaScript bundle and visible in the browser. Variables prefixed with NEXT_SERVER_ are only available on the server and are never sent to the browser.

Authentication (NextAuth)

NEXTAUTH_SECRET
required
A random secret used by NextAuth.js to sign and encrypt session tokens and cookies. Generate one with:
openssl rand -base64 32
Required. Without this, authentication will not work.
NEXTAUTH_URL
required
The canonical URL of the application. NextAuth.js uses this to construct OAuth callback URLs.
NEXTAUTH_URL=http://localhost:3000/
NEXT_SERVER_GITHUB_CLIENT_ID
required
The Client ID of your GitHub OAuth App. Required for “Sign in with GitHub” to work locally. Register an OAuth App at github.com/settings/developers.
NEXT_SERVER_GITHUB_CLIENT_ID=Ov23liABCDEF1234567
NEXT_SERVER_GITHUB_CLIENT_SECRET
required
The Client Secret of your GitHub OAuth App. Pairs with NEXT_SERVER_GITHUB_CLIENT_ID to complete the OAuth flow.

API endpoints

NEXT_PUBLIC_API_URL
required
Base URL for the application’s REST API. Used by frontend components to make API calls.
NEXT_PUBLIC_API_URL=http://localhost:8000/
NEXT_PUBLIC_GRAPHQL_URL
required
The endpoint for the GraphQL API. Used by Apollo Client to send queries and mutations from the browser.
NEXT_PUBLIC_GRAPHQL_URL=http://localhost:8000/graphql/
NEXT_SERVER_GRAPHQL_URL
The GraphQL endpoint used by the Next.js server for server-side requests. In Docker, use the internal service hostname instead of localhost.
NEXT_SERVER_GRAPHQL_URL=http://backend:8000/graphql/
NEXT_PUBLIC_CSRF_URL
required
The endpoint used to fetch CSRF tokens for secure API requests from the browser.
NEXT_PUBLIC_CSRF_URL=http://localhost:8000/csrf/
NEXT_SERVER_CSRF_URL
The CSRF endpoint used by the Next.js server for server-side requests. In Docker, use the internal service hostname.
NEXT_SERVER_CSRF_URL=http://backend:8000/csrf/
NEXT_PUBLIC_IDX_URL
Base URL for the indexing service. Used by features that interact with search indexing.
NEXT_PUBLIC_IDX_URL=http://localhost:8000/idx/

Feature flags

NEXT_PUBLIC_ENVIRONMENT
Specifies the current runtime environment. Used for toggling features and logging behavior.Accepted values: local, development, production.
NEXT_PUBLIC_ENVIRONMENT=local
NEXT_PUBLIC_IS_PROJECT_HEALTH_ENABLED
Toggles the project health feature in the UI. Set to true to enable.
NEXT_PUBLIC_IS_PROJECT_HEALTH_ENABLED=true
NEXT_SERVER_DISABLE_SSR
Disables server-side rendering when set to true. Use only for debugging or specific deployment scenarios.
NEXT_SERVER_DISABLE_SSR=false
NEXT_PUBLIC_RELEASE_VERSION
The current release version of the application. Displayed in the UI and logs for tracking deployments.
NEXT_PUBLIC_RELEASE_VERSION=1.0.5

Sentry

NEXT_PUBLIC_SENTRY_DSN
The Data Source Name (DSN) for Sentry error tracking. When set, Sentry captures and reports frontend errors in real time.
NEXT_PUBLIC_SENTRY_DSN=https://xyz@sentry.io/123456

PostHog

NEXT_PUBLIC_POSTHOG_KEY
The PostHog project API key. Authenticates the frontend with PostHog for product analytics and feature flags.
NEXT_PUBLIC_POSTHOG_HOST
The PostHog analytics host URL.
NEXT_PUBLIC_POSTHOG_HOST=https://us.i.posthog.com

Google Tag Manager

NEXT_PUBLIC_GTM_ID
The Google Analytics measurement ID (used via @next/third-parties/google). When set, GoogleAnalytics is mounted in the root layout and GTM events are sent for interactions such as search queries.
NEXT_PUBLIC_GTM_ID=G-XXXXXXXXXX