🔧 Technical Documentation
Setup & Configuration
Environment Variables

Development Environment Setup

Complete guide for setting up the MyNATCA platform development environment with the new Express.js architecture.

Prerequisites

Required Software

# Node.js 18.x LTS
curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash -
sudo apt-get install -y nodejs
 
# Docker and Docker Compose
sudo apt install docker.io docker-compose -y
 
# PM2 for process management (optional for development)
npm install -g pm2
 
# Git
sudo apt install git -y

Development Tools (Recommended)

# VS Code with extensions
# - ES6 String HTML
# - Prisma
# - ESLint
# - Prettier
 
# Database tools
# - DBeaver or similar PostgreSQL client
# - Redis CLI tools

Platform Setup (Express.js Backend)

1. Clone Repository and Install Dependencies

# Clone the platform repository
git clone https://github.com/natca/mynatca-platform.git
cd mynatca-platform
 
# Install dependencies
npm install
 
# Copy environment configuration
cp .env.example .env

2. Database Configuration

Supabase (Primary Database)

# Required: Supabase project URL
SUPABASE_URL=https://your-project-id.supabase.co

# Required: Supabase service role key (full admin access)
SUPABASE_SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

# Required: Supabase anonymous key (client-side operations)
SUPABASE_ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

# Note: SUPABASE_KEY is alias for SERVICE_ROLE_KEY (backwards compatibility)
SUPABASE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

MySQL (Legacy MyNATCA Database)

# Required: MySQL connection details
MYSQL_HOST=mysql.example.com
MYSQL_USER=mynatca_user
MYSQL_PASS=secure_password_here
MYSQL_DB=mynatca_members

Redis (Session Storage)

# Development Redis (local)
REDIS_URL=redis://localhost:6379

# Production Redis (with authentication)
REDIS_URL=redis://username:password@redis-host:6379

3. Authentication Configuration

Auth0 Setup (OAuth 2.0)

# Required: Auth0 tenant configuration
AUTH0_DOMAIN=your-domain.auth0.com
AUTH0_CLIENT_ID=your-client-id
AUTH0_CLIENT_SECRET=your-client-secret

# Development URLs
AUTH0_BASE_URL=http://localhost:1300
AUTH0_REDIRECT_URI=http://localhost:1300/api/auth/callback

# Optional: API audience for external API access
AUTH0_AUDIENCE=your-auth0-api-identifier

Session Management

# Required: Session secret (minimum 32 characters)
SESSION_SECRET=your-super-secure-session-secret-min-32-chars

# Generate with: openssl rand -hex 32
# Example: openssl rand -hex 32 > session_secret.txt

4. Server Configuration

Express.js Application

# Application settings
NODE_ENV=development
PORT=1300
HOST=localhost
BASE_URL=http://localhost:1300

# CORS settings for development
CORS_ORIGIN=http://localhost:3000,http://localhost:1301

5. External Services

MyNATCA API Integration

# MyNATCA API access
MYNATCA_API_BASE=https://my.natca.org/api
MYNATCA_API_KEY=your-api-key

Discord Integration

# Discord bot integration
DISCORD_BOT_URL=http://localhost:3002
DISCORD_SERVICE_KEY=your-discord-service-key

Sync Configuration

# Data synchronization settings
SYNC_BATCH_SIZE=100
SYNC_MAX_RETRIES=3
SYNC_RETRY_DELAY=1000
SYNC_API_KEY=your-sync-api-key

Complete Development Environment File

Create .env in the platform root directory:

# ==============================================================================
# APPLICATION CONFIGURATION
# ==============================================================================
NODE_ENV=development
PORT=1300
HOST=localhost
BASE_URL=http://localhost:1300

# ==============================================================================
# DATABASE CONFIGURATION
# ==============================================================================

# Supabase Configuration (Primary Database)
SUPABASE_URL=https://your-project.supabase.co
SUPABASE_SERVICE_ROLE_KEY=your-service-role-key
SUPABASE_ANON_KEY=your-anon-key
SUPABASE_KEY=your-service-role-key

# MySQL Configuration (MyNATCA Legacy Database)
MYSQL_HOST=your-mysql-host
MYSQL_USER=your-mysql-user
MYSQL_PASS=your-mysql-password
MYSQL_DB=your-database-name

# Redis Configuration (Session Storage)
REDIS_URL=redis://localhost:6379

# ==============================================================================
# AUTHENTICATION & AUTHORIZATION
# ==============================================================================

# Auth0 Configuration
AUTH0_DOMAIN=your-domain.auth0.com
AUTH0_CLIENT_ID=your-client-id
AUTH0_CLIENT_SECRET=your-client-secret
AUTH0_BASE_URL=http://localhost:1300
AUTH0_REDIRECT_URI=http://localhost:1300/api/auth/callback

# Session Configuration
SESSION_SECRET=your-super-secure-session-secret-min-32-chars

# ==============================================================================
# EXTERNAL SERVICES
# ==============================================================================

# Discord Integration
DISCORD_BOT_URL=http://localhost:3002
DISCORD_SERVICE_KEY=your-discord-service-key

# Sync Configuration
SYNC_API_KEY=your-sync-api-key
SYNC_BATCH_SIZE=100

Starting the Development Server

Method 1: Direct Node.js

# Start the Express.js server
npm run dev
 
# Server will start on http://localhost:1300
# API endpoints available at http://localhost:1300/api/*

Method 2: PM2 (Production-like)

# Start with PM2 in development mode
pm2 start ecosystem.config.js --env development
 
# Monitor logs
pm2 logs
 
# Stop PM2 processes
pm2 stop all

Method 3: Docker (Containerized)

# Build and run Docker container
docker build -t mynatca-platform:dev .
docker run -p 1300:3000 --env-file .env mynatca-platform:dev
 
# Or use docker-compose
docker-compose up --build

Verification Steps

1. Health Check

curl http://localhost:1300/api/health
# Expected: {"status":"healthy","service":"MyNATCA Platform Backend",...}

2. Authentication Test

# Visit in browser: http://localhost:1300/api/auth/login
# Should redirect to Auth0 login page

3. Database Connection

# Check Supabase connection
curl http://localhost:1300/api/health
# Should show database connectivity status

Common Development Issues

Port Conflicts

If port 1300 is in use, update the PORT environment variable:

PORT=1301  # Or any available port

Redis Connection Issues

For development without Redis:

# Comment out or remove REDIS_URL
# Platform will fall back to memory sessions (development only)

Auth0 Callback Issues

Ensure callback URL matches exactly:

Auth0 Dashboard > Applications > Settings > Allowed Callback URLs
http://localhost:1300/api/auth/callback

Required: Auth0 secret for session encryption (minimum 32 characters)

⚠️ CRITICAL: This is required for NextJS Auth0 SDK session encryption

Generate with: openssl rand -hex 32

Use different values for staging/production environments

AUTH0_SECRET=your_random_32_character_minimum_secret_key

Required: Base URL for your application

AUTH0_BASE_URL=https://discord.mynatca.org (opens in a new tab)

Required: Auth0 issuer base URL

AUTH0_ISSUER_BASE_URL=https://natca-prod.us.auth0.com (opens in a new tab)

Required: OAuth scopes

AUTH0_SCOPE=openid profile email

Optional: Session cookie name (default: appSession)

AUTH0_SESSION_NAME=appSession

Optional: Session lifetime in seconds (default: 604800 - 7 days)

AUTH0_SESSION_ROLLING_DURATION=604800

Optional: Absolute session lifetime in seconds

AUTH0_SESSION_ABSOLUTE_DURATION=2592000


#### 🔐 Important: Auth0 Secret Clarification

**Two different Auth0 secrets are used for different purposes:**

1. **AUTH0_CLIENT_SECRET** (OAuth2 Client Secret)
   - Used for OAuth2 authentication flow
   - Obtained from Auth0 Dashboard → Applications → Settings
   - Required for server-to-server communication with Auth0

2. **AUTH0_SECRET** (Session Encryption Secret)
   - Used by NextJS Auth0 SDK for session cookie encryption
   - Must be a random 32+ character string
   - **Critical for deployment** - applications will fail with "secret" is required error if missing
   - Generate with: `openssl rand -hex 32`
   - Must be different for each environment (dev/staging/production)

**Security Note**: Use different AUTH0_SECRET values for each environment to prevent session cookie conflicts and maintain security isolation.

#### Auth0 Management API
```env
# Required: Machine-to-Machine client ID for Management API
AUTH0_M2M_CLIENT_ID=m2m_client_id_here

# Required: Machine-to-Machine client secret for Management API
AUTH0_M2M_CLIENT_SECRET=m2m_client_secret_here

# Optional: Management API audience (default: https://{domain}/api/v2/)
AUTH0_MANAGEMENT_AUDIENCE=https://natca-prod.us.auth0.com/api/v2/

# Optional: Management API timeout in milliseconds (default: 30000)
AUTH0_MANAGEMENT_TIMEOUT=30000

Discord Bot Variables

Discord API Configuration

# Required: Discord bot token
DISCORD_TOKEN=MTIzNDU2Nzg5MDEyMzQ1Njc4OQ.Gh1234.abcdefghijklmnopqrstuvwxyz

# Required: Discord application (client) ID
DISCORD_CLIENT_ID=123456789012345678

# Required: Discord guild (server) ID
DISCORD_GUILD_ID=123456789012345678

# Optional: Discord API version (default: 10)
DISCORD_API_VERSION=10

# Optional: Discord API base URL (default: https://discord.com/api)
DISCORD_API_BASE_URL=https://discord.com/api

Discord Bot Behavior

# Optional: Default role for verified members (default: NATCA Member)
DISCORD_DEFAULT_ROLE=NATCA Member

# Optional: Channel for welcome messages (channel name or ID)
DISCORD_WELCOME_CHANNEL=general

# Optional: Channel for audit logs (channel name or ID)
DISCORD_AUDIT_CHANNEL=admin-logs

# Optional: Enable automatic nickname updates (default: true)
DISCORD_AUTO_NICKNAME=true

# Optional: Nickname format (default: {first_name} {last_name})
DISCORD_NICKNAME_FORMAT={first_name} {last_name}

# Optional: Maximum nickname length (default: 32)
DISCORD_MAX_NICKNAME_LENGTH=32

# Logging Configuration (Updated October 2025)
# Debug logs are automatically suppressed in development mode
# Set NODE_ENV=production for production logging
NODE_ENV=development  # Suppresses debug logs for cleaner console output
LOG_LEVEL=info        # Options: debug, info, warn, error

Web Server Configuration

HTTP Server Settings

# Optional: HTTP port (default: 3003)
PORT=3003

# Optional: Host address (default: 0.0.0.0)
HOST=0.0.0.0

# Required: Base URL for the application
BASE_URL=https://discord.mynatca.org

# Optional: Environment (development/staging/production)
NODE_ENV=production

# Optional: Enable HTTPS (default: false in development)
ENABLE_HTTPS=false

# Optional: SSL certificate path (if ENABLE_HTTPS=true)
SSL_CERT_PATH=/path/to/certificate.pem

# Optional: SSL private key path (if ENABLE_HTTPS=true)
SSL_KEY_PATH=/path/to/private-key.pem

CORS Configuration

# Optional: Allowed origins (comma-separated)
ALLOWED_ORIGINS=https://discord.mynatca.org,https://hub.mynatca.org

# Optional: Enable credentials (default: true)
CORS_CREDENTIALS=true

# Optional: Max age for preflight requests in seconds (default: 86400)
CORS_MAX_AGE=86400

Session and Security

# Required: Secret for session signing (minimum 32 characters)
SESSION_SECRET=your_secure_session_secret_minimum_32_chars

# Optional: Session cookie domain
SESSION_DOMAIN=.mynatca.org

# Optional: Session cookie secure flag (default: true in production)
SESSION_SECURE=true

# Optional: Session cookie SameSite setting (default: lax)
SESSION_SAME_SITE=lax

# Optional: Content Security Policy (default: strict)
CSP_POLICY=default-src 'self'; script-src 'self' 'unsafe-inline'

Data Synchronization

Sync Configuration

# Optional: Batch size for member sync (default: 1000)
SYNC_BATCH_SIZE=1000

# Optional: Maximum retry attempts (default: 3)
SYNC_RETRY_COUNT=3

# Optional: Retry delay in milliseconds (default: 1000)
SYNC_RETRY_DELAY=1000

# Optional: Sync timeout in milliseconds (default: 300000 - 5 minutes)
SYNC_TIMEOUT=300000

# Optional: Enable incremental sync (default: false)
SYNC_INCREMENTAL=false

# Optional: Sync schedule cron expression (default: every 6 hours)
SYNC_SCHEDULE=0 */6 * * *

Sync Health Monitoring

# Optional: Health check interval in milliseconds (default: 300000 - 5 minutes)
HEALTH_CHECK_INTERVAL=300000

# Optional: Maximum sync age before alert in milliseconds (default: 86400000 - 24 hours)
MAX_SYNC_AGE=86400000

# Optional: Minimum success rate before alert (default: 0.95 - 95%)
MIN_SUCCESS_RATE=0.95

# Optional: Webhook URL for health alerts
HEALTH_ALERT_WEBHOOK=https://hooks.slack.com/services/...

Logging Configuration

Platform and Discord Bot Logging (Updated October 2025)

Both Platform API and Discord bot now use optimized logging that automatically suppresses debug logs in development mode for cleaner console output:

Development Mode Behavior:

NODE_ENV=development
# Debug logs automatically suppressed
# Only info, warn, and error logs shown
# Cleaner console output for development

Production Mode Behavior:

NODE_ENV=production
# All configured log levels active
# JSON-structured logging for OpenSearch
# Full error tracking with stack traces

Logger Features:

  • Automatic debug log suppression in development
  • JSON-structured output for production log aggregation
  • Context-aware logging with metadata
  • Error tracking with full stack traces
  • Service identification for multi-service deployments

Example Development Output:

[2025-10-01 12:34:56] INFO: Bot successfully logged in
[2025-10-01 12:34:57] INFO: Member verified: 12345

Example Production Output (JSON):

{
  "timestamp": "2025-10-01T12:34:56.789Z",
  "level": "info",
  "service": "discord-bot",
  "message": "Member verified successfully",
  "context": {
    "memberId": "12345",
    "discordId": "123456789012345678"
  }
}

Environment-Specific Configurations

Development Environment (.env.development)

NODE_ENV=development
LOG_LEVEL=info  # Debug logs automatically suppressed
AUTH0_BASE_URL=http://localhost:3003
BASE_URL=http://localhost:3003
DEV_MODE=true
MOCK_SERVICES=true
LOG_TO_FILE=false

Staging Environment (.env.staging)

NODE_ENV=staging
LOG_LEVEL=info
AUTH0_BASE_URL=https://staging-discord.mynatca.org
BASE_URL=https://staging-discord.mynatca.org
DEV_MODE=false
MOCK_SERVICES=false
LOG_TO_FILE=true

Production Environment (.env.production)

NODE_ENV=production
LOG_LEVEL=warn
AUTH0_BASE_URL=https://discord.mynatca.org
BASE_URL=https://discord.mynatca.org
DEV_MODE=false
MOCK_SERVICES=false
LOG_TO_FILE=true
SESSION_SECURE=true
ENABLE_HTTPS=true

Security Best Practices

Secret Management

# Use strong, randomly generated secrets
AUTH0_SECRET=$(openssl rand -base64 32)
SESSION_SECRET=$(openssl rand -base64 32)
WEBHOOK_SECRET=$(openssl rand -base64 32)
 
# Never commit secrets to version control
echo ".env*" >> .gitignore
 
# Use different secrets for each environment
# Rotate secrets regularly (every 90 days recommended)

Environment Variable Validation

// lib/config/validation.js
const requiredVars = [
  'DISCORD_TOKEN',
  'AUTH0_DOMAIN',
  'AUTH0_CLIENT_ID',
  'AUTH0_CLIENT_SECRET',
  'SUPABASE_URL',
  'SUPABASE_KEY'
];
 
requiredVars.forEach(varName => {
  if (!process.env[varName]) {
    throw new Error(`Required environment variable ${varName} is not set`);
  }
});

Environment Loading

// Load environment variables in correct order
require('dotenv').config({ path: '.env.local' });
require('dotenv').config({ path: `.env.${process.env.NODE_ENV}` });
require('dotenv').config({ path: '.env' });

Troubleshooting

Common Issues

Missing Variables

# Check if all required variables are set
node -e "console.log(Object.keys(process.env).filter(key => key.includes('AUTH0')))"
 
# Validate configuration
npm run validate:config

Variable Conflicts

# Check for conflicting variables
npm run check:env-conflicts
 
# List all environment variables
env | grep -E "(DISCORD|AUTH0|SUPABASE|MYSQL)" | sort

Loading Issues

# Test environment loading
node -e "require('dotenv').config(); console.log('Loaded:', !!process.env.DISCORD_TOKEN)"
 
# Debug dotenv loading
DEBUG=dotenv* node your-app.js

This comprehensive environment variables reference ensures proper configuration and security across all MyNATCA platform applications.

Platform IntegrationDiscord Bot Setup