CloudGeometry · eugeneo17 · Nov 27, 2025
diff --git a/.env.example b/.env.example
@@ -1,123 +1,114 @@
-# Description: Example of .env file
-# Usage: Copy this file to .env and change the values
-#        according to your needs
-#        Do not commit .env file to git
-#        Do not change .env.example file
-
-# Config directory
-# Directory where files, logs and database will be stored
-# Example: LANGBUILDER_CONFIG_DIR=~/.langbuilder
-LANGBUILDER_CONFIG_DIR=
-
-# Save database in the config directory
-# Values: true, false
-# If false, the database will be saved in LangBuilder's root directory
-# This means that the database will be deleted when LangBuilder is uninstalled
-# and that the database will not be shared between different virtual environments
-# Example: LANGBUILDER_SAVE_DB_IN_CONFIG_DIR=true
-LANGBUILDER_SAVE_DB_IN_CONFIG_DIR=
-
-# Database URL
-# Postgres example: LANGBUILDER_DATABASE_URL=postgresql://postgres:postgres@localhost:5432/langbuilder
-# SQLite example:
-LANGBUILDER_DATABASE_URL=sqlite:///./langbuilder.db
-
-# Database connection retry
-# Values: true, false
-# If true, the database will retry to connect to the database if it fails
-# Example: LANGBUILDER_DATABASE_CONNECTION_RETRY=true
-LANGBUILDER_DATABASE_CONNECTION_RETRY=false
-
-# Cache type
-LANGBUILDER_LANGCHAIN_CACHE=SQLiteCache
-
-# Server host
-# Example: LANGBUILDER_HOST=localhost
-LANGBUILDER_HOST=
-
-# Worker processes
-# Example: LANGBUILDER_WORKERS=1
-LANGBUILDER_WORKERS=
-
-# Server port
-# Example: LANGBUILDER_PORT=7860
-LANGBUILDER_PORT=
-
-# Logging level
-# Example: LANGBUILDER_LOG_LEVEL=critical
-LANGBUILDER_LOG_LEVEL=
-
-# Path to the log file
-# Example: LANGBUILDER_LOG_FILE=logs/langbuilder.log
-LANGBUILDER_LOG_FILE=
-
-# Time/Size for log to rotate
-# Example: LANGBUILDER_LOG_ROTATION=‘10 MB’/‘1 day’
-LANGBUILDER_LOG_ROTATION=
-
-# Path to the frontend directory containing build files
-# Example: LANGBUILDER_FRONTEND_PATH=/path/to/frontend/build/files
-LANGBUILDER_FRONTEND_PATH=
-
-# Whether to open the browser after starting the server
-# Values: true, false
-# Example: LANGBUILDER_OPEN_BROWSER=true
-LANGBUILDER_OPEN_BROWSER=
-
-# Whether to remove API keys from the projects saved in the database
-# Values: true, false
-# Example: LANGBUILDER_REMOVE_API_KEYS=false
-LANGBUILDER_REMOVE_API_KEYS=
-
-# Whether to use RedisCache or ThreadingInMemoryCache or AsyncInMemoryCache
-# Values: async, memory, redis
-# Example: LANGBUILDER_CACHE_TYPE=memory
-# If you want to use redis then the following environment variables must be set:
-# LANGBUILDER_REDIS_HOST (default: localhost)
-# LANGBUILDER_REDIS_PORT (default: 6379)
-# LANGBUILDER_REDIS_DB (default: 0)
-# LANGBUILDER_REDIS_CACHE_EXPIRE (default: 3600)
-LANGBUILDER_CACHE_TYPE=
-
-# Set LANGBUILDER_AUTO_LOGIN to false if you want to disable auto login
-# and use the login form to login. LANGBUILDER_SUPERUSER and LANGBUILDER_SUPERUSER_PASSWORD
-# must be set if AUTO_LOGIN is set to false
-# Values: true, false
-LANGBUILDER_AUTO_LOGIN=
-
-# SET LANGBUILDER_ENABLE_SUPERUSER_CLI to false to disable
-# superuser creation via the CLI
-LANGBUILDER_ENABLE_SUPERUSER_CLI=
-
-# Superuser username
-# Example: LANGBUILDER_SUPERUSER=admin
-LANGBUILDER_SUPERUSER=
-
-# Superuser password
-# Example: LANGBUILDER_SUPERUSER_PASSWORD=123456
-LANGBUILDER_SUPERUSER_PASSWORD=
-
-# Should store environment variables in the database
-# Values: true, false
-LANGBUILDER_STORE_ENVIRONMENT_VARIABLES=
-
-# Should enable the MCP composer feature in MCP projects
-# Values: true, false
-# Default: false
-LANGBUILDER_MCP_COMPOSER_ENABLED=
-
-# STORE_URL
-# Example: LANGBUILDER_STORE_URL=https://api.langbuilder.store
-# LANGBUILDER_STORE_URL=
-
-# DOWNLOAD_WEBHOOK_URL
-#
-# LANGBUILDER_DOWNLOAD_WEBHOOK_URL=
-
-# LIKE_WEBHOOK_URL
-#
-# LANGBUILDER_LIKE_WEBHOOK_URL=
-
-# Value must finish with slash /
-#BACKEND_URL=http://localhost:7860/
-BACKEND_URL=
+# Ollama URL for the backend to connect
+# The path '/ollama' will be redirected to the specified backend URL
+OLLAMA_BASE_URL='http://localhost:11434'
+
+OPENAI_API_BASE_URL=''
+OPENAI_API_KEY=
+
+# Port Configuration - ONLY PLACE TO DEFINE PORTS
+FRONTEND_PORT=5175
+BACKEND_PORT=8002
+
+# For production, you should only need one host as
+# fastapi serves the svelte-kit built frontend and backend from the same host and port.
+# To test with CORS locally, you can set something like
+# NOTE: Using '*' is not recommended for production deployments
+CORS_ALLOW_ORIGIN="http://localhost:${FRONTEND_PORT};http://localhost:${BACKEND_PORT}"
+
+# For production you should set this to match the proxy configuration (127.0.0.1)
+FORWARDED_ALLOW_IPS='*'
+
+# DO NOT TRACK
+SCARF_NO_ANALYTICS=true
+DO_NOT_TRACK=true
+ANONYMIZED_TELEMETRY=false
+
+# =================================
+# Google OAuth Configuration
+# =================================
+
+# Google OAuth Credentials (from Google Cloud Console)
+GOOGLE_CLIENT_ID='your-google-client-id.apps.googleusercontent.com'
+GOOGLE_CLIENT_SECRET='your-google-client-secret'
+GOOGLE_REDIRECT_URI="http://localhost:${BACKEND_PORT}/oauth/google/callback"
+
+# In your backend/.env file
+GOOGLE_DRIVE_CLIENT_ID='your-google-drive-client-id.apps.googleusercontent.com'
+GOOGLE_DRIVE_CLIENT_SECRET='your-google-drive-client-secret'
+WEBUI_URL="http://localhost:${FRONTEND_PORT}"
+
+# OAuth Settings
+ENABLE_OAUTH_SIGNUP=true
+OAUTH_ALLOWED_DOMAINS='*'
+OAUTH_MERGE_ACCOUNTS_BY_EMAIL=true
+OAUTH_UPDATE_PICTURE_ON_LOGIN=true
+
+# OpenID Provider URL for proper logout functionality
+OPENID_PROVIDER_URL='https://accounts.google.com/.well-known/openid_configuration'
+
+# Additional OAuth Settings
+ENABLE_SIGNUP=true
+ENABLE_LOGIN_FORM=true
+ENABLE_API_KEY=true
+
+# Database Configuration
+DATA_DIR='./data'
+DATABASE_URL='sqlite:///./data/webui.db'
+
+# Application Settings
+WEBUI_NAME='ActionBridge'
+WEBUI_SECRET_KEY='your-secret-key-here'
+JWT_EXPIRES_IN='24h'
+OPEN_WEBUI_PORT=${BACKEND_PORT}
+PORT=${BACKEND_PORT}
+HOST=0.0.0.0
+
+# =================================
+# Session Configuration (OAuth Fix)
+# =================================
+
+# Session cookie settings for OAuth state management
+WEBUI_SESSION_COOKIE_SAME_SITE='lax'
+WEBUI_SESSION_COOKIE_SECURE='false'
+
+# Enable debug logging for OAuth troubleshooting
+GLOBAL_LOG_LEVEL='DEBUG'
+
+# =================================
+# Corporate Authentication (Optional)
+# =================================
+
+# Corporate Authentication Config File
+CORPORATE_AUTH_CONFIG='/app/corporate_config.json'
+
+# Google Workspace Setup (Required for corporate authentication)
+GOOGLE_WORKSPACE_DOMAIN='actionbridge.com'
+GOOGLE_WORKSPACE_ADMIN_EMAIL='admin@actionbridge.com'
+GOOGLE_SERVICE_ACCOUNT_KEY_FILE='/app/secrets/google-service-account.json'
+
+# Corporate Group Mappings (JSON format)
+CORPORATE_GROUP_MAPPINGS="{\"actionbridge-admin@actionbridge.com\": \"admin\", \"actionbridge-users@actionbridge.com\": \"user\", \"engineering@actionbridge.com\": \"user\", \"management@actionbridge.com\": \"admin\"}"
+
+# =================================
+# Zoho OAuth Configuration
+# =================================
+
+# Zoho OAuth Credentials (from Zoho Developer Console)
+# EUGENE
+ZOHO_CLIENT_ID='your-zoho-client-id'
+ZOHO_CLIENT_SECRET='your-zoho-client-secret'
+ZOHO_REDIRECT_URI="http://localhost:${BACKEND_PORT}/api/v1/services/zoho/callback"
+# TEST
+#ZOHO_CLIENT_ID='your-alt-zoho-client-id'
+#ZOHO_CLIENT_SECRET='your-alt-zoho-client-secret'
+#ZOHO_REDIRECT_URI="http://localhost:\${BACKEND_PORT}/api/v1/services/zoho/callback"
+
+# =================================
+# GoogleDriveAgent Configuration
+# =================================
+GOOGLE_DRIVE_TOKEN='your-google-drive-access-token'
+GOOGLE_DRIVE_USER_ID='your-google-drive-user-id'
+GOOGLE_DRIVE_AGENT_URL='http://localhost:8000/process'
+GOOGLE_DRIVE_AGENT_PATH='/home/eugene/proj/GoogleDriveAgent'
+KMS_MASTER_KEY='dGVzdC1rZXktMzItYnl0ZXMtYmFzZTY0LWVuY29kZWQ='
+
diff --git a/openwebui/.env.example b/openwebui/.env.example
@@ -3,20 +3,106 @@
 OLLAMA_BASE_URL='http://localhost:11434'
 
 OPENAI_API_BASE_URL=''
-OPENAI_API_KEY=''
+OPENAI_API_KEY='your-openai-api-key-here'
 
-# AUTOMATIC1111_BASE_URL="http://localhost:7860"
+# Port Configuration - ONLY PLACE TO DEFINE PORTS
+FRONTEND_PORT=5175
+BACKEND_PORT=8002
 
 # For production, you should only need one host as
 # fastapi serves the svelte-kit built frontend and backend from the same host and port.
 # To test with CORS locally, you can set something like
-# CORS_ALLOW_ORIGIN='http://localhost:5173;http://localhost:8080'
-CORS_ALLOW_ORIGIN='*'
+# NOTE: Using '*' is not recommended for production deployments
+CORS_ALLOW_ORIGIN="http://localhost:${FRONTEND_PORT};http://localhost:${BACKEND_PORT}"
 
 # For production you should set this to match the proxy configuration (127.0.0.1)
 FORWARDED_ALLOW_IPS='*'
 
 # DO NOT TRACK
 SCARF_NO_ANALYTICS=true
 DO_NOT_TRACK=true
-ANONYMIZED_TELEMETRY=false
+ANONYMIZED_TELEMETRY=false
+
+# =================================
+# Google OAuth Configuration
+# =================================
+
+# Google OAuth Credentials (from Google Cloud Console)
+GOOGLE_CLIENT_ID='your-google-client-id.apps.googleusercontent.com'
+GOOGLE_CLIENT_SECRET='your-google-client-secret'
+GOOGLE_REDIRECT_URI="http://localhost:${BACKEND_PORT}/oauth/google/callback"
+
+# Google Drive OAuth Credentials (separate OAuth client for Drive integration)
+GOOGLE_DRIVE_CLIENT_ID='your-google-drive-client-id.apps.googleusercontent.com'
+GOOGLE_DRIVE_CLIENT_SECRET='your-google-drive-client-secret'
+WEBUI_URL="http://localhost:${FRONTEND_PORT}"
+
+# OAuth Settings
+ENABLE_OAUTH_SIGNUP=true
+OAUTH_ALLOWED_DOMAINS='*'
+OAUTH_MERGE_ACCOUNTS_BY_EMAIL=true
+OAUTH_UPDATE_PICTURE_ON_LOGIN=true
+
+# OpenID Provider URL for proper logout functionality
+OPENID_PROVIDER_URL='https://accounts.google.com/.well-known/openid_configuration'
+
+# Additional OAuth Settings
+ENABLE_SIGNUP=true
+ENABLE_LOGIN_FORM=true
+ENABLE_API_KEY=true
+
+# Database Configuration
+DATA_DIR='./data'
+DATABASE_URL='sqlite:///./data/webui.db'
+
+# Application Settings
+WEBUI_NAME='ActionBridge'
+WEBUI_SECRET_KEY='your-secret-key-here-change-in-production'
+JWT_EXPIRES_IN='24h'
+OPEN_WEBUI_PORT=${BACKEND_PORT}
+PORT=${BACKEND_PORT}
+HOST=0.0.0.0
+
+# =================================
+# Session Configuration (OAuth Fix)
+# =================================
+
+# Session cookie settings for OAuth state management
+WEBUI_SESSION_COOKIE_SAME_SITE='lax'
+WEBUI_SESSION_COOKIE_SECURE='false'
+
+# Enable debug logging for OAuth troubleshooting (set to INFO in production)
+GLOBAL_LOG_LEVEL='DEBUG'
+
+# =================================
+# Corporate Authentication (Optional)
+# =================================
+
+# Corporate Authentication Config File
+CORPORATE_AUTH_CONFIG='/app/corporate_config.json'
+
+# Google Workspace Setup (Required for corporate authentication)
+GOOGLE_WORKSPACE_DOMAIN='your-domain.com'
+GOOGLE_WORKSPACE_ADMIN_EMAIL='admin@your-domain.com'
+GOOGLE_SERVICE_ACCOUNT_KEY_FILE='/app/secrets/google-service-account.json'
+
+# Corporate Group Mappings (JSON format)
+CORPORATE_GROUP_MAPPINGS="{\"admin-group@your-domain.com\": \"admin\", \"users-group@your-domain.com\": \"user\"}"
+
+# =================================
+# Zoho OAuth Configuration
+# =================================
+
+# Zoho OAuth Credentials (from Zoho Developer Console)
+ZOHO_CLIENT_ID='your-zoho-client-id'
+ZOHO_CLIENT_SECRET='your-zoho-client-secret'
+ZOHO_REDIRECT_URI="http://localhost:${BACKEND_PORT}/api/v1/services/zoho/callback"
+
+# =================================
+# GoogleDriveAgent Configuration (Optional)
+# =================================
+GOOGLE_DRIVE_TOKEN=''
+GOOGLE_DRIVE_USER_ID=''
+GOOGLE_DRIVE_AGENT_URL='http://localhost:8000/process'
+GOOGLE_DRIVE_AGENT_PATH='/path/to/GoogleDriveAgent'
+KMS_MASTER_KEY='your-kms-master-key-base64-encoded'