feat: move configuration from .env to DB with Admin UI management
Replace hardcoded .env configuration with database-backed settings
manageable through the Admin web interface. This reduces .env to
bootstrap-only variables (DB, Keycloak, encryption keys).
Backend:
- Add SystemSetting Prisma model with category, valueType, isSecret
- Add system-settings NestJS module (CRUD, 60s cache, encryption)
- Refactor all 7 connectors to lazy-load credentials from DB via
CredentialsService.findActiveByType() instead of ConfigService
- Add event-driven credential reload (@nestjs/event-emitter)
- Dynamic CORS origins and conditional Swagger from DB settings
- Fix JWT strategy: use Keycloak JWKS (RS256) instead of symmetric secret
- Add SYSTEM_SETTINGS_VIEW/MANAGE permissions
- Seed 13 default settings (sync intervals, features, branding, CORS)
- Add env-to-db migration script (prisma/migrate-env-to-db.ts)
Frontend:
- Add use-credentials hook (full CRUD for integration credentials)
- Add use-system-settings hook (read/update system settings)
- Wire admin-integrations page to real API (create/update/test/toggle)
- Add admin system-settings page with 4 tabs (Branding, CORS, Sync, Features)
- Fix sidebar double-highlighting with exactMatch flag
- Fix integration detail fallback when API unavailable
- Fix API client to unwrap backend's {success, data} envelope
- Update NEXT_PUBLIC_API_URL to include /v1 version prefix
- Fix activity-widget hydration error
- Add i18n keys for systemSettings (de + en)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -16,65 +16,37 @@ KEYCLOAK_REALM=tOS
|
||||
KEYCLOAK_CLIENT_ID=tos-backend
|
||||
KEYCLOAK_CLIENT_SECRET=your-keycloak-backend-client-secret
|
||||
|
||||
# CORS
|
||||
CORS_ORIGINS=http://localhost:3000,http://localhost:5173
|
||||
|
||||
# Swagger
|
||||
SWAGGER_ENABLED=true
|
||||
|
||||
# =============================================================================
|
||||
# Phase 3: Integrations & Sync Jobs
|
||||
# =============================================================================
|
||||
|
||||
# Encryption
|
||||
# IMPORTANT: Generate a secure 32+ character key for production!
|
||||
# You can generate one with: node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
|
||||
ENCRYPTION_KEY=your-32-byte-encryption-key-change-in-production
|
||||
|
||||
# Redis (required for BullMQ in production)
|
||||
REDIS_HOST=localhost
|
||||
REDIS_PORT=6379
|
||||
|
||||
# Sync Jobs
|
||||
# Set to 'true' to enable automatic background sync jobs
|
||||
ENABLE_SYNC_JOBS=false
|
||||
|
||||
# Sync Intervals (in minutes)
|
||||
SYNC_INTERVAL_PLENTYONE=15
|
||||
SYNC_INTERVAL_ZULIP=5
|
||||
SYNC_INTERVAL_TODOIST=10
|
||||
SYNC_INTERVAL_FREESCOUT=10
|
||||
SYNC_INTERVAL_NEXTCLOUD=30
|
||||
SYNC_INTERVAL_ECODMS=60
|
||||
SYNC_INTERVAL_GEMBADOCS=30
|
||||
# REDIS_HOST=localhost
|
||||
# REDIS_PORT=6379
|
||||
|
||||
# =============================================================================
|
||||
# Phase 3: API Connector Credentials
|
||||
# Settings moved to the database (SystemSettings table)
|
||||
# =============================================================================
|
||||
|
||||
# PlentyONE (OAuth2 Client Credentials)
|
||||
PLENTYONE_BASE_URL=
|
||||
PLENTYONE_CLIENT_ID=
|
||||
PLENTYONE_CLIENT_SECRET=
|
||||
|
||||
# ZULIP (Basic Auth with API Key)
|
||||
ZULIP_BASE_URL=
|
||||
ZULIP_EMAIL=
|
||||
ZULIP_API_KEY=
|
||||
|
||||
# Todoist (Bearer Token)
|
||||
TODOIST_API_TOKEN=
|
||||
|
||||
# FreeScout (API Key)
|
||||
FREESCOUT_API_URL=
|
||||
FREESCOUT_API_KEY=
|
||||
|
||||
# Nextcloud (Basic Auth / App Password)
|
||||
NEXTCLOUD_URL=
|
||||
NEXTCLOUD_USERNAME=
|
||||
NEXTCLOUD_PASSWORD=
|
||||
|
||||
# ecoDMS (Session-based Auth)
|
||||
ECODMS_API_URL=
|
||||
ECODMS_USERNAME=
|
||||
ECODMS_PASSWORD=
|
||||
# The following env vars are no longer read by the application.
|
||||
# Their values are stored in the database and can be managed via the
|
||||
# admin UI at /admin/system-settings or via the API at PUT /api/v1/system-settings/:key.
|
||||
#
|
||||
# To seed initial values from a .env file, run the migration script:
|
||||
# npx ts-node prisma/migrate-env-to-db.ts
|
||||
#
|
||||
# Keys and their DB equivalents:
|
||||
# CORS_ORIGINS -> cors.origins (cors category)
|
||||
# SWAGGER_ENABLED -> feature.swagger.enabled (feature category)
|
||||
# ENABLE_SYNC_JOBS -> feature.syncJobs.enabled (feature category)
|
||||
# SYNC_INTERVAL_PLENTYONE -> sync.interval.plentyone (sync category)
|
||||
# SYNC_INTERVAL_ZULIP -> sync.interval.zulip (sync category)
|
||||
# SYNC_INTERVAL_TODOIST -> sync.interval.todoist (sync category)
|
||||
# SYNC_INTERVAL_FREESCOUT -> sync.interval.freescout (sync category)
|
||||
# SYNC_INTERVAL_NEXTCLOUD -> sync.interval.nextcloud (sync category)
|
||||
# SYNC_INTERVAL_ECODMS -> sync.interval.ecodms (sync category)
|
||||
# SYNC_INTERVAL_GEMBADOCS -> sync.interval.gembadocs (sync category)
|
||||
#
|
||||
# Integration credentials (PLENTYONE_*, ZULIP_*, TODOIST_*, FREESCOUT_*,
|
||||
# NEXTCLOUD_*, ECODMS_*, GEMBADOCS_*) are stored encrypted in the
|
||||
# IntegrationCredential table and managed via /admin/integrations.
|
||||
|
||||
Reference in New Issue
Block a user