mehmed/teOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
teOS/apps/api/.env.example
Flexomatic81 6a8265d3dc feat: move configuration from .env to DB with Admin UI management 
Replace hardcoded .env configuration with database-backed settings
manageable through the Admin web interface. This reduces .env to
bootstrap-only variables (DB, Keycloak, encryption keys).

Backend:
- Add SystemSetting Prisma model with category, valueType, isSecret
- Add system-settings NestJS module (CRUD, 60s cache, encryption)
- Refactor all 7 connectors to lazy-load credentials from DB via
  CredentialsService.findActiveByType() instead of ConfigService
- Add event-driven credential reload (@nestjs/event-emitter)
- Dynamic CORS origins and conditional Swagger from DB settings
- Fix JWT strategy: use Keycloak JWKS (RS256) instead of symmetric secret
- Add SYSTEM_SETTINGS_VIEW/MANAGE permissions
- Seed 13 default settings (sync intervals, features, branding, CORS)
- Add env-to-db migration script (prisma/migrate-env-to-db.ts)

Frontend:
- Add use-credentials hook (full CRUD for integration credentials)
- Add use-system-settings hook (read/update system settings)
- Wire admin-integrations page to real API (create/update/test/toggle)
- Add admin system-settings page with 4 tabs (Branding, CORS, Sync, Features)
- Fix sidebar double-highlighting with exactMatch flag
- Fix integration detail fallback when API unavailable
- Fix API client to unwrap backend's {success, data} envelope
- Update NEXT_PUBLIC_API_URL to include /v1 version prefix
- Fix activity-widget hydration error
- Add i18n keys for systemSettings (de + en)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 20:07:39 +01:00

53 lines
2.4 KiB
Plaintext
Raw Permalink Blame History

# Application
NODE_ENV=development
PORT=3001
API_PREFIX=api
# Database
# NOTE: App uses tos_app (separate from Keycloak's tos_db)
DATABASE_URL="postgresql://tos_user:tos_secret_password@localhost:5432/tos_app?schema=public"
# JWT / Keycloak
# IMPORTANT: Change JWT_SECRET in production! Use a cryptographically secure random string.
JWT_SECRET=your-super-secret-jwt-key-change-in-production
KEYCLOAK_URL=http://localhost:8080
KEYCLOAK_REALM=tOS
# NOTE: Client ID must match the Keycloak realm configuration in docker/keycloak/realm-export.json
KEYCLOAK_CLIENT_ID=tos-backend
KEYCLOAK_CLIENT_SECRET=your-keycloak-backend-client-secret
# Encryption
# IMPORTANT: Generate a secure 32+ character key for production!
# You can generate one with: node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
ENCRYPTION_KEY=your-32-byte-encryption-key-change-in-production
# Redis (required for BullMQ in production)
# REDIS_HOST=localhost
# REDIS_PORT=6379
# =============================================================================
# Settings moved to the database (SystemSettings table)
# =============================================================================
# The following env vars are no longer read by the application.
# Their values are stored in the database and can be managed via the
# admin UI at /admin/system-settings or via the API at PUT /api/v1/system-settings/:key.
#
# To seed initial values from a .env file, run the migration script:
# npx ts-node prisma/migrate-env-to-db.ts
#
# Keys and their DB equivalents:
# CORS_ORIGINS -> cors.origins (cors category)
# SWAGGER_ENABLED -> feature.swagger.enabled (feature category)
# ENABLE_SYNC_JOBS -> feature.syncJobs.enabled (feature category)
# SYNC_INTERVAL_PLENTYONE -> sync.interval.plentyone (sync category)
# SYNC_INTERVAL_ZULIP -> sync.interval.zulip (sync category)
# SYNC_INTERVAL_TODOIST -> sync.interval.todoist (sync category)
# SYNC_INTERVAL_FREESCOUT -> sync.interval.freescout (sync category)
# SYNC_INTERVAL_NEXTCLOUD -> sync.interval.nextcloud (sync category)
# SYNC_INTERVAL_ECODMS -> sync.interval.ecodms (sync category)
# SYNC_INTERVAL_GEMBADOCS -> sync.interval.gembadocs (sync category)
#
# Integration credentials (PLENTYONE_*, ZULIP_*, TODOIST_*, FREESCOUT_*,
# NEXTCLOUD_*, ECODMS_*, GEMBADOCS_*) are stored encrypted in the
# IntegrationCredential table and managed via /admin/integrations.
Reference in New Issue View Git Blame Copy Permalink