Flexomatic81
6a8265d3dc
Replace hardcoded .env configuration with database-backed settings
manageable through the Admin web interface. This reduces .env to
bootstrap-only variables (DB, Keycloak, encryption keys).
Backend:
- Add SystemSetting Prisma model with category, valueType, isSecret
- Add system-settings NestJS module (CRUD, 60s cache, encryption)
- Refactor all 7 connectors to lazy-load credentials from DB via
CredentialsService.findActiveByType() instead of ConfigService
- Add event-driven credential reload (@nestjs/event-emitter)
- Dynamic CORS origins and conditional Swagger from DB settings
- Fix JWT strategy: use Keycloak JWKS (RS256) instead of symmetric secret
- Add SYSTEM_SETTINGS_VIEW/MANAGE permissions
- Seed 13 default settings (sync intervals, features, branding, CORS)
- Add env-to-db migration script (prisma/migrate-env-to-db.ts)
Frontend:
- Add use-credentials hook (full CRUD for integration credentials)
- Add use-system-settings hook (read/update system settings)
- Wire admin-integrations page to real API (create/update/test/toggle)
- Add admin system-settings page with 4 tabs (Branding, CORS, Sync, Features)
- Fix sidebar double-highlighting with exactMatch flag
- Fix integration detail fallback when API unavailable
- Fix API client to unwrap backend's {success, data} envelope
- Update NEXT_PUBLIC_API_URL to include /v1 version prefix
- Fix activity-widget hydration error
- Add i18n keys for systemSettings (de + en)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
53 lines
2.4 KiB
Plaintext
53 lines
2.4 KiB
Plaintext
# Application
|
|
NODE_ENV=development
|
|
PORT=3001
|
|
API_PREFIX=api
|
|
|
|
# Database
|
|
# NOTE: App uses tos_app (separate from Keycloak's tos_db)
|
|
DATABASE_URL="postgresql://tos_user:tos_secret_password@localhost:5432/tos_app?schema=public"
|
|
|
|
# JWT / Keycloak
|
|
# IMPORTANT: Change JWT_SECRET in production! Use a cryptographically secure random string.
|
|
JWT_SECRET=your-super-secret-jwt-key-change-in-production
|
|
KEYCLOAK_URL=http://localhost:8080
|
|
KEYCLOAK_REALM=tOS
|
|
# NOTE: Client ID must match the Keycloak realm configuration in docker/keycloak/realm-export.json
|
|
KEYCLOAK_CLIENT_ID=tos-backend
|
|
KEYCLOAK_CLIENT_SECRET=your-keycloak-backend-client-secret
|
|
|
|
# Encryption
|
|
# IMPORTANT: Generate a secure 32+ character key for production!
|
|
# You can generate one with: node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
|
|
ENCRYPTION_KEY=your-32-byte-encryption-key-change-in-production
|
|
|
|
# Redis (required for BullMQ in production)
|
|
# REDIS_HOST=localhost
|
|
# REDIS_PORT=6379
|
|
|
|
# =============================================================================
|
|
# Settings moved to the database (SystemSettings table)
|
|
# =============================================================================
|
|
# The following env vars are no longer read by the application.
|
|
# Their values are stored in the database and can be managed via the
|
|
# admin UI at /admin/system-settings or via the API at PUT /api/v1/system-settings/:key.
|
|
#
|
|
# To seed initial values from a .env file, run the migration script:
|
|
# npx ts-node prisma/migrate-env-to-db.ts
|
|
#
|
|
# Keys and their DB equivalents:
|
|
# CORS_ORIGINS -> cors.origins (cors category)
|
|
# SWAGGER_ENABLED -> feature.swagger.enabled (feature category)
|
|
# ENABLE_SYNC_JOBS -> feature.syncJobs.enabled (feature category)
|
|
# SYNC_INTERVAL_PLENTYONE -> sync.interval.plentyone (sync category)
|
|
# SYNC_INTERVAL_ZULIP -> sync.interval.zulip (sync category)
|
|
# SYNC_INTERVAL_TODOIST -> sync.interval.todoist (sync category)
|
|
# SYNC_INTERVAL_FREESCOUT -> sync.interval.freescout (sync category)
|
|
# SYNC_INTERVAL_NEXTCLOUD -> sync.interval.nextcloud (sync category)
|
|
# SYNC_INTERVAL_ECODMS -> sync.interval.ecodms (sync category)
|
|
# SYNC_INTERVAL_GEMBADOCS -> sync.interval.gembadocs (sync category)
|
|
#
|
|
# Integration credentials (PLENTYONE_*, ZULIP_*, TODOIST_*, FREESCOUT_*,
|
|
# NEXTCLOUD_*, ECODMS_*, GEMBADOCS_*) are stored encrypted in the
|
|
# IntegrationCredential table and managed via /admin/integrations.
|