Add authentication, user management, and database migration features
- Implement OAuth 2.0 and PAT authentication methods - Add user management, roles, and profile functionality - Add database migrations and admin user scripts - Update services for authentication and user settings - Add protected routes and permission hooks - Update documentation for authentication and database access
This commit is contained in:
93
.env.example
93
.env.example
@@ -1,12 +1,31 @@
|
||||
# Application
|
||||
# =============================================================================
|
||||
# CMDB Insight - Environment Configuration
|
||||
# =============================================================================
|
||||
# Copy this file to .env and update the values according to your environment
|
||||
# =============================================================================
|
||||
|
||||
# -----------------------------------------------------------------------------
|
||||
# Application Configuration
|
||||
# -----------------------------------------------------------------------------
|
||||
PORT=3001
|
||||
NODE_ENV=development
|
||||
FRONTEND_URL=http://localhost:5173
|
||||
|
||||
# Application Branding
|
||||
APP_NAME=CMDB Insight
|
||||
APP_TAGLINE=Management console for Jira Assets
|
||||
APP_COPYRIGHT=© {year} Zuyderland Medisch Centrum
|
||||
|
||||
# -----------------------------------------------------------------------------
|
||||
# Database Configuration
|
||||
# -----------------------------------------------------------------------------
|
||||
# Use 'postgres' for PostgreSQL or 'sqlite' for SQLite (default)
|
||||
DATABASE_TYPE=postgres
|
||||
|
||||
# Option 1: Use DATABASE_URL (recommended for PostgreSQL)
|
||||
DATABASE_URL=postgresql://cmdb:cmdb-dev@localhost:5432/cmdb
|
||||
# Or use individual components:
|
||||
|
||||
# Option 2: Use individual components (alternative to DATABASE_URL)
|
||||
# DATABASE_HOST=localhost
|
||||
# DATABASE_PORT=5432
|
||||
# DATABASE_NAME=cmdb
|
||||
@@ -14,17 +33,71 @@ DATABASE_URL=postgresql://cmdb:cmdb-dev@localhost:5432/cmdb
|
||||
# DATABASE_PASSWORD=cmdb-dev
|
||||
# DATABASE_SSL=false
|
||||
|
||||
# -----------------------------------------------------------------------------
|
||||
# Jira Assets Configuration
|
||||
# -----------------------------------------------------------------------------
|
||||
JIRA_HOST=https://jira.zuyderland.nl
|
||||
JIRA_PAT=your_personal_access_token_here
|
||||
JIRA_SCHEMA_ID=your_schema_id
|
||||
JIRA_API_BATCH_SIZE=20
|
||||
|
||||
# Claude API
|
||||
ANTHROPIC_API_KEY=your_anthropic_api_key_here
|
||||
# Jira Service Account Token (for read operations: sync, fetching data)
|
||||
# This token is used for all read operations from Jira Assets.
|
||||
# Write operations (saving changes) require users to configure their own PAT in profile settings.
|
||||
JIRA_SERVICE_ACCOUNT_TOKEN=your_service_account_personal_access_token
|
||||
JIRA_API_BATCH_SIZE=15
|
||||
|
||||
# Tavily API Key (verkrijgbaar via https://tavily.com)
|
||||
TAVILY_API_KEY=your_tavily_api_key_here
|
||||
# Jira Authentication Method
|
||||
# Note: User Personal Access Tokens (PAT) are NOT configured here - users configure them in their profile settings
|
||||
# The service account token above is used for read operations, user PATs are used for write operations.
|
||||
|
||||
# OpenAI API
|
||||
OPENAI_API_KEY=your_openai_api_key_here
|
||||
# Options: 'pat' (Personal Access Token) or 'oauth' (OAuth 2.0)
|
||||
JIRA_AUTH_METHOD=pat
|
||||
|
||||
|
||||
# Option 2: OAuth 2.0 Authentication
|
||||
# Required when JIRA_AUTH_METHOD=oauth
|
||||
# JIRA_OAUTH_CLIENT_ID=your_oauth_client_id
|
||||
# JIRA_OAUTH_CLIENT_SECRET=your_oauth_client_secret
|
||||
# JIRA_OAUTH_CALLBACK_URL=http://localhost:3001/api/auth/callback
|
||||
# JIRA_OAUTH_SCOPES=READ WRITE
|
||||
|
||||
# Legacy: JIRA_OAUTH_ENABLED (for backward compatibility)
|
||||
# JIRA_OAUTH_ENABLED=false
|
||||
|
||||
# -----------------------------------------------------------------------------
|
||||
# Local Authentication System
|
||||
# -----------------------------------------------------------------------------
|
||||
# Enable local authentication (email/password login)
|
||||
LOCAL_AUTH_ENABLED=true
|
||||
|
||||
# Allow public registration (optional, default: false)
|
||||
REGISTRATION_ENABLED=false
|
||||
|
||||
# Session Configuration
|
||||
SESSION_SECRET=change-this-secret-in-production
|
||||
SESSION_DURATION_HOURS=24
|
||||
|
||||
# Password Requirements
|
||||
PASSWORD_MIN_LENGTH=8
|
||||
PASSWORD_REQUIRE_UPPERCASE=true
|
||||
PASSWORD_REQUIRE_LOWERCASE=true
|
||||
PASSWORD_REQUIRE_NUMBER=true
|
||||
PASSWORD_REQUIRE_SPECIAL=false
|
||||
|
||||
# Email Configuration (for invitations, password resets, etc.)
|
||||
SMTP_HOST=smtp.example.com
|
||||
SMTP_PORT=587
|
||||
SMTP_SECURE=false
|
||||
SMTP_USER=your-email@example.com
|
||||
SMTP_PASSWORD=your-email-password
|
||||
SMTP_FROM=noreply@example.com
|
||||
|
||||
# Encryption Key (for encrypting sensitive user data like API keys)
|
||||
# Generate with: openssl rand -base64 32
|
||||
ENCRYPTION_KEY=your-32-byte-encryption-key-base64
|
||||
|
||||
# Initial Administrator User (optional - created on first migration)
|
||||
# If not set, you'll need to create an admin user manually
|
||||
ADMIN_USERNAME=administrator
|
||||
ADMIN_PASSWORD=SecurePassword123!
|
||||
ADMIN_EMAIL=admin@example.com
|
||||
ADMIN_DISPLAY_NAME=Administrator
|
||||
Reference in New Issue
Block a user