feat: extract secrets to .env, remove hardcoded credentials

- Backend: .env file for DB/JWT/Redis/MinIO config, appsettings.json cleared - Backend: Program.cs loads .env at startup (no extra NuGet packages) - Frontend: .env files for VITE_API_URL, api-clients use import.meta.env - Added vite-env.d.ts type declarations for both frontends - All hardcoded localhost:5000 replaced with env variable - Added .env.example template for onboarding
2026-05-22 22:02:08 +08:00
parent 722ee76d93
commit d6a432aec4
27 changed files with 1616 additions and 472 deletions
--- a/backend/.env.example
+++ b/backend/.env.example
@@ -0,0 +1,15 @@
+# PostgreSQL
+ConnectionStrings__Default=Host=localhost;Port=5432;Database=health_manager;Username=postgres;Password=your_password
+
+# JWT
+Jwt__Secret=your-jwt-secret-change-me
+Jwt__Issuer=HealthManager
+Jwt__Audience=HealthManagerApp
+
+# Redis (reserved)
+Redis__Connection=localhost:6379
+
+# MinIO (reserved)
+MinIO__Endpoint=localhost:9000
+MinIO__AccessKey=minioadmin
+MinIO__SecretKey=minioadmin
--- a/backend/src/HealthManager.WebApi/Program.cs
+++ b/backend/src/HealthManager.WebApi/Program.cs
@@ -9,6 +9,24 @@ using Microsoft.EntityFrameworkCore;
 using Microsoft.IdentityModel.Tokens;
 using Swashbuckle.AspNetCore.SwaggerGen;

+// Load .env file into environment variables
+var envPath = Path.Combine(Directory.GetCurrentDirectory(), "..", "..", "..", "..", ".env");
+if (File.Exists(envPath))
+{
+    foreach (var line in File.ReadAllLines(envPath))
+    {
+        var trimmed = line.Trim();
+        if (string.IsNullOrEmpty(trimmed) || trimmed.StartsWith('#')) continue;
+        var eq = trimmed.IndexOf('=');
+        if (eq > 0)
+        {
+            var key = trimmed[..eq].Trim();
+            var value = trimmed[(eq + 1)..].Trim();
+            Environment.SetEnvironmentVariable(key, value);
+        }
+    }
+}
+
 var builder = WebApplication.CreateBuilder(args);

 // Database
--- a/backend/src/HealthManager.WebApi/appsettings.json
+++ b/backend/src/HealthManager.WebApi/appsettings.json
@@ -7,19 +7,19 @@
  },
  "AllowedHosts": "*",
  "ConnectionStrings": {
-    "Default": "Host=localhost;Port=5432;Database=health_manager;Username=postgres;Password=postgres123"
+    "Default": ""
  },
  "Jwt": {
-    "Secret": "health-manager-jwt-secret-key-2026-super-secure-long-enough!",
+    "Secret": "",
    "Issuer": "HealthManager",
    "Audience": "HealthManagerApp"
  },
  "Redis": {
-    "Connection": "localhost:6379"
+    "Connection": ""
  },
  "MinIO": {
-    "Endpoint": "localhost:9000",
-    "AccessKey": "minioadmin",
-    "SecretKey": "minioadmin"
+    "Endpoint": "",
+    "AccessKey": "",
+    "SecretKey": ""
  }
 }