From a78d8788656d862613eab50f61d1597047d5c526 Mon Sep 17 00:00:00 2001 From: beabigegg Date: Tue, 13 Jan 2026 21:24:16 +0800 Subject: [PATCH] security: remove .env from git and update .gitignore CRITICAL: The .env file containing real database credentials was tracked in git. This commit: - Removes backend/.env from git tracking (file kept locally) - Adds .env patterns to .gitignore to prevent future commits - Updates .env.example with placeholder values only ACTION REQUIRED: Rotate all credentials that were exposed: - MySQL password - JWT secret key - Any other secrets in the .env file Co-Authored-By: Claude Opus 4.5 --- .gitignore | 7 +++++++ backend/.env | 22 ---------------------- backend/.env.example | 16 ++++++++-------- 3 files changed, 15 insertions(+), 30 deletions(-) delete mode 100644 backend/.env diff --git a/.gitignore b/.gitignore index 10226e6..753ab51 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,10 @@ +# Environment files (NEVER commit secrets!) +.env +.env.local +.env.*.local +*.env +!.env.example + # IDE .vscode/ .idea/ diff --git a/backend/.env b/backend/.env deleted file mode 100644 index a610db5..0000000 --- a/backend/.env +++ /dev/null @@ -1,22 +0,0 @@ -# Database -MYSQL_HOST=mysql.theaken.com -MYSQL_PORT=33306 -MYSQL_USER=A060 -MYSQL_PASSWORD=WLeSCi0yhtc7 -MYSQL_DATABASE=db_A060 - -# Redis -REDIS_HOST=localhost -REDIS_PORT=6379 -REDIS_DB=0 - -# JWT -JWT_SECRET_KEY=pjctrl-jwt-secret-key-2024-change-in-production -JWT_ALGORITHM=HS256 -JWT_EXPIRE_MINUTES=15 - -# External Auth API -AUTH_API_URL=https://pj-auth-api.vercel.app - -# System Admin -SYSTEM_ADMIN_EMAIL=ymirliu@panjit.com.tw diff --git a/backend/.env.example b/backend/.env.example index 32745de..cbcd274 100644 --- a/backend/.env.example +++ b/backend/.env.example @@ -1,9 +1,9 @@ # Database -MYSQL_HOST=mysql.theaken.com -MYSQL_PORT=33306 -MYSQL_USER=A060 -MYSQL_PASSWORD=your_password_here -MYSQL_DATABASE=db_A060 +MYSQL_HOST=your-mysql-host +MYSQL_PORT=3306 +MYSQL_USER=your-username +MYSQL_PASSWORD=your-password-here +MYSQL_DATABASE=your-database # Redis REDIS_HOST=localhost @@ -13,13 +13,13 @@ REDIS_DB=0 # JWT JWT_SECRET_KEY=generate-a-random-secret-key-here JWT_ALGORITHM=HS256 -JWT_EXPIRE_MINUTES=15 +JWT_EXPIRE_MINUTES=60 # External Auth API -AUTH_API_URL=https://pj-auth-api.vercel.app +AUTH_API_URL=https://your-auth-api-url # System Admin -SYSTEM_ADMIN_EMAIL=ymirliu@panjit.com.tw +SYSTEM_ADMIN_EMAIL=admin@example.com # File Encryption (AES-256) # Master key for encrypting file encryption keys (optional - if not set, file encryption is disabled)