Workflow/backend/.env.example
root 093fe85573 fix: frontend API mapping, security hardening, test suite
Frontend:
- Fix all API response unwrapping (backend wraps in {data:...})
- Fix workflow publish/archive to use PATCH /status endpoint
- Fix step reorder payload format
- Add tenantId to workflow creation
- Fix step count display using _count

Security (CRITICAL/HIGH):
- Add JWT algorithm restriction (HS256 only)
- Replace weak default JWT secrets
- Fix token blacklist memory leak
- Fix step reorder IDOR vulnerability
- Strengthen password policy (8 chars, mixed case + digit)

Tests:
- 68 tests: auth (17), workflows (26), tenants (25)
- Complete Prisma mock setup with test fixtures
2026-03-20 23:15:07 +00:00

15 lines
471 B
Plaintext

# Database
DATABASE_URL=postgresql://workflow:CHANGE_DB_PASSWORD@localhost:5432/workflow_portal
# JWT Secrets - MUST be changed before deploying!
# Generate with: node -e "console.log(require('crypto').randomBytes(64).toString('hex'))"
JWT_SECRET=GENERATE_A_STRONG_RANDOM_SECRET_HERE
JWT_REFRESH_SECRET=GENERATE_ANOTHER_STRONG_RANDOM_SECRET_HERE
# Server
PORT=4000
NODE_ENV=development
# CORS - set to your frontend URL in production
CORS_ORIGIN=http://localhost:3000