Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 38 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
# Python
__pycache__/
*.py[cod]
*.pyo
*.pyd
env/
venv/
ENV/
.venv/

# Environment files
.env
*.env
backend/.env

# Node
node_modules/
dist/
frontend/dist/
frontend/node_modules/

# Build
.vite/
/.nitro

# IDEs
.vscode/
.idea/
*.suo
*.ntvs*
*.njsproj
*.sln
*.swp
.DS_Store

# Logs
logs/
*.log
42 changes: 42 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -395,6 +395,48 @@ VITE_APP_NAME=DevLink

---

## Managing Secrets (local development)

IMPORTANT: Do not commit real secrets to the repository. Use `backend/.env.example` as a template and create a local `backend/.env` that is ignored by git.

1. Copy the example file locally:

```bash
cp backend/.env.example backend/.env
```

2. Generate a strong `SECRET_KEY` (example using Python):

```bash
python -c "import secrets; print(secrets.token_urlsafe(48))" > /dev/null
# then paste the printed value into backend/.env for SECRET_KEY
```

Or using OpenSSL:

```bash
openssl rand -base64 48
```

3. Store database credentials locally only (do not commit). For development with `docker-compose`, you can set the DB password in your shell or a local `.env` copied from the example:

```bash
export POSTGRES_PASSWORD="your_local_db_password"
docker compose up
```

4. Rotating secrets:

- Revoke or rotate any API keys (OpenAI, Cloudinary, AWS) from their provider consoles.
- Change your database password and update any environment variables or secret stores.
- Generate a new `SECRET_KEY` and deploy it to your environment.
- Invalidate existing user sessions/tokens if possible (rotate DB token version or flush token blacklist store).

5. After rotating, ensure CI/CD uses secure secret storage (GitHub Actions secrets, Vault, AWS Secrets Manager) rather than reading secrets from repo files.

If any secret was previously committed, remove it from git history (force push required). See the Security section for suggested steps.


# Development Workflow

```
Expand Down
158 changes: 0 additions & 158 deletions backend/.env

This file was deleted.

56 changes: 56 additions & 0 deletions backend/.env.example
Original file line number Diff line number Diff line change
@@ -1,3 +1,59 @@
# DevLink Backend Environment Example
# Copy this file to backend/.env and fill in secret values locally.

APP_NAME="DevLink API"
APP_VERSION="1.0.0"
ENVIRONMENT="development"
DEBUG=true

HOST="0.0.0.0"
PORT=8000

# Security
SECRET_KEY="replace-with-a-strong-random-secret-at-least-32-characters"
JWT_ALGORITHM="HS256"

ACCESS_TOKEN_EXPIRE_MINUTES=30
REFRESH_TOKEN_EXPIRE_DAYS=7
PASSWORD_HASH_SCHEME="bcrypt"

# Database - these will be consumed by docker-compose variable substitution
POSTGRES_DB=devlink
POSTGRES_USER=postgres
POSTGRES_PASSWORD=replace-with-db-password

DATABASE_URL="postgresql+psycopg://postgres:${POSTGRES_PASSWORD}@localhost:5432/${POSTGRES_DB}"

# Redis
REDIS_URL="redis://localhost:6379/0"

# CORS
ALLOWED_ORIGINS=http://localhost:5173,http://localhost:5174,http://localhost:3000

# Email
SMTP_HOST="smtp.example.com"
SMTP_PORT=587
SMTP_USERNAME=""
SMTP_PASSWORD=""
EMAIL_FROM="noreply@devlink.app"

# OAuth
GITHUB_CLIENT_ID=""
GITHUB_CLIENT_SECRET=""
GOOGLE_CLIENT_ID=""
GOOGLE_CLIENT_SECRET=""

# AI
OPENAI_API_KEY=""
GEMINI_API_KEY=""

# Cloudinary / AWS
CLOUDINARY_CLOUD_NAME=""
CLOUDINARY_API_KEY=""
CLOUDINARY_API_SECRET=""
AWS_ACCESS_KEY_ID=""
AWS_SECRET_ACCESS_KEY=""
AWS_BUCKET_NAME=""
# ==========================================================
# DevLink Backend Environment Configuration
# ==========================================================
Expand Down
6 changes: 3 additions & 3 deletions backend/docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,9 @@ services:
restart: unless-stopped

environment:
POSTGRES_DB: devlink
POSTGRES_USER: postgres
POSTGRES_PASSWORD: devlink123
POSTGRES_DB: ${POSTGRES_DB:-devlink}
POSTGRES_USER: ${POSTGRES_USER:-postgres}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}

ports:
- "5432:5432"
Expand Down
Loading
Loading