Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

459 add definitions for important env variables to readme #469

Merged

Conversation

DeboraSerra
Copy link
Contributor

@DeboraSerra DeboraSerra commented Jan 6, 2025

Describe your changes

Added comments to env files

development
image

test
image

production
image

Issue number

#459

Please ensure all items are checked off before requesting a review:

  • I deployed the code locally.
  • I have performed a self-review of my code.
  • I have included the issue # in the PR.
  • I have labelled the PR correctly.
  • The issue I am working on is assigned to me.
  • I didn't use any hardcoded values (otherwise it will not scale, and will make it difficult to maintain consistency across the application).
  • I made sure font sizes, color choices etc are all referenced from the theme.
  • My PR is granular and targeted to one specific feature.
  • I took a screenshot or a video and attached to this PR if there is a UI change.

@DeboraSerra DeboraSerra requested a review from erenfn January 6, 2025 18:13
@erenfn
Copy link
Collaborator

erenfn commented Jan 6, 2025

Can you also add their descriptions to readme? You can add them under the server installation instructions.

Copy link
Contributor

coderabbitai bot commented Jan 6, 2025

Walkthrough

The pull request introduces configuration changes across several environment files in the backend: .env, .env.production, and .env.test. Modifications include updates to database credentials, the addition of email service configurations, and adjustments to environment-specific settings. Test database credentials have been removed from the main .env file, while new PostgreSQL-related entries have been added to the test environment configuration. Additionally, a new section has been added to the README to detail the environment variables required for the project.

Changes

File Changes
backend/.env - Added email service configuration variables
- Removed test database credentials
- Updated comments for clarity
backend/.env.production - Updated database connection details
- Added email service configuration
- Retained IP check settings
backend/.env.test - Added PostgreSQL-specific configuration entries
- Added EMAIL_ENABLE and ENABLE_IP_CHECK settings
README.md - Added a new section for environment variables with descriptions for each category
backend/config/config.js - Refactored environment variable loading and database configuration access
backend/package.json - Simplified pretest and posttest scripts by delegating to external shell scripts
backend/pretest-script.sh - New script for setting up the testing environment with Docker and PostgreSQL
backend/posttest-script.sh - New script for managing Docker container post-testing

Sequence Diagram

sequenceDiagram
    participant Dev as Developer
    participant Env as Environment Config
    participant DB as Database
    participant Email as Email Service

    Dev->>Env: Configure environment variables
    Env->>DB: Set database credentials
    Env->>Email: Configure email service settings
    Env->>Env: Enable/Disable IP checking
Loading

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

‼️ IMPORTANT
Auto-reply has been disabled for this repository in the CodeRabbit settings. The CodeRabbit bot will not respond to your replies unless it is explicitly tagged.

  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

🧹 Nitpick comments (2)
backend/.env.production (1)

8-14: Email config needs some documentation love 🍝

The email service configuration could use more detailed comments about:

  • Required email provider (Gmail, AWS SES, etc.)
  • Format of the APP_PASSWORD (is it an API key, OAuth token, etc.?)
  • Port requirements (SSL/TLS?)
backend/.env (1)

13-19: Email config looking clean, but needs some tweaks 👌

The email service configuration is well-documented but consider adding validation for these environment variables in your application startup to ensure they're properly set when EMAIL_ENABLE=true.

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c0fd8aa and 6bc5b5c.

📒 Files selected for processing (3)
  • backend/.env (1 hunks)
  • backend/.env.production (1 hunks)
  • backend/.env.test (1 hunks)
🧰 Additional context used
🪛 Gitleaks (8.21.2)
backend/.env

22-22: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

⏰ Context from checks skipped due to timeout of 90000ms (1)
  • GitHub Check: build (22.x)
🔇 Additional comments (2)
backend/.env.test (1)

Line range hint 18-23: IP check is disabled - intentional for testing? 🤔

The IP check being disabled (ENABLE_IP_CHECK=false) while having extensive IP configurations might indicate inconsistent security settings. Please verify if this is intentional for the test environment.

backend/.env.production (1)

Line range hint 19-24: Hold up! IP check disabled in production? 🚨

Having ENABLE_IP_CHECK=false in a production environment could expose your API to unauthorized access. Please verify if this is intentional and document the security implications.

backend/.env.test Show resolved Hide resolved
backend/.env.production Show resolved Hide resolved
backend/.env Show resolved Hide resolved
backend/.env Show resolved Hide resolved
@gorkem-bwl
Copy link
Contributor

That was needed. Thanks @DeboraSerra

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🧹 Nitpick comments (3)
README.md (3)

113-116: Yo, let's fix that intro and make it pop!

There's a grammatical error in line 115, plus we could make this intro more structured. Here's what's on my mind:

 ## Environment variables

-In order to the project to run safely and correctly, the user should add their own environment variables. They can be added to the .env file in the root directory of the project. The following is the list of environment variables that should be added and its description:
+In order for the project to run safely and correctly, users must configure their environment variables in the `.env` file located in the project's root directory. Below are the required environment variables grouped by category:
🧰 Tools
🪛 LanguageTool

[uncategorized] ~115-~115: The preposition ‘for’ seems more likely in this position.
Context: ...d`` ## Environment variables In order to the project to run safely and correctly...

(AI_HYDRA_LEO_REPLACE_TO_FOR)


117-134: Mom's spaghetti moment: Let's make this DB section more digestible!

The database credentials section could be more readable with proper code block formatting and a table structure.

  1. Add language specification to the code block:
-```
+```env
  1. Consider using a table format for better readability:
| Variable | Environment | Description |
|----------|-------------|-------------|
| `*_DB_USERNAME` | DEV/TEST/PROD | Database username |
| `*_DB_PASSWORD` | DEV/TEST/PROD | Database password |
| `*_DB_NAME` | DEV/TEST/PROD | Database name |
| `*_DB_HOST` | DEV/TEST/PROD | Database host |
| `*_DB_PORT` | DEV/TEST/PROD | Database port |
🧰 Tools
🪛 Markdownlint (0.37.0)

118-118: null
Fenced code blocks should have a language specified

(MD040, fenced-code-language)


159-160: Hold up, we need to keep it real about the setup!

The closing note might be misleading since environment variables are still needed for development and testing.

-For development and testing purposes, the application is ready to go after cloning and dependencies installation.
+For development and testing purposes, you'll need to:
+1. Clone the repository
+2. Install dependencies
+3. Set up the required environment variables (you can use the example values provided above)
+4. Start the application
📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6bc5b5c and bed19c5.

📒 Files selected for processing (1)
  • README.md (1 hunks)
🧰 Additional context used
🪛 LanguageTool
README.md

[uncategorized] ~115-~115: The preposition ‘for’ seems more likely in this position.
Context: ...d`` ## Environment variables In order to the project to run safely and correctly...

(AI_HYDRA_LEO_REPLACE_TO_FOR)

🪛 Markdownlint (0.37.0)
README.md

118-118: null
Fenced code blocks should have a language specified

(MD040, fenced-code-language)


138-138: null
Fenced code blocks should have a language specified

(MD040, fenced-code-language)


147-147: null
Fenced code blocks should have a language specified

(MD040, fenced-code-language)


153-153: null
Fenced code blocks should have a language specified

(MD040, fenced-code-language)

⏰ Context from checks skipped due to timeout of 90000ms (1)
  • GitHub Check: build (22.x)

README.md Outdated Show resolved Hide resolved
README.md Outdated Show resolved Hide resolved
README.md Outdated Show resolved Hide resolved
@DeboraSerra DeboraSerra linked an issue Jan 6, 2025 that may be closed by this pull request
@erenfn erenfn requested a review from gorkem-bwl January 6, 2025 19:04
gorkem-bwl
gorkem-bwl previously approved these changes Jan 6, 2025
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 7

♻️ Duplicate comments (1)
backend/.env.production (1)

2-5: ⚠️ Potential issue

BRUH! 😱 Production credentials in version control!

Never commit actual production database credentials to version control! This is a serious security risk. Replace with environment variables:

-PROD_DB_USERNAME=user123
-PROD_DB_PASSWORD=password123
-PROD_DB_NAME=onboarding_db
-PROD_DB_HOST=db
+PROD_DB_USERNAME=${PROD_DB_USERNAME}
+PROD_DB_PASSWORD=${PROD_DB_PASSWORD}
+PROD_DB_NAME=${PROD_DB_NAME}
+PROD_DB_HOST=${PROD_DB_HOST}
🧹 Nitpick comments (4)
backend/.env.production (1)

8-14: Knees weak, arms heavy - let's beef up this email config! 🔒

The email configuration needs better documentation and placeholder values.

 # Email service configuration
-EMAIL_HOST=your_email_host
-EMAIL_PORT=your_email_port
-EMAIL=your_email
-APP_PASSWORD=your_app_password
+EMAIL_HOST=${EMAIL_HOST}
+EMAIL_PORT=${EMAIL_PORT}
+EMAIL=${EMAIL_ADDRESS}
+APP_PASSWORD=${EMAIL_APP_PASSWORD}
README.md (2)

112-132: There's vomit on his sweater already - let's secure these database examples! 🔐

Add a note about securing database credentials and using environment-specific files.

 1. Database credentials

+> ⚠️ Important: Never commit actual database credentials to version control!
+
 ```env
 DEV_DB_USERNAME - Development database username
 // ... other variables ...

+For security, use separate .env files for different environments:
+- .env.development
+- .env.test
+- .env.production


---

`188-194`: **Mom's spaghetti - let's clarify these test variables! 🍝**

Add more context about the relationship between test environment variables.

```diff
 5. In .env.test file, the user should have the following environment variables, so the postgres container can run correctly:

+> Note: These variables are used by the PostgreSQL container during testing and must match your test database configuration above.
+
 ```env
 POSTGRES_USER - Test database username (The same as TEST_DB_USERNAME)
 POSTGRES_PASSWORD - Test database password (The same as TEST_DB_PASSWORD)
 POSTGRES_DB - Test database name (The same as TEST_DB_NAME)

</blockquote></details>
<details>
<summary>backend/package.json (1)</summary><blockquote>

`8-9`: **Cleanup those test scripts like mom's spaghetti!**

There's inconsistency in how NODE_ENV is set across scripts. Some use inline setting while others use external scripts.

```diff
   "scripts": {
     "pretest": "bash pretest-script.sh",
     "posttest": "bash posttest-script.sh",
-    "test": "NODE_ENV=test nyc mocha --extension js,mjs 'src/test/**/*.test.*'",
-    "test:e2e": "npm run pretest && NODE_ENV=test mocha 'src/test/e2e/**/*.test.mjs'",
-    "test:unit": "NODE_ENV=test mocha 'src/test/unit/**/*.test.js' --watch",
+    "test": "nyc mocha --extension js,mjs 'src/test/**/*.test.*'",
+    "test:e2e": "npm run pretest && mocha 'src/test/e2e/**/*.test.mjs'",
+    "test:unit": "mocha 'src/test/unit/**/*.test.js' --watch",

Let the pretest script handle the environment variable setting consistently.

Also applies to: 10-12

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between bed19c5 and 5c6a66d.

📒 Files selected for processing (7)
  • README.md (3 hunks)
  • backend/.env.production (1 hunks)
  • backend/.env.test (1 hunks)
  • backend/config/config.js (1 hunks)
  • backend/package.json (1 hunks)
  • backend/posttest-script.sh (1 hunks)
  • backend/pretest-script.sh (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
  • backend/.env.test
🧰 Additional context used
🪛 Shellcheck (0.10.0)
backend/posttest-script.sh

[warning] 11-11: To assign a variable, use just 'var=value', no 'set ..'.

(SC2121)

backend/pretest-script.sh

[warning] 5-5: To assign a variable, use just 'var=value', no 'set ..'.

(SC2121)

⏰ Context from checks skipped due to timeout of 90000ms (1)
  • GitHub Check: build (22.x)
🔇 Additional comments (1)
backend/package.json (1)

Line range hint 1-46: Verify those package versions before they make you nervous!

Some package versions might have known vulnerabilities. Let's verify them.

✅ Verification successful

Yo, these dependencies are fresher than mom's spaghetti! 🍝

All package versions are secure with no known vulnerabilities. No major version updates are pending either. You're good to go!

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for known vulnerabilities in dependencies
npm audit --json | jq '.advisories | length'

# Check if newer major versions are available for critical packages
npm outdated --json | jq '.[] | select(.type == "major")'

Length of output: 108

backend/config/config.js Outdated Show resolved Hide resolved
backend/config/config.js Show resolved Hide resolved
backend/posttest-script.sh Outdated Show resolved Hide resolved
backend/posttest-script.sh Outdated Show resolved Hide resolved
backend/pretest-script.sh Outdated Show resolved Hide resolved
backend/pretest-script.sh Outdated Show resolved Hide resolved
backend/pretest-script.sh Outdated Show resolved Hide resolved
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

♻️ Duplicate comments (1)
README.md (1)

175-182: 🛠️ Refactor suggestion

There's vomit on his sweater already - secure that JWT properly!

The JWT section needs more comprehensive security guidelines.

 ```env
 JWT_SECRET - secret key to sign the JWT token

-Use a strong, random secret key (minimum 32 characters)
+Security Guidelines:
+1. Use a strong, random secret key (minimum 32 characters)
+2. Never commit the actual secret to version control
+3. Rotate secrets periodically
+4. Use environment-specific secrets for different environments
+
+Example (DO NOT USE IN PRODUCTION):
+env +JWT_SECRET=your-super-secret-minimum-32-char-key-here +


</blockquote></details>

</blockquote></details>

<details>
<summary>🧹 Nitpick comments (4)</summary><blockquote>

<details>
<summary>README.md (4)</summary><blockquote>

`33-34`: **Yo! These requirements need some structure, dawg!**

Let's make these prerequisites pop with proper formatting:

```diff
-Make sure docker and git is installed
+### Prerequisites
+
+Make sure you have the following installed:
+- Docker
+- Git

134-150: Mom's spaghetti ain't complete without the sauce - let's add some examples!

The database credentials section needs example values to help users get started quickly.

 ```env
 DEV_DB_USERNAME - Development database username
 DEV_DB_PASSWORD - Development database password
 DEV_DB_NAME - Development database name
 DEV_DB_HOST - Development database host
 DEV_DB_PORT - Development database port
+```
+
+Example configuration:
+```env
+DEV_DB_USERNAME=dev_user
+DEV_DB_PASSWORD=your_secure_password
+DEV_DB_NAME=onboarding_dev
+DEV_DB_HOST=localhost
+DEV_DB_PORT=5432

202-208: Lose yourself in the database config - but don't lose track of those credentials!

Add a warning about keeping the credentials synchronized between environment variables.

 ```env
 POSTGRES_USER - Test database username (The same as TEST_DB_USERNAME)
 POSTGRES_PASSWORD - Test database password (The same as TEST_DB_PASSWORD)
 POSTGRES_DB - Test database name (The same as TEST_DB_NAME)

+⚠️ IMPORTANT: Ensure these credentials match exactly with the corresponding TEST_DB_* variables above.
+Otherwise, the test database container might not work correctly with your application.


---

`130-131`: **Don't choke on these environment variables - keep 'em safe!**

Add a note about version control best practices for environment files.

```diff
 In order to the project to run safely and correctly, the user should add their own environment variables. They can be added to the .env file in the root directory of the project. The following is the list of environment variables that should be added and its description:
+
+> ⚠️ IMPORTANT: Never commit your `.env` files to version control. Add them to your `.gitignore` file and maintain a `.env.example` template with dummy values instead.
📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5c6a66d and 1e53cc1.

📒 Files selected for processing (1)
  • README.md (4 hunks)
⏰ Context from checks skipped due to timeout of 90000ms (1)
  • GitHub Check: build (22.x)
🔇 Additional comments (1)
README.md (1)

155-173: Yo, this email config is straight fire! 🔥

The email configuration section is well documented with examples and important notes about Gmail 2FA.

…me' of github.com:bluewave-labs/bluewave-onboarding into 459-add-definitions-for-important-env-variables-to-readme
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

♻️ Duplicate comments (1)
backend/posttest-script.sh (1)

5-7: 🛠️ Refactor suggestion

Yo dawg, let's make these Docker commands bulletproof!

Just like mom's spaghetti, we don't want these commands falling apart! The Docker stop command might fail silently if something's wrong.

 if [[ "$(docker ps -a -q -f name=test-postgres)" ]]; then
-  docker stop test-postgres
+  docker stop test-postgres || true
 fi
🧹 Nitpick comments (1)
backend/posttest-script.sh (1)

1-2: Drop some bars at the top - I mean, add some documentation!

Yo, this script's looking cleaner than mom's kitchen, but it needs some documentation to explain what it's cooking!

 #!/bin/bash
 
+# Post-test cleanup script
+# Prerequisites:
+#   - Docker installed and running
+#   - test-postgres container may exist from previous test runs
+#
+# Purpose:
+#   - Stops and removes the test-postgres container if it exists
+#   - Resets NODE_ENV back to development mode
+
📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1e53cc1 and 9e77c7b.

📒 Files selected for processing (2)
  • backend/posttest-script.sh (1 hunks)
  • backend/pretest-script.sh (1 hunks)
🧰 Additional context used
🪛 Shellcheck (0.10.0)
backend/posttest-script.sh

[error] 19-19: This is interpreted as a command name containing '='. Bad assignment or comparison?

(SC2276)


[warning] 19-19: env is referenced but not assigned (for output from commands, use "$(env ...)" ).

(SC2154)

backend/pretest-script.sh

[error] 8-8: This is interpreted as a command name containing '='. Bad assignment or comparison?

(SC2276)


[warning] 8-8: env is referenced but not assigned (for output from commands, use "$(env ...)" ).

(SC2154)

⏰ Context from checks skipped due to timeout of 90000ms (1)
  • GitHub Check: build (22.x)
🔇 Additional comments (2)
backend/posttest-script.sh (1)

10-12: 🛠️ Refactor suggestion

Cleanup time! Let's make this container removal smooth like butter!

Yo, we're checking if the container exists twice when we're using force removal anyway! Let's clean this up!

-if [[ "$(docker ps -a -q -f name=test-postgres)" ]]; then
-  docker rm -f test-postgres
-fi
+docker rm -f test-postgres || true

Likely invalid or redundant comment.

backend/pretest-script.sh (1)

22-22: Vomit on his sweater already - we need that timeout!

The previous review already mentioned this, but it's worth repeating - we need that timeout to prevent infinite waiting!

-npx wait-on tcp:5432
+npx wait-on tcp:5432 --timeout 30000

backend/posttest-script.sh Outdated Show resolved Hide resolved
backend/pretest-script.sh Outdated Show resolved Hide resolved
backend/pretest-script.sh Outdated Show resolved Hide resolved
backend/pretest-script.sh Outdated Show resolved Hide resolved
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (2)
backend/config/config.js (2)

1-10: Yo dawg, let's make this path construction more robust! 🍝

The path construction could use some path.join() to avoid potential cross-platform issues, eh?

 const dotenv = require('dotenv');
+const path = require('path');
 const envSuffix = process.env.NODE_ENV && process.env.NODE_ENV !== 'development' ? `.${process.env.NODE_ENV}` : '';
 const env = `.env${envSuffix}`;

-const result = dotenv.config({ path: `./${env}` });
+const result = dotenv.config({ path: path.join(__dirname, '..', env) });

31-58: Knees weak, arms heavy - this config is repetitive already! 🍝

Let's DRY up this configuration and make it more flexible, eh?

+const createDbConfig = (env) => ({
+  username: process.env[`${env}_DB_USERNAME`],
+  password: process.env[`${env}_DB_PASSWORD`],
+  database: process.env[`${env}_DB_NAME`],
+  host: process.env[`${env}_DB_HOST`],
+  dialect: process.env[`${env}_DB_DIALECT`] || 'postgres',
+  port: process.env[`${env}_DB_PORT`],
+  logging: process.env[`${env}_DB_LOGGING`] === 'true',
+});

 module.exports = {
   defaultTeamName: 'My Organisation',
-  development: {
-    username: DEV_DB_USERNAME,
-    password: DEV_DB_PASSWORD,
-    database: DEV_DB_NAME,
-    host: DEV_DB_HOST,
-    dialect: 'postgres',
-    port: DEV_DB_PORT,
-    logging: false,
-  },
-  test: {
-    username: TEST_DB_USERNAME,
-    password: TEST_DB_PASSWORD,
-    database: TEST_DB_NAME,
-    host: TEST_DB_HOST,
-    dialect: 'postgres',
-    port: TEST_DB_PORT,
-    logging: false,
-  },
-  production: {
-    username: PROD_DB_USERNAME,
-    password: PROD_DB_PASSWORD,
-    database: PROD_DB_NAME,
-    host: PROD_DB_HOST,
-    dialect: 'postgres',
-    port: PROD_DB_PORT,
-    logging: false,
-  },
+  development: createDbConfig('DEV'),
+  test: createDbConfig('TEST'),
+  production: createDbConfig('PROD'),
 };
📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 839c419 and 4ba4da9.

📒 Files selected for processing (1)
  • backend/config/config.js (1 hunks)
⏰ Context from checks skipped due to timeout of 90000ms (1)
  • GitHub Check: build (22.x)
🔇 Additional comments (2)
backend/config/config.js (2)

12-28: Mom's spaghetti time - let's validate these environment variables! 🍜

Add validation to ensure all required database variables are present before proceeding.


37-38: There's vomit on his sweater - these hardcoded values need to go! 🍝

The dialect and logging settings should be configurable through environment variables for better flexibility across different environments, eh?

Let's check if these values need to be different in any environment:

Also applies to: 46-47, 55-56

erenfn
erenfn previously approved these changes Jan 14, 2025
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (2)
backend/.env (2)

Line range hint 19-25: IP configuration could use some love! 🍝

Consider:

  1. Moving IP ranges to environment variables
  2. Adding comments about what these IPs represent (e.g., office network, VPN, etc.)
 # Enable IP check for the API
-ENABLE_IP_CHECK=false
-ALLOWED_IP_RANGE=11.22.33/10-200, 192.168.65/1-255
-ALLOWED_IPS=127.0.0.1, 11.22.33.44, 11.22.33.45, 11.22.33.46, 192.168.65.1
+ENABLE_IP_CHECK=${ENABLE_IP_CHECK:-false}
+# Office network and VPN ranges
+ALLOWED_IP_RANGE=${ALLOWED_IP_RANGE}
+# Development and office IPs
+ALLOWED_IPS=${ALLOWED_IPS}
🧰 Tools
🪛 Gitleaks (8.21.2)

10-10: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)


Line range hint 27-28: Frontend URL config needs clarity! 🍝

Instead of commenting out the production URL, consider using environment variables to switch between environments:

-# FRONTEND_URL=https://onboarding-demo.bluewavelabs.ca/
-FRONTEND_URL=http://localhost:4173/
+FRONTEND_URL=${FRONTEND_URL:-http://localhost:4173/}
🧰 Tools
🪛 Gitleaks (8.21.2)

10-10: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e7bd961 and 2316a6c.

📒 Files selected for processing (1)
  • backend/.env (1 hunks)
🧰 Additional context used
🪛 Gitleaks (8.21.2)
backend/.env

10-10: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

⏰ Context from checks skipped due to timeout of 90000ms (1)
  • GitHub Check: build (22.x)
🔇 Additional comments (2)
backend/.env (2)

2-8: Yo! These database credentials are making me nervous! 🍝

Previous comment about using environment variables still applies. Additionally:

  • The password 'password123' is too weak for any environment
  • The database host 'db' suggests Docker usage - this should be documented

Let's check if there's any Docker configuration that explains the 'db' host:

#!/bin/bash
# Search for Docker-related files
fd -t f -e yml -e yaml -e dockerfile . | xargs rg -l 'db:'

10-10: Mom's spaghetti alert! JWT secret still exposed! 🍝

🧰 Tools
🪛 Gitleaks (8.21.2)

10-10: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

backend/.env Show resolved Hide resolved
@DeboraSerra DeboraSerra merged commit f177ef3 into develop Jan 14, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Add definitions for important .env variables to README
3 participants