fix(security): Q2 Chunk 1 — 密钥外部化与启动强制检查

- default.toml 敏感值改为占位符，强制通过环境变量注入 - 启动时拒绝默认 JWT 密钥和数据库 URL - 移除 super_admin_password 硬编码 fallback - 移除 From<AppError> for AuthError 反向映射，5 处调用点改为显式 map_err - .gitignore 添加 .test_token 和测试产物
2026-04-17 17:42:19 +08:00
parent 2bd274b39a
commit 39a12500e3
10 changed files with 43 additions and 42 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -25,3 +25,13 @@ Thumbs.db
 # Docker data
 docker/postgres_data/
 docker/redis_data/
+
+# Test artifacts
+.test_token
+*.heapsnapshot
+perf-trace-*.json
+docs/debug-*.png
+
+# Development env
+.env.development
+docker/docker-compose.override.yml