945ccd64ba
Phase 0 安全热修复 (CRITICAL): - 外部化微信 appid/secret 到 ERP__WECHAT__APPID/SECRET 环境变量 - 正确连接 HealthCrypto 到 ERP__HEALTH__AES_KEY/HMAC_KEY 环境变量 - 外部化小程序加密密钥到 TARO_APP_ENCRYPTION_KEY 环境变量 - 移除小程序 auth store 中的敏感信息 console.log Phase 1 安全加固: - 微信自动注册 display_name 添加 sanitize 防止 XSS - 测试数据库凭据改为从 TEST_DB_URL 环境变量读取 Phase 2 代码质量: - 提取 useThemeMode hook 消除 22 处重复暗色模式检测 - 提取共享健康常量到 constants/health.ts - 拆分 patient_service.rs 脱敏函数到 masking.rs - 移除未使用的 i18next/react-i18next 依赖 - 移除未使用的 api/errors.ts 和 erp-auth/anyhow 依赖 Phase 3 测试覆盖: - 新增 5 个患者模块集成测试 (CRUD/租户隔离/验证/软删除) Phase 4 跨平台一致性: - 统一小程序 Patient.birthday → birth_date 匹配后端 - 统一小程序 Appointment.time_slot → start_time/end_time 匹配后端 Phase 5 架构: - 微信登录添加多租户 TODO 注释 - 更新 wiki/infrastructure.md 环境变量文档
35 lines
676 B
TOML
35 lines
676 B
TOML
[server]
|
|
host = "0.0.0.0"
|
|
port = 3000
|
|
|
|
[database]
|
|
url = "__MUST_SET_VIA_ENV__"
|
|
max_connections = 20
|
|
min_connections = 5
|
|
|
|
[redis]
|
|
url = "__MUST_SET_VIA_ENV__"
|
|
|
|
[jwt]
|
|
secret = "__MUST_SET_VIA_ENV__"
|
|
access_token_ttl = "15m"
|
|
refresh_token_ttl = "7d"
|
|
|
|
[auth]
|
|
super_admin_password = "__MUST_SET_VIA_ENV__"
|
|
|
|
[log]
|
|
level = "info"
|
|
|
|
[cors]
|
|
# Comma-separated allowed origins. Use "*" for development only.
|
|
allowed_origins = "http://localhost:5173,http://localhost:5174,http://localhost:5175,http://localhost:5176,http://localhost:3000"
|
|
|
|
[wechat]
|
|
appid = "__MUST_SET_VIA_ENV__"
|
|
secret = "__MUST_SET_VIA_ENV__"
|
|
|
|
[health]
|
|
aes_key = "__MUST_SET_VIA_ENV__"
|
|
hmac_key = "__MUST_SET_VIA_ENV__"
|