till/managarten
1
0
Fork 0
mirror of https://github.com/Memo-2023/mana-monorepo.git synced 2026-05-14 20:01:09 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
managarten/docs/ENV_AUDIT_SUMMARY.md
Wuesteon 0ebfde0851 fix(ci): build shared packages before tests and fix formatting 
- Add build:packages step to all test.yml jobs (fixes @manacore/shared-nestjs-auth not found)
- Handle missing coverage artifacts gracefully in test-coverage.yml
- Update .prettierignore to exclude apps-archived/ and problematic files
- Format all source files to pass CI checks

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-01 23:15:00 +01:00

4.8 KiB
Raw Blame History

Environment Audit - Quick Summary

Issues Found: 8 Critical/Major Items

BLOCKING (Fix immediately - prevent simultaneous backend execution)

Port Conflicts:

Port 3002: Chat (3002) ← → Nutriphi (3002)  [CONFLICT]
Port 3003: Picture (3003) ← → Maerchenzauber (3003)  [CONFLICT]

Hardcoded Values:

  • Chat backend hardcodes DEV_USER_ID instead of reading from env

MAJOR (Inconsistencies across codebase)

Auth URL Variable Names (Choose One):

  • Chat: MANA_CORE_AUTH_URL ✓
  • Picture: MANA_CORE_AUTH_URL ✓
  • Zitare: MANA_CORE_AUTH_URL ✓
  • Presi: MANA_CORE_AUTH_URL ✓
  • Manadeck: MANA_SERVICE_URL ← Should standardize
  • Nutriphi: MANACORE_AUTH_URL ← Should standardize

CORS Origins:

  • Hardcoded in 4 backends (Chat, Picture, Zitare, Presi)
  • Should use CORS_ORIGINS from environment

Missing Documentation:

  • No .env.example for Zitare backend
  • No .env.example for Presi backend

MEDIUM (Code quality)

Validation Schemas:

  • Chat: Missing
  • Picture: Missing
  • Zitare: Missing
  • Presi: Missing
  • Manadeck: ✓ Has validation schema
  • Mana-Core-Auth: ✓ Has validation config

Quick Fix Checklist

Phase 1: Critical (1-2 hours)

  • Reassign Picture from port 3003 → 3005
  • Reassign Nutriphi from port 3002 → 3006
  • Add DEV_USER_ID to .env.development
  • Update Chat to load DEV_USER_ID from ConfigService

Phase 2: Major (2-3 hours)

  • Rename MANA_SERVICE_URL to MANA_CORE_AUTH_URL in Manadeck
  • Rename MANACORE_AUTH_URL to MANA_CORE_AUTH_URL in Nutriphi
  • Create .env.example for Zitare
  • Create .env.example for Presi

Phase 3: Quality (3-4 hours)

  • Add validation schemas to Chat, Picture, Zitare, Presi
  • Extract CORS origins to environment variables
  • Update all backends to read CORS_ORIGINS from env

Port Mapping (Current vs Recommended)

Current:                          Recommended:
3001 ← Mana Core Auth    →    3001 ← Mana Core Auth
3002 ← Chat              →    3002 ← Chat
3002 ← Nutriphi [X]      →    3006 ← Nutriphi [FIXED]
3003 ← Maerchenzauber    →    3003 ← Maerchenzauber
3003 ← Picture [X]       →    3005 ← Picture [FIXED]
3004 ← Manadeck          →    3004 ← Manadeck
3007 ← Zitare            →    3007 ← Zitare
3008 ← Presi             →    3008 ← Presi
3010 ← Voxel Lava        →    3010 ← Voxel Lava
3011 ← Mana Games        →    3011 ← Mana Games

Environment Variables Status

Well-Configured

  • MANA_CORE_AUTH_URL (central + mapped)
  • JWT keys (central)
  • API keys (central)
  • Database URLs (individual + mapped)

Needs Work

  • DEV_USER_ID (hardcoded, not in env)
  • DEV_BYPASS_AUTH (partial, only Chat)
  • CORS_ORIGINS (hardcoded, not used by all)
  • Auth URL naming (3 different conventions)

Files to Modify

.env.development

  • Add DEV_USER_ID line
  • Fix PICTURE_BACKEND_PORT (3003 → 3005)
  • Fix NUTRIPHI_BACKEND_PORT (3002 → 3006)

scripts/generate-env.mjs

  • Line 205: MANA_SERVICE_URL → MANA_CORE_AUTH_URL (Manadeck)
  • Line 272: MANACORE_AUTH_URL → MANA_CORE_AUTH_URL (Nutriphi)

Backend Apps (4 files each)

  • apps/chat/apps/backend/src/config/validation.schema.ts (create)
  • apps/picture/apps/backend/src/config/validation.schema.ts (create)
  • apps/zitare/apps/backend/src/config/validation.schema.ts (create)
  • apps/presi/apps/backend/src/config/validation.schema.ts (create)

Backend Main Files (4 files)

  • apps/chat/apps/backend/src/main.ts (extract CORS)
  • apps/picture/apps/backend/src/main.ts (extract CORS)
  • apps/zitare/apps/backend/src/main.ts (extract CORS)
  • apps/presi/apps/backend/src/main.ts (extract CORS)

Backend Examples (2 files)

  • apps/zitare/apps/backend/.env.example (create)
  • apps/presi/apps/backend/.env.example (create)

Chat Guard

  • apps/chat/apps/backend/src/common/guards/jwt-auth.guard.ts
    • Remove hardcoded DEV_USER_ID
    • Read from configService instead

Testing After Fixes

# Test all 10 backends can start simultaneously
pnpm dev:auth &
pnpm dev:chat:backend &
pnpm dev:manadeck:backend &
pnpm dev:picture:backend &
pnpm dev:zitare:backend &
pnpm dev:presi:backend &

# Verify each responds
curl http://localhost:3001/health
curl http://localhost:3002/api/health
curl http://localhost:3003/api/health  # Maerchenzauber
curl http://localhost:3004/v1/health   # Manadeck
curl http://localhost:3005/api/health  # Picture (new port)
curl http://localhost:3007/api/health  # Zitare
curl http://localhost:3008/api/health  # Presi

Additional Docs

See full audit report: /docs/ENV_CONFIGURATION_AUDIT.md

Key sections:

  • Environment Variable Mapping (section 3)
  • Hardcoded Values & Security (section 4)
  • Configuration Best Practices (section 5)
  • Implementation Checklist (section 10)