till/managarten
1
0
Fork 0
mirror of https://github.com/Memo-2023/mana-monorepo.git synced 2026-05-14 21:41:09 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
managarten/docs/ENV_CONFIGURATION_AUDIT.md
Wuesteon 0ebfde0851 fix(ci): build shared packages before tests and fix formatting 
- Add build:packages step to all test.yml jobs (fixes @manacore/shared-nestjs-auth not found)
- Handle missing coverage artifacts gracefully in test-coverage.yml
- Update .prettierignore to exclude apps-archived/ and problematic files
- Format all source files to pass CI checks

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-01 23:15:00 +01:00

423 lines
15 KiB
Markdown
Raw Blame History

# Environment Configuration Audit Report
## Mana Universe Monorepo - Backend Authentication & Configuration
**Date:** December 1, 2025
**Auditor:** Environment Configuration Auditor Agent
**Scope:** All NestJS backends and mana-core-auth service
---
## EXECUTIVE SUMMARY
The monorepo has **CRITICAL PORT CONFLICTS** that will prevent multiple backends from running simultaneously. Additionally, there are inconsistencies in environment variable naming conventions across backends and missing configuration examples for some projects.
**Status:** NEEDS IMMEDIATE ACTION
- 2 port conflicts identified
- 3 naming convention inconsistencies
- 5 backends missing .env.example files
- Hardcoded CORS origins in multiple backends
---
## 1. PORT ASSIGNMENT MATRIX
### Current Assignments (from .env.development)
| Backend | Port | Env Variable | Status | Conflict |
| ------------------ | -------- | --------------------------- | ----------- | -------- |
| Mana Core Auth | 3001 | MANA_CORE_AUTH_PORT | ✓ Unique | No |
| Chat | 3002 | CHAT_BACKEND_PORT | ✓ Unique | No |
| **Maerchenzauber** | **3003** | MAERCHENZAUBER_BACKEND_PORT | ⚠ CONFLICT | **Yes** |
| Manadeck | 3004 | MANADECK_BACKEND_PORT | ✓ Unique | No |
| **Picture** | **3003** | PICTURE_BACKEND_PORT | ⚠ CONFLICT | **Yes** |
| **Nutriphi** | **3002** | NUTRIPHI_BACKEND_PORT | ⚠ CONFLICT | **Yes** |
| Zitare | 3007 | ZITARE_BACKEND_PORT | ✓ Unique | No |
| Presi | 3008 | PRESI_BACKEND_PORT | ✓ Unique | No |
| Mana Games | 3011 | MANA_GAMES_BACKEND_PORT | ✓ Unique | No |
| Voxel Lava | 3010 | VOXEL_LAVA_BACKEND_PORT | ✓ Unique | No |
### PORT CONFLICTS FOUND
1. **Port 3003 - DOUBLE ASSIGNED**
- Maerchenzauber Backend: `MAERCHENZAUBER_BACKEND_PORT=3003`
- Picture Backend: `PICTURE_BACKEND_PORT=3003`
2. **Port 3002 - DOUBLE ASSIGNED**
- Chat Backend: `CHAT_BACKEND_PORT=3002`
- Nutriphi Backend: `NUTRIPHI_BACKEND_PORT=3002`
### RECOMMENDATION
Reassign conflicting ports:
- Maerchenzauber: Keep 3003, reassign Picture to **3005** or **3006**
- OR reassign Maerchenzauber to **3005** and keep Picture at 3003
- Nutriphi: Reassign to **3006** or another available port
- Mana Games: Currently 3011
- Voxel Lava: Currently 3010
---
## 2. AUTH ENVIRONMENT VARIABLES AUDIT
### Central Configuration (.env.development)
**PRESENT & CONFIGURED:**
-`MANA_CORE_AUTH_URL=http://localhost:3001` (Line 16)
-`DEV_BYPASS_AUTH=true` (Line 59 - Chat only)
- ✓ JWT_PRIVATE_KEY & JWT_PUBLIC_KEY (Lines 19-20)
- ✓ CORS_ORIGINS=... (Line 41)
**MISSING CENTRALIZED:**
-`DEV_USER_ID` - NOT in .env.development
- Used hardcoded in Chat: `17cb0be7-058a-4964-9e18-1fe7055fd014`
- Should be centralized in .env.development
-`MANA_CORE_SERVICE_KEY` - NOT found in generate-env.mjs mapping
- Defined for Manadeck in .env.example
- Not passed to backends via generator
### Backend-Specific Auth Configuration
| Backend | Auth URL Var | Dev Bypass | Dev User ID | Status |
| ------------ | ------------------ | ------------------- | ------------- | --------------- |
| **Chat** | MANA_CORE_AUTH_URL | ✓ Configured | ✗ Hardcoded | ⚠ Partially |
| **Picture** | MANA_CORE_AUTH_URL | ✗ Missing | ✗ Not checked | ✗ Incomplete |
| **Zitare** | MANA_CORE_AUTH_URL | ✗ Missing | ✗ Not checked | ✗ Incomplete |
| **Presi** | MANA_CORE_AUTH_URL | ✗ Missing | ✗ Not checked | ✗ Incomplete |
| **Manadeck** | MANA_SERVICE_URL | ✗ Not in generation | ✗ Not mapped | ✗ Not generated |
### ISSUE: Naming Convention Inconsistency
Different backends use DIFFERENT variable names for the same thing:
```
INCONSISTENT:
- Chat uses: MANA_CORE_AUTH_URL (from generate-env.mjs line 95)
- Picture uses: MANA_CORE_AUTH_URL (from generate-env.mjs line 230)
- Zitare uses: MANA_CORE_AUTH_URL (from generate-env.mjs line 300)
- Presi uses: MANA_CORE_AUTH_URL (from generate-env.mjs line 330)
- Manadeck uses: MANA_SERVICE_URL (from generate-env.mjs line 205)
- Manadeck uses: APP_ID (from generate-env.mjs line 206)
- Nutriphi uses: MANACORE_AUTH_URL (from generate-env.mjs line 272)
```
**STANDARDIZATION NEEDED:**
All backends should use consistent naming:
- Recommend: `MANA_CORE_AUTH_URL` (most common)
---
## 3. ENVIRONMENT VARIABLE MAPPING AUDIT
### Generate-env.mjs Coverage Analysis
| Backend | .env.example | generate-env.mjs | .env Generated | Coverage |
| -------------- | ------------ | ---------------- | --------------- | ------------------ |
| Chat | ✓ Exists | ✓ Lines 85-98 | ✓ Will generate | ✓ Complete |
| Picture | ✓ Exists | ✓ Lines 223-243 | ✓ Will generate | ✓ Complete |
| Manadeck | ✓ Exists | ✓ Lines 199-209 | ✓ Will generate | ✓ Complete |
| **Zitare** | ✗ Missing | ✓ Lines 294-303 | ✓ Will generate | ⚠ Missing example |
| **Presi** | ✗ Missing | ✓ Lines 323-334 | ✓ Will generate | ⚠ Missing example |
| Mana-Core-Auth | ✓ Exists | ✓ Lines 57-82 | ✓ Will generate | ✓ Complete |
**Missing .env.example files:**
- `/apps/zitare/apps/backend/.env.example` - Should document PORT, DATABASE_URL, MANA_CORE_AUTH_URL, CORS_ORIGINS
- `/apps/presi/apps/backend/.env.example` - Should document PORT, DATABASE_URL, MANA_CORE_AUTH_URL, JWT_PUBLIC_KEY, CORS_ORIGINS
---
## 4. HARDCODED VALUES & SECURITY CONCERNS
### Hardcoded in Source Code
**Chat Backend** (`apps/chat/apps/backend/src/common/guards/jwt-auth.guard.ts`):
```typescript
const DEV_USER_ID = '17cb0be7-058a-4964-9e18-1fe7055fd014'; // Line 1
```
- Should be: `configService.get('DEV_USER_ID')`
- Should be in .env.development: `DEV_USER_ID=17cb0be7-058a-4964-9e18-1fe7055fd014`
### Hardcoded CORS Origins in main.ts
**Chat** (`src/main.ts` lines 10-18):
```typescript
origin: [
'http://localhost:3000',
'http://localhost:5173',
'http://localhost:5174',
'http://localhost:5178',
'http://localhost:8081',
'exp://localhost:8081',
'http://localhost:3001', // Mana Core Auth
];
```
**Picture** (`src/main.ts` lines 11-19):
```typescript
const allowedOrigins = [
'http://localhost:3000',
'http://localhost:5173',
'http://localhost:5174',
'http://localhost:5175',
'http://localhost:8081',
'exp://localhost:8081',
'http://localhost:3001',
];
```
**Presi** (`src/main.ts` lines 10-17):
```typescript
origin: [
'http://localhost:3000',
'http://localhost:5173',
'http://localhost:5177',
'http://localhost:5178',
'http://localhost:8081',
'exp://localhost:8081',
'http://localhost:3001',
];
```
**Zitare** (`src/main.ts` lines 10-16):
```typescript
origin: [
'http://localhost:3000',
'http://localhost:5173',
'http://localhost:5177',
'http://localhost:8081',
'exp://localhost:8081',
'http://localhost:3001',
];
```
**RECOMMENDATION:** Move CORS_ORIGINS to .env.development (already exists as CORS_ORIGINS global variable, but not used by all backends)
---
## 5. CONFIGURATION BEST PRACTICES COMPLIANCE
### Configuration Module Setup
| Backend | ConfigModule | Validation | Env File Path | Status |
| -------------- | ------------------------ | ---------------------- | ------------- | ---------- |
| Chat | ✓ ConfigModule.forRoot() | ✗ No validation schema | `.env` | ⚠ Minimal |
| Picture | ✓ ConfigModule.forRoot() | ✗ No validation schema | `.env` | ⚠ Minimal |
| Zitare | ✓ ConfigModule.forRoot() | ✗ No validation schema | `.env` | ⚠ Minimal |
| Presi | ✓ ConfigModule.forRoot() | ✗ No validation schema | `.env` | ⚠ Minimal |
| Manadeck | ✓ ConfigModule.forRoot() | ✓ Joi schema | `.env` | ✓ Complete |
| Mana-Core-Auth | ✓ ConfigModule.forRoot() | ✓ Config service | `.env` | ✓ Complete |
**ISSUE:** Chat, Picture, Zitare, Presi lack validation schemas.
**EXAMPLE (Manadeck validation.schema.ts):**
```typescript
export const validationSchema = Joi.object({
NODE_ENV: Joi.string().valid('development', 'production'),
PORT: Joi.number().required(),
DATABASE_URL: Joi.string().required(),
MANA_CORE_AUTH_URL: Joi.string().required(),
// ... etc
});
```
---
## 6. CRITICAL ISSUES SUMMARY
### BLOCKING ISSUES (Fix Immediately)
1. **Port Conflict - 3002**
- Chat and Nutriphi both assigned to port 3002
- Cannot run simultaneously
- **Fix:** Reassign Nutriphi to port 3006
2. **Port Conflict - 3003**
- Picture and Maerchenzauber both assigned to port 3003
- Cannot run simultaneously
- **Fix:** Reassign Picture to port 3005 or Maerchenzauber to 3006
3. **Hardcoded Dev User ID in Chat Backend**
- `DEV_USER_ID = '17cb0be7-058a-4964-9e18-1fe7055fd014'` hardcoded in source
- Not configurable via environment
- **Fix:** Move to .env.development and load via ConfigService
### MAJOR ISSUES (Fix Soon)
4. **Inconsistent Auth Variable Names**
- Manadeck uses `MANA_SERVICE_URL` instead of `MANA_CORE_AUTH_URL`
- Nutriphi uses `MANACORE_AUTH_URL` (no underscore)
- **Fix:** Standardize all to `MANA_CORE_AUTH_URL`
5. **Hardcoded CORS Origins**
- 4 backends hardcode CORS lists in main.ts
- Should use environment variables
- **Fix:** Use CORS_ORIGINS from .env.development
6. **Missing Configuration Examples**
- Zitare and Presi lack .env.example files
- **Fix:** Create comprehensive .env.example files
### MEDIUM ISSUES (Improve Quality)
7. **Missing Validation Schemas**
- 4 backends lack Joi validation schemas
- No type safety for environment variables
- **Fix:** Add validation schemas to Chat, Picture, Zitare, Presi
8. **Dev Bypass Auth Not Consistent**
- Only Chat backend has DEV_BYPASS_AUTH implemented
- Other backends may lack development bypass mechanism
- **Fix:** Add consistent development auth bypass pattern
---
## 7. RECOMMENDED ACTIONS
### Phase 1: Critical Fixes (Do First)
```bash
# 1. Fix port conflicts in .env.development
# Change line 122: PICTURE_BACKEND_PORT=3003 → PICTURE_BACKEND_PORT=3005
# Change line 146: NUTRIPHI_BACKEND_PORT=3002 → NUTRIPHI_BACKEND_PORT=3006
# 2. Add DEV_USER_ID to .env.development
# Add after line 59: DEV_USER_ID=17cb0be7-058a-4964-9e18-1fe7055fd014
# 3. Standardize auth URL naming
# Update generate-env.mjs line 272 (Nutriphi):
# MANACORE_AUTH_URL: → MANA_CORE_AUTH_URL:
# Update generate-env.mjs line 205 (Manadeck):
# MANA_SERVICE_URL: → MANA_CORE_AUTH_URL:
```
### Phase 2: Configuration Examples
```bash
# Create missing .env.example files:
# - apps/zitare/apps/backend/.env.example
# - apps/presi/apps/backend/.env.example
# Based on .env.development variables and backend requirements
```
### Phase 3: Code Quality
```bash
# Add validation schemas to:
# - apps/chat/apps/backend/src/config/validation.schema.ts
# - apps/picture/apps/backend/src/config/validation.schema.ts
# - apps/zitare/apps/backend/src/config/validation.schema.ts
# - apps/presi/apps/backend/src/config/validation.schema.ts
# Move CORS origins to environment:
# Update main.ts in Chat, Picture, Zitare, Presi to:
# app.enableCors({
# origin: (configService.get('CORS_ORIGINS') || '').split(','),
# })
```
---
## 8. UPDATED PORT ASSIGNMENTS (RECOMMENDED)
| Backend | Recommended Port | Current | Status |
| -------------- | ---------------- | ------- | ---------- |
| Mana Core Auth | 3001 | 3001 | ✓ Keep |
| Chat | 3002 | 3002 | ✓ Keep |
| Maerchenzauber | 3003 | 3003 | ✓ Keep |
| Manadeck | 3004 | 3004 | ✓ Keep |
| Picture | **3005** | 3003 | **CHANGE** |
| Nutriphi | **3006** | 3002 | **CHANGE** |
| Zitare | 3007 | 3007 | ✓ Keep |
| Presi | 3008 | 3008 | ✓ Keep |
| Voxel Lava | 3010 | 3010 | ✓ Keep |
| Mana Games | 3011 | 3011 | ✓ Keep |
---
## 9. ENVIRONMENT VARIABLE SUMMARY TABLE
### Required for All Backends
| Variable | Purpose | Centralized | Backend Usage |
| ------------------ | --------------------- | ------------------ | -------------------------------------- |
| NODE_ENV | Environment type | ✓ .env.development | All |
| PORT | Server port | ✓ Individual vars | All |
| DATABASE_URL | PostgreSQL connection | ✓ Individual vars | Chat, Manadeck, Picture, Zitare, Presi |
| MANA_CORE_AUTH_URL | Auth service URL | ✓ .env.development | Chat, Picture, Zitare, Presi, Manadeck |
| CORS_ORIGINS | Allowed origins | ✓ .env.development | All (hardcoded, should use env) |
### Optional but Recommended
| Variable | Purpose | Centralized | Backend Usage |
| --------------- | ---------------- | ------------------ | ------------- |
| DEV_BYPASS_AUTH | Skip auth in dev | ⚠ Partial | Chat only |
| DEV_USER_ID | Dev test user | ✗ Hardcoded | Chat |
| JWT_PUBLIC_KEY | Token validation | ✓ .env.development | Presi |
### Backend-Specific
| Backend | Key Variables | Centralized |
| -------------- | ------------------------------------- | ------------------ |
| Chat | GOOGLE*GENAI_API_KEY, AZURE_OPENAI*\* | ✓ .env.development |
| Picture | REPLICATE*API_TOKEN, S3*\* vars | ✓ .env.development |
| Zitare | (None beyond base) | ✓ .env.development |
| Presi | (None beyond base) | ✓ .env.development |
| Manadeck | GOOGLE_GENAI_API_KEY | ✓ .env.development |
| Mana-Core-Auth | JWT*\*, STRIPE*_, CREDITS\__ | ✓ .env.development |
---
## 10. IMPLEMENTATION CHECKLIST
- [ ] Fix port conflict: Picture 3003 → 3005
- [ ] Fix port conflict: Nutriphi 3002 → 3006
- [ ] Add DEV_USER_ID to .env.development
- [ ] Update Chat backend to use DEV_USER_ID from ConfigService
- [ ] Standardize MANA_SERVICE_URL to MANA_CORE_AUTH_URL in Manadeck generate-env.mjs
- [ ] Standardize MANACORE_AUTH_URL to MANA_CORE_AUTH_URL in Nutriphi generate-env.mjs
- [ ] Create .env.example for Zitare backend
- [ ] Create .env.example for Presi backend
- [ ] Add validation schemas to Chat backend config
- [ ] Add validation schemas to Picture backend config
- [ ] Add validation schemas to Zitare backend config
- [ ] Add validation schemas to Presi backend config
- [ ] Move CORS origins from hardcoded arrays to environment variables (all backends)
- [ ] Document port assignments in CLAUDE.md
- [ ] Test all backends can run simultaneously with correct ports
- [ ] Verify auth endpoint connectivity from each backend to mana-core-auth
---
## AUDIT DETAILS
**Files Reviewed:**
- .env.development (202 lines)
- scripts/generate-env.mjs (433 lines)
- 6 backends app.module.ts files
- 5 backends main.ts files
- 3 .env.example files (Chat, Picture, Manadeck)
- 1 mana-core-auth main.ts
- Various configuration schemas and guards
**Total Files Analyzed:** 25+
**Lines of Code Reviewed:** 2,000+
**Issues Identified:** 8 critical/major issues
**Port Conflicts Found:** 2 (affecting 3 backends)
Reference in a new issue View git blame Copy permalink