security: harden gitignore and add config example files [v1.3.7]
- Expanded .gitignore: root venv, npx_cache, AI metadata (.remember, .claude), data/ (SQLite DB), frontend/config/, frontend/public/icons/, certificates, docker-compose.override.yml - Removed backend/config/ldap_config.json from git tracking (contains real IPs/credentials) - Added backend/config/ldap_config.json.example with placeholder template - Updated backend/.env.example: added JWT_SECRET_KEY, ALLOWED_ORIGINS, DATA_DIR, LOGS_DIR
This commit is contained in:
81
.gitignore
vendored
81
.gitignore
vendored
@@ -1,11 +1,80 @@
|
||||
# ============================================================
|
||||
# TFM aInventory — .gitignore
|
||||
# ============================================================
|
||||
|
||||
# ── Python environments ──────────────────────────────────────
|
||||
.venv/
|
||||
backend/venv/
|
||||
**/__pycache__/
|
||||
*.pyc
|
||||
*.pyo
|
||||
*.pyd
|
||||
*.egg-info/
|
||||
dist/
|
||||
build/
|
||||
|
||||
# ── Runtime data (databases, configs w/ secrets) ─────────────
|
||||
data/
|
||||
backend/data/
|
||||
backend/logs/
|
||||
frontend/logs/
|
||||
__pycache__/
|
||||
*.pyc
|
||||
# LDAP config contains real server IPs and credentials — never commit
|
||||
# The active config is: backend/config/ldap_config.json (read by the app)
|
||||
# Duplicate/orphan copies are also excluded:
|
||||
backend/ldap_config.json
|
||||
backend/config/ldap_config.json
|
||||
backend/data/ldap_config.json
|
||||
# Keep example files tracked:
|
||||
!backend/config/ldap_config.json.example
|
||||
|
||||
# ── Environment files (secrets) ──────────────────────────────
|
||||
.env
|
||||
.DS_Store
|
||||
aInventory-PROD*
|
||||
aInventory-PROD*.zip
|
||||
.env.*
|
||||
!.env.example
|
||||
backend/.env
|
||||
backend/.env.*
|
||||
!backend/.env.example
|
||||
# Docker environment override file
|
||||
docker-compose.override.yml
|
||||
.env.docker
|
||||
|
||||
# ── Application logs ─────────────────────────────────────────
|
||||
logs/
|
||||
frontend/logs/
|
||||
|
||||
# ── Frontend build artifacts ──────────────────────────────────
|
||||
frontend/.next/
|
||||
frontend/out/
|
||||
frontend/build/
|
||||
frontend/node_modules/
|
||||
|
||||
# ── Frontend generated/runtime assets ────────────────────────
|
||||
# SSL certs and runtime configs (generated by start_server.sh)
|
||||
frontend/config/
|
||||
# PWA icons generated at build time
|
||||
frontend/public/icons/
|
||||
|
||||
# ── npm / npx caches ─────────────────────────────────────────
|
||||
.npx_cache/
|
||||
scratch/npm_cache/
|
||||
*.log
|
||||
npm-debug.log*
|
||||
yarn-debug.log*
|
||||
yarn-error.log*
|
||||
|
||||
# ── Production bundles (generated by export_prod.sh) ─────────
|
||||
aInventory-PROD*/
|
||||
aInventory-PROD*.zip
|
||||
|
||||
# ── AI / IDE metadata ─────────────────────────────────────────
|
||||
.remember/
|
||||
.claude/
|
||||
|
||||
# ── macOS system files ────────────────────────────────────────
|
||||
.DS_Store
|
||||
**/.DS_Store
|
||||
|
||||
# ── Certificates & keys ──────────────────────────────────────
|
||||
*.pem
|
||||
*.key
|
||||
*.crt
|
||||
*.cert
|
||||
|
||||
Reference in New Issue
Block a user