security: harden gitignore and add config example files [v1.3.7]

- Expanded .gitignore: root venv, npx_cache, AI metadata (.remember, .claude),
  data/ (SQLite DB), frontend/config/, frontend/public/icons/, certificates,
  docker-compose.override.yml
- Removed backend/config/ldap_config.json from git tracking (contains real IPs/credentials)
- Added backend/config/ldap_config.json.example with placeholder template
- Updated backend/.env.example: added JWT_SECRET_KEY, ALLOWED_ORIGINS, DATA_DIR, LOGS_DIR
This commit is contained in:
Daniel Bedeleanu
2026-04-11 19:37:16 +03:00
parent 6981cadb57
commit 955b1e86e5
5 changed files with 124 additions and 17 deletions

81
.gitignore vendored
View File

@@ -1,11 +1,80 @@
# ============================================================
# TFM aInventory — .gitignore
# ============================================================
# ── Python environments ──────────────────────────────────────
.venv/
backend/venv/
**/__pycache__/
*.pyc
*.pyo
*.pyd
*.egg-info/
dist/
build/
# ── Runtime data (databases, configs w/ secrets) ─────────────
data/
backend/data/
backend/logs/
frontend/logs/
__pycache__/
*.pyc
# LDAP config contains real server IPs and credentials — never commit
# The active config is: backend/config/ldap_config.json (read by the app)
# Duplicate/orphan copies are also excluded:
backend/ldap_config.json
backend/config/ldap_config.json
backend/data/ldap_config.json
# Keep example files tracked:
!backend/config/ldap_config.json.example
# ── Environment files (secrets) ──────────────────────────────
.env
.DS_Store
aInventory-PROD*
aInventory-PROD*.zip
.env.*
!.env.example
backend/.env
backend/.env.*
!backend/.env.example
# Docker environment override file
docker-compose.override.yml
.env.docker
# ── Application logs ─────────────────────────────────────────
logs/
frontend/logs/
# ── Frontend build artifacts ──────────────────────────────────
frontend/.next/
frontend/out/
frontend/build/
frontend/node_modules/
# ── Frontend generated/runtime assets ────────────────────────
# SSL certs and runtime configs (generated by start_server.sh)
frontend/config/
# PWA icons generated at build time
frontend/public/icons/
# ── npm / npx caches ─────────────────────────────────────────
.npx_cache/
scratch/npm_cache/
*.log
npm-debug.log*
yarn-debug.log*
yarn-error.log*
# ── Production bundles (generated by export_prod.sh) ─────────
aInventory-PROD*/
aInventory-PROD*.zip
# ── AI / IDE metadata ─────────────────────────────────────────
.remember/
.claude/
# ── macOS system files ────────────────────────────────────────
.DS_Store
**/.DS_Store
# ── Certificates & keys ──────────────────────────────────────
*.pem
*.key
*.crt
*.cert