fix(security): revert synchronize:true → prod-safe + .env.example placeholders

2026-03-17 07:26:53 +01:00
parent 921873befd
commit 824ed41a14
2 changed files with 3 additions and 3 deletions
--- a/.env.example
+++ b/.env.example
@@ -12,11 +12,11 @@ FRONTEND_URL=http://localhost:5173

 # SuperOAuth — service externe d'authentification
 SUPER_OAUTH_URL=http://localhost:3000
-SUPER_OAUTH_JWT_SECRET=
+SUPER_OAUTH_JWT_SECRET=<JWT secret SuperOAuth>

 # Cookie signing
 COOKIE_SECRET=

 # Twitch EventSub webhook
-TWITCH_WEBHOOK_SECRET=<secret EventSub>
+TWITCH_WEBHOOK_SECRET=<secret EventSub Twitch>
 TWITCH_CLIENT_ID=<app client id>
--- a/src/app.module.ts
+++ b/src/app.module.ts
@@ -25,7 +25,7 @@ import { HealthController } from './common/health.controller';
        type: 'mysql',
        url: config.get<string>('DATABASE_URL'),
        autoLoadEntities: true,
-        synchronize: true, // first deploy only — revert after tables created
+        synchronize: config.get('NODE_ENV') !== 'production',
        logging: config.get('NODE_ENV') === 'development',
      }),
    }),