From 3e8eed4eafaae5b6bded6d978ecb95c862c00394 Mon Sep 17 00:00:00 2001
From: DeNNiiInc <dennii.inc@gmail.com>
Date: Sat, 13 Dec 2025 19:29:49 +1100
Subject: [PATCH] Security: Move database credentials to separate config file

---
 .gitignore           |  23 ++++++++
 README_DB_CONFIG.md  | 125 +++++++++++++++++++++++++++++++++++++++++++
 database.js          |  14 ++---
 db.config.example.js |  13 +++++
 4 files changed, 165 insertions(+), 10 deletions(-)
 create mode 100644 .gitignore
 create mode 100644 README_DB_CONFIG.md
 create mode 100644 db.config.example.js

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..c711970
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,23 @@
+# Database configuration with credentials
+db.config.js
+
+# Node modules
+node_modules/
+
+# Environment variables
+.env
+.env.local
+
+# Logs
+logs/
+*.log
+
+# OS files
+.DS_Store
+Thumbs.db
+
+# IDE files
+.vscode/
+.idea/
+*.swp
+*.swo
diff --git a/README_DB_CONFIG.md b/README_DB_CONFIG.md
new file mode 100644
index 0000000..7c4fa85
--- /dev/null
+++ b/README_DB_CONFIG.md
@@ -0,0 +1,125 @@
+# Database Configuration Setup
+
+## Overview
+Database credentials are stored in a separate configuration file (`db.config.js`) that is **NOT committed to GitHub** for security reasons.
+
+## Files
+
+### 1. `db.config.example.js` (Committed to Git)
+Template file showing the required configuration structure.
+
+### 2. `db.config.js` (NOT Committed - in .gitignore)
+Contains actual database credentials. This file must be created manually.
+
+### 3. `.gitignore`
+Ensures `db.config.js` is never committed to the repository.
+
+## Setup Instructions
+
+### For Local Development
+
+1. **Copy the example file:**
+   ```bash
+   cp db.config.example.js db.config.js
+   ```
+
+2. **Edit `db.config.js` with your credentials:**
+   ```javascript
+   module.exports = {
+       host: 'localhost',  // or your database host
+       user: 'your_username',
+       password: 'your_password',
+       database: 'appgconnect5_db',
+       waitForConnections: true,
+       connectionLimit: 10,
+       queueLimit: 0
+   };
+   ```
+
+3. **Start the server:**
+   ```bash
+   npm start
+   ```
+
+### For Production Deployment
+
+1. **Pull the latest code on your server:**
+   ```bash
+   git pull origin main
+   ```
+
+2. **Create `db.config.js` on the production server:**
+   ```bash
+   nano db.config.js
+   # or
+   vi db.config.js
+   ```
+
+3. **Add your production database credentials:**
+   ```javascript
+   module.exports = {
+       host: 'your-production-db-host.com',
+       user: 'production_user',
+       password: 'secure_production_password',
+       database: 'appgconnect5_db',
+       waitForConnections: true,
+       connectionLimit: 10,
+       queueLimit: 0
+   };
+   ```
+
+4. **Save and restart the server:**
+   ```bash
+   pm2 restart connect5
+   # or your restart command
+   ```
+
+## Security Features
+
+✅ **Credentials not in git** - `db.config.js` is in `.gitignore`  
+✅ **Template provided** - `db.config.example.js` shows the structure  
+✅ **Comments in code** - Clear instructions in `database.js`  
+✅ **Separate config** - Easy to update without touching main code  
+
+## Troubleshooting
+
+### Error: Cannot find module './db.config.js'
+
+**Solution:** You need to create the `db.config.js` file:
+```bash
+cp db.config.example.js db.config.js
+# Then edit with your credentials
+```
+
+### Error: Access denied for user
+
+**Solution:** Check your credentials in `db.config.js`:
+- Verify username
+- Verify password  
+- Check host address
+- Ensure user has proper permissions
+
+### Connection timeout
+
+**Solution:**
+- Check if MySQL server is running
+- Verify firewall allows connection
+- Check host address is correct
+
+## Important Notes
+
+⚠️ **NEVER commit `db.config.js` to git**  
+⚠️ **Keep production credentials secure**  
+⚠️ **Use different credentials for dev/prod**  
+⚠️ **Regularly rotate passwords**  
+
+## File Structure
+
+```
+Connect-5/
+├── db.config.example.js  ← Template (in git)
+├── db.config.js          ← Your credentials (NOT in git)
+├── .gitignore            ← Protects db.config.js
+├── database.js           ← Imports from db.config.js
+└── README_DB_CONFIG.md   ← This file
+```
diff --git a/database.js b/database.js
index 0de1653..83ad640 100644
--- a/database.js
+++ b/database.js
@@ -1,15 +1,9 @@
 const mysql = require('mysql2/promise');
 
-// Database configuration
-const dbConfig = {
-    host: 'oceprod.beyondcloud.solutions',
-    user: 'appgconnect5_dbuser',
-    password: 'REqTtHhZCKAlJAnznjLx8ZhOq',
-    database: 'appgconnect5_db',
-    waitForConnections: true,
-    connectionLimit: 10,
-    queueLimit: 0
-};
+// Import database configuration from external file
+// This file (db.config.js) is not committed to git for security
+// Use db.config.example.js as a template
+const dbConfig = require('./db.config.js');
 
 // Create connection pool
 const pool = mysql.createPool(dbConfig);
diff --git a/db.config.example.js b/db.config.example.js
new file mode 100644
index 0000000..2c49f4a
--- /dev/null
+++ b/db.config.example.js
@@ -0,0 +1,13 @@
+// Database Configuration File
+// IMPORTANT: This file contains sensitive credentials and should NEVER be committed to git
+// Copy this file to db.config.js and update with your actual database credentials
+
+module.exports = {
+    host: 'your-database-host.com',
+    user: 'your-database-username',
+    password: 'your-secure-password',
+    database: 'your-database-name',
+    waitForConnections: true,
+    connectionLimit: 10,
+    queueLimit: 0
+};