Sync: code local unifié

Synchronisation du code source local (fait foi). Signed-off-by: lions dev Team
2026-03-15 16:25:40 +00:00
parent e82dc356f3
commit 75a19988b0
730 changed files with 53599 additions and 13145 deletions
--- a/target/classes/application-prod.properties
+++ b/target/classes/application-prod.properties
@@ -1,77 +1,63 @@
-# Configuration UnionFlow Server - PRODUCTION
-# Ce fichier est utilisé avec le profil Quarkus "prod"
+# ============================================================================
+# UnionFlow Server — Profil PROD
+# Chargé automatiquement quand le profil "prod" est actif
+# Surcharge application.properties — sans préfixes %prod.
+# ============================================================================

-# Configuration HTTP
-quarkus.http.port=8085
-quarkus.http.host=0.0.0.0
-
-# Configuration CORS - Production (strict)
-quarkus.http.cors=true
-quarkus.http.cors.origins=${CORS_ORIGINS:https://unionflow.lions.dev,https://security.lions.dev}
-quarkus.http.cors.methods=GET,POST,PUT,DELETE,OPTIONS
-quarkus.http.cors.headers=Content-Type,Authorization
-quarkus.http.cors.allow-credentials=true
-
-# Configuration Base de données PostgreSQL - Production
-quarkus.datasource.db-kind=postgresql
-quarkus.datasource.username=${DB_USERNAME:unionflow}
+# Base de données PostgreSQL — Production (variables d'environnement obligatoires)
+quarkus.datasource.username=${DB_USERNAME}
 quarkus.datasource.password=${DB_PASSWORD}
-quarkus.datasource.jdbc.url=${DB_URL:jdbc:postgresql://localhost:5432/unionflow}
+quarkus.datasource.jdbc.url=${DB_URL}
 quarkus.datasource.jdbc.min-size=5
 quarkus.datasource.jdbc.max-size=20
+quarkus.datasource.jdbc.acquisition-timeout=5
+quarkus.datasource.jdbc.idle-removal-interval=PT2M
+quarkus.datasource.jdbc.max-lifetime=PT30M

-# Configuration Hibernate - Production (IMPORTANT: update, pas drop-and-create)
-quarkus.hibernate-orm.database.generation=update
-quarkus.hibernate-orm.log.sql=false
-quarkus.hibernate-orm.jdbc.timezone=UTC
-quarkus.hibernate-orm.packages=dev.lions.unionflow.server.entity
-quarkus.hibernate-orm.metrics.enabled=false
+# Hibernate — Validate uniquement (Flyway gère le schéma)
+quarkus.hibernate-orm.database.generation=validate
+quarkus.hibernate-orm.statistics=false

-# Configuration Flyway - Production (ACTIVÉ)
-quarkus.flyway.migrate-at-start=true
-quarkus.flyway.baseline-on-migrate=true
-quarkus.flyway.baseline-version=1.0.0
+# CORS — strict en production
+quarkus.http.cors.origins=${CORS_ORIGINS:https://unionflow.lions.dev,https://security.lions.dev}
+quarkus.http.cors.access-control-allow-credentials=true

-# Configuration Keycloak OIDC - Production
+# WebSocket — public (auth gérée dans le handshake)
+quarkus.http.auth.permission.websocket.paths=/ws/*
+quarkus.http.auth.permission.websocket.policy=permit
+
+# Keycloak / OIDC — Production
+quarkus.oidc.tenant-enabled=true
 quarkus.oidc.auth-server-url=${KEYCLOAK_AUTH_SERVER_URL:https://security.lions.dev/realms/unionflow}
 quarkus.oidc.client-id=unionflow-server
 quarkus.oidc.credentials.secret=${KEYCLOAK_CLIENT_SECRET}
 quarkus.oidc.tls.verification=required
-quarkus.oidc.application-type=service

-# Configuration Keycloak Policy Enforcer
-quarkus.keycloak.policy-enforcer.enable=false
-quarkus.keycloak.policy-enforcer.lazy-load-paths=true
-quarkus.keycloak.policy-enforcer.enforcement-mode=PERMISSIVE
-
-# Chemins publics (non protégés)
-quarkus.http.auth.permission.public.paths=/health,/q/*,/favicon.ico
-quarkus.http.auth.permission.public.policy=permit
-
-# Configuration OpenAPI - Production (Swagger désactivé ou protégé)
-quarkus.smallrye-openapi.info-title=UnionFlow Server API
-quarkus.smallrye-openapi.info-version=1.0.0
-quarkus.smallrye-openapi.info-description=API REST pour la gestion d'union avec authentification Keycloak
+# OpenAPI — serveur prod
 quarkus.smallrye-openapi.servers=https://api.lions.dev/unionflow
+quarkus.smallrye-openapi.oidc-open-id-connect-url=${quarkus.oidc.auth-server-url}/.well-known/openid-configuration

-# Configuration Swagger UI - Production (DÉSACTIVÉ pour sécurité)
+# Swagger UI — désactivé en production
 quarkus.swagger-ui.always-include=false

-# Configuration santé
-quarkus.smallrye-health.root-path=/health
-
-# Configuration logging - Production
-quarkus.log.console.enable=true
-quarkus.log.console.level=INFO
-quarkus.log.console.format=%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{2.}] (%t) %s%e%n
-quarkus.log.category."dev.lions.unionflow".level=INFO
-quarkus.log.category."org.hibernate".level=WARN
-quarkus.log.category."io.quarkus".level=INFO
+# Logging — fichier en production
+quarkus.log.file.enable=true
+quarkus.log.file.path=/var/log/unionflow/server.log
+quarkus.log.file.rotation.max-file-size=10M
+quarkus.log.file.rotation.max-backup-index=5
 quarkus.log.category."org.jboss.resteasy".level=WARN

-# Configuration Wave Money - Production
-wave.api.key=${WAVE_API_KEY:}
-wave.api.secret=${WAVE_API_SECRET:}
-wave.api.base.url=${WAVE_API_BASE_URL:https://api.wave.com/v1}
-wave.environment=${WAVE_ENVIRONMENT:production}
-wave.webhook.secret=${WAVE_WEBHOOK_SECRET:}
+# REST Client lions-user-manager
+quarkus.rest-client.lions-user-manager-api.url=${LIONS_USER_MANAGER_URL:http://lions-user-manager:8081}
+
+# Wave Money — Production
+wave.environment=production
+
+# Email — Production
+quarkus.mailer.from=${MAIL_FROM:noreply@unionflow.lions.dev}
+quarkus.mailer.host=${MAIL_HOST:smtp.lions.dev}
+quarkus.mailer.port=${MAIL_PORT:587}
+quarkus.mailer.username=${MAIL_USERNAME:}
+quarkus.mailer.password=${MAIL_PASSWORD:}
+quarkus.mailer.start-tls=REQUIRED
+quarkus.mailer.ssl=false