chore(config): update env examples and ignore files

- Enhance root .env.example with comprehensive documentation
- Add missing variables (JWT_ACCESS_EXPIRES_IN, CORS_ORIGINS, etc.)
- Update .prettierignore to exclude test reports and migrations
- Improve frontend .gitignore with more patterns (.vitest, .cache)
- Add security best practices and setup instructions
- Include command examples for generating secure secrets

.env.example

@@ -1,19 +1,102 @@
-# Database
+# =============================================================================
+# Discord SpyWatcher - Root Environment Configuration
+# =============================================================================
+# This file contains example values for all environment variables needed
+# across both backend and frontend services.
+#
+# SETUP INSTRUCTIONS:
+# 1. Copy this file to .env in the root directory
+# 2. Copy backend/.env.example to backend/.env
+# 3. Copy frontend/.env.example to frontend/.env
+# 4. Fill in the actual values in each .env file
+# 5. DO NOT commit .env files to version control
+# =============================================================================
+
+# -----------------------------------------------------------------------------
+# Database Configuration
+# -----------------------------------------------------------------------------
+# PostgreSQL connection string
+# Format: postgresql://username:password@host:port/database?schema=public
+DATABASE_URL=postgresql://postgres:password@localhost:5432/spywatcher?schema=public
+
+# Database password (if using separate credential management)
 DB_PASSWORD=your_secure_database_password
 
+# -----------------------------------------------------------------------------
 # Backend Environment Variables
-ADMIN_DISCORD_IDS=your_admin_discord_ids
-BOT_GUILD_IDS=your_bot_guild_ids
-DISCORD_BOT_TOKEN=your_discord_bot_token
-DISCORD_CLIENT_ID=your_discord_client_id
-DISCORD_CLIENT_SECRET=your_discord_client_secret
-DISCORD_GUILD_ID=your_discord_guild_id
+# -----------------------------------------------------------------------------
+
+# Discord Configuration
+DISCORD_BOT_TOKEN=your_discord_bot_token_here_min_50_chars
+DISCORD_CLIENT_ID=your_discord_client_id_here
+DISCORD_CLIENT_SECRET=your_discord_client_secret_here_min_20_chars
+DISCORD_GUILD_ID=your_primary_guild_id_here
 DISCORD_REDIRECT_URI=http://localhost:5173/auth/callback
-JWT_REFRESH_SECRET=your_jwt_refresh_secret
-JWT_SECRET=your_jwt_secret
+
+# Bot Configuration
+BOT_GUILD_IDS=guild_id_1,guild_id_2
+ADMIN_DISCORD_IDS=admin_user_id_1,admin_user_id_2
+
+# JWT Configuration
+JWT_SECRET=your_jwt_secret_min_32_chars_generate_with_openssl
+JWT_REFRESH_SECRET=your_jwt_refresh_secret_min_32_chars_different_from_jwt_secret
+JWT_ACCESS_EXPIRES_IN=15m
+JWT_REFRESH_EXPIRES_IN=7d
+
+# Server Configuration
 NODE_ENV=development
 PORT=3001
 
+# CORS Configuration
+CORS_ORIGINS=http://localhost:5173,http://127.0.0.1:5173
+
+# Feature Flags
+ENABLE_RATE_LIMITING=true
+ENABLE_IP_BLOCKING=true
+LOG_LEVEL=info
+
+# Frontend URL (for redirects)
+FRONTEND_URL=http://localhost:5173
+
+# -----------------------------------------------------------------------------
 # Frontend Environment Variables
-VITE_API_URL=http://localhost:3001
-VITE_DISCORD_CLIENT_ID=your_vite_discord_client_id
+# -----------------------------------------------------------------------------
+
+# API Configuration
+VITE_API_URL=http://localhost:3001/api
+
+# Discord Configuration (Client-side)
+VITE_DISCORD_CLIENT_ID=your_discord_client_id_here
+
+# Environment
+VITE_ENVIRONMENT=development
+
+# Feature Flags
+VITE_ENABLE_ANALYTICS=false
+
+# Analytics (optional)
+VITE_ANALYTICS_TRACKING_ID=
+
+# =============================================================================
+# Additional Notes
+# =============================================================================
+#
+# Security Best Practices:
+# - Never commit .env files to version control
+# - Use strong, randomly generated secrets (at least 32 characters)
+# - Rotate secrets regularly in production
+# - Use environment-specific configuration files
+# - Store production secrets in a secure secret management system
+#
+# Generate secure random strings:
+# - macOS/Linux: openssl rand -hex 32
+# - Node.js: node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
+#
+# Environment-Specific Files:
+# - .env.development - Development environment
+# - .env.staging - Staging environment
+# - .env.production - Production environment (use secret manager instead)
+# - .env.test - Test environment
+#
+# For more information, see the project documentation.
+# =============================================================================

.prettierignore

@@ -17,8 +17,13 @@ coverage/
 .eslintcache
 .stylelintcache
 
+# Test reports
+playwright-report/
+test-results/
+
 # Prisma generated
 **/src/generated/prisma/
+**/prisma/migrations/
 
 # Logs
 *.log
@@ -33,3 +38,7 @@ pnpm-lock.yaml
 .env
 .env.*
 !.env.example
+
+# OS files
+.DS_Store
+Thumbs.db

frontend/.gitignore

@@ -7,9 +7,14 @@ yarn-error.log*
 pnpm-debug.log*
 lerna-debug.log*
 
+# Dependencies
 node_modules
+
+# Build outputs
 dist
 dist-ssr
+build
+out
 *.local
 
 # Test artifacts
@@ -17,6 +22,7 @@ coverage
 .nyc_output
 playwright-report
 test-results
+.vitest
 
 # Editor directories and files
 .vscode/*
@@ -28,3 +34,18 @@ test-results
 *.njsproj
 *.sln
 *.sw?
+
+# Environment files
+.env
+.env.*
+!.env.example
+
+# TypeScript
+*.tsbuildinfo
+
+# Vite
+.vite
+
+# Cache
+.cache
+.parcel-cache