chore(config): move hardcoded secrets to environment variables

.gitignore

@@ -37,3 +37,6 @@ build/
 
 ### VS Code ###
 .vscode/
+
+.env
+*.env

walkguide-backend/demo/pom.xml

@@ -136,53 +136,30 @@
         <plugins>
 
             <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
+            <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-compiler-plugin</artifactId>
+            <artifactId>maven-compiler-plugin</artifactId>
-                <configuration>
+            <configuration>
-                    <annotationProcessorPaths>
+                <annotationProcessorPaths>
-                        <path>
+                    <path>
-                            <groupId>org.projectlombok</groupId>
+                        <groupId>org.projectlombok</groupId>
-                            <artifactId>lombok</artifactId>
+                        <artifactId>lombok</artifactId>
-                            <version>1.18.36</version>
+                        <version>1.18.36</version>
-                        </path>
+                    </path>
-                    </annotationProcessorPaths>
+                </annotationProcessorPaths>
-                </configuration>
+            </configuration>
-            </plugin>
+            <executions>
-
+                <execution>
-            <plugin>
+                    <id>default-compile</id>
-                <groupId>org.apache.maven.plugins</groupId>
+                    <phase>compile</phase>
-                <artifactId>maven-compiler-plugin</artifactId>
+                    <goals><goal>compile</goal></goals>
-                <executions>
+                </execution>
-                    <execution>
+                <execution>
-                        <id>default-compile</id>
+                    <id>default-testCompile</id>
-                        <phase>compile</phase>
+                    <phase>test-compile</phase>
-                        <goals><goal>compile</goal></goals>
+                    <goals><goal>testCompile</goal></goals>
-                        <configuration>
+                </execution>
-                            <annotationProcessorPaths>
+            </executions>
-                                <path>
+        </plugin>
-                                    <groupId>org.projectlombok</groupId>
-                                    <artifactId>lombok</artifactId>
-                                    <version>1.18.36</version>
-                                </path>
-                            </annotationProcessorPaths>
-                        </configuration>
-                    </execution>
-                    <execution>
-                        <id>default-testCompile</id>
-                        <phase>test-compile</phase>
-                        <goals><goal>testCompile</goal></goals>
-                        <configuration>
-                            <annotationProcessorPaths>
-                                <path>
-                                    <groupId>org.projectlombok</groupId>
-                                    <artifactId>lombok</artifactId>
-                                    <version>1.18.36</version>
-                                </path>
-                            </annotationProcessorPaths>
-                        </configuration>
-                    </execution>
-                </executions>
-            </plugin>
 
             <!-- JACOCO - Code Coverage >=70% -->
             <plugin>

walkguide-backend/demo/src/main/resources/.env.example

@@ -0,0 +1,35 @@
+# ===================================================
+# Profile: prod (production)
+# Aktifkan dengan: --spring.profiles.active=prod
+# Semua nilai WAJIB diisi via environment variable
+# Tidak ada default value — akan gagal start jika kosong
+# ===================================================
+
+spring:
+  datasource:
+    url: ${DB_URL}
+    username: ${DB_USERNAME}
+    password: ${DB_PASSWORD}
+
+  jpa:
+    show-sql: false
+    properties:
+      hibernate:
+        format_sql: false
+
+server:
+  port: ${PORT:8080}
+
+jwt:
+  secret: ${JWT_SECRET}
+  expiration: ${JWT_EXPIRATION:86400000}
+
+agora:
+  app-id: ${AGORA_APP_ID}
+  app-certificate: ${AGORA_APP_CERTIFICATE}
+
+logging:
+  level:
+    com.walkguide: INFO
+    org.springframework.messaging: WARN
+    org.springframework.web.socket: WARN

walkguide-backend/demo/src/main/resources/application-dev.yml

@@ -0,0 +1,31 @@
+# ===================================================
+# Profile: dev (development lokal)
+# Aktifkan dengan: --spring.profiles.active=dev
+# atau set env: SPRING_PROFILES_ACTIVE=dev
+# ===================================================
+
+spring:
+  datasource:
+    url: ${DB_URL:jdbc:postgresql://202.46.28.160:2002/uas_5803024001}
+    username: ${DB_USERNAME:5803024001}
+    password: ${DB_PASSWORD:pw5803024001}
+
+  jpa:
+    show-sql: true
+    properties:
+      hibernate:
+        format_sql: true
+
+jwt:
+  secret: ${JWT_SECRET:404E635266556A586E3272357538782F413F4428472B4B6250645367566B5970}
+  expiration: 86400000
+
+agora:
+  app-id: ${AGORA_APP_ID:}
+  app-certificate: ${AGORA_APP_CERTIFICATE:}
+
+logging:
+  level:
+    com.walkguide: DEBUG
+    org.springframework.messaging: DEBUG
+    org.springframework.web.socket: DEBUG

walkguide-backend/demo/src/main/resources/application-prod.yml

@@ -0,0 +1,35 @@
+# ===================================================
+# Profile: prod (production)
+# Aktifkan dengan: --spring.profiles.active=prod
+# Semua nilai WAJIB diisi via environment variable
+# Tidak ada default value — akan gagal start jika kosong
+# ===================================================
+
+spring:
+  datasource:
+    url: ${DB_URL}
+    username: ${DB_USERNAME}
+    password: ${DB_PASSWORD}
+
+  jpa:
+    show-sql: false
+    properties:
+      hibernate:
+        format_sql: false
+
+server:
+  port: ${PORT:8080}
+
+jwt:
+  secret: ${JWT_SECRET}
+  expiration: ${JWT_EXPIRATION:86400000}
+
+agora:
+  app-id: ${AGORA_APP_ID}
+  app-certificate: ${AGORA_APP_CERTIFICATE}
+
+logging:
+  level:
+    com.walkguide: INFO
+    org.springframework.messaging: WARN
+    org.springframework.web.socket: WARN

walkguide-backend/demo/src/main/resources/application.properties

@@ -1,10 +1,10 @@
 # ===== SERVER =====
-server.port=8080
+server.port=${SERVER_PORT:8080}
 
 # ===== POSTGRESQL CONNECTION =====
-spring.datasource.url=jdbc:postgresql://202.46.28.160:2002/uas_5803024001
+spring.datasource.url=${DB_URL}
-spring.datasource.username=5803024001
+spring.datasource.username=${DB_USERNAME}
-spring.datasource.password=pw5803024001
+spring.datasource.password=${DB_PASSWORD}
 spring.datasource.driver-class-name=org.postgresql.Driver
 
 # ===== JPA / HIBERNATE =====
@@ -19,22 +19,19 @@ spring.flyway.locations=classpath:db/migration
 spring.flyway.baseline-on-migrate=true
 
 # ===== JWT =====
-jwt.secret=404E635266556A586E3272357538782F413F4428472B4B6250645367566B5970
+jwt.secret=${JWT_SECRET}
-jwt.expiration=86400000
+jwt.expiration=${JWT_EXPIRATION:86400000}
 
 # ===== SWAGGER =====
 springdoc.swagger-ui.path=/swagger-ui.html
 springdoc.api-docs.path=/v3/api-docs
 
 # ===== AGORA RTC =====
-# Isi dengan nilai dari dashboard.agora.io setelah buat project
+agora.app-id=${AGORA_APP_ID:}
-# Jika kosong: AgoraTokenService akan generate token kosong (mode demo/testing)
+agora.app-certificate=${AGORA_APP_CERTIFICATE:}
-agora.app-id=
-agora.app-certificate=
 
 # ===== WEBSOCKET =====
 # WebSocket auto-dikonfigurasi oleh WebSocketConfig.java
-# Tidak perlu config tambahan — Spring Boot auto-detect starter-websocket
 
 # ===== LOGGING =====
 logging.level.com.walkguide=DEBUG

walkguide-backend/demo/src/test/java/com/walkguide/service/AuthServiceTest.java

@@ -7,9 +7,11 @@ import com.walkguide.entity.RefreshToken;
 import com.walkguide.entity.User;
 import com.walkguide.entity.UserSettings;
 import com.walkguide.enums.ActivityLogType;
+import com.walkguide.repository.HardwareShortcutRepository;
 import com.walkguide.repository.RefreshTokenRepository;
 import com.walkguide.repository.UserRepository;
 import com.walkguide.repository.UserSettingsRepository;
+import com.walkguide.repository.VoiceCommandConfigRepository;
 import com.walkguide.security.JwtUtil;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.DisplayName;
@@ -35,6 +37,8 @@ class AuthServiceTest {
     @Mock UserRepository userRepository;
     @Mock RefreshTokenRepository refreshTokenRepository;
     @Mock UserSettingsRepository userSettingsRepository;
+    @Mock HardwareShortcutRepository hardwareShortcutRepository;
+    @Mock VoiceCommandConfigRepository voiceCommandConfigRepository;
     @Mock ActivityLogService activityLogService;
     @Mock JwtUtil jwtUtil;
     @Mock PasswordEncoder passwordEncoder;