Extract backend runtime configuration

backend/index.js

@@ -1,16 +1,17 @@
 require('dotenv').config();
 const express = require('express');
-const cors = require('cors');
 const path = require('path');
 const bcrypt = require('bcryptjs');
 const jwt = require('jsonwebtoken');
 const crypto = require('crypto');
-const nodemailer = require('nodemailer');
 const multer = require('multer');
 const { v4: uuidv4 } = require('uuid');
 const fs = require('fs');
 const pool = require('./db');
-const { stripEnvQuotes, hashSecret, maskSecret } = require('./utils/security');
+const { hashSecret, maskSecret } = require('./utils/security');
+const transporter = require('./services/mailer');
+const { createCorsMiddleware } = require('./config/cors');
+const { allowedOrigins, getBaseUrl, getStartupBaseUrl, isProduction, jwtSecret: JWT_SECRET, port: PORT } = require('./config/runtime');
 const {
   canReadUser,
   canUpdateUser,
@@ -21,69 +22,9 @@ const {
 } = require('./policies/accessPolicy');
 
 const app = express();
-const PORT = process.env.PORT || 3001;
-const isProduction = process.env.NODE_ENV === 'production';
-const JWT_SECRET = process.env.JWT_SECRET || (isProduction ? null : 'fasto_dev_secret_change_me');
-
-if (!JWT_SECRET) {
-  throw new Error('JWT_SECRET is required in production.');
-}
-
 const USER_PUBLIC_FIELDS = 'id, tenant_id, team_id, name, email, slug, role, status, bio, avatar_url, sound_enabled, created_at';
 
-const transporter = nodemailer.createTransport({
-  host: process.env.SMTP_HOST || 'mail.blyzer.com.br',
-  port: parseInt(process.env.SMTP_PORT) || 587,
-  secure: false, // false para 587 (STARTTLS)
-  auth: {
-    user: stripEnvQuotes(process.env.SMTP_USER || 'nao-responda@blyzer.com.br'),
-    pass: stripEnvQuotes(process.env.SMTP_PASS || ''),
-  },
-  tls: {
-    ciphers: 'SSLv3',
-    rejectUnauthorized: false
-  },
-  debug: process.env.SMTP_DEBUG === 'true',
-  logger: process.env.SMTP_DEBUG === 'true'
-});
-
-// Helper para obter a URL base
-const getBaseUrl = (req) => {
-  // Use explicit environment variable if set
-  if (process.env.APP_URL) return process.env.APP_URL;
-  
-  // Otherwise, attempt to construct it from the request object dynamically
-  const host = req ? (req.get('host') || 'localhost:3001') : 'localhost:3001';
-  const protocol = (req && (req.protocol === 'https' || req.get('x-forwarded-proto') === 'https')) ? 'https' : 'http';
-  
-  // Se estivermos em produção e o host não for localhost, force HTTPS
-  if (process.env.NODE_ENV === 'production' && !host.includes('localhost')) {
-    return `https://${host}`;
-  }
-  return `${protocol}://${host}`;
-};
-
-// Quando não temos a request (ex: startup), usamos uma versão simplificada
-const getStartupBaseUrl = () => {
-  if (process.env.APP_URL) return process.env.APP_URL;
-  if (process.env.NODE_ENV === 'production') return 'https://fasto.blyzer.com.br';
-  return 'http://localhost:3001';
-};
-
-const allowedOrigins = (process.env.CORS_ORIGIN || '')
-  .split(',')
-  .map(origin => origin.trim())
-  .filter(Boolean);
-
-app.use(cors({
-  origin: (origin, callback) => {
-    if (!origin || !isProduction || allowedOrigins.includes(origin)) {
-      return callback(null, true);
-    }
-    return callback(new Error('Origem não permitida pelo CORS.'));
-  },
-  credentials: true
-}));
+app.use(createCorsMiddleware({ allowedOrigins, isProduction }));
 app.use(express.json());
 
 // Logger de Requisições