Changement des var database

[odensutibun]

Summary by CodeRabbit

• Chores
  • Updated database connection configuration to use a cloud-based service instead of local connectivity, enabling remote database access and production-level scalability.
  • Revised application identifier and master authentication credentials for production environment deployment.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[parse-github-assistant]

🚀 Thanks for opening this pull request!

[coderabbitai]

📝 Walkthrough

Walkthrough

The pull request updates the MongoDB connection configuration from a local instance to MongoDB Atlas SRV and revises default application settings in the config file, including appId and masterKey values.

Changes

Cohort / File(s)	Summary
Database Configuration .env.example, config.js	Updated MongoDB connection string to MongoDB Atlas SRV format; modified config.databaseURI to reference hardcoded connection string instead of environment variables; updated default appId from 'myAppId' to 'App-gym' and default masterKey from '' to 'master_root'

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Verify the MongoDB Atlas connection string format is valid and credentials are properly handled
• Confirm that hardcoding the database URI and credentials in the config file does not pose security concerns
• Ensure the changes to appId and masterKey defaults align with application requirements and do not break existing functionality

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'Changement des var database' is vague and uses non-descriptive French terminology that obscures the actual changes being made.	Use a clear, specific English title that describes the main change, such as 'Update MongoDB connection to Atlas cluster' or 'Switch database URI to MongoDB Atlas SRV connection'.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

📝 Customizable high-level summaries are now available in beta!

You can now customize how CodeRabbit generates the high-level summary in your pull requests — including its content, structure, tone, and formatting.

• Provide your own instructions using the high_level_summary_instructions setting.
• Format the summary however you like (bullet lists, tables, multi-section layouts, contributor stats, etc.).
• Use high_level_summary_in_walkthrough to move the summary from the description to the walkthrough section.

Example instruction:

"Divide the high-level summary into five sections:

1. 📝 Description — Summarize the main change in 50–60 words, explaining what was done.
2. 📓 References — List relevant issues, discussions, documentation, or related PRs.
3. 📦 Dependencies & Requirements — Mention any new/updated dependencies, environment variable changes, or configuration updates.
4. 📊 Contributor Summary — Include a Markdown table showing contributions:
   | Contributor | Lines Added | Lines Removed | Files Changed |
5. ✔️ Additional Notes — Add any extra reviewer context.
   Keep each section concise (under 200 words) and use bullet or numbered lists for clarity."

Note: This feature is currently in beta for Pro-tier users, and pricing will be announced later.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 91256ef and f4d97f7.

📒 Files selected for processing (2)

• .env.example (1 hunks)
• config.js (1 hunks)

🔇 Additional comments (1)

config.js (1)

8-8: LGTM: AppId default updated appropriately.

The change to use 'App-gym' as the default appId is acceptable and more descriptive than the generic 'myAppId'. The environment variable pattern is correctly maintained.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

This environment variable is no longer used by the application.

The MONGODB_URI environment variable defined here is ignored because config.js now uses a hardcoded database URI instead of reading from process.env.MONGODB_URI. This makes the .env.example misleading.

This should be addressed by fixing the critical issue in config.js (see comments on that file).

🤖 Prompt for AI Agents

In .env.example around line 3 the MONGODB_URI entry is misleading because
config.js currently ignores process.env.MONGODB_URI and uses a hardcoded URI;
fix by updating config.js to read the Mongo URL from process.env.MONGODB_URI
(with the current hardcoded URI as a safe fallback) so the .env variable is
actually used and keep the .env.example entry, or alternatively remove the entry
here if you intentionally want a hardcoded value—prefer the former (read env var
with fallback) and ensure any tests/startup use the env variable.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Critical: Remove hardcoded database credentials from source code.

Hardcoding the database URI directly in the source code is a serious security vulnerability:

1. The database username (odensutibun_db_user) and cluster endpoint are exposed in version control
2. This defeats the purpose of using environment variables for configuration
3. The MONGODB_URI environment variable defined in .env.example is now completely ignored
4. This violates 12-factor app configuration principles

Even with a placeholder password, exposing the username and cluster details makes your database more vulnerable to attacks.

Apply this diff to restore environment variable usage:

-var databaseURI = 'mongodb+srv://odensutibun_db_user:<db_password>@gymproject.d2bedmi.mongodb.net/?appName=GymProject';
-
 export const config = {
-  databaseURI: databaseURI,
+  databaseURI: process.env.MONGODB_URI || 'mongodb://localhost:27017/parse',
   cloud: () => import('./cloud/main.js'),

This allows you to:

• Keep credentials out of version control
• Use the MONGODB_URI environment variable from .env.example
• Maintain a sensible local development fallback

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	var databaseURI = 'mongodb+srv://odensutibun_db_user:<db_password>@gymproject.d2bedmi.mongodb.net/?appName=GymProject';
	export const config = {
	databaseURI:
	process.env.DATABASE_URI || process.env.MONGODB_URI || 'mongodb://localhost:27017/dev',
	databaseURI: databaseURI,
	export const config = {
	databaseURI: process.env.MONGODB_URI || 'mongodb://localhost:27017/parse',

🤖 Prompt for AI Agents

In config.js around lines 3–6, remove the hardcoded MongoDB connection string
and replace it with logic that reads the connection URI from
process.env.MONGODB_URI (with a sensible local fallback for development) and
export that value; ensure no credentials remain in source, update .env.example
to document MONGODB_URI, and fail fast or log a clear error if neither env var
nor fallback is available so credentials are never committed.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Major security risk: Weak default master key exposes the application.

Setting a hardcoded default master key ('master_root') is a significant security vulnerability:

1. If the MASTER_KEY environment variable is not set, the application will use this publicly-known weak key
2. The master key grants full administrative access to your Parse Server
3. The previous empty string default was safer as it would cause configuration errors, forcing proper setup

Apply this diff to remove the weak default:

-  masterKey: process.env.MASTER_KEY || 'master_root', //Add your master key here. Keep it secret!
+  masterKey: process.env.MASTER_KEY || '', //Add your master key here. Keep it secret!

Alternatively, make the master key required and fail early if not provided:

  masterKey: process.env.MASTER_KEY, // Required - must be set in environment

🤖 Prompt for AI Agents

config.js around line 9: the current line provides a hardcoded weak default
masterKey ('master_root'), which is a major security risk; change the assignment
to use only process.env.MASTER_KEY (remove the default) and add an early runtime
validation immediately after loading config that checks if
process.env.MASTER_KEY is set, and if not logs a clear error and exits or throws
so the process fails to start; update any comments to indicate the key is
required and document setting MASTER_KEY in deployment.