remove sensitive config

2 weeks ago · 3ae805220a
parent a76ec7ae1d
commit 3ae805220a
3 changed files with 9 additions and 10 deletions
--- a/server/authjs-handler.ts
+++ b/server/authjs-handler.ts
@ -17,9 +17,6 @@ import { env } from "./env.js";
 import { getDbClient } from "../database/index.js";
 import { JWT } from "@auth/core/jwt";

-const POSTGRES_CONNECTION_STRING =
-  "postgres://neondb_owner:npg_sOVmj8vWq2zG@ep-withered-king-adiz9gpi-pooler.c-2.us-east-1.aws.neon.tech:5432/neondb?sslmode=require&channel_binding=true";
-
 if (!globalThis.crypto) {
  /**
   * Polyfill needed if Auth.js code runs on node18
@ -40,7 +37,7 @@ const authjsConfig = {
  // ),
  trustHost: true,
  // TODO: Replace secret {@see https://authjs.dev/reference/core#secret}
-  secret: "buginoo",
+  secret: env.AUTHJS_SECRET,
  providers: [
    // TODO: Choose and implement providers
    // CredentialsProvider({
@ -64,15 +61,15 @@ const authjsConfig = {
    //   },
    // }),
    GoogleProvider({
-      clientId:
-        "697711350664-t6237s5n3ttjd1npp1qif1aupptkr0va.apps.googleusercontent.com",
-      clientSecret: "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",
+      clientId: env.GOOGLE_CLIENT_ID,
+      clientSecret: env.GOOGLE_CLIENT_SECRET,
    }),
  ],
  callbacks: {
    async signIn({ user, account, profile }) {
      if (typeof user?.email !== "string") return false;
-      const dbClient = await getDbClient(POSTGRES_CONNECTION_STRING);
+      //@ts-ignore
+      const dbClient = await getDbClient(env.POSTGRES_CONNECTION_STRING);
      let userFromDb = await dbClient
        .selectFrom("users")
        .selectAll()
@ -98,7 +95,8 @@ const authjsConfig = {
    },
    jwt: async ({ token }) => {
      if (typeof token?.email !== "string") return token;
-      const dbClient = await getDbClient(POSTGRES_CONNECTION_STRING);
+      //@ts-ignore
+      const dbClient = await getDbClient(env.POSTGRES_CONNECTION_STRING);
      let userFromDb = await dbClient
        .selectFrom("users")
        .selectAll()
--- a/server/trpc-handler.ts
+++ b/server/trpc-handler.ts
@ -27,7 +27,7 @@ export const trpcHandler = ((endpoint) => (request, context, runtime) => {
      );
      const jwt = await getToken({
        req,
-        secret: "buginoo",
+        secret: processEnv.AUTHJS_SECRET,
        /** Needed to specify cookie name because for some reason in production
         * it wasn't reading the correct cookie but in development it was. It
         * was not straightforward to fix the name of the cookie in
--- a/wrangler.toml
+++ b/wrangler.toml
@ -10,6 +10,7 @@ MILVUS_USERNAME = "db_639fdba4bcde098"
 [env.production.vars]
 MILVUS_ADDRESS = "in03-639fdba4bcde098.serverless.gcp-us-west1.cloud.zilliz.com"
 MILVUS_USERNAME = "db_639fdba4bcde098"
+GOOGLE_CLIENT_ID = "697711350664-t6237s5n3ttjd1npp1qif1aupptkr0va.apps.googleusercontent.com"
 NODE_ENV = "production"

 [env.preview.vars]