* Added placeholder text to site when loading JS

* Added hidden text to site for scraping * Login token will be destroyed if fetch site totals is called and the token is bad * Moved passwords out of application and into a .env file that is loaded on startup * Changed prod database password for primary user (which is dev) * Set up .env for dev and prod
2020-04-13 07:44:57 +00:00
parent 3535f0cb24
commit 278b204b3b
8 changed files with 61 additions and 19 deletions
--- a/server/config/database.js
+++ b/server/config/database.js
@@ -3,9 +3,9 @@ const mysql = require('mysql2');

 // Create the connection pool.
 const pool = mysql.createPool({
-	host: 'localhost',
-	user: 'dev',
-	password: "LazaLinga&33Can't!Do!That34",
+	host: process.env.DB_HOST,
+	user: process.env.DB_USER,
+	password: process.env.DB_PASS,
 	database: 'application',
 	waitForConnections: true,
 	connectionLimit: 20,
--- a/server/helpers/Auth.js
+++ b/server/helpers/Auth.js
@@ -2,16 +2,16 @@ var jwt = require('jsonwebtoken');

 let Auth = {}

-const secretKey = '@TODO define secret constant its important!!!'
+const tokenSecretKey = process.env.JSON_KEY

 Auth.createToken = (userId) => {
 	const signedData = {'id': userId, 'date':Date.now()}
-	const token = jwt.sign(signedData, secretKey)
+	const token = jwt.sign(signedData, tokenSecretKey)
 	return token
 }
 Auth.decodeToken = (token) => {
 	return new Promise((resolve, reject) => {
-		jwt.verify(token, secretKey, function(err, decoded){
+		jwt.verify(token, tokenSecretKey, function(err, decoded){
 			if(err || decoded.id == undefined){
 				reject('Bad Token')
 				return
--- a/server/index.js
+++ b/server/index.js
@@ -1,11 +1,17 @@
+//Set up environmental variables, pulled from .env file used as process.env.DB_HOST
+const os = require('os') //Used to get path of home directory
+const result = require('dotenv').config({ path:(os.homedir()+'/.env') })
+
 //Allow user of @ in in require calls. Config in package.json
 require('module-alias/register')

+//Auth helper, used for decoding users web token
 let Auth = require('@helpers/Auth')

+//Helmet adds additional security to express server
 const helmet = require('helmet')

-
+//Setup express server
 const express = require('express')
 const app = express()
 app.use( helmet() )