* Added placeholder text to site when loading JS

* Added hidden text to site for scraping
* Login token will be destroyed if fetch site totals is called and the token is bad
* Moved passwords out of application and into a .env file that is loaded on startup
* Changed prod database password for primary user (which is dev)
* Set up .env for dev and prod

server/helpers/Auth.js

@@ -2,16 +2,16 @@ var jwt = require('jsonwebtoken');
 
 let Auth = {}
 
-const secretKey = '@TODO define secret constant its important!!!'
+const tokenSecretKey = process.env.JSON_KEY
 
 Auth.createToken = (userId) => {
 	const signedData = {'id': userId, 'date':Date.now()}
-	const token = jwt.sign(signedData, secretKey)
+	const token = jwt.sign(signedData, tokenSecretKey)
 	return token
 }
 Auth.decodeToken = (token) => {
 	return new Promise((resolve, reject) => {
-		jwt.verify(token, secretKey, function(err, decoded){
+		jwt.verify(token, tokenSecretKey, function(err, decoded){
 			if(err || decoded.id == undefined){
 				reject('Bad Token')
 				return