AkiraBrown
commented
6 days ago Removed secret from string variable and used "dotenv" package to pull environment variables from .env file.
Closed AkiraBrown closed 6 days ago
AkiraBrown
commented
6 days ago Removed secret from string variable and used "dotenv" package to pull environment variables from .env file.
On line 7 the secret used to sign tokens is improperly stored which poses a risk to users' JWT tokens. All created JWT tokens use the secret to apply a signature on the token and verify that it's a genuine token.