Security issue: Token is shared in source

[modem7]

If you look at script.js when running via a reverse proxy, it shares the token of the Plex server in plain text which is a massive issue.

////// WARNING
// Never share the following token with anyone! Do not host this on a public server with the token in place!
// Keep it secret, keep it safe! If compromised, generate a new one: https://support.plex.tv/articles/204059436-finding-an-authentication-token-x-plex-token/
const serverToken = 'plaintexttokenhere',// ex: 'ad2T-askdjasd9WxJVBPQ'
serverIp = 'https://myplexdomain.com',// ex: 'http://12.345.678.90:32400'
libraryListUrl = serverIp + '/library/sections?X-Plex-Token=' + serverToken,

I understand that there is a warning you should not host your copy of Medialytics anywhere that is publicly accessible, but storing it in plain text may not be the best way of going about it.

[Drewpeifer]

That is actually just dummy characters made to look like a token, not my personal token, not sure if it even the correct number of chars

[Drewpeifer]

sorry was looking at this on mobile before, I see what you are saying now. To be honest there is always going to be a risk associated with using the token as the API requests will always contain it and can be intercepted by a bad actor. I think the amount of time needed to invest in making it "secure" is more than I am willing to devote at this point, sorry. That's why i'm so explicit about the intended use case.