This PR fixes all instances where JWT tokens where decoded using a hardcoded something-secret string. It also fixes the .gitignore file so that package-lock.json and code-generated files are committed to the repository.
Changes
Add dotenv to the list of dependencies and configure it to load the .env file in config/globals.js.
Replace the hardcoded something-secret string with JWT_SECRET environment variable constant.
Remove package-lock.json and codegen files from the .gitignore.
Summary
This PR fixes all instances where JWT tokens where decoded using a hardcoded
something-secretstring. It also fixes the.gitignorefile so thatpackage-lock.jsonand code-generated files are committed to the repository.Changes
dotenvto the list of dependencies and configure it to load the.envfile inconfig/globals.js.something-secretstring withJWT_SECRETenvironment variable constant.package-lock.jsonand codegen files from the.gitignore.