Closed jacob-macleod closed 4 months ago
A different key is used on the backend.The firebase_confdig.json file is still used, as well as another file with a genuinely secret API key. Thus, according to https://firebase.google.com/docs/projects/api-keys, I can show it, so long as I'm not using:
According to https://infosecwriteups.com/is-it-safe-to-expose-your-firebase-api-key-bf2a318c0f29, people using the API key can make lots of sign in requests, but they can do that anyway using the app. The idea that it is safe is echoed by https://stackoverflow.com/questions/37482366/is-it-safe-to-expose-firebase-apikey-to-the-public, as does https://medium.com/@paulbreslin/is-it-safe-to-expose-your-firebase-api-key-to-the-public-7e5bd01e637b
The coding side of this is now done - next, the size of the docker image needs to be reduced
It looks like the installed node modules is the reason for the large docker image. I've made the pipeline remove this automatically. A MR will now be made to test the new pipeline
There are several main tasks for this DevSecOps focused issue:
http://dolphin-flashcards.com
) so that the frontend can be run independently of the local backend server. So the frontend should never need the backend server running locally. The url should be in a standalone file for easy access~"my/data/path"
) to a json location. Add reading and writing this way. Use ChatGPT for this~CONTRIBUTING.md
file. This should explain how to contribute for frontend and backend, and explain the relationship between the two separate codebases. Since local files are now read from in dev for the backend, no firebase configuration should be needed. This should be explain, and a link given to explain how to setup your own test project. The frontend will use the real production code, from the public API~CONTRIBUTING.md
~README.md
~This must be done before contributors can really work on code. Right now, the backend server must be running locally, connected to the live production database, to do any contributing