search

narayan954 / dummygram

DummyGram is a social media application where we have posts, stories, chat, friends, authentication, comment, delete, share and like feature. It uses ReactJs in the frontend for the UI and Firebase for the backend storing the users, posts, stories and comments.
https://narayan954.github.io/dummygram/
MIT License
81 stars 184 forks source link

[FEATURE] <Creating a dotenv file for storing API keys > #102

Closed ansharora28 closed 1 year ago

ansharora28 commented 2 years ago

Description

The script.js file is currently exposing the firebase API key. I think it would be a good practice to secure our key( a free one too) by creating a dotenv file in .gitignore to secure the keys to prevent any possible security issue ( bots may scan for API keys and access/use resources)

Screenshots

No response

Additional information

No response

github-actions[bot] commented 2 years ago

Hi there, Thanks a lot for raising the issue, we'll look into it asap. Also please mention if you wish to work on the issue as well so you could be assigned

ansharora28 commented 2 years ago

I would like to work on it if you think the issue is valid

narayan954 commented 2 years ago

Correct indeed! sure you can work on it in the coding period :)

kshitij01042002 commented 1 year ago

@ansharora28 are you still working on this issue?

ansharora28 commented 1 year ago

@kshitij01042002 Hi,yes I'm working on it.

kshitij01042002 commented 1 year ago

@ansharora28 have you created .env file it? if yes please raise a PR soo that I can document it for issue #113

ansharora28 commented 1 year ago

@kshitij01042002 I am facing some some problems after moving the keys to the dotenv file. I will take a look at it again and ask the mentor to unassign me if I'm not able to work it out. You can proceed with the issue then

kshitij01042002 commented 1 year ago

Okay Works!

ansharora28 commented 1 year ago

@narayan954 I was not able to figure out the problem with my code. Hence,I would like to explore other issues. You can assign it to @kshitij01042002

kshitij01042002 commented 1 year ago

@narayan954 can you assign me this under codepeak?

kshitij01042002 commented 1 year ago

@narayan954 while creating .env file and accessing it. The application is crashing which seems to be a common problem with no solid solution.Soo I suggest rather than creating a dotenv file we should document how to integrate app with firebase and modify firebase.js

narayan954 commented 1 year ago

@narayan954 while creating .env file and accessing it. The application is crashing which seems to be a common problem with no solid solution.Soo I suggest rather than creating a dotenv file we should document how to integrate app with firebase and modify firebase.js

Okay, we can add instruction to generate own API key as you're saying for now. This issue remains open till a solution is found I guess.

1010varun commented 1 year ago

Hey, @narayan954 please assign this issue to me

narayan954 commented 1 year ago

Hey, @narayan954 please assign this issue to me

under iwoc?

1010varun commented 1 year ago

Yess

narayan954 commented 1 year ago

Great! go ahead :)