tobynott80
commented
1 year ago Just noticed that this was taken from the BeFake library - I'll make an issue there too.
Closed tobynott80 closed 1 year ago
tobynott80
commented
1 year ago Just noticed that this was taken from the BeFake library - I'll make an issue there too.
s-alad
commented
1 year ago That specific API key is from BeReal itself. It's used to authorize otp and refresh tokens. It's neither my API key or the BeFake libraries API key, however it is needed to authorize with BeReal servers.
There is a different api key which I do have as an env variable on vercel used for geolocation, that is my personal key and it is hidden :)
Thank you for being attentive though!
In api.py your google api key is exposed.
It might be a good idea to use environment variables like in parse.py. Anyone with the source code can now make firebase api calls with your key- might end up costing you money (https://cloud.google.com/docs/authentication/api-keys#securing). Once this has changed you might also want to revoke the old api key and set a new one- given that the old one will still be exposed through git commits.
Vercel has functionality to add env variables for running the production site (https://vercel.com/docs/concepts/projects/environment-variables)