update demonstration code for better environment variable security

2025-05-07 01:15:31 +02:00 · 2021-05-25 14:01:54 -04:00 · 2021-05-25 14:01:54 -04:00 · fd87866a51
commit fd87866a51
parent b2d3995896
6 changed files with 565 additions and 574 deletions
--- a/README.md
+++ b/README.md
@ -35,14 +35,14 @@ SvelteKitAuth is very easy to setup! All you need to do is instantiate the `Svel
 export const appAuth = new SvelteKitAuth({
  providers: [
    new GoogleOAuthProvider({
-      clientId: import.meta.env.VITE_GOOGLE_OAUTH_CLIENT_ID,
-      clientSecret: import.meta.env.VITE_GOOGLE_OAUTH_CLIENT_SECRET,
+      clientId: process.env['VITE_GOOGLE_OAUTH_CLIENT_ID'],
+      clientSecret: process.env['GOOGLE_OAUTH_CLIENT_SECRET'],
      profile(profile) {
        return { ...profile, provider: "google" };
      },
    }),
  ],
-  jwtSecret: import.meta.env.JWT_SECRET_KEY,
+  jwtSecret: process.env['JWT_SECRET_KEY'],
 });
 ```

--- a/app/package.json
+++ b/app/package.json
@ -33,6 +33,7 @@
    "@fontsource/fira-mono": "^4.3.0",
    "@fontsource/inter": "^4.3.0",
    "clsx": "^1.1.1",
+    "dotenv": "^10.0.0",
    "prismjs": "^1.23.0",
    "sk-auth": "file:../"
  }
--- a/app/src/lib/appAuth.ts
+++ b/app/src/lib/appAuth.ts
@ -5,33 +5,36 @@ import {
  RedditOAuth2Provider,
  TwitterAuthProvider,
 } from "sk-auth/providers";
+import dotenv from 'dotenv';
+
+dotenv.config();

 export const appAuth = new SvelteKitAuth({
  providers: [
    new GoogleOAuth2Provider({
-      clientId: import.meta.env.VITE_GOOGLE_OAUTH_CLIENT_ID,
-      clientSecret: import.meta.env.VITE_GOOGLE_OAUTH_CLIENT_SECRET,
+      clientId: process.env['VITE_GOOGLE_OAUTH_CLIENT_ID'],
+      clientSecret: process.env['GOOGLE_OAUTH_CLIENT_SECRET'],
      profile(profile) {
        return { ...profile, provider: "google" };
      },
    }),
    new FacebookOAuth2Provider({
-      clientId: import.meta.env.VITE_FACEBOOK_OAUTH_CLIENT_ID,
-      clientSecret: import.meta.env.VITE_FACEBOOK_OAUTH_CLIENT_SECRET,
+      clientId: process.env['VITE_FACEBOOK_OAUTH_CLIENT_ID'],
+      clientSecret: process.env['FACEBOOK_OAUTH_CLIENT_SECRET'],
      profile(profile) {
        return { ...profile, provider: "facebook" };
      },
    }),
    new TwitterAuthProvider({
-      apiKey: import.meta.env.VITE_TWITTER_API_KEY,
-      apiSecret: import.meta.env.VITE_TWITTER_API_SECRET,
+      apiKey: process.env['VITE_TWITTER_API_KEY'],
+      apiSecret: process.env['TWITTER_API_SECRET'],
      profile(profile) {
        return { ...profile, provider: "twitter" };
      },
    }),
    new RedditOAuth2Provider({
-      apiKey: import.meta.env.VITE_REDDIT_API_KEY,
-      apiSecret: import.meta.env.VITE_REDDIT_API_SECRET,
+      apiKey: process.env['VITE_REDDIT_API_KEY'],
+      apiSecret: process.env['REDDIT_API_SECRET'],
      profile(profile) {
        profile = RedditOAuth2Provider.profileHandler(profile);
        return { ...profile, provider: "reddit" };
@ -54,5 +57,5 @@ export const appAuth = new SvelteKitAuth({
      return token;
    },
  },
-  jwtSecret: import.meta.env.JWT_SECRET_KEY,
+  jwtSecret: process.env['JWT_SECRET_KEY'],
 });
--- a/app/src/routes/index.svelte
+++ b/app/src/routes/index.svelte
@ -14,8 +14,8 @@
  const code = `export const appAuth = new SvelteKitAuth({
  providers: [
    new GoogleOAuthProvider({
-      clientId: import.meta.env.VITE_GOOGLE_OAUTH_CLIENT_ID,
-      clientSecret: import.meta.env.VITE_GOOGLE_OAUTH_CLIENT_SECRET,
+      clientId: process.env['VITE_GOOGLE_OAUTH_CLIENT_ID'],
+      clientSecret: process.env['GOOGLE_OAUTH_CLIENT_SECRET'],
      profile(profile) {
        return { ...profile, provider: "google" };
      },
@ -37,7 +37,7 @@
      return token;
    },
  },
-  jwtSecret: import.meta.env.JWT_SECRET_KEY,
+  jwtSecret: process.env['JWT_SECRET_KEY'],
 });`;

  onMount(async () => {
--- a/app/yarn.lock
+++ b/app/yarn.lock
--- a/yarn.lock
+++ b/yarn.lock