[SWIK-1163_security_issues] Moved all secrets to aother file which is…

… just included in services
slidewiki · Jun 15, 2017 · 20e0b75 · 20e0b75
1 parent e91a1bf
commit 20e0b75
Show file tree

Hide file tree

Showing 6 changed files with 14 additions and 8 deletions.
diff --git a/configs/microservices.sample.js b/configs/microservices.sample.js
@@ -47,9 +47,7 @@ export default {
             uri: 'https://notificationservice.experimental.slidewiki.org'
         },
         'user': {
-            uri: 'https://userservice.experimental.slidewiki.org',
-            resetPasswordAPIKey: '2cbc621f86e97189239ee8c4c80b10b3a935b8a9f5db3def7b6a3ae7c4b75cb5',
-            PRIVATE_RECAPTCHA_KEY: '6LdNLyYTAAAAAFMC0J_zuVI1b9lXWZjPH6WLe-vJ'
+            uri: 'https://userservice.experimental.slidewiki.org'
         },
         'import': {
             uri: 'https://importservice.experimental.slidewiki.org',

diff --git a/configs/secrets.js b/configs/secrets.js
@@ -0,0 +1,4 @@
+export default {
+    resetPasswordAPIKey: '2cbc621f86e97189239ee8c4c80b10b3a935b8a9f5db3def7b6a3ae7c4b75cb5',
+    PRIVATE_RECAPTCHA_KEY: '6LdNLyYTAAAAAFMC0J_zuVI1b9lXWZjPH6WLe-vJ'
+};
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -11,4 +11,5 @@ env | grep "SLIDEWIKI_.*"
 
 cat /nodeApp/microservices.js.template | envsubst > /nodeApp/configs/microservices.js
 cat /nodeApp/general.js.template | envsubst > /nodeApp/configs/general.js
+cat /nodeApp/secrets.js.template | envsubst > /nodeApp/configs/secrets.js
 npm run build
diff --git a/microservices.js.template b/microservices.js.template
@@ -15,9 +15,7 @@ export default {
             uri: '${SERVICE_URL_NOTIFICATION}'
         },
         'user': {
-            uri: '${SERVICE_URL_USER}',
-            resetPasswordAPIKey: '${SERVICE_USER_APIKEY}',
-            PRIVATE_RECAPTCHA_KEY: '${SERVICE_USER_PRIVATE_RECAPTCHA_KEY}'
+            uri: '${SERVICE_URL_USER}'
         },
         'import': {
             uri: '${SERVICE_URL_IMPORT}',

diff --git a/secrets.js.template b/secrets.js.template
@@ -0,0 +1,4 @@
+export default {
+    resetPasswordAPIKey: '${SERVICE_USER_APIKEY}',
+    PRIVATE_RECAPTCHA_KEY: '${SERVICE_USER_PRIVATE_RECAPTCHA_KEY}'
+};
diff --git a/services/user.js b/services/user.js
@@ -1,6 +1,7 @@
 import { Microservices } from '../configs/microservices';
 import { hashingSalt } from '../configs/general';
 import rp from 'request-promise';
+import secrets from '../configs/secrets';
 const log = require('../configs/log').log;
 
 export default {
@@ -108,7 +109,7 @@ export default {
             rp.post({ //TODO increase timeout
                 uri: 'https://www.google.com/recaptcha/api/siteverify',
                 form: {
-                    secret: Microservices.user.PRIVATE_RECAPTCHA_KEY,
+                    secret: secrets.PRIVATE_RECAPTCHA_KEY,
                     response: args.grecaptcharesponse
                 }
             })
@@ -211,7 +212,7 @@ export default {
                 body: JSON.stringify({
                     email: params.email,
                     language: params.language,
-                    APIKey: Microservices.user.resetPasswordAPIKey,
+                    APIKey: secrets.resetPasswordAPIKey,
                     salt: hashingSalt
                 }),
                 resolveWithFullResponse: true