-
-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Firebase authentication functionality #23
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey @mmpotulo28 - I've reviewed your changes and found some issues that need to be addressed.
Blocking issues:
- Hard-coded secret detected in package.json. (link)
- Hard-coded API key detected in the source code. (link)
- Hard-coded authDomain detected in the source code. (link)
Here's what I looked at during the review
- 🟢 General issues: all looks good
- 🔴 Security: 3 blocking issues
- 🟢 Testing: all looks good
- 🟢 Complexity: all looks good
- 🟢 Docstrings: all looks good
Help me be more useful! Please click 👍 or 👎 on each comment to tell me if it was helpful.
@@ -9,6 +9,8 @@ | |||
"author": "", | |||
"license": "ISC", | |||
"dependencies": { | |||
"@sentry/browser": "^7.109.0" | |||
"@sentry/browser": "^7.109.0", | |||
"dotenv": "^16.4.5", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚨 issue (security): Hard-coded secret detected in package.json.
The dotenv package is used to load environment variables from a .env file into process.env. Storing configuration in the environment separate from code is based on The Twelve-Factor App methodology.
} from 'https://www.gstatic.com/firebasejs/9.6.1/firebase-database.js'; | ||
|
||
const firebaseConfig = { | ||
apiKey: 'AIzaSyCdlRc8cgZLCBT7lUkWePlMRVV_2a4viyQ', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚨 issue (security): Hard-coded API key detected in the source code.
Storing API keys directly in the source code can lead to security risks. Consider using environment variables or a secure vault solution to manage sensitive information.
|
||
const firebaseConfig = { | ||
apiKey: 'AIzaSyCdlRc8cgZLCBT7lUkWePlMRVV_2a4viyQ', | ||
authDomain: 'authcenterza.firebaseapp.com', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚨 issue (security): Hard-coded authDomain detected in the source code.
Consider moving this configuration to a secure, external configuration file or environment variables to enhance security and flexibility.
…, main.js, postquiz.js, and quiz.js
Deploying devpost-hackathon with Cloudflare Pages
|
Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com>
Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com>
No description provided.