Add Firebase authentication functionality #23
Conversation
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
There was a problem hiding this comment.
Hey @mmpotulo28 - I've reviewed your changes and found some issues that need to be addressed.
Blocking issues:
- Hard-coded secret detected in package.json. (link)
- Hard-coded API key detected in the source code. (link)
- Hard-coded authDomain detected in the source code. (link)
Here's what I looked at during the review
- 🟢 General issues: all looks good
- 🔴 Security: 3 blocking issues
- 🟢 Testing: all looks good
- 🟢 Complexity: all looks good
- 🟢 Docstrings: all looks good
Help me be more useful! Please click 👍 or 👎 on each comment to tell me if it was helpful.
| @@ -9,6 +9,8 @@ | |||
| "author": "", | |||
| "license": "ISC", | |||
| "dependencies": { | |||
| "@sentry/browser": "^7.109.0" | |||
| "@sentry/browser": "^7.109.0", | |||
| "dotenv": "^16.4.5", | |||
There was a problem hiding this comment.
🚨 issue (security): Hard-coded secret detected in package.json.
The dotenv package is used to load environment variables from a .env file into process.env. Storing configuration in the environment separate from code is based on The Twelve-Factor App methodology.
| } from 'https://www.gstatic.com/firebasejs/9.6.1/firebase-database.js'; | ||
|
|
||
| const firebaseConfig = { | ||
| apiKey: 'AIzaSyCdlRc8cgZLCBT7lUkWePlMRVV_2a4viyQ', |
There was a problem hiding this comment.
🚨 issue (security): Hard-coded API key detected in the source code.
Storing API keys directly in the source code can lead to security risks. Consider using environment variables or a secure vault solution to manage sensitive information.
|
|
||
| const firebaseConfig = { | ||
| apiKey: 'AIzaSyCdlRc8cgZLCBT7lUkWePlMRVV_2a4viyQ', | ||
| authDomain: 'authcenterza.firebaseapp.com', |
There was a problem hiding this comment.
🚨 issue (security): Hard-coded authDomain detected in the source code.
Consider moving this configuration to a secure, external configuration file or environment variables to enhance security and flexibility.
…, main.js, postquiz.js, and quiz.js
Deploying devpost-hackathon with
|
| Latest commit: |
128c293
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://bc974a73.devpost-hackathon.pages.dev |
| Branch Preview URL: | https://mmpotulo.devpost-hackathon.pages.dev |
Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com>
Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com>
No description provided.