security improvement: removed and changed various app and API secrets

This commit is contained in:
Thomas Buchöster
2011-06-05 22:29:37 +02:00
parent 3dbdc9ac11
commit 363826d60c
6 changed files with 11 additions and 3 deletions
+2
View File
@@ -6,3 +6,5 @@ tmp/
Icon*
.DS_Store
Thumbs.db
/config/config.yml
+5
View File
@@ -0,0 +1,5 @@
secret_token: ""
lastfm_api_key: ""
facebook:
app_id: ""
secret: ""
+1
View File
@@ -0,0 +1 @@
APP_CONFIG = HashWithIndifferentAccess.new(YAML.load(File.open(File.join(Rails.root, 'config', 'config.yml'))))
+1 -1
View File
@@ -188,7 +188,7 @@ Devise.setup do |config|
# {:scope => 'email, offline_access', :client_options => {:ssl => {:ca_file => '/usr/lib/ssl/certs/ca-certificates.crt'}}}
if Rails.env =~ /development/
config.omniauth :facebook, 'DEV_APP_ID', 'DEV_APP_SECRET'
config.omniauth :facebook, APP_CONFIG['facebook']['app_id'], APP_CONFIG['facebook']['secret']
else
config.omniauth :facebook, 'APP_ID', 'APP_SECRET'
end
+1 -1
View File
@@ -1,3 +1,3 @@
ActionDispatch::Callbacks.to_prepare do
LastFM::LastFMRequest::api_key = '4c32e360f68553ec8fdca3711456b4f9'
LastFM::LastFMRequest::api_key = APP_CONFIG['lastfm_api_key']
end
+1 -1
View File
@@ -4,4 +4,4 @@
# If you change this key, all old signed cookies will become invalid!
# Make sure the secret is at least 30 characters and all random,
# no regular words or you'll be exposed to dictionary attacks.
Nineminutes::Application.config.secret_token = 'ce6034e5aa206913f2bfdc940c4f158120f9a174147463d32e02528337074676adff1118de7d11b6040602de0d8bdba53a59720fcc9c2e3ecda1409983b0b3fd'
Nineminutes::Application.config.secret_token = APP_CONFIG['secret_token']