security improvement: removed and changed various app and API secrets
This commit is contained in:
@@ -0,0 +1,5 @@
|
||||
secret_token: ""
|
||||
lastfm_api_key: ""
|
||||
facebook:
|
||||
app_id: ""
|
||||
secret: ""
|
||||
@@ -0,0 +1 @@
|
||||
APP_CONFIG = HashWithIndifferentAccess.new(YAML.load(File.open(File.join(Rails.root, 'config', 'config.yml'))))
|
||||
@@ -188,7 +188,7 @@ Devise.setup do |config|
|
||||
# {:scope => 'email, offline_access', :client_options => {:ssl => {:ca_file => '/usr/lib/ssl/certs/ca-certificates.crt'}}}
|
||||
|
||||
if Rails.env =~ /development/
|
||||
config.omniauth :facebook, 'DEV_APP_ID', 'DEV_APP_SECRET'
|
||||
config.omniauth :facebook, APP_CONFIG['facebook']['app_id'], APP_CONFIG['facebook']['secret']
|
||||
else
|
||||
config.omniauth :facebook, 'APP_ID', 'APP_SECRET'
|
||||
end
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
ActionDispatch::Callbacks.to_prepare do
|
||||
LastFM::LastFMRequest::api_key = '4c32e360f68553ec8fdca3711456b4f9'
|
||||
LastFM::LastFMRequest::api_key = APP_CONFIG['lastfm_api_key']
|
||||
end
|
||||
@@ -4,4 +4,4 @@
|
||||
# If you change this key, all old signed cookies will become invalid!
|
||||
# Make sure the secret is at least 30 characters and all random,
|
||||
# no regular words or you'll be exposed to dictionary attacks.
|
||||
Nineminutes::Application.config.secret_token = 'ce6034e5aa206913f2bfdc940c4f158120f9a174147463d32e02528337074676adff1118de7d11b6040602de0d8bdba53a59720fcc9c2e3ecda1409983b0b3fd'
|
||||
Nineminutes::Application.config.secret_token = APP_CONFIG['secret_token']
|
||||
|
||||
Reference in New Issue
Block a user