From 89e4492a632da607185e4a3fc1cbf371968cf162 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Maciej=20Krzy=C5=BCanowski?= <krzmaciek@gmail.com>
Date: Mon, 27 Feb 2023 16:43:25 +0100
Subject: [PATCH] Now loading sensitive data from .env file

---
 .env              | 8 ++++++++
 app.js            | 9 +++++----
 package-lock.json | 9 +++++++++
 package.json      | 3 ++-
 4 files changed, 24 insertions(+), 5 deletions(-)
 create mode 100644 .env

diff --git a/.env b/.env
new file mode 100644
index 0000000..3c742af
--- /dev/null
+++ b/.env
@@ -0,0 +1,8 @@
+# These variables should be set before running app (for PostgreSQL database)
+# otherwise app will fail connecting to the database.
+
+# DB_USER=xyz
+# DB_PASS=1234
+DB_HOST=localhost
+DB_PORT=5432
+DB_NAME=skrytka
diff --git a/app.js b/app.js
index c2eb199..7408cf0 100644
--- a/app.js
+++ b/app.js
@@ -5,11 +5,10 @@ const responseTime = require('response-time');
 const types = require('pg').types;
 const validator = require('validator');
 
+require('dotenv').config();
+
 const app = express();
-
-// TODO: Replace with some environmental variables which store real password / host / database name
-const db = pgp('postgres://postgres:99postgres11@localhost:5432/skrytka');
-
+const db = pgp(`postgres://${process.env.DB_USER}:${process.env.DB_PASS}@${process.env.DB_HOST}:${process.env.DB_PORT}/${process.env.DB_NAME}`);
 const port = 3001;
 
 class Point {
@@ -59,6 +58,8 @@ app.use(session({
 	}
 }));
 
+console.log(process.env.DB_NAME);
+
 let latencies = [0];
 const MAX_LATENCIES = 25;
 
diff --git a/package-lock.json b/package-lock.json
index 596ade8..d368fd8 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -10,6 +10,7 @@
       "license": "ISC",
       "dependencies": {
         "connect-pg-simple": "^8.0.0",
+        "dotenv": "^16.0.3",
         "express": "^4.18.2",
         "express-session": "^1.17.3",
         "pg": "^8.9.0",
@@ -178,6 +179,14 @@
         "npm": "1.2.8000 || >= 1.4.16"
       }
     },
+    "node_modules/dotenv": {
+      "version": "16.0.3",
+      "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-16.0.3.tgz",
+      "integrity": "sha512-7GO6HghkA5fYG9TYnNxi14/7K9f5occMlp3zXAuSxn7CKCxt9xbNWG7yF8hTCSUchlfWSe3uLmlPfigevRItzQ==",
+      "engines": {
+        "node": ">=12"
+      }
+    },
     "node_modules/ee-first": {
       "version": "1.1.1",
       "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
diff --git a/package.json b/package.json
index 6474fd7..2a3b7f8 100644
--- a/package.json
+++ b/package.json
@@ -1,4 +1,4 @@
-{
+{
   "name": "skrytka",
   "version": "0.0.1",
   "description": "Potężna aplikacja Skrytka.App!",
@@ -10,6 +10,7 @@
   "license": "ISC",
   "dependencies": {
     "connect-pg-simple": "^8.0.0",
+    "dotenv": "^16.0.3",
     "express": "^4.18.2",
     "express-session": "^1.17.3",
     "pg": "^8.9.0",