User Endpoint #8
Conversation
|
| GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
|---|---|---|---|---|---|
| 14289319 | Triggered | MongoDB Credentials | 5572247 | api/src/routes/user.ts | View secret |
| 14313940 | Triggered | MongoDB Credentials | 7dd384f | api/.env | View secret |
| 14289319 | Triggered | MongoDB Credentials | 7dd384f | api/.env | View secret |
| 14289319 | Triggered | MongoDB Credentials | 8402e02 | api/src/routes/workshopid.ts | View secret |
| 14289319 | Triggered | MongoDB Credentials | 7b8bd6e | api/src/routes/user.ts | View secret |
| 14289319 | Triggered | MongoDB Credentials | 7b8bd6e | api/src/routes/workshop.ts | View secret |
| 14289319 | Triggered | MongoDB Credentials | 5d4099f | api/.env | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secrets safely. Learn here the best practices.
- Revoke and rotate these secrets.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
api/.env
Outdated
| @@ -1 +1 @@ | |||
| MONGO_URI=mongodb+srv://User2:[email protected].mongodb.net/FlatFairDB?retryWrites=true&w=majority&appName=Bare-Bones | |||
| MONGO_URI=mongodb+srv://kjgilder:[email protected].mongodb.net/?retryWrites=true&w=majority&appName=PWWUsers | |||
There was a problem hiding this comment.
eventually we will wanna switch to a DB they own but for now this is great
api/package.json
Outdated
| @@ -2,11 +2,11 @@ | |||
| "name": "api", | |||
| "version": "1.0.0", | |||
| "description": "", | |||
| "main": "src/index.ts", | |||
| "main": "src/index.js", | |||
There was a problem hiding this comment.
wait did we change it to js
There was a problem hiding this comment.
yeah we changed it to ts, whats in main for this file is how it should be
There was a problem hiding this comment.
looks great to me! awesome job! one thing i'll say is that idk abt changing the package json to look at javascript rather than typescript, let's wait for @charlotteconze to look at it too and we can merge!!
api/package.json
Outdated
| @@ -2,11 +2,11 @@ | |||
| "name": "api", | |||
| "version": "1.0.0", | |||
| "description": "", | |||
| "main": "src/index.ts", | |||
| "main": "src/index.js", | |||
There was a problem hiding this comment.
yeah we changed it to ts, whats in main for this file is how it should be
api/src/routes/user.ts
Outdated
| const mongoURI = "mongodb+srv://kjgilder:[email protected]/?retryWrites=true&w=majority&appName=PWWUsers" | ||
| mongoose.connect(mongoURI) | ||
| .then(() => console.log("Connected to MongoDB")) | ||
| .catch((error) => console.error("Failed to connect to MongoDB:", error)) |
There was a problem hiding this comment.
import dbConnect from "./config/dbConnect"
dbConnect()
using this will remove the need for this code because its already in /config/dbConnect
| "skipLibCheck": true /* Skip type checking all .d.ts files. */ | ||
| "skipLibCheck": true, /* Skip type checking all .d.ts files. */ | ||
| "moduleResolution": "node", | ||
| "typeRoots": ["./node_modules/@types"] | ||
| } |
There was a problem hiding this comment.
i think this is fine? idk what it does
|
looks good, we should probably not push the .env file though and instead text each other the API keys |
New user endpoint to add users into the Mongo database. (can adjust the schema as necessary moving forward)