Fix an token that appears hard-coded in the session manager

The-Best-Codes · Nov 29, 2024 · e28a3a4 · e28a3a4
1 parent baeb9fb
commit e28a3a4
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 2 deletions.
diff --git a/index.ts b/index.ts
@@ -1,3 +1,6 @@
+import dotenv from "dotenv";
+dotenv.config();
+
 import { getSession } from "./src/server/session";
 import { handleRequest } from "./src/server/routes";
 import { createWebSocketHandler } from "./src/server/websocket";

diff --git a/package.json b/package.json
@@ -36,6 +36,7 @@
     "@tailwindcss/typography": "^0.5.15",
     "@types/bcryptjs": "^2.4.6",
     "bcryptjs": "^2.4.3",
+    "dotenv": "^16.4.5",
     "postcss": "^8.4.49",
     "sharp": "^0.33.5",
     "tailwindcss": "^4.0.0-beta.3"

diff --git a/src/server/session.ts b/src/server/session.ts
@@ -6,10 +6,9 @@ const DB_PATH = process.env.DB_PATH || `${process.cwd()}/chat.db`;
 const SESSION_EXPIRY_HOURS = 24 * 7 * 13; // 13 weeks (~ 3 months)
 const db = new Database(DB_PATH);
 
-// TODO: Encryption key should be stored securely in production
 const ENCRYPTION_KEY =
   process.env.ENCRYPTION_KEY ||
-  "525366de48672be221b10f2d3ca9fe00c386ddf655583cba12df05461fe48e1d";
+  "0000000000000000000000000000000000000000000000000000000000000000";
 const IV_LENGTH = 16;
 
 function encrypt(text: string): string {