fix: Improve Handling of Sensitive Data in Browser (#841)

* fix: Improve Handling of Sensitive Data in Browser Signed-off-by: bhavanakarwade <[email protected]> * improved error handling for layout component Signed-off-by: bhavanakarwade <[email protected]> * refactor: improve variables initialization logic Signed-off-by: bhavanakarwade <[email protected]> * removed hardcoded variables Signed-off-by: bhavanakarwade <[email protected]> --------- Signed-off-by: bhavanakarwade <[email protected]>
credebl · Dec 23, 2024 · 58f7d29 · 58f7d29
1 parent 0f8f181
commit 58f7d29
Show file tree

Hide file tree

Showing 16 changed files with 114 additions and 43 deletions.
diff --git a/.env.demo b/.env.demo
@@ -14,11 +14,8 @@ PUBLIC_PLATFORM_NAME=CREDEBL
 PUBLIC_PLATFORM_LOGO=/images/CREDEBL_ICON.png
 PUBLIC_POWERED_BY=Blockster Labs Pvt. Ltd.
 PUBLIC_PLATFORM_WEB_URL=https://credebl.id/
-PUBLIC_POWERED_BY_URL=https://blockster.global
 PUBLIC_PLATFORM_DOCS_URL=https://docs.credebl.id/en/intro/what-is-credebl/
 PUBLIC_PLATFORM_GIT=https://github.com/credebl
-[email protected]
-PUBLIC_PLATFORM_SUPPORT_INVITE=
 PUBLIC_PLATFORM_TWITTER_URL="https://twitter.com/i/flow/login?redirect_after_login=%2Fcredebl"
 PUBLIC_PLATFROM_DISCORD_SUPPORT="https://discord.gg/w4hnQT7NJG"
 PUBLIC_ALLOW_DOMAIN="http://your-ip:5000 http://localhost:5000 http://localhost:5001 http://your-ip:5001 https://cdnjs.cloudflare.com https://tailwindcss.com https://www.blockster.global https://www.ayanworks.com https://qaapi.credebl.id https://devapi.credebl.id https://api.credebl.id https://*.credebl.id https://fonts.googleapis.com https://fonts.gstatic.com https://avatars.githubusercontent.com https://dev-org-logo.s3.ap-south-1.amazonaws.com https://flowbite-admin-dashboard.vercel.app/ wss://devapi.credebl.id wss://qaapi.credebl.id wss://api.credebl.id wss://*.credebl.id https://qa.credebl.id https://dev.credebl.id https://credebl.id http://your-ip:3001 http://localhost:3001 http://localhost:3000/certificates ws://your-ip:5000 ws://localhost:5000 https://rpc-amoy.polygon.technology/"
diff --git a/.env.sample b/.env.sample
@@ -11,10 +11,8 @@ PUBLIC_PLATFORM_NAME= # Please specify your paltform name
 PUBLIC_PLATFORM_LOGO= # Please specify your logo file link
 PUBLIC_POWERED_BY= # Please specify your powered by org name
 PUBLIC_PLATFORM_WEB_URL= # Please specify your platform web URL
-PUBLIC_POWERED_BY_URL= # Please specify your support URL
 PUBLIC_PLATFORM_DOCS_URL= # Please specify your documentation URL
 PUBLIC_PLATFORM_GIT= # Please specify your Github URL
-PUBLIC_PLATFORM_SUPPORT_EMAIL= # Please specify your support email 
 PUBLIC_PLATFORM_TWITTER_URL= # Please specify your twitter URL
 PUBLIC_PLATFROM_DISCORD_SUPPORT= # Please specify your discord support url
 

diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml
@@ -22,8 +22,51 @@ jobs:
         with:
           node-version: lts/*
 
-      - name: remove previous node module
-        run: rm -rf node_modules
+      - name: Create .env file
+
+        run: |
+
+         echo "PUBLIC_MODE=DEV" > .env
+
+         echo "PUBLIC_BASE_URL=${{ secrets.DEV_PUBLIC_BASE_URL }}" >> .env
+
+         echo "PUBLIC_SHOW_NAME_AS_LOGO=true" >> .env
+
+         echo "PUBLIC_PLATFORM_NAME=CREDEBL" >> .env
+
+         echo "PUBLIC_PLATFORM_LOGO=/images/CREDEBL_ICON.png" >> .env
+
+         echo "PUBLIC_POWERED_BY=Blockster Labs Pvt. Ltd" >> .env
+
+         echo "PUBLIC_PLATFORM_DOCS_URL=https://docs.credebl.id/docs" >> .env
+
+         echo "PUBLIC_PLATFORM_GIT=https://github.com/credebl" >> .env
+
+         echo "PUBLIC_PLATFORM_TWITTER_URL=https://twitter.com/i/flow/login?redirect_after_login=%2Fcredebl" >> .env
+
+         echo "PUBLIC_PLATFROM_DISCORD_SUPPORT=https://discord.gg/w4hnQT7NJG" >> .env
+
+         echo "PUBLIC_ALLOW_DOMAIN=${{ secrets.DEV_PUBLIC_ALLOW_DOMAIN }}" >> .env
+
+         echo "PUBLIC_POLYGON_MAINNET_URL=https://polygon-rpc.com/" >> .env
+
+         echo "PUBLIC_POLYGON_TESTNET_URL=https://rpc-amoy.polygon.technology" >> .env
+
+         echo "PUBLIC_ECOSYSTEM_FRONT_END_URL=https://dev-ecosystem.credebl.id" >> .env
+
+         echo "PUBLIC_ECOSYSTEM_BASE_URL=https://devecosystem-api.credebl.id" >> .env
+
+         echo "PUBLIC_PLATFORM_DISCORD_URL=https://discord.gg/w4hnQT7NJG" >> .env
+
+         echo "PUBLIC_REDIRECTION_TARGET_URL=https://social-share.credebl.id" >> .env
+
+         echo "PUBLIC_CRYPTO_PRIVATE_KEY=${{ secrets.DEV_PUBLIC_CRYPTO_PRIVATE_KEY }}" >> .env
+
+         echo "PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_ID=${{ secrets.DEV_PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_ID }}" >> .env
+
+         echo "PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_SECRET=${{ secrets.DEV_PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_SECRET }}" >> .env
+
+         echo "PUBLIC_REDIRECT_FROM_URL=https://dev.credebl.id" >> .env
 
       - name: Build step
         run: npm install && npm run build # 📝 Update the build command(s)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -1,9 +1,9 @@
 name: Deploy
 on:
   push:
-    branches: develop-fixed-dco
+    branches: main
   pull_request:
-    branches: develop-fixed-dco
+    branches: main
 
 jobs:
   deploy:
@@ -40,5 +40,3 @@ jobs:
           project: "credebl-dev-ui"
           entrypoint: "server/entry.mjs"
           root: "dist"
-
-
diff --git a/src/api/Auth.ts b/src/api/Auth.ts
@@ -221,15 +221,15 @@ export const addPasskeyUserDetails = async(payload: AddPassword, email:string) =
 }
 
 export const passwordEncryption = (password: string): string => {
-    const CRYPTO_PRIVATE_KEY: string = `${envConfig.PUBLIC_CRYPTO_PRIVATE_KEY}`    
+    const CRYPTO_PRIVATE_KEY: string = import.meta.env.PUBLIC_CRYPTO_PRIVATE_KEY;
     const encryptedPassword: string = CryptoJS.AES.encrypt(JSON.stringify(password), CRYPTO_PRIVATE_KEY).toString()
     return encryptedPassword
 }
 
 export const encryptData = (value: any): string => {
 
-    const CRYPTO_PRIVATE_KEY: string = `${envConfig.PUBLIC_CRYPTO_PRIVATE_KEY}`
-
+    const CRYPTO_PRIVATE_KEY: string = import.meta.env.PUBLIC_CRYPTO_PRIVATE_KEY;
+    
     try {
         if (typeof (value) !== 'string') {
             value = JSON.stringify(value)
@@ -243,7 +243,7 @@ export const encryptData = (value: any): string => {
 }
 
 export const decryptData = (value: any): string => {
-    const CRYPTO_PRIVATE_KEY: string = `${envConfig.PUBLIC_CRYPTO_PRIVATE_KEY}`
+    const CRYPTO_PRIVATE_KEY: string = import.meta.env.PUBLIC_CRYPTO_PRIVATE_KEY;
 
     try {
         let bytes = CryptoJS.AES.decrypt(value, CRYPTO_PRIVATE_KEY);

diff --git a/src/app/LayoutCommon.astro b/src/app/LayoutCommon.astro
@@ -3,14 +3,29 @@ import pkg from '../../package.json' assert { type: 'json' };
 import { getFromCookies } from '../api/Auth';
 import { SITE_TITLE } from './constants.js';
 import { envConfig } from '../config/envConfig';
+import { excludeKeys } from '../config/CommonConstant';
 
 const { class: clazz, metaData } = Astro.props;
 
-const initData: any = {};
+const allEnvKeys = [...Object.keys(process.env), ...Object.keys(import.meta.env)];
 
-const envKeys = [...Object.keys(process.env), ...Object.keys(import.meta.env)];
-envKeys.forEach((item) => {
-	initData[item] = process.env[item] || import.meta.env[item];
+if (allEnvKeys.length === 0) {
+  throw new Error('No environment keys were found in process.env or import.meta.env.');
+}
+
+const exposedEnvKeys = allEnvKeys.filter((key) => !excludeKeys.includes(key));
+
+const initData: Record<string, any> = {};
+const excludedEnvData: Record<string, any> = {};
+
+allEnvKeys.forEach((key) => {
+  const value = process.env[key] || import.meta.env[key];
+  
+  if (!value) return; 
+  
+  if (!excludeKeys.includes(key)) {
+    initData[key] = value;
+  }
 });
 
 const sessionToken = getFromCookies(Astro.cookies, 'session');
@@ -68,9 +83,9 @@ const refreshToken = getFromCookies(Astro.cookies, 'refresh');
 
 		<script
 			id="global"
-			define:vars={{ initData, envKeys, sessionToken, refreshToken }}
+			define:vars={{ initData, exposedEnvKeys, sessionToken, refreshToken }}
 		>
-			envKeys.forEach((item) => {
+			exposedEnvKeys.forEach((item) => {
 				globalThis[item] = initData[item];
 			});
 
@@ -100,4 +115,4 @@ const refreshToken = getFromCookies(Astro.cookies, 'refresh');
 			}
 		</style>
 	</body>
-</html>
+</html>
diff --git a/src/config/CommonConstant.ts b/src/config/CommonConstant.ts
@@ -64,6 +64,8 @@ export const emailCredDefHeaders = [
     { columnName: 'Revocable' },
 ];
 
+export const excludeKeys = ['PUBLIC_CRYPTO_PRIVATE_KEY', 'PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_ID', 'PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_SECRET', 'PUBLIC_ALLOW_DOMAIN'];
+
 export const predicatesConditions = [
     { value: '', label: 'Select' },
     { value: '>', label: 'Greater than' },

diff --git a/src/config/GetHeaderConfigs.ts b/src/config/GetHeaderConfigs.ts
@@ -1,8 +1,8 @@
 import { getFromLocalStorage } from '../api/Auth';
 import { storageKeys } from './CommonConstant';
-import { envConfig } from './envConfig';
 
-const allowedDomains = envConfig.PUBLIC_ALLOW_DOMAIN;
+const allowedDomains = import.meta.env.PUBLIC_ALLOW_DOMAIN;
+
 const commonHeaders = {
     'Content-Security-Policy': `default-src 'self'; script-src 'unsafe-inline' ${allowedDomains}; style-src 'unsafe-inline' ${allowedDomains}; font-src ${allowedDomains}; img-src 'self' ${allowedDomains}; frame-src 'self' ${allowedDomains}; object-src 'none'; media-src 'self'; connect-src 'self' ${allowedDomains}; form-action 'self'; frame-ancestors 'self'; `,
     'X-Frame-Options': "DENY",

diff --git a/src/config/SocketConfig.ts b/src/config/SocketConfig.ts
@@ -1,7 +1,7 @@
 import { envConfig } from "./envConfig"
 import io from "socket.io-client"
 
-const SOCKET = io(`${envConfig.PUBLIC_BASE_URL}`, {
+const SOCKET = io(`${import.meta.env.PUBLIC_BASE_URL}`, {
     reconnection: true,
     reconnectionDelay: 500,
     reconnectionAttempts: Infinity,

diff --git a/src/config/envConfig.ts b/src/config/envConfig.ts
@@ -17,7 +17,7 @@ if (import.meta.env) {
 	}
 }
 
-const { PUBLIC_BASE_URL, PUBLIC_ECOSYSTEM_FRONT_END_URL, PUBLIC_POLYGON_TESTNET_URL, PUBLIC_POLYGON_MAINNET_URL, PUBLIC_CRYPTO_PRIVATE_KEY,PUBLIC_SHOW_NAME_AS_LOGO, PUBLIC_PLATFORM_NAME, PUBLIC_PLATFORM_LOGO, PUBLIC_POWERED_BY, PUBLIC_PLATFORM_WEB_URL, PUBLIC_POWERED_BY_URL, PUBLIC_PLATFORM_DOCS_URL, PUBLIC_PLATFORM_GIT, PUBLIC_PLATFORM_SUPPORT_EMAIL, PUBLIC_PLATFORM_TWITTER_URL, PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_ID, PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_SECRET, PUBLIC_PLATFORM_SUPPORT_INVITE, PUBLIC_PLATFORM_DISCORD_URL, PUBLIC_ALLOW_DOMAIN, PUBLIC_ECOSYSTEM_BASE_URL, PUBLIC_MODE, PUBLIC_REDIRECT_FROM_URL, PUBLIC_REDIRECTION_TARGET_URL }: any = envVariables;
+const { PUBLIC_BASE_URL, PUBLIC_ECOSYSTEM_FRONT_END_URL, PUBLIC_POLYGON_TESTNET_URL, PUBLIC_POLYGON_MAINNET_URL, PUBLIC_CRYPTO_PRIVATE_KEY,PUBLIC_SHOW_NAME_AS_LOGO, PUBLIC_PLATFORM_NAME, PUBLIC_PLATFORM_LOGO, PUBLIC_POWERED_BY, PUBLIC_PLATFORM_WEB_URL, PUBLIC_PLATFORM_DOCS_URL, PUBLIC_PLATFORM_GIT, PUBLIC_PLATFORM_TWITTER_URL, PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_ID, PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_SECRET, PUBLIC_PLATFROM_DISCORD_SUPPORT, PUBLIC_PLATFORM_DISCORD_URL, PUBLIC_ALLOW_DOMAIN, PUBLIC_ECOSYSTEM_BASE_URL, PUBLIC_MODE, PUBLIC_REDIRECT_FROM_URL, PUBLIC_REDIRECTION_TARGET_URL }: any = envVariables;
 
 export const envConfig = {
 	PUBLIC_BASE_URL:
@@ -48,18 +48,12 @@ export const envConfig = {
 		webUrl:
 			PUBLIC_PLATFORM_WEB_URL ||
 			import.meta.env.PUBLIC_PLATFORM_WEB_URL,
-		orgUrl:
-			PUBLIC_POWERED_BY_URL ||
-			import.meta.env.PUBLIC_POWERED_BY_URL,
 		docs:
 			PUBLIC_PLATFORM_DOCS_URL ||
 			import.meta.env.PUBLIC_PLATFORM_DOCS_URL,
 		git:
 			PUBLIC_PLATFORM_GIT ||
 			import.meta.env.PUBLIC_PLATFORM_GIT,
-		support:
-			PUBLIC_PLATFORM_SUPPORT_EMAIL ||
-			import.meta.env.PUBLIC_PLATFORM_SUPPORT_EMAIL,
 		twitter:
 			PUBLIC_PLATFORM_TWITTER_URL ||
 			import.meta.env.PUBLIC_PLATFORM_TWITTER_URL,
@@ -74,7 +68,8 @@ export const envConfig = {
 			import.meta.env.PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_SECRET,
 	},
 	PUBLIC_ALLOW_DOMAIN: PUBLIC_ALLOW_DOMAIN || import.meta.env.PUBLIC_ALLOW_DOMAIN,
-	MODE: PUBLIC_MODE,
+	PUBLIC_PLATFROM_DISCORD_SUPPORT: PUBLIC_PLATFROM_DISCORD_SUPPORT || import.meta.env.PUBLIC_PLATFROM_DISCORD_SUPPORT,
+	MODE: PUBLIC_MODE || import.meta.env.PUBLIC_MODE,
 	PUBLIC_REDIRECT_FROM_URL: PUBLIC_REDIRECT_FROM_URL || import.meta.env.PUBLIC_REDIRECT_FROM_URL,
 	PUBLIC_REDIRECTION_TARGET_URL: PUBLIC_REDIRECTION_TARGET_URL || import.meta.env.PUBLIC_REDIRECTION_TARGET_URL 
 }
diff --git a/src/config/ssrApiConfig.ts b/src/config/ssrApiConfig.ts
@@ -20,7 +20,7 @@ const API = async ({ token, url, method, payload }: IProps) => {
 			method,
 			body: JSON.stringify(payload),
 		};
-		const baseURL = globalThis.baseUrl || envConfig.PUBLIC_BASE_URL || process.env.PUBLIC_BASE_URL;
+		const baseURL = globalThis.baseUrl || import.meta.env.PUBLIC_BASE_URL || process.env.PUBLIC_BASE_URL;
 		const apiURL = baseURL + url;
 		const res = await fetch(apiURL, {
 			...config,

diff --git a/src/env.d.ts b/src/env.d.ts
@@ -5,6 +5,28 @@
 interface ImportMetaEnv {
 	readonly SITE: string;
 	readonly PUBLIC_BASE_URL:string;
+	readonly PUBLIC_CRYPTO_PRIVATE_KEY: string;
+	readonly PUBLIC_ECOSYSTEM_BASE_URL: string;
+	readonly PUBLIC_REDIRECT_FROM_URL: string;
+	readonly PUBLIC_POLYGON_TESTNET_URL: string;
+	readonly PUBLIC_POLYGON_MAINNET_URL: string;
+	readonly PUBLIC_SHOW_NAME_AS_LOGO: string;
+	readonly PUBLIC_PLATFORM_NAME: string, 
+	readonly PUBLIC_PLATFORM_LOGO: string, 
+	readonly PUBLIC_POWERED_BY: string, 
+	readonly PUBLIC_PLATFROM_DISCORD_SUPPORT: string,
+	readonly PUBLIC_PLATFORM_WEB_URL: string, 
+	readonly PUBLIC_PLATFORM_DOCS_URL: string, 
+	readonly PUBLIC_PLATFORM_GIT: string, 
+	readonly PUBLIC_PLATFORM_TWITTER_URL: string, 
+	readonly PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_ID: string, 
+	readonly PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_SECRET: string, 
+	readonly PUBLIC_PLATFORM_DISCORD_URL: string, 
+	readonly PUBLIC_ALLOW_DOMAIN: string, 
+	readonly PUBLIC_ECOSYSTEM_BASE_URL: string, 
+	readonly PUBLIC_MODE: string, 
+	readonly PUBLIC_REDIRECT_FROM_URL: string, 
+	readonly PUBLIC_REDIRECTION_TARGET_URL: string
 }
 
 interface ImportMeta {

diff --git a/src/middleware.ts b/src/middleware.ts
@@ -5,8 +5,8 @@ export const onRequest = async (context: any, next: any) => {
   const response = await next();
   const html = await response.text();
 
-  const domains = envConfig.PUBLIC_ALLOW_DOMAIN;
-
+  const domains = import.meta.env.PUBLIC_ALLOW_DOMAIN;
+    
   const allowedDomain = `${context.url.origin} ${domains}`
 
   const nonce = "dynamicNONCE" + new Date().getTime().toString();

diff --git a/src/pages/index.astro b/src/pages/index.astro
@@ -60,7 +60,7 @@ const env = import.meta.env || process.env;
 							</p>
 							<div class="justify-center flex">
 								<a
-									href="https://docs.credebl.id/en/intro/what-is-credebl/"
+									href=`${envConfig.PLATFORM_DATA.docs}`
 									class="inline-flex justify-center items-center py-3 px-5 text-base font-medium text-center text-white rounded-lg bg-primary-700 hover:bg-primary-800 focus:ring-4 focus:ring-primary-300 dark:focus:ring-primary-900"
 								>
 									Get Started
@@ -1113,7 +1113,8 @@ const env = import.meta.env || process.env;
 									clip-rule="evenodd"></path>
 							</svg>
 						</a>
-						<a href="https://discord.gg/w4hnQT7NJG" class="hover:opacity-50" target="_blank">
+						<a href=`${envConfig.PUBLIC_PLATFROM_DISCORD_SUPPORT}`
+						 class="hover:opacity-50" target="_blank">
 							<svg
 								class="w-6 h-6 text-gray-700 hover:text-gray-900 dark:text-white"
 								aria-hidden="true"
@@ -1127,8 +1128,8 @@ const env = import.meta.env || process.env;
 							</svg>
 						</a>
 						<a
-							href="https://twitter.com/i/flow/login?redirect_after_login=%2Fcredebl"
-							class="dark:text:white hover:opacity-50"
+						href=`${envConfig.PLATFORM_DATA.twitter}`
+						class="dark:text:white hover:opacity-50"
 						>
 							<svg
 								xmlns="http://www.w3.org/2000/svg"

diff --git a/src/services/axiosIntercepter.ts b/src/services/axiosIntercepter.ts
@@ -6,7 +6,7 @@ import { getFromLocalStorage, setToLocalStorage } from '../api/Auth';
 import { apiStatusCodes, storageKeys } from '../config/CommonConstant';
 
 const instance = axios.create({
-	baseURL: envConfig.PUBLIC_BASE_URL,
+	baseURL: import.meta.env.PUBLIC_BASE_URL,
 });
 
 const EcosystemInstance = axios.create({
@@ -16,7 +16,7 @@ const EcosystemInstance = axios.create({
 const checkAuthentication = async (sessionCookie: string, request: AxiosRequestConfig) => {
 	const isAuthPage = window.location.href.includes('/authentication/sign-in') || window.location.href.includes('/authentication/sign-up')
 	try {
-		const baseURL = envConfig.PUBLIC_BASE_URL || process.env.PUBLIC_BASE_URL;
+		const baseURL = import.meta.env.PUBLIC_BASE_URL || process.env.PUBLIC_BASE_URL;
 		const config = {
 			headers: {
 				'Content-Type': 'application/json',

diff --git a/src/utils/check-session.ts b/src/utils/check-session.ts
@@ -33,7 +33,7 @@ export const checkUserSession = async ({
 
 	try {
 		const baseURL =
-			envConfig.PUBLIC_BASE_URL ||
+			import.meta.env.PUBLIC_BASE_URL ||
 			process.env.PUBLIC_BASE_URL;
 		const config = {
 			headers: {