From a660622d8cee778e7da63d169c19f23440f000a7 Mon Sep 17 00:00:00 2001 From: bhavanakarwade Date: Thu, 19 Dec 2024 15:31:54 +0530 Subject: [PATCH] added function to prevent env variables --- .env.demo | 3 --- .env.sample | 2 -- .github/workflows/deploy.yml | 24 ++++++++++++++++++++++++ src/app/LayoutCommon.astro | 8 ++++---- src/config/GetHeaderConfigs.ts | 4 ++-- src/config/envConfig.ts | 11 +++-------- src/env.d.ts | 4 +--- src/middleware.ts | 5 ++--- src/pages/index.astro | 6 +++--- 9 files changed, 39 insertions(+), 28 deletions(-) diff --git a/.env.demo b/.env.demo index 859e6383f..db93d00f0 100644 --- a/.env.demo +++ b/.env.demo @@ -14,11 +14,8 @@ PUBLIC_PLATFORM_NAME=CREDEBL PUBLIC_PLATFORM_LOGO=/images/CREDEBL_ICON.png PUBLIC_POWERED_BY=Blockster Labs Pvt. Ltd. PUBLIC_PLATFORM_WEB_URL=https://credebl.id/ -PUBLIC_POWERED_BY_URL=https://blockster.global PUBLIC_PLATFORM_DOCS_URL=https://docs.credebl.id/en/intro/what-is-credebl/ PUBLIC_PLATFORM_GIT=https://github.com/credebl -PUBLIC_PLATFORM_SUPPORT_EMAIL=support@blockster.global -PUBLIC_PLATFORM_SUPPORT_INVITE= PUBLIC_PLATFORM_TWITTER_URL="https://twitter.com/i/flow/login?redirect_after_login=%2Fcredebl" PUBLIC_PLATFROM_DISCORD_SUPPORT="https://discord.gg/w4hnQT7NJG" PUBLIC_ALLOW_DOMAIN="http://your-ip:5000 http://localhost:5000 http://localhost:5001 http://your-ip:5001 https://cdnjs.cloudflare.com https://tailwindcss.com https://www.blockster.global https://www.ayanworks.com https://qaapi.credebl.id https://devapi.credebl.id https://api.credebl.id https://*.credebl.id https://fonts.googleapis.com https://fonts.gstatic.com https://avatars.githubusercontent.com https://dev-org-logo.s3.ap-south-1.amazonaws.com https://flowbite-admin-dashboard.vercel.app/ wss://devapi.credebl.id wss://qaapi.credebl.id wss://api.credebl.id wss://*.credebl.id https://qa.credebl.id https://dev.credebl.id https://credebl.id http://your-ip:3001 http://localhost:3001 http://localhost:3000/certificates ws://your-ip:5000 ws://localhost:5000 https://rpc-amoy.polygon.technology/" \ No newline at end of file diff --git a/.env.sample b/.env.sample index 66bf1ac28..77a7547d8 100644 --- a/.env.sample +++ b/.env.sample @@ -11,10 +11,8 @@ PUBLIC_PLATFORM_NAME= # Please specify your paltform name PUBLIC_PLATFORM_LOGO= # Please specify your logo file link PUBLIC_POWERED_BY= # Please specify your powered by org name PUBLIC_PLATFORM_WEB_URL= # Please specify your platform web URL -PUBLIC_POWERED_BY_URL= # Please specify your support URL PUBLIC_PLATFORM_DOCS_URL= # Please specify your documentation URL PUBLIC_PLATFORM_GIT= # Please specify your Github URL -PUBLIC_PLATFORM_SUPPORT_EMAIL= # Please specify your support email PUBLIC_PLATFORM_TWITTER_URL= # Please specify your twitter URL PUBLIC_PLATFROM_DISCORD_SUPPORT= # Please specify your discord support url diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 7997eecf0..c498dc84d 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -31,6 +31,30 @@ jobs: - name: Install step run: "npm install" +- name: Create .env file + run: | + echo "PUBLIC_MODE=DEV" > .env + echo "PUBLIC_BASE_URL=https://devapi.credebl.id" >> .env + echo "PUBLIC_SHOW_NAME_AS_LOGO=true" >> .env + echo "PUBLIC_PLATFORM_NAME=CREDEBL" >> .env + echo "PUBLIC_PLATFORM_LOGO=/images/CREDEBL_ICON.png" >> .env + echo "PUBLIC_POWERED_BY=Blockster Labs Pvt. Ltd" >> .env + echo "PUBLIC_PLATFORM_DOCS_URL=https://docs.credebl.id/en/intro/what-is-credebl/" >> .env + echo "PUBLIC_PLATFORM_GIT=https://github.com/credebl" >> .env + echo "PUBLIC_PLATFORM_TWITTER_URL=https://twitter.com/i/flow/login?redirect_after_login=%2Fcredebl" >> .env + echo "PUBLIC_PLATFROM_DISCORD_SUPPORT=https://discord.gg/w4hnQT7NJG" >> .env + echo "PUBLIC_ALLOW_DOMAIN=${{ secrets.DEV_PUBLIC_ALLOW_DOMAIN }}" >> .env + echo "PUBLIC_POLYGON_MAINNET_URL=https://polygon-rpc.com/" >> .env + echo "PUBLIC_POLYGON_TESTNET_URL=https://rpc-amoy.polygon.technology" >> .env + echo "PUBLIC_ECOSYSTEM_FRONT_END_URL=https://dev-ecosystem.credebl.id" >> .env + echo "PUBLIC_ECOSYSTEM_BASE_URL=https://devecosystem-api.credebl.id" >> .env + echo "PUBLIC_PLATFORM_DISCORD_URL=https://discord.gg/w4hnQT7NJG" >> .env + echo "PUBLIC_REDIRECTION_TARGET_URL=https://social-share.credebl.id" >> .env + echo "PUBLIC_CRYPTO_PRIVATE_KEY=${{ secrets.DEV_PUBLIC_CRYPTO_PRIVATE_KEY }}" >> .env + echo "PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_ID=${{ secrets.DEV_PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_ID }}" >> .env + echo "PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_SECRET=${{ secrets.DEV_PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_SECRET }}" >> .env + echo "PUBLIC_REDIRECT_FROM_URL=https://dev.credebl.id" >> .env + - name: Build step run: "npm run build" diff --git a/src/app/LayoutCommon.astro b/src/app/LayoutCommon.astro index 86d34e925..f16bfa34e 100644 --- a/src/app/LayoutCommon.astro +++ b/src/app/LayoutCommon.astro @@ -9,12 +9,12 @@ const { class: clazz, metaData } = Astro.props; const initData: any = {}; // Step 1: List of keys that should NOT be exposed to the frontend -const excludeKeys = ['PUBLIC_CRYPTO_PRIVATE_KEY', 'PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_ID', 'PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_SECRET']; +const excludeKeys = ['PUBLIC_CRYPTO_PRIVATE_KEY', 'PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_ID', 'PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_SECRET', 'PUBLIC_ALLOW_DOMAIN']; -// Step 2: Get all environment keys (from `process.env` and `import.meta.env`) +// Step 2: Get all environment keys const allEnvKeys = [...Object.keys(process.env), ...Object.keys(import.meta.env)]; -// Step 3: Separate "exposed" keys and "excluded" keys +// Step 3: Separate 'exposed' keys and 'excluded' keys const exposedEnvKeys = allEnvKeys.filter((key) => !excludeKeys.includes(key)); const excludedEnvKeys = allEnvKeys.filter((key) => excludeKeys.includes(key)); @@ -23,7 +23,7 @@ exposedEnvKeys.forEach((item) => { initData[item] = process.env[item] || import.meta.env[item]; }); -// Step 5: Store **excluded keys** in a separate object (only for server-side use) +// Step 5: Store 'excluded keys' in a separate object (only for server-side use) const excludedEnvData: any = {}; excludedEnvKeys.forEach((item) => { excludedEnvData[item] = process.env[item] || import.meta.env[item]; diff --git a/src/config/GetHeaderConfigs.ts b/src/config/GetHeaderConfigs.ts index 0ec795542..0705732d2 100644 --- a/src/config/GetHeaderConfigs.ts +++ b/src/config/GetHeaderConfigs.ts @@ -1,8 +1,8 @@ import { getFromLocalStorage } from '../api/Auth'; import { storageKeys } from './CommonConstant'; -import { envConfig } from './envConfig'; -const allowedDomains = envConfig.PUBLIC_ALLOW_DOMAIN; +const allowedDomains = import.meta.env.PUBLIC_ALLOW_DOMAIN; + const commonHeaders = { 'Content-Security-Policy': `default-src 'self'; script-src 'unsafe-inline' ${allowedDomains}; style-src 'unsafe-inline' ${allowedDomains}; font-src ${allowedDomains}; img-src 'self' ${allowedDomains}; frame-src 'self' ${allowedDomains}; object-src 'none'; media-src 'self'; connect-src 'self' ${allowedDomains}; form-action 'self'; frame-ancestors 'self'; `, 'X-Frame-Options': "DENY", diff --git a/src/config/envConfig.ts b/src/config/envConfig.ts index a1e35d950..ce63bc549 100644 --- a/src/config/envConfig.ts +++ b/src/config/envConfig.ts @@ -17,7 +17,7 @@ if (import.meta.env) { } } -const { PUBLIC_BASE_URL, PUBLIC_ECOSYSTEM_FRONT_END_URL, PUBLIC_POLYGON_TESTNET_URL, PUBLIC_POLYGON_MAINNET_URL, PUBLIC_CRYPTO_PRIVATE_KEY,PUBLIC_SHOW_NAME_AS_LOGO, PUBLIC_PLATFORM_NAME, PUBLIC_PLATFORM_LOGO, PUBLIC_POWERED_BY, PUBLIC_PLATFORM_WEB_URL, PUBLIC_POWERED_BY_URL, PUBLIC_PLATFORM_DOCS_URL, PUBLIC_PLATFORM_GIT, PUBLIC_PLATFORM_SUPPORT_EMAIL, PUBLIC_PLATFORM_TWITTER_URL, PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_ID, PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_SECRET, PUBLIC_PLATFORM_SUPPORT_INVITE, PUBLIC_PLATFORM_DISCORD_URL, PUBLIC_ALLOW_DOMAIN, PUBLIC_ECOSYSTEM_BASE_URL, PUBLIC_MODE, PUBLIC_REDIRECT_FROM_URL, PUBLIC_REDIRECTION_TARGET_URL }: any = envVariables; +const { PUBLIC_BASE_URL, PUBLIC_ECOSYSTEM_FRONT_END_URL, PUBLIC_POLYGON_TESTNET_URL, PUBLIC_POLYGON_MAINNET_URL, PUBLIC_CRYPTO_PRIVATE_KEY,PUBLIC_SHOW_NAME_AS_LOGO, PUBLIC_PLATFORM_NAME, PUBLIC_PLATFORM_LOGO, PUBLIC_POWERED_BY, PUBLIC_PLATFORM_WEB_URL, PUBLIC_PLATFORM_DOCS_URL, PUBLIC_PLATFORM_GIT, PUBLIC_PLATFORM_TWITTER_URL, PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_ID, PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_SECRET, PUBLIC_PLATFROM_DISCORD_SUPPORT, PUBLIC_PLATFORM_DISCORD_URL, PUBLIC_ALLOW_DOMAIN, PUBLIC_ECOSYSTEM_BASE_URL, PUBLIC_MODE, PUBLIC_REDIRECT_FROM_URL, PUBLIC_REDIRECTION_TARGET_URL }: any = envVariables; export const envConfig = { PUBLIC_BASE_URL: @@ -48,18 +48,12 @@ export const envConfig = { webUrl: PUBLIC_PLATFORM_WEB_URL || import.meta.env.PUBLIC_PLATFORM_WEB_URL, - orgUrl: - PUBLIC_POWERED_BY_URL || - import.meta.env.PUBLIC_POWERED_BY_URL, docs: PUBLIC_PLATFORM_DOCS_URL || import.meta.env.PUBLIC_PLATFORM_DOCS_URL, git: PUBLIC_PLATFORM_GIT || import.meta.env.PUBLIC_PLATFORM_GIT, - support: - PUBLIC_PLATFORM_SUPPORT_EMAIL || - import.meta.env.PUBLIC_PLATFORM_SUPPORT_EMAIL, twitter: PUBLIC_PLATFORM_TWITTER_URL || import.meta.env.PUBLIC_PLATFORM_TWITTER_URL, @@ -74,7 +68,8 @@ export const envConfig = { import.meta.env.PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_SECRET, }, PUBLIC_ALLOW_DOMAIN: PUBLIC_ALLOW_DOMAIN || import.meta.env.PUBLIC_ALLOW_DOMAIN, - MODE: PUBLIC_MODE, + PUBLIC_PLATFROM_DISCORD_SUPPORT: PUBLIC_PLATFROM_DISCORD_SUPPORT || import.meta.env.PUBLIC_PLATFROM_DISCORD_SUPPORT, + MODE: PUBLIC_MODE || import.meta.env.PUBLIC_MODE, PUBLIC_REDIRECT_FROM_URL: PUBLIC_REDIRECT_FROM_URL || import.meta.env.PUBLIC_REDIRECT_FROM_URL, PUBLIC_REDIRECTION_TARGET_URL: PUBLIC_REDIRECTION_TARGET_URL || import.meta.env.PUBLIC_REDIRECTION_TARGET_URL } \ No newline at end of file diff --git a/src/env.d.ts b/src/env.d.ts index 640fe1127..78cd36415 100644 --- a/src/env.d.ts +++ b/src/env.d.ts @@ -14,15 +14,13 @@ interface ImportMetaEnv { readonly PUBLIC_PLATFORM_NAME: string, readonly PUBLIC_PLATFORM_LOGO: string, readonly PUBLIC_POWERED_BY: string, + readonly PUBLIC_PLATFROM_DISCORD_SUPPORT: string, readonly PUBLIC_PLATFORM_WEB_URL: string, - readonly PUBLIC_POWERED_BY_URL: string, readonly PUBLIC_PLATFORM_DOCS_URL: string, readonly PUBLIC_PLATFORM_GIT: string, - readonly PUBLIC_PLATFORM_SUPPORT_EMAIL: string, readonly PUBLIC_PLATFORM_TWITTER_URL: string, readonly PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_ID: string, readonly PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_SECRET: string, - readonly PUBLIC_PLATFORM_SUPPORT_INVITE: string, readonly PUBLIC_PLATFORM_DISCORD_URL: string, readonly PUBLIC_ALLOW_DOMAIN: string, readonly PUBLIC_ECOSYSTEM_BASE_URL: string, diff --git a/src/middleware.ts b/src/middleware.ts index c73dc4a46..a975bb965 100644 --- a/src/middleware.ts +++ b/src/middleware.ts @@ -1,12 +1,11 @@ -import { envConfig } from "./config/envConfig"; import { pathRoutes } from "./config/pathRoutes"; export const onRequest = async (context: any, next: any) => { const response = await next(); const html = await response.text(); - const domains = envConfig.PUBLIC_ALLOW_DOMAIN; - + const domains = import.meta.env.PUBLIC_ALLOW_DOMAIN; + const allowedDomain = `${context.url.origin} ${domains}` const nonce = "dynamicNONCE" + new Date().getTime().toString(); diff --git a/src/pages/index.astro b/src/pages/index.astro index efef92dab..2ff51cf54 100644 --- a/src/pages/index.astro +++ b/src/pages/index.astro @@ -60,7 +60,7 @@ const env = import.meta.env || process.env;

Get Started @@ -1113,7 +1113,7 @@ const env = import.meta.env || process.env; clip-rule="evenodd"> - +