Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove token from local storage and store it as global variable #520

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Remove token from local storage and store it as global variable #520

wants to merge 1 commit into from

Conversation

marmoure
Copy link
Contributor

@marmoure marmoure commented Nov 22, 2024
edited by adamretter
Loading

The problem

The user token we got back from GitHub is stored in Local Storage, this can pose a security risk.

The fix

The user token will only be stored in memory

How to test this

  1. Visit http://localhost:1234/?ghrepo=evolvedbinary/cityehr-documentation&source=cityehr-quick-start-guide/src/main/lwdita/quickstart-guide-modular/verify-install.dita&branch=develop&referer=https://evolvedbinary.github.io/cityehr-documentation/verify-install.html
  2. Clear application storage
  3. Click on publish button and create a PR
  4. Note the PR was created

@marmoure marmoure force-pushed the feature/token-as-global branch 6 times, most recently from c44ce3c to dd8979d Compare November 23, 2024 21:12
@marmoure marmoure force-pushed the feature/token-as-global branch from dd8979d to 9aa7488 Compare November 23, 2024 21:22
adamretter
adamretter reviewed Nov 26, 2024
View reviewed changes
packages/prosemirror-lwdita/src/global.d.ts
// This file is used to declare global variables that are used in the application.
// This is a workaround to allow the use of global variables in TypeScript.
// See https://javascript.plainenglish.io/typescript-and-global-variables-in-node-js-59c4bf40cb31
export interface Global {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we also need this? I read the article that you pointed to but they don't do this.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The interface is for setting the type

const token = (global as Global).token;

when using the global var on it's own it's does not types.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adamretter adamretter adamretter left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@marmoure @adamretter