Use API key instead of clientSecret

As recently discovered we send the clientSecret to the webclient which is potentionally dangerous. This patch should fix the problem and replace the clientSecret with the originally intended and correct way to implement it using the API key. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-04-13 09:33:55 +02:00 · 2018-04-13 09:33:55 +02:00 · ef86bf5cba
parent f23f403bcb
commit ef86bf5cba
3 changed files with 3 additions and 1 deletions
--- a/app.js
+++ b/app.js
@ -33,7 +33,7 @@ var data = {
  urlpath: config.urlPath,
  debug: config.debug,
  version: config.version,
-  GOOGLE_API_KEY: config.google.clientSecret,
+  GOOGLE_API_KEY: config.google.apiKey,
  GOOGLE_CLIENT_ID: config.google.clientID,
  DROPBOX_APP_KEY: config.dropbox.appKey,
  allowedUploadMimeTypes: config.allowedUploadMimeTypes
--- a/lib/config/default.js
+++ b/lib/config/default.js
@ -104,6 +104,7 @@ module.exports = {
    appKey: undefined
  },
  google: {
+    apiKey: undefined,
    clientID: undefined,
    clientSecret: undefined
  },
--- a/lib/config/environment.js
+++ b/lib/config/environment.js
@ -74,6 +74,7 @@ module.exports = {
    appKey: process.env.HMD_DROPBOX_APPKEY
  },
  google: {
+    apiKey: process.env.HMD_GOOGLE_APIKEY,
    clientID: process.env.HMD_GOOGLE_CLIENTID,
    clientSecret: process.env.HMD_GOOGLE_CLIENTSECRET
  },