0x5t4l1n/OpenLearnX
1
0
Fork 0
mirror of https://github.com/th30d4y/OpenLearnX.git synced 2026-05-26 19:26:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix critical security vulnerabilities - remove hardcoded secrets

Browse Source 
Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2026-01-31 18:40:21 +00:00
parent d8b8a57aab
commit f04fc76eb9
6 changed files with 80 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/routes/auth.py
+7 -2
View File
@@ -16,8 +16,13 @@ mongo_uri = os.getenv('MONGODB_URI', 'mongodb://localhost:27017/')
client = MongoClient(mongo_uri)
db = client.openlearnx
# JWT secret
JWT_SECRET = os.getenv('JWT_SECRET', 'your-secret-key-here')
# JWT secret - must be set via environment variable
JWT_SECRET = os.getenv('JWT_SECRET')
if not JWT_SECRET:
import warnings
warnings.warn("JWT_SECRET environment variable not set. Using randomly generated secret.", UserWarning)
import secrets as _secrets
JWT_SECRET = _secrets.token_hex(32)
@bp.route('/nonce', methods=['POST', 'OPTIONS'])
def get_nonce():