Fix critical security vulnerabilities - remove hardcoded secrets

Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
2026-05-26 19:26:33 +00:00 · 2026-01-31 18:40:21 +00:00
parent d8b8a57aab
commit f04fc76eb9
6 changed files with 80 additions and 87 deletions
@@ -108,37 +108,20 @@ export default function CoursePage() {
      let modulesData = null
      let modulesResponse = null
      
+      // Use public endpoint for course page (not admin endpoint)
      try {
-        modulesResponse = await fetch(`http://127.0.0.1:5000/api/admin/courses/${courseId}/modules`, {
+        modulesResponse = await fetch(`http://127.0.0.1:5000/api/courses/${courseId}/modules`, {
          headers: {
-            'Authorization': 'Bearer admin-secret-key',
            'Content-Type': 'application/json'
          }
        })
        
        if (modulesResponse.ok) {
          modulesData = await modulesResponse.json()
-          console.log('✅ Modules loaded from admin endpoint:', modulesData)
-        }
-      } catch (adminError) {
-        console.log('⚠️ Admin endpoint failed, trying public endpoint')
-      }
-      
-      if (!modulesData || !modulesResponse?.ok) {
-        try {
-          modulesResponse = await fetch(`http://127.0.0.1:5000/api/courses/${courseId}/modules`, {
-            headers: {
-              'Content-Type': 'application/json'
-            }
-          })
-          
-          if (modulesResponse.ok) {
-            modulesData = await modulesResponse.json()
-            console.log('✅ Modules loaded from public endpoint:', modulesData)
-          }
-        } catch (publicError) {
-          console.error('❌ Both module endpoints failed')
+          console.log('✅ Modules loaded from public endpoint:', modulesData)
        }
+      } catch (publicError) {
+        console.error('❌ Module endpoint failed')
      }
      
      if (modulesData) {
@@ -185,21 +168,13 @@ export default function CoursePage() {
      try {
        console.log('🔍 Fetching lessons for module:', module.id)
        
-        let lessonsResponse = await fetch(`http://127.0.0.1:5000/api/admin/modules/${module.id}/lessons`, {
+        // Use public endpoint for course page (not admin endpoint)
+        const lessonsResponse = await fetch(`http://127.0.0.1:5000/api/modules/${module.id}/lessons`, {
          headers: {
-            'Authorization': 'Bearer admin-secret-key',
            'Content-Type': 'application/json'
          }
        })
        
-        if (!lessonsResponse.ok) {
-          lessonsResponse = await fetch(`http://127.0.0.1:5000/api/modules/${module.id}/lessons`, {
-            headers: {
-              'Content-Type': 'application/json'
-            }
-          })
-        }
-        
        if (lessonsResponse.ok) {
          const lessonData = await lessonsResponse.json()
          console.log(`✅ Lessons loaded for module ${module.id}:`, lessonData)