From a4357c95cd264f053f9ea2e4605d603a0ab65789 Mon Sep 17 00:00:00 2001 From: test Date: Sun, 30 Nov 2025 19:00:41 +0530 Subject: [PATCH] Fix: Remove hardcoded secrets, fix port mappings, and update frontend proxy --- Jenkinsfile | 4 ++-- backend/server.js | 27 +++++++++++---------------- frontend/package.json | 2 +- 3 files changed, 14 insertions(+), 19 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 635a3b1..dc263d5 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -94,7 +94,7 @@ pipeline { ${remote} 'docker run -d \ --name ${backName} \ --restart always \ - -p ${backPort}:3000 \ + -p ${backPort}:3001 \ ${REGISTRY_URL}/${REPO_NAME}:${BACKEND_TAG}' """ @@ -107,7 +107,7 @@ pipeline { ${remote} 'docker run -d \ --name ${frontName} \ --restart always \ - -p ${frontPort}:3000 \ + -p ${frontPort}:80 \ ${REGISTRY_URL}/${REPO_NAME}:${FRONTEND_TAG}' """ diff --git a/backend/server.js b/backend/server.js index 164e8cf..794bf0d 100644 --- a/backend/server.js +++ b/backend/server.js @@ -2,21 +2,17 @@ const express = require('express'); const cors = require('cors'); require('dotenv').config(); -// TESTING: Dummy secrets for TruffleHog detection - SHOULD TRIGGER SECURITY SCAN! -const AWS_ACCESS_KEY_ID = 'AKIAIOSFODNN7EXAMPLE'; -const AWS_SECRET_ACCESS_KEY = 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'; -const GITHUB_TOKEN = 'ghp_1234567890abcdef1234567890abcdef12345678'; - -// Additional test secrets for comprehensive detection -const DATABASE_PASSWORD = 'super_secret_db_password_123!'; -const JWT_SECRET = 'jwt_super_secret_key_for_authentication_2024'; -const STRIPE_SECRET_KEY = 'sk_test_51234567890abcdef1234567890abcdef12345678'; -const SENDGRID_API_KEY = 'SG.1234567890abcdef.1234567890abcdef1234567890abcdef1234567890abcdef'; -const SLACK_WEBHOOK_URL = 'https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX'; -const MONGODB_CONNECTION = 'mongodb://admin:supersecret123@localhost:27017/devdb'; - -// FINAL TEST: Additional secret to verify TruffleHog with fixed Jenkinsfile -const TWITTER_API_KEY = 'twitter_api_key_1234567890abcdef1234567890abcdef1234567890'; +// Load secrets from environment variables (never hardcode secrets!) +const AWS_ACCESS_KEY_ID = process.env.AWS_ACCESS_KEY_ID; +const AWS_SECRET_ACCESS_KEY = process.env.AWS_SECRET_ACCESS_KEY; +const GITHUB_TOKEN = process.env.GITHUB_TOKEN; +const DATABASE_PASSWORD = process.env.DATABASE_PASSWORD; +const JWT_SECRET = process.env.JWT_SECRET; +const STRIPE_SECRET_KEY = process.env.STRIPE_SECRET_KEY; +const SENDGRID_API_KEY = process.env.SENDGRID_API_KEY; +const SLACK_WEBHOOK_URL = process.env.SLACK_WEBHOOK_URL; +const MONGODB_CONNECTION = process.env.MONGODB_CONNECTION; +const TWITTER_API_KEY = process.env.TWITTER_API_KEY; const app = express(); const PORT = process.env.PORT || 3001; @@ -192,4 +188,3 @@ app.listen(PORT, '0.0.0.0', () => { }); module.exports = app; -const API_KEY = 'sk-1234567890abcdef1234567890abcdef12345678'; diff --git a/frontend/package.json b/frontend/package.json index 777e96e..cf7c363 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -46,5 +46,5 @@ "last 1 safari version" ] }, - "proxy": "http://localhost:3001" + "proxy": "http://backend:3001" }