Fix: Remove hardcoded secrets, fix port mappings, and update frontend proxy

2025-11-30 19:00:41 +05:30
parent c2abaaa2c1
commit a4357c95cd
3 changed files with 14 additions and 19 deletions
--- a/4
+++ b/4
@@ -94,7 +94,7 @@ pipeline {
                            ${remote} 'docker run -d \
                            --name ${backName} \
                            --restart always \
-                            -p ${backPort}:3000 \
+                            -p ${backPort}:3001 \
                            ${REGISTRY_URL}/${REPO_NAME}:${BACKEND_TAG}'
                        """
                        
@@ -107,7 +107,7 @@ pipeline {
                            ${remote} 'docker run -d \
                            --name ${frontName} \
                            --restart always \
-                            -p ${frontPort}:3000 \
+                            -p ${frontPort}:80 \
                            ${REGISTRY_URL}/${REPO_NAME}:${FRONTEND_TAG}'
                        """

--- a/backend/server.js
+++ b/backend/server.js
@@ -2,21 +2,17 @@ const express = require('express');
 const cors = require('cors');
 require('dotenv').config();

-// TESTING: Dummy secrets for TruffleHog detection - SHOULD TRIGGER SECURITY SCAN!
-const AWS_ACCESS_KEY_ID = 'AKIAIOSFODNN7EXAMPLE';
-const AWS_SECRET_ACCESS_KEY = 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY';
-const GITHUB_TOKEN = 'ghp_1234567890abcdef1234567890abcdef12345678';
-
-// Additional test secrets for comprehensive detection
-const DATABASE_PASSWORD = 'super_secret_db_password_123!';
-const JWT_SECRET = 'jwt_super_secret_key_for_authentication_2024';
-const STRIPE_SECRET_KEY = 'sk_test_51234567890abcdef1234567890abcdef12345678';
-const SENDGRID_API_KEY = 'SG.1234567890abcdef.1234567890abcdef1234567890abcdef1234567890abcdef';
-const SLACK_WEBHOOK_URL = 'https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX';
-const MONGODB_CONNECTION = 'mongodb://admin:supersecret123@localhost:27017/devdb';
-
-// FINAL TEST: Additional secret to verify TruffleHog with fixed Jenkinsfile
-const TWITTER_API_KEY = 'twitter_api_key_1234567890abcdef1234567890abcdef1234567890';
+// Load secrets from environment variables (never hardcode secrets!)
+const AWS_ACCESS_KEY_ID = process.env.AWS_ACCESS_KEY_ID;
+const AWS_SECRET_ACCESS_KEY = process.env.AWS_SECRET_ACCESS_KEY;
+const GITHUB_TOKEN = process.env.GITHUB_TOKEN;
+const DATABASE_PASSWORD = process.env.DATABASE_PASSWORD;
+const JWT_SECRET = process.env.JWT_SECRET;
+const STRIPE_SECRET_KEY = process.env.STRIPE_SECRET_KEY;
+const SENDGRID_API_KEY = process.env.SENDGRID_API_KEY;
+const SLACK_WEBHOOK_URL = process.env.SLACK_WEBHOOK_URL;
+const MONGODB_CONNECTION = process.env.MONGODB_CONNECTION;
+const TWITTER_API_KEY = process.env.TWITTER_API_KEY;

 const app = express();
 const PORT = process.env.PORT || 3001;
@@ -192,4 +188,3 @@ app.listen(PORT, '0.0.0.0', () => {
 });

 module.exports = app;
-const API_KEY = 'sk-1234567890abcdef1234567890abcdef12345678';
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -46,5 +46,5 @@
      "last 1 safari version"
    ]
  },
-  "proxy": "http://localhost:3001"
+  "proxy": "http://backend:3001"
 }