webmaster/crewsportswear
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: remove hardcoded credentials from source code

Browse Source 
- Move PayPal live/sandbox API keys to env variables
- Move hardcoded API token in isAuthorized middleware to env variable
- Add api_token key to config/app.php
- Update .env.example with new required env vars
- Fix isAuthorized response code from 503 to 401
This commit is contained in:
Frank John Begornia
2026-04-24 10:45:54 +08:00
parent 62b8ab44b2
commit d1976045db
4 changed files with 18 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/Http/Middleware/isAuthorized.php
View File

@@ -13,11 +13,11 @@ class isAuthorized {
*/
public function handle($request, Closure $next)
{
if(isset(getallheaders()['token']) && getallheaders()['token']=="1HHIaIsT4pvO2S39vMzlVfGWi3AhAz6F5xGBNKil") {
$token = $request->header('token') ?? (getallheaders()['token'] ?? null);
if ($token && $token === config('app.api_token')) {
return $next($request);
}else{
return response()->json(['status' => false,'error' => "Invalid request"], 503);
}
return response()->json(['status' => false, 'error' => 'Invalid request'], 401);
}
}