fix: remove hardcoded credentials from source code

- Move PayPal live/sandbox API keys to env variables - Move hardcoded API token in isAuthorized middleware to env variable - Add api_token key to config/app.php - Update .env.example with new required env vars - Fix isAuthorized response code from 503 to 401
2026-04-24 10:45:54 +08:00
parent 62b8ab44b2
commit d1976045db
4 changed files with 18 additions and 9 deletions
--- a/config/services.php
+++ b/config/services.php
@@ -36,13 +36,13 @@ return [

 	// sandbox
 	'paypal_sandbox' => [
-    'client_id' => 'AQuz-HKzQiL7FygkG8skSekaWf-RP6Rgj4f1XeX1Ghp86bUFj7tQXVT1xbpluu5_WCGRbQpOVGtlJKVB',
-		'secret' => 'EJAMKxQsl-mFkL_4J_90cvTamYfcsgswqgIxz9wQPiRAwJ6sy_wNsttMlmrXIpxI96JpYzdMXkLCHAPz'
-	], 
-	
+		'client_id' => env('PAYPAL_SANDBOX_CLIENT_ID'),
+		'secret'    => env('PAYPAL_SANDBOX_SECRET'),
+	],
+
 	// live
 	'paypal_live' => [
-    'client_id' => 'AUqBUFW5lfyYmrlBtFZA3RNw45sttM3ltbvS_d4qCVBMrkcMG9rEeivGvtNFSy8XTiEp50YyQ6khKxbq',
-	 	'secret' => 'ELlnuiupoFKwGUSc2g5j-sD1EmsvKpdhth1gFV7njpfvyNtKsK8WwIKUMOS0ehJcRatV865eMhfgsnd_'
+		'client_id' => env('PAYPAL_LIVE_CLIENT_ID'),
+		'secret'    => env('PAYPAL_LIVE_SECRET'),
 	],
 ];