webmaster/crewsportswear
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: remove hardcoded credentials from source code

Browse Source 
- Move PayPal live/sandbox API keys to env variables
- Move hardcoded API token in isAuthorized middleware to env variable
- Add api_token key to config/app.php
- Update .env.example with new required env vars
- Fix isAuthorized response code from 503 to 401
This commit is contained in:
Frank John Begornia
2026-04-24 10:45:54 +08:00
parent 62b8ab44b2
commit d1976045db
4 changed files with 18 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
.env.example
View File

@@ -11,6 +11,13 @@ CACHE_DRIVER=file
SESSION_DRIVER=file
QUEUE_DRIVER=sync
PAYPAL_SANDBOX_CLIENT_ID=
PAYPAL_SANDBOX_SECRET=
PAYPAL_LIVE_CLIENT_ID=
PAYPAL_LIVE_SECRET=
API_TOKEN=
MAIL_DRIVER=smtp
MAIL_HOST=mailtrap.io
MAIL_PORT=2525

6
app/Http/Middleware/isAuthorized.php
View File

@@ -13,11 +13,11 @@ class isAuthorized {
*/
public function handle($request, Closure $next)
{
if(isset(getallheaders()['token']) && getallheaders()['token']=="1HHIaIsT4pvO2S39vMzlVfGWi3AhAz6F5xGBNKil") {
$token = $request->header('token') ?? (getallheaders()['token'] ?? null);
if ($token && $token === config('app.api_token')) {
return $next($request);
}else{
return response()->json(['status' => false,'error' => "Invalid request"], 503);
}
return response()->json(['status' => false, 'error' => 'Invalid request'], 401);
}
}

2
config/app.php
View File

@@ -80,6 +80,8 @@ return [
'key' => env('APP_KEY', 'SomeRandomString'),
'api_token' => env('API_TOKEN'),
'cipher' => MCRYPT_RIJNDAEL_128,
/*

8
config/services.php
View File

@@ -36,13 +36,13 @@ return [
// sandbox
'paypal_sandbox' => [
'client_id' => 'AQuz-HKzQiL7FygkG8skSekaWf-RP6Rgj4f1XeX1Ghp86bUFj7tQXVT1xbpluu5_WCGRbQpOVGtlJKVB',
'secret' => 'EJAMKxQsl-mFkL_4J_90cvTamYfcsgswqgIxz9wQPiRAwJ6sy_wNsttMlmrXIpxI96JpYzdMXkLCHAPz'
'client_id' => env('PAYPAL_SANDBOX_CLIENT_ID'),
'secret' => env('PAYPAL_SANDBOX_SECRET'),
],
// live
'paypal_live' => [
'client_id' => 'AUqBUFW5lfyYmrlBtFZA3RNw45sttM3ltbvS_d4qCVBMrkcMG9rEeivGvtNFSy8XTiEp50YyQ6khKxbq',
'secret' => 'ELlnuiupoFKwGUSc2g5j-sD1EmsvKpdhth1gFV7njpfvyNtKsK8WwIKUMOS0ehJcRatV865eMhfgsnd_'
'client_id' => env('PAYPAL_LIVE_CLIENT_ID'),
'secret' => env('PAYPAL_LIVE_SECRET'),
],
];