From 0adf730f0bd648a9a1a69227d92b0b2ea4dc4446 Mon Sep 17 00:00:00 2001
From: Jan Prochazka <jan.prochazka@gmail.com>
Date: Fri, 24 May 2024 14:13:12 +0200
Subject: [PATCH] use gist secret

---
 packages/api/package.json               | 2 +-
 packages/api/src/controllers/uploads.js | 6 ++++--
 packages/api/src/gistSecret.js          | 1 +
 3 files changed, 6 insertions(+), 3 deletions(-)
 create mode 100644 packages/api/src/gistSecret.js

diff --git a/packages/api/package.json b/packages/api/package.json
index 4b6a2b8e..23d36160 100644
--- a/packages/api/package.json
+++ b/packages/api/package.json
@@ -60,7 +60,7 @@
     "tar": "^6.0.5"
   },
   "scripts": {
-    "start": "env-cmd node src/index.js --listen-api",
+    "start": "env-cmd -f .env.local node src/index.js --listen-api",
     "start:portal": "env-cmd -f env/portal/.env node src/index.js --listen-api",
     "start:singledb": "env-cmd -f env/singledb/.env node src/index.js --listen-api",
     "start:auth": "env-cmd -f env/auth/.env node src/index.js --listen-api",
diff --git a/packages/api/src/controllers/uploads.js b/packages/api/src/controllers/uploads.js
index 8c5576f3..96259773 100644
--- a/packages/api/src/controllers/uploads.js
+++ b/packages/api/src/controllers/uploads.js
@@ -10,6 +10,7 @@ const { read } = require('./queryHistory');
 const platformInfo = require('../utility/platformInfo');
 const _ = require('lodash');
 const serverConnections = require('./serverConnections');
+const gistSecret = require('../gistSecret');
 
 module.exports = {
   upload_meta: {
@@ -45,6 +46,7 @@ module.exports = {
 
   uploadErrorToGist_meta: true,
   async uploadErrorToGist() {
+    console.log('&&&SECRET', gistSecret);
     const logs = await fs.readFile(getLogsFilePath(), { encoding: 'utf-8' });
     const connections = await serverConnections.getOpenedConnectionReport();
     try {
@@ -89,7 +91,7 @@ module.exports = {
         },
         {
           headers: {
-            Authorization: `token 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`,
+            Authorization: `token ${gistSecret}`,
             'Content-Type': 'application/json',
             Accept: 'application/vnd.github.v3+json',
           },
@@ -111,7 +113,7 @@ module.exports = {
   async deleteGist({ url }) {
     const response = await axios.default.delete(url, {
       headers: {
-        Authorization: `token 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`,
+        Authorization: `token ${gistSecret}`,
         'Content-Type': 'application/json',
         Accept: 'application/vnd.github.v3+json',
       },
diff --git a/packages/api/src/gistSecret.js b/packages/api/src/gistSecret.js
new file mode 100644
index 00000000..2b1442e4
--- /dev/null
+++ b/packages/api/src/gistSecret.js
@@ -0,0 +1 @@
+module.exports = process.env.GIST_UPLOAD_SECRET;