move environmental variables to dotenv

2 files changed, 4 insertions, 3 deletions

diff --git a/server/middleware/auth.js b/server/middleware/auth.js
index 462b100..bec113d 100644
--- a/server/middleware/auth.js
+++ b/server/middleware/auth.js
@@ -10,13 +10,14 @@ const auth = async (req, res, next) => {
     }
 
     try {
-      const decoded = jwt.verify(token, 'replaceThisWithSecretString');
+      const decoded = jwt.verify(token, process.env.JWT_SECRET);
       req.userId = decoded._id;
       req.refreshToken = decoded.ref;
       return next();
     } catch(er) {
       if (er.message && er.message === 'jwt expired') {
-        const { _id, ref } = jwt.decode(token, 'replaceThisWithSecretString');
+        const { _id, ref } = jwt.decode(token, process.env.JWT_SECRET);
+        console.log('reading db to login')
         const user = await User.findById(_id);
 
         if (!user) {
diff --git a/server/middleware/redirectIfLoggedIn.js b/server/middleware/redirectIfLoggedIn.js
index 62a413c..fe793f7 100644
--- a/server/middleware/redirectIfLoggedIn.js
+++ b/server/middleware/redirectIfLoggedIn.js
@@ -9,7 +9,7 @@ const redirectIfLoggedIn = async (req, res, next) => {
       throw new Error();
     }
 
-    const decoded = jwt.verify(token, 'replaceThisWithSecretString');
+    const decoded = jwt.verify(token, process.env.JWT_SECRET);
     const user = await User.findOne({ _id: decoded._id, 'tokens.token': token });
 
     if (!user) {