From ea2d6d8f48cc322fedd9ae4c0fabf7b7939b4ac0 Mon Sep 17 00:00:00 2001
From: Riccardo <riccardo.s@hey.com>
Date: Sat, 20 Jul 2024 18:17:57 +0200
Subject: [PATCH] fix: move secret to .env

---
 .env.example         | 3 ++-
 src/server/server.ts | 6 +++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/.env.example b/.env.example
index 335dc4e..e99ee0f 100644
--- a/.env.example
+++ b/.env.example
@@ -1 +1,2 @@
-DATABASE_URL=postgresql://postgres:postgres@localhost:5432/postgres
\ No newline at end of file
+DATABASE_URL=postgresql://postgres:postgres@localhost:5432/postgres
+SECRET=
\ No newline at end of file
diff --git a/src/server/server.ts b/src/server/server.ts
index 0268cb1..0fa76d1 100644
--- a/src/server/server.ts
+++ b/src/server/server.ts
@@ -8,6 +8,10 @@ import { fromZodError } from 'zod-validation-error';
 import { addition } from '../utils/addition';
 import { logger } from '../utils/logger';
 
+if (!process.env.SECRET) {
+  throw new Error('SECRET environment variable is required');
+}
+
 const limiter = rateLimit({
   windowMs: 10 * 60 * 1000,
   max: 50,
@@ -22,7 +26,7 @@ server.disable('x-powered-by');
 server.set('trust proxy', 1);
 server.use(
   session({
-    secret: 's3Cur3',
+    secret: process.env.SECRET,
     name: 'sessionId'
   })
 );