allow reading in storage password from .env

- adds dotenv package - updates some out-of-date packages with security vulnerabilities
2020-07-07 18:59:56 +00:00 · 2020-07-07 18:59:56 +00:00 · ee3fefae50
parent 5d2965ffc5
commit ee3fefae50
3 changed files with 8 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,4 @@
+.env
 npm-debug.log
 node_modules
 *.swp
--- a/package.json
+++ b/package.json
@ -19,6 +19,7 @@
    "connect-ratelimit": "0.0.7",
    "connect-route": "0.1.5",
    "pg": "^8.0.0",
+    "dotenv": "^8.2.0",
    "redis": "0.8.1",
    "redis-url": "0.1.0",
    "st": "^2.0.0",
--- a/server.js
+++ b/server.js
@ -1,3 +1,5 @@
+require('dotenv').config();
+
 var http = require('http');
 var fs = require('fs');

@ -44,6 +46,10 @@ if (!config.storage.type) {

 var Store, preferredStore;

+if (config.storage.password == '.env') {
+  config.storage.password=process.env.STORAGE_PASSWORD
+}
+
 if (process.env.REDISTOGO_URL && config.storage.type === 'redis') {
  var redisClient = require('redis-url').connect(process.env.REDISTOGO_URL);
  Store = require('./lib/document_stores/redis');