allow reading in storage password from .env

- adds dotenv package
- updates some out-of-date packages with security vulnerabilities

.gitignore

@@ -1,3 +1,4 @@
+.env
 npm-debug.log
 node_modules
 *.swp

package.json

@@ -19,6 +19,7 @@
     "connect-ratelimit": "0.0.7",
     "connect-route": "0.1.5",
     "pg": "^8.0.0",
+    "dotenv": "^8.2.0",
     "redis": "0.8.1",
     "redis-url": "0.1.0",
     "st": "^2.0.0",

server.js

@@ -1,3 +1,5 @@
+require('dotenv').config();
+
 var http = require('http');
 var fs = require('fs');
 
@@ -44,6 +46,10 @@ if (!config.storage.type) {
 
 var Store, preferredStore;
 
+if (config.storage.password == '.env') {
+  config.storage.password=process.env.STORAGE_PASSWORD
+}
+
 if (process.env.REDISTOGO_URL && config.storage.type === 'redis') {
   var redisClient = require('redis-url').connect(process.env.REDISTOGO_URL);
   Store = require('./lib/document_stores/redis');