From c8857314644998ba1a3b31c92c84d70e405fa6c9 Mon Sep 17 00:00:00 2001 From: Stanley Stuart Date: Mon, 3 Nov 2014 15:30:55 -0600 Subject: [PATCH] make keys explicitly included to prevent leaking --- .env | 1 + Brocfile.js | 6 +++++- README.md | 15 +++++++++++++++ index.js | 19 ++++++++++++++++--- package.json | 2 +- tests/integration/smoke-test.js | 4 ++++ 6 files changed, 42 insertions(+), 5 deletions(-) diff --git a/.env b/.env index b38ecba..3711154 100644 --- a/.env +++ b/.env @@ -1 +1,2 @@ DOTENV_VAR="dotenv" +DO_NOT_ALLOW="this should not show up in ENV" diff --git a/Brocfile.js b/Brocfile.js index 8c25bfe..b5e432e 100644 --- a/Brocfile.js +++ b/Brocfile.js @@ -2,7 +2,11 @@ var EmberAddon = require('ember-cli/lib/broccoli/ember-addon'); -var app = new EmberAddon(); +var app = new EmberAddon({ + dotEnv: { + allow: ['DOTENV_VAR'] + } +}); // Use `app.import` to add additional libraries to the generated // output files. diff --git a/README.md b/README.md index 9e219f8..a254e3d 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,21 @@ file in the root of your repository: DROPBOX_KEY=YOURKEYGOESHERE ``` +Next, put some configuration in your Brocfile. Starting in 0.2.0, *keys must be explicitly allowed*: + +```javascript +// Brocfile.js + +var app = new EmberApp({ + dotEnv: { + allow: ['DROPBOX_KEY'] + } +}); + +// pre-generated config from ember-cli +module.exports = app.toTree(); +``` + then, you can access the environment variables anywhere in your app like you usually would. diff --git a/index.js b/index.js index 04c83f8..ad71585 100644 --- a/index.js +++ b/index.js @@ -5,13 +5,26 @@ module.exports = { var path = require('path'); var fs = require('fs'); var dotenv = require('dotenv'); + var app = this.app; + var project = this.project; + var loadedConfig; + var config = {}; + var allowedKeys = (app.options.dotEnv && app.options.dotEnv.allow) || []; - var configFilePath = path.join(this.project.root, '.env'); + console.log('allowedKeys', allowedKeys); + + var configFilePath = path.join(project.root, '.env'); if (fs.existsSync(configFilePath)){ - return dotenv.parse(fs.readFileSync(configFilePath)); + loadedConfig = dotenv.parse(fs.readFileSync(configFilePath)); } else { - return {}; + loadedConfig = {}; } + + allowedKeys.forEach(function(key){ + config[key] = loadedConfig[key]; + }); + + return config; } }; diff --git a/package.json b/package.json index d6a439b..7ea0db2 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "ember-cli-dotenv", - "version": "0.1.1", + "version": "0.2.0", "directories": { "doc": "doc", "test": "tests" diff --git a/tests/integration/smoke-test.js b/tests/integration/smoke-test.js index 5b17e21..d108c37 100644 --- a/tests/integration/smoke-test.js +++ b/tests/integration/smoke-test.js @@ -5,3 +5,7 @@ module("smoke test"); test("should work", function(){ equal(ENV.DOTENV_VAR, "dotenv"); }); + +test("doesn't put in keys unless they are explicitly allowed", function(){ + equal(Object.hasOwnProperty.call(ENV, 'DO_NOT_ALLOW'), false); +});