From ee3fefae50f8a3390ad301b416de9ef82153d72e Mon Sep 17 00:00:00 2001
From: Jonathan Tsai <hello@jontsai.com>
Date: Tue, 7 Jul 2020 18:59:56 +0000
Subject: [PATCH] allow reading in storage password from .env - adds dotenv
 package - updates some out-of-date packages with security vulnerabilities

---
 .gitignore   | 1 +
 package.json | 1 +
 server.js    | 6 ++++++
 3 files changed, 8 insertions(+)

diff --git a/.gitignore b/.gitignore
index a865156..252f17e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
+.env
 npm-debug.log
 node_modules
 *.swp
diff --git a/package.json b/package.json
index 453ae2c..3bc4ae3 100644
--- a/package.json
+++ b/package.json
@@ -19,6 +19,7 @@
     "connect-ratelimit": "0.0.7",
     "connect-route": "0.1.5",
     "pg": "^8.0.0",
+    "dotenv": "^8.2.0",
     "redis": "0.8.1",
     "redis-url": "0.1.0",
     "st": "^2.0.0",
diff --git a/server.js b/server.js
index 0837a03..1273c22 100644
--- a/server.js
+++ b/server.js
@@ -1,3 +1,5 @@
+require('dotenv').config();
+
 var http = require('http');
 var fs = require('fs');
 
@@ -44,6 +46,10 @@ if (!config.storage.type) {
 
 var Store, preferredStore;
 
+if (config.storage.password == '.env') {
+  config.storage.password=process.env.STORAGE_PASSWORD
+}
+
 if (process.env.REDISTOGO_URL && config.storage.type === 'redis') {
   var redisClient = require('redis-url').connect(process.env.REDISTOGO_URL);
   Store = require('./lib/document_stores/redis');