From 0541811a5188b8caad7f07e4a3ab4835da7d214d Mon Sep 17 00:00:00 2001 From: Paul Dariye Date: Tue, 26 Dec 2017 17:12:05 -0500 Subject: [PATCH 1/4] Remove .env file from vc to avoid accidentally exposing secret keys --- .env | 12 ------------ 1 file changed, 12 deletions(-) delete mode 100644 .env diff --git a/.env b/.env deleted file mode 100644 index b49f58d..0000000 --- a/.env +++ /dev/null @@ -1,12 +0,0 @@ -# Environment Config - -# store your secrets and config variables in here -# only invited collaborators will be able to see your .env values -# reference these in your code with process.env.SECRET - -clientId= -clientSecret= -studio_token= -PORT= - -# note: .env is a shell file so there can’t be spaces around = From 4e0fc72f5b263c80a57eff07ffecaf374134e2bb Mon Sep 17 00:00:00 2001 From: Paul Dariye Date: Tue, 26 Dec 2017 17:16:15 -0500 Subject: [PATCH 2/4] Add example .env file --- .env.example | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 .env.example diff --git a/.env.example b/.env.example new file mode 100644 index 0000000..68e58ff --- /dev/null +++ b/.env.example @@ -0,0 +1,11 @@ +# Environment variables +# 1. Make a copy of this file to .env file +# 2. Remove comments + +# You can access all env variables from process.env.YOUR_ENV_SECRET + +CLIENT_ID= +CLIENT_SECRET= +STUDIO_TOKEN= +PORT=3000 + From a6e46334c67b0b528ccc758cfb37bfda9a18a684 Mon Sep 17 00:00:00 2001 From: Paul Dariye Date: Tue, 26 Dec 2017 17:17:31 -0500 Subject: [PATCH 3/4] Add dotenv package. Remove node-env-file package --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index e3f5fc0..5265b6c 100644 --- a/package.json +++ b/package.json @@ -13,9 +13,9 @@ "botkit-studio-metrics": "^0.0.2", "cookie-parser": "^1.4.3", "debug": "^2.3.3", + "dotenv": "^4.0.0", "express": "^4.14.0", "express-hbs": "^1.0.4", - "node-env-file": "^0.1.8", "querystring": "^0.2.0", "request": "^2.79.0", "wordfilter": "^0.2.6" From 860fe72c175c45656882f6ac8e2d5539dc6b03ff Mon Sep 17 00:00:00 2001 From: Paul Dariye Date: Tue, 26 Dec 2017 17:17:47 -0500 Subject: [PATCH 4/4] Add check for required env variables --- bot.js | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/bot.js b/bot.js index c24a1ce..aa9f7a5 100644 --- a/bot.js +++ b/bot.js @@ -29,7 +29,7 @@ This bot demonstrates many of the core features of Botkit: Run your bot from the command line: - clientId= clientSecret= PORT=<3000> studio_token= node bot.js + CLIENT_ID= CLIENT_SECRET= PORT=<3000> STUDIO_TOKEN= node bot.js # USE THE BOT: @@ -51,24 +51,21 @@ This bot demonstrates many of the core features of Botkit: -> http://howdy.ai/botkit ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/ -var env = require('node-env-file'); -env(__dirname + '/.env'); - - -if (!process.env.clientId || !process.env.clientSecret || !process.env.PORT) { +var env = require('dotenv').config().parsed; +if (env.error || Object.values(env).some((x) => x === '')) { usage_tip(); - // process.exit(1); + process.exit(1); } var Botkit = require('botkit'); var debug = require('debug')('botkit:main'); var bot_options = { - clientId: process.env.clientId, - clientSecret: process.env.clientSecret, + clientId: process.env.CLIENT_ID, + clientSecret: process.env.CLIENT_SECRET, // debug: true, scopes: ['bot'], - studio_token: process.env.studio_token, + studio_token: process.env.STUDIO_TOKEN, studio_command_uri: process.env.studio_command_uri }; @@ -89,7 +86,7 @@ controller.startTicking(); // Set up an Express-powered webserver to expose oauth and webhook endpoints var webserver = require(__dirname + '/components/express_webserver.js')(controller); -if (!process.env.clientId || !process.env.clientSecret) { +if (!process.env.CLIENT_ID || !process.env.CLIENT_SECRET) { // Load in some helpers that make running Botkit on Glitch.com better require(__dirname + '/components/plugin_glitch.js')(controller); @@ -140,7 +137,7 @@ if (!process.env.clientId || !process.env.clientSecret) { // If a trigger is matched, the conversation will automatically fire! // You can tie into the execution of the script using the functions // controller.studio.before, controller.studio.after and controller.studio.validate - if (process.env.studio_token) { + if (process.env.STUDIO_TOKEN) { controller.on('direct_message,direct_mention,mention', function(bot, message) { controller.studio.runTrigger(bot, message.text, message.user, message.channel, message).then(function(convo) { if (!convo) { @@ -174,7 +171,7 @@ function usage_tip() { console.log('~~~~~~~~~~'); console.log('Botkit Starter Kit'); console.log('Execute your bot application like this:'); - console.log('clientId= clientSecret= PORT=3000 studio_token= node bot.js'); + console.log('CLIENT_ID= CLIENT_SECRET= PORT=3000 STUDIO_TOKEN= node bot.js'); console.log('Get Slack app credentials here: https://api.slack.com/apps') console.log('Get a Botkit Studio token here: https://studio.botkit.ai/') console.log('~~~~~~~~~~');