MCPcopy
hub / github.com/MagicMirrorOrg/MagicMirror / replaceSecretPlaceholder

Function replaceSecretPlaceholder

js/server_functions.js:29–45  ·  view source on GitHub ↗

* Replace `**SECRET_ABC**` placeholders with the value of `process.env.SECRET_ABC`. * * If `allowedSecrets` is given, only those secret names are restored and every * other placeholder is left untouched. Without it, all secrets are restored * (used by the CORS proxy, which only runs on the trust

(input, allowedSecrets)

Source from the content-addressed store, hash-verified

27 * @returns {string} The input with the allowed placeholders replaced.
28 */
29function replaceSecretPlaceholder (input, allowedSecrets) {
30 if (global.config.cors === "allowAll") {
31 if (input.includes("**SECRET_")) {
32 Log.error("Replacing secrets doesn't work with CORS `allowAll`, you need to set `cors` to `disabled` or `allowWhitelist` in `config.js`");
33 }
34 return input;
35 }
36 return input.replaceAll(/\*\*(SECRET_[^*]+)\*\*/g, (placeholder, secretName) => {
37 // Block replacing secrets that are not explicitly allowed.
38 if (allowedSecrets && !allowedSecrets.has(secretName)) {
39 return placeholder;
40 }
41
42 // Load the real value from the environment. Fallback to placeholder if missing.
43 return process.env[secretName] || placeholder;
44 });
45}
46
47/**
48 * A method that forwards HTTP Get-methods to the internet to avoid CORS-errors.

Callers 3

corsFunction · 0.85
setSocketIOMethod · 0.85

Calls

no outgoing calls

Tested by

no test coverage detected