Skip to content

Commit 104c87a

Browse files
alfredangclaude
alfredang
and
claude
committed
security: move Firebase config to GitHub secrets
- Replace hardcoded API key with build-time placeholders - Store all Firebase config values as GitHub repo secrets - Update deploy workflow to inject secrets via sed at build time - Create new Firebase project (wordcloud-app-v2) with fresh credentials - Add dev.sh for local development with firebase-config.local.js - Old project (wordcloud-live) should be deleted manually in Firebase console Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 parent 3ef192b commit 104c87a

6 files changed

Lines changed: 48 additions & 10 deletions

File tree

.firebaserc

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
{
22
"projects": {
3-
"default": "wordcloud-live"
3+
"default": "wordcloud-app-v2"
44
}
55
}

.github/workflows/deploy-pages.yml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,18 @@ jobs:
2424
- name: Checkout
2525
uses: actions/checkout@v4
2626

27+
- name: Inject Firebase config
28+
run: |
29+
sed -i \
30+
-e 's|__FIREBASE_API_KEY__|${{ secrets.FIREBASE_API_KEY }}|g' \
31+
-e 's|__FIREBASE_AUTH_DOMAIN__|${{ secrets.FIREBASE_AUTH_DOMAIN }}|g' \
32+
-e 's|__FIREBASE_DATABASE_URL__|${{ secrets.FIREBASE_DATABASE_URL }}|g' \
33+
-e 's|__FIREBASE_PROJECT_ID__|${{ secrets.FIREBASE_PROJECT_ID }}|g' \
34+
-e 's|__FIREBASE_STORAGE_BUCKET__|${{ secrets.FIREBASE_STORAGE_BUCKET }}|g' \
35+
-e 's|__FIREBASE_MESSAGING_SENDER_ID__|${{ secrets.FIREBASE_MESSAGING_SENDER_ID }}|g' \
36+
-e 's|__FIREBASE_APP_ID__|${{ secrets.FIREBASE_APP_ID }}|g' \
37+
firebase-config.js
38+
2739
- name: Setup Pages
2840
uses: actions/configure-pages@v5
2941

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,3 +6,4 @@ node_modules/
66
.firebase/
77
firebase-debug.log
88
ui-debug.log
9+
firebase-config.local.js

dev.sh

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
#!/bin/bash
2+
# Local development script
3+
# Copies firebase-config.local.js over firebase-config.js temporarily,
4+
# starts a server, then restores the placeholder version on exit.
5+
6+
cp firebase-config.js firebase-config.js.bak
7+
cp firebase-config.local.js firebase-config.js
8+
9+
cleanup() {
10+
mv firebase-config.js.bak firebase-config.js
11+
echo "Restored firebase-config.js placeholders"
12+
}
13+
trap cleanup EXIT
14+
15+
echo "Starting local dev server at http://localhost:8080"
16+
python3 -m http.server 8080

firebase-config.js

Lines changed: 12 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,17 @@
11
/* =============================================================
22
FIREBASE CONFIGURATION
3-
Auto-generated from Firebase CLI for project: wordcloud-live
3+
Values are injected at build time by GitHub Actions.
4+
For local development, create firebase-config.local.js with
5+
your actual credentials (it's gitignored).
46
============================================================= */
57
const FIREBASE_CONFIG = {
6-
apiKey: "AIzaSyARkc7ebEtCW9jYqUdtbZevDg3lL9F0YVE",
7-
authDomain: "wordcloud-live.firebaseapp.com",
8-
databaseURL: "https://wordcloud-live-default-rtdb.firebaseio.com",
9-
projectId: "wordcloud-live",
10-
storageBucket: "wordcloud-live.firebasestorage.app",
11-
messagingSenderId: "223206575168",
12-
appId: "1:223206575168:web:755550cfd674905aa463a5"
8+
apiKey: "__FIREBASE_API_KEY__",
9+
authDomain: "__FIREBASE_AUTH_DOMAIN__",
10+
databaseURL: "__FIREBASE_DATABASE_URL__",
11+
projectId: "__FIREBASE_PROJECT_ID__",
12+
storageBucket: "__FIREBASE_STORAGE_BUCKET__",
13+
messagingSenderId: "__FIREBASE_MESSAGING_SENDER_ID__",
14+
appId: "__FIREBASE_APP_ID__"
1315
};
1416

1517
/* =============================================================
@@ -19,7 +21,7 @@ let firebaseApp = null;
1921
let firebaseDB = null;
2022

2123
function isFirebaseConfigured() {
22-
return FIREBASE_CONFIG.apiKey && !FIREBASE_CONFIG.apiKey.startsWith('YOUR_');
24+
return FIREBASE_CONFIG.apiKey && !FIREBASE_CONFIG.apiKey.startsWith('__');
2325
}
2426

2527
if (isFirebaseConfigured()) {
@@ -32,4 +34,5 @@ if (isFirebaseConfigured()) {
3234
}
3335
} else {
3436
console.log('[WordCloud] Firebase not configured — using localStorage sync (same-browser only)');
37+
console.log('[WordCloud] For local dev, create firebase-config.local.js with your credentials');
3538
}

index.html

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -103,6 +103,12 @@ <h3>Edit Question</h3>
103103
<!-- Firebase SDK (Realtime Database for cross-device sync) -->
104104
<script src="https://www.gstatic.com/firebasejs/10.14.1/firebase-app-compat.js"></script>
105105
<script src="https://www.gstatic.com/firebasejs/10.14.1/firebase-database-compat.js"></script>
106+
<!--
107+
Firebase config loading order:
108+
1. firebase-config.js (has placeholders, replaced by CI at deploy time)
109+
2. For local dev: rename firebase-config.local.js to firebase-config.js
110+
or use the local dev server script below
111+
-->
106112
<script src="firebase-config.js"></script>
107113
<script src="app.js"></script>
108114
</body>

0 commit comments

Comments
 (0)