feat: Fix secure development of companion (#3783)

* add workarounds to improve secure development

* add gitignore

* fix credentials

* improve code

* use require instead of import

* fix lint

* another attempt

* fix reading

* revert changes

Author: dbadura

backend/companion/.gitignore

@@ -0,0 +1 @@
+credentials.json

backend/companion/getKcpToken.js

@@ -1,8 +1,12 @@
 export async function getKcpToken() {
   const tokenUrl = 'https://kymatest.accounts400.ondemand.com/oauth2/token';
   const grantType = 'client_credentials';
-  const clientId = process.env.COMPANION_KCP_AUTH_CLIENT_ID;
-  const clientSecret = process.env.COMPANION_KCP_AUTH_CLIENT_SECRET;
+  const clientId =
+    process.env.COMPANION_KCP_AUTH_CLIENT_SECRET ??
+    getLocalCredentials()?.clientId;
+  const clientSecret =
+    process.env.COMPANION_KCP_AUTH_CLIENT_ID ??
+    getLocalCredentials()?.clientSecret;
 
   if (!clientId) {
     throw new Error('COMPANION_KCP_AUTH_CLIENT_ID is not set');
@@ -40,3 +44,8 @@ export async function getKcpToken() {
     throw new Error(`Failed to fetch token: ${error.message}`);
   }
 }
+
+function getLocalCredentials() {
+  const fs = require('fs');
+  return JSON.parse(fs.readFileSync('companion/credentials.json', 'utf8'));
+}

src/hooks/useCheckSAPUser.ts

@@ -4,6 +4,9 @@ import { AuthDataState, authDataState } from 'state/authDataAtom';
 
 export function useCheckSAPUser() {
   const authData: AuthDataState = useRecoilValue(authDataState);
+  if (window.location.host.includes('localhost')) {
+    return true;
+  }
   try {
     if (authData && 'token' in authData) {
       const decoded = jwtDecode(authData?.token);