fix: load API keys from .env at runtime — never embed credentials in cron payloads or source code

2026-03-06 02:04:55 +00:00
parent 0d3ef7c285
commit 261f5800ad
5 changed files with 50 additions and 5 deletions
--- a/lib/env.mjs
+++ b/lib/env.mjs
@@ -0,0 +1,27 @@
+/**
+ * env.mjs — Load .env file if present
+ * Reads key=value pairs from .env and sets process.env for any missing vars.
+ * Never overwrites vars already set in the environment.
+ */
+import { existsSync, readFileSync } from 'fs';
+import { resolve, dirname } from 'path';
+import { fileURLToPath } from 'url';
+
+const __dir = dirname(fileURLToPath(import.meta.url));
+const envPath = resolve(__dir, '../.env');
+
+export function loadEnv() {
+  if (!existsSync(envPath)) return;
+  const lines = readFileSync(envPath, 'utf8').split('\n');
+  for (const line of lines) {
+    const trimmed = line.trim();
+    if (!trimmed || trimmed.startsWith('#')) continue;
+    const eq = trimmed.indexOf('=');
+    if (eq === -1) continue;
+    const key = trimmed.slice(0, eq).trim();
+    const val = trimmed.slice(eq + 1).trim().replace(/^["']|["']$/g, '');
+    if (key && !(key in process.env)) {
+      process.env[key] = val;
+    }
+  }
+}