This repository contains the public source code for E-Library. Security-sensitive values must be configured through local .env files or hosting dashboard environment variables only.
Do not commit:
.envfiles- Firebase service account JSON
- Google Drive refresh tokens
- Razorpay key secrets
- Razorpay webhook secrets
- Gemini API keys
- database passwords
- database backups
- exported user data
- private Google Drive folder IDs if they reveal private storage structure
The repository includes .gitignore rules for these common cases, but every contributor should still review changes before committing.
Run:
cd PDF-Library/backend
npm run check:secret-filesAlso inspect staged files:
git status --short
git diff --cachedProduction should use:
NODE_ENV=production
SESSION_COOKIE_SECURE=true
SESSION_COOKIE_SAME_SITE=none
PUBLIC_INCLUDE_PRIVATE_BOOKS=false
ALLOW_RAW_DRIVE_ROUTES=falseUse strong values for:
SESSION_TOKEN_SECRET
RAZORPAY_KEY_SECRET
RAZORPAY_WEBHOOK_SECRET
FIREBASE_SERVICE_ACCOUNT_BASE64
DRIVE_REFRESH_TOKENIf you find a security issue, contact the maintainer privately instead of posting the exploit publicly in an issue.
Maintainer:
- GitHub: padam421
- LinkedIn: Padam Kishore