Security audit #1

2026-02-03 06:59:07 -07:00 · 2026-02-03 06:59:07 -07:00 · cd04d34b23
commit cd04d34b23
parent 68bc591150
8 changed files with 131 additions and 56 deletions
--- a/vite.config.ts
+++ b/vite.config.ts
@ -1,19 +1,16 @@
 import path from 'path';
-import { defineConfig, loadEnv } from 'vite';
+import { defineConfig } from 'vite';
 import react from '@vitejs/plugin-react';

-export default defineConfig(({ mode }) => {
-    const env = loadEnv(mode, '.', '');
+export default defineConfig(() => {
    return {
      server: {
        port: 5173,
        host: '0.0.0.0',
      },
      plugins: [react()],
-      define: {
-        'process.env.API_KEY': JSON.stringify(env.GEMINI_API_KEY),
-        'process.env.GEMINI_API_KEY': JSON.stringify(env.GEMINI_API_KEY)
-      },
+      // SECURITY: Do NOT expose GEMINI_API_KEY to frontend - use /api/generate endpoint
+    define: {},
      resolve: {
        alias: {
          '@': path.resolve(__dirname, '.'),