From f9cd7d247874a8625913a9fcc5e1fa68bcc80233 Mon Sep 17 00:00:00 2001
From: bhavanakarwade <bhavana.karwade@ayanworks.com>
Date: Fri, 20 Dec 2024 15:56:02 +0530
Subject: [PATCH 1/8] fix: Improve Handling of Sensitive Data in Browser

Signed-off-by: bhavanakarwade <bhavana.karwade@ayanworks.com>
---
 .env.demo                        |  3 --
 .env.sample                      |  2 --
 .github/workflows/deploy-dev.yml | 47 ++++++++++++++++++++++++++++++--
 .github/workflows/deploy.yml     |  6 ++--
 src/api/Auth.ts                  |  8 +++---
 src/app/LayoutCommon.astro       | 28 +++++++++++++++----
 src/config/GetHeaderConfigs.ts   |  4 +--
 src/config/envConfig.ts          | 11 ++------
 src/env.d.ts                     | 22 +++++++++++++++
 src/middleware.ts                |  4 +--
 src/pages/index.astro            |  9 +++---
 11 files changed, 107 insertions(+), 37 deletions(-)

diff --git a/.env.demo b/.env.demo
index 859e6383f..db93d00f0 100644
--- a/.env.demo
+++ b/.env.demo
@@ -14,11 +14,8 @@ PUBLIC_PLATFORM_NAME=CREDEBL
 PUBLIC_PLATFORM_LOGO=/images/CREDEBL_ICON.png
 PUBLIC_POWERED_BY=Blockster Labs Pvt. Ltd.
 PUBLIC_PLATFORM_WEB_URL=https://credebl.id/
-PUBLIC_POWERED_BY_URL=https://blockster.global
 PUBLIC_PLATFORM_DOCS_URL=https://docs.credebl.id/en/intro/what-is-credebl/
 PUBLIC_PLATFORM_GIT=https://github.com/credebl
-PUBLIC_PLATFORM_SUPPORT_EMAIL=support@blockster.global
-PUBLIC_PLATFORM_SUPPORT_INVITE=
 PUBLIC_PLATFORM_TWITTER_URL="https://twitter.com/i/flow/login?redirect_after_login=%2Fcredebl"
 PUBLIC_PLATFROM_DISCORD_SUPPORT="https://discord.gg/w4hnQT7NJG"
 PUBLIC_ALLOW_DOMAIN="http://your-ip:5000 http://localhost:5000 http://localhost:5001 http://your-ip:5001 https://cdnjs.cloudflare.com https://tailwindcss.com https://www.blockster.global https://www.ayanworks.com https://qaapi.credebl.id https://devapi.credebl.id https://api.credebl.id https://*.credebl.id https://fonts.googleapis.com https://fonts.gstatic.com https://avatars.githubusercontent.com https://dev-org-logo.s3.ap-south-1.amazonaws.com https://flowbite-admin-dashboard.vercel.app/ wss://devapi.credebl.id wss://qaapi.credebl.id wss://api.credebl.id wss://*.credebl.id https://qa.credebl.id https://dev.credebl.id https://credebl.id http://your-ip:3001 http://localhost:3001 http://localhost:3000/certificates ws://your-ip:5000 ws://localhost:5000 https://rpc-amoy.polygon.technology/"
\ No newline at end of file
diff --git a/.env.sample b/.env.sample
index 66bf1ac28..77a7547d8 100644
--- a/.env.sample
+++ b/.env.sample
@@ -11,10 +11,8 @@ PUBLIC_PLATFORM_NAME= # Please specify your paltform name
 PUBLIC_PLATFORM_LOGO= # Please specify your logo file link
 PUBLIC_POWERED_BY= # Please specify your powered by org name
 PUBLIC_PLATFORM_WEB_URL= # Please specify your platform web URL
-PUBLIC_POWERED_BY_URL= # Please specify your support URL
 PUBLIC_PLATFORM_DOCS_URL= # Please specify your documentation URL
 PUBLIC_PLATFORM_GIT= # Please specify your Github URL
-PUBLIC_PLATFORM_SUPPORT_EMAIL= # Please specify your support email 
 PUBLIC_PLATFORM_TWITTER_URL= # Please specify your twitter URL
 PUBLIC_PLATFROM_DISCORD_SUPPORT= # Please specify your discord support url
 
diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml
index f202e9e7a..6067ac888 100644
--- a/.github/workflows/deploy-dev.yml
+++ b/.github/workflows/deploy-dev.yml
@@ -22,8 +22,51 @@ jobs:
         with:
           node-version: lts/*
 
-      - name: remove previous node module
-        run: rm -rf node_modules
+      - name: Create .env file
+
+        run: |
+
+         echo "PUBLIC_MODE=DEV" > .env
+
+         echo "PUBLIC_BASE_URL=https://devapi.credebl.id" >> .env
+
+         echo "PUBLIC_SHOW_NAME_AS_LOGO=true" >> .env
+
+         echo "PUBLIC_PLATFORM_NAME=CREDEBL" >> .env
+
+         echo "PUBLIC_PLATFORM_LOGO=/images/CREDEBL_ICON.png" >> .env
+
+         echo "PUBLIC_POWERED_BY=Blockster Labs Pvt. Ltd" >> .env
+
+         echo "PUBLIC_PLATFORM_DOCS_URL=https://docs.credebl.id/en/intro/what-is-credebl/" >> .env
+
+         echo "PUBLIC_PLATFORM_GIT=https://github.com/credebl" >> .env
+
+         echo "PUBLIC_PLATFORM_TWITTER_URL=https://twitter.com/i/flow/login?redirect_after_login=%2Fcredebl" >> .env
+
+         echo "PUBLIC_PLATFROM_DISCORD_SUPPORT=https://discord.gg/w4hnQT7NJG" >> .env
+
+         echo "PUBLIC_ALLOW_DOMAIN=${{ secrets.DEV_PUBLIC_ALLOW_DOMAIN }}" >> .env
+
+         echo "PUBLIC_POLYGON_MAINNET_URL=https://polygon-rpc.com/" >> .env
+
+         echo "PUBLIC_POLYGON_TESTNET_URL=https://rpc-amoy.polygon.technology" >> .env
+
+         echo "PUBLIC_ECOSYSTEM_FRONT_END_URL=https://dev-ecosystem.credebl.id" >> .env
+
+         echo "PUBLIC_ECOSYSTEM_BASE_URL=https://devecosystem-api.credebl.id" >> .env
+
+         echo "PUBLIC_PLATFORM_DISCORD_URL=https://discord.gg/w4hnQT7NJG" >> .env
+
+         echo "PUBLIC_REDIRECTION_TARGET_URL=https://social-share.credebl.id" >> .env
+
+         echo "PUBLIC_CRYPTO_PRIVATE_KEY=${{ secrets.DEV_PUBLIC_CRYPTO_PRIVATE_KEY }}" >> .env
+
+         echo "PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_ID=${{ secrets.DEV_PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_ID }}" >> .env
+
+         echo "PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_SECRET=${{ secrets.DEV_PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_SECRET }}" >> .env
+
+         echo "PUBLIC_REDIRECT_FROM_URL=https://dev.credebl.id" >> .env
 
       - name: Build step
         run: npm install && npm run build # 📝 Update the build command(s)
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 67b4b3c7f..7fe0df0dc 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -1,9 +1,9 @@
 name: Deploy
 on:
   push:
-    branches: develop-fixed-dco
+    branches: main
   pull_request:
-    branches: develop-fixed-dco
+    branches: main
 
 jobs:
   deploy:
@@ -40,5 +40,3 @@ jobs:
           project: "credebl-dev-ui"
           entrypoint: "server/entry.mjs"
           root: "dist"
-          
-          
diff --git a/src/api/Auth.ts b/src/api/Auth.ts
index 45e158e80..f6ca57632 100644
--- a/src/api/Auth.ts
+++ b/src/api/Auth.ts
@@ -221,15 +221,15 @@ export const addPasskeyUserDetails = async(payload: AddPassword, email:string) =
 }
 
 export const passwordEncryption = (password: string): string => {
-    const CRYPTO_PRIVATE_KEY: string = `${envConfig.PUBLIC_CRYPTO_PRIVATE_KEY}`    
+    const CRYPTO_PRIVATE_KEY: string = import.meta.env.PUBLIC_CRYPTO_PRIVATE_KEY;
     const encryptedPassword: string = CryptoJS.AES.encrypt(JSON.stringify(password), CRYPTO_PRIVATE_KEY).toString()
     return encryptedPassword
 }
 
 export const encryptData = (value: any): string => {
  
-    const CRYPTO_PRIVATE_KEY: string = `${envConfig.PUBLIC_CRYPTO_PRIVATE_KEY}`
-
+    const CRYPTO_PRIVATE_KEY: string = import.meta.env.PUBLIC_CRYPTO_PRIVATE_KEY;
+    
     try {
         if (typeof (value) !== 'string') {
             value = JSON.stringify(value)
@@ -243,7 +243,7 @@ export const encryptData = (value: any): string => {
 }
 
 export const decryptData = (value: any): string => {
-    const CRYPTO_PRIVATE_KEY: string = `${envConfig.PUBLIC_CRYPTO_PRIVATE_KEY}`
+    const CRYPTO_PRIVATE_KEY: string = import.meta.env.PUBLIC_CRYPTO_PRIVATE_KEY;
 
     try {
         let bytes = CryptoJS.AES.decrypt(value, CRYPTO_PRIVATE_KEY);
diff --git a/src/app/LayoutCommon.astro b/src/app/LayoutCommon.astro
index d3f99555e..8acefca63 100644
--- a/src/app/LayoutCommon.astro
+++ b/src/app/LayoutCommon.astro
@@ -8,9 +8,25 @@ const { class: clazz, metaData } = Astro.props;
 
 const initData: any = {};
 
-const envKeys = [...Object.keys(process.env), ...Object.keys(import.meta.env)];
-envKeys.forEach((item) => {
-	initData[item] = process.env[item] || import.meta.env[item];
+// Step 1: List of keys that should NOT be exposed to the frontend
+const excludeKeys = ['PUBLIC_CRYPTO_PRIVATE_KEY', 'PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_ID', 'PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_SECRET', 'PUBLIC_ALLOW_DOMAIN'];
+
+// Step 2: Get all environment keys
+const allEnvKeys = [...Object.keys(process.env), ...Object.keys(import.meta.env)];
+
+// Step 3: Separate 'exposed' keys and 'excluded' keys
+const exposedEnvKeys = allEnvKeys.filter((key) => !excludeKeys.includes(key));
+const excludedEnvKeys = allEnvKeys.filter((key) => excludeKeys.includes(key));
+
+// Step 4: Store values for all keys in `initData`
+exposedEnvKeys.forEach((item) => {
+    initData[item] = process.env[item] || import.meta.env[item];
+});
+
+// Step 5: Store 'excluded keys' in a separate object (only for server-side use)
+const excludedEnvData: any = {};
+excludedEnvKeys.forEach((item) => {
+    excludedEnvData[item] = process.env[item] || import.meta.env[item];
 });
 
 const sessionToken = getFromCookies(Astro.cookies, 'session');
@@ -68,9 +84,9 @@ const refreshToken = getFromCookies(Astro.cookies, 'refresh');
 
 		<script
 			id="global"
-			define:vars={{ initData, envKeys, sessionToken, refreshToken }}
+			define:vars={{ initData, exposedEnvKeys, sessionToken, refreshToken }}
 		>
-			envKeys.forEach((item) => {
+			exposedEnvKeys.forEach((item) => {
 				globalThis[item] = initData[item];
 			});
 
@@ -100,4 +116,4 @@ const refreshToken = getFromCookies(Astro.cookies, 'refresh');
 			}
 		</style>
 	</body>
-</html>
+</html>
\ No newline at end of file
diff --git a/src/config/GetHeaderConfigs.ts b/src/config/GetHeaderConfigs.ts
index 0ec795542..0705732d2 100644
--- a/src/config/GetHeaderConfigs.ts
+++ b/src/config/GetHeaderConfigs.ts
@@ -1,8 +1,8 @@
 import { getFromLocalStorage } from '../api/Auth';
 import { storageKeys } from './CommonConstant';
-import { envConfig } from './envConfig';
 
-const allowedDomains = envConfig.PUBLIC_ALLOW_DOMAIN;
+const allowedDomains = import.meta.env.PUBLIC_ALLOW_DOMAIN;
+
 const commonHeaders = {
     'Content-Security-Policy': `default-src 'self'; script-src 'unsafe-inline' ${allowedDomains}; style-src 'unsafe-inline' ${allowedDomains}; font-src ${allowedDomains}; img-src 'self' ${allowedDomains}; frame-src 'self' ${allowedDomains}; object-src 'none'; media-src 'self'; connect-src 'self' ${allowedDomains}; form-action 'self'; frame-ancestors 'self'; `,
     'X-Frame-Options': "DENY",
diff --git a/src/config/envConfig.ts b/src/config/envConfig.ts
index a1e35d950..ce63bc549 100644
--- a/src/config/envConfig.ts
+++ b/src/config/envConfig.ts
@@ -17,7 +17,7 @@ if (import.meta.env) {
 	}
 }
 
-const { PUBLIC_BASE_URL, PUBLIC_ECOSYSTEM_FRONT_END_URL, PUBLIC_POLYGON_TESTNET_URL, PUBLIC_POLYGON_MAINNET_URL, PUBLIC_CRYPTO_PRIVATE_KEY,PUBLIC_SHOW_NAME_AS_LOGO, PUBLIC_PLATFORM_NAME, PUBLIC_PLATFORM_LOGO, PUBLIC_POWERED_BY, PUBLIC_PLATFORM_WEB_URL, PUBLIC_POWERED_BY_URL, PUBLIC_PLATFORM_DOCS_URL, PUBLIC_PLATFORM_GIT, PUBLIC_PLATFORM_SUPPORT_EMAIL, PUBLIC_PLATFORM_TWITTER_URL, PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_ID, PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_SECRET, PUBLIC_PLATFORM_SUPPORT_INVITE, PUBLIC_PLATFORM_DISCORD_URL, PUBLIC_ALLOW_DOMAIN, PUBLIC_ECOSYSTEM_BASE_URL, PUBLIC_MODE, PUBLIC_REDIRECT_FROM_URL, PUBLIC_REDIRECTION_TARGET_URL }: any = envVariables;
+const { PUBLIC_BASE_URL, PUBLIC_ECOSYSTEM_FRONT_END_URL, PUBLIC_POLYGON_TESTNET_URL, PUBLIC_POLYGON_MAINNET_URL, PUBLIC_CRYPTO_PRIVATE_KEY,PUBLIC_SHOW_NAME_AS_LOGO, PUBLIC_PLATFORM_NAME, PUBLIC_PLATFORM_LOGO, PUBLIC_POWERED_BY, PUBLIC_PLATFORM_WEB_URL, PUBLIC_PLATFORM_DOCS_URL, PUBLIC_PLATFORM_GIT, PUBLIC_PLATFORM_TWITTER_URL, PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_ID, PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_SECRET, PUBLIC_PLATFROM_DISCORD_SUPPORT, PUBLIC_PLATFORM_DISCORD_URL, PUBLIC_ALLOW_DOMAIN, PUBLIC_ECOSYSTEM_BASE_URL, PUBLIC_MODE, PUBLIC_REDIRECT_FROM_URL, PUBLIC_REDIRECTION_TARGET_URL }: any = envVariables;
 
 export const envConfig = {
 	PUBLIC_BASE_URL:
@@ -48,18 +48,12 @@ export const envConfig = {
 		webUrl:
 			PUBLIC_PLATFORM_WEB_URL ||
 			import.meta.env.PUBLIC_PLATFORM_WEB_URL,
-		orgUrl:
-			PUBLIC_POWERED_BY_URL ||
-			import.meta.env.PUBLIC_POWERED_BY_URL,
 		docs:
 			PUBLIC_PLATFORM_DOCS_URL ||
 			import.meta.env.PUBLIC_PLATFORM_DOCS_URL,
 		git:
 			PUBLIC_PLATFORM_GIT ||
 			import.meta.env.PUBLIC_PLATFORM_GIT,
-		support:
-			PUBLIC_PLATFORM_SUPPORT_EMAIL ||
-			import.meta.env.PUBLIC_PLATFORM_SUPPORT_EMAIL,
 		twitter:
 			PUBLIC_PLATFORM_TWITTER_URL ||
 			import.meta.env.PUBLIC_PLATFORM_TWITTER_URL,
@@ -74,7 +68,8 @@ export const envConfig = {
 			import.meta.env.PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_SECRET,
 	},
 	PUBLIC_ALLOW_DOMAIN: PUBLIC_ALLOW_DOMAIN || import.meta.env.PUBLIC_ALLOW_DOMAIN,
-	MODE: PUBLIC_MODE,
+	PUBLIC_PLATFROM_DISCORD_SUPPORT: PUBLIC_PLATFROM_DISCORD_SUPPORT || import.meta.env.PUBLIC_PLATFROM_DISCORD_SUPPORT,
+	MODE: PUBLIC_MODE || import.meta.env.PUBLIC_MODE,
 	PUBLIC_REDIRECT_FROM_URL: PUBLIC_REDIRECT_FROM_URL || import.meta.env.PUBLIC_REDIRECT_FROM_URL,
 	PUBLIC_REDIRECTION_TARGET_URL: PUBLIC_REDIRECTION_TARGET_URL || import.meta.env.PUBLIC_REDIRECTION_TARGET_URL 
 }
\ No newline at end of file
diff --git a/src/env.d.ts b/src/env.d.ts
index 0b6428c56..78cd36415 100644
--- a/src/env.d.ts
+++ b/src/env.d.ts
@@ -5,6 +5,28 @@
 interface ImportMetaEnv {
 	readonly SITE: string;
 	readonly PUBLIC_BASE_URL:string;
+	readonly PUBLIC_CRYPTO_PRIVATE_KEY: string;
+	readonly PUBLIC_ECOSYSTEM_BASE_URL: string;
+	readonly PUBLIC_REDIRECT_FROM_URL: string;
+	readonly PUBLIC_POLYGON_TESTNET_URL: string;
+	readonly PUBLIC_POLYGON_MAINNET_URL: string;
+	readonly PUBLIC_SHOW_NAME_AS_LOGO: string;
+	readonly PUBLIC_PLATFORM_NAME: string, 
+	readonly PUBLIC_PLATFORM_LOGO: string, 
+	readonly PUBLIC_POWERED_BY: string, 
+	readonly PUBLIC_PLATFROM_DISCORD_SUPPORT: string,
+	readonly PUBLIC_PLATFORM_WEB_URL: string, 
+	readonly PUBLIC_PLATFORM_DOCS_URL: string, 
+	readonly PUBLIC_PLATFORM_GIT: string, 
+	readonly PUBLIC_PLATFORM_TWITTER_URL: string, 
+	readonly PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_ID: string, 
+	readonly PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_SECRET: string, 
+	readonly PUBLIC_PLATFORM_DISCORD_URL: string, 
+	readonly PUBLIC_ALLOW_DOMAIN: string, 
+	readonly PUBLIC_ECOSYSTEM_BASE_URL: string, 
+	readonly PUBLIC_MODE: string, 
+	readonly PUBLIC_REDIRECT_FROM_URL: string, 
+	readonly PUBLIC_REDIRECTION_TARGET_URL: string
 }
 
 interface ImportMeta {
diff --git a/src/middleware.ts b/src/middleware.ts
index c73dc4a46..912c2929b 100644
--- a/src/middleware.ts
+++ b/src/middleware.ts
@@ -5,8 +5,8 @@ export const onRequest = async (context: any, next: any) => {
   const response = await next();
   const html = await response.text();
  
-  const domains = envConfig.PUBLIC_ALLOW_DOMAIN;
-  
+  const domains = import.meta.env.PUBLIC_ALLOW_DOMAIN;
+    
   const allowedDomain = `${context.url.origin} ${domains}`
   
   const nonce = "dynamicNONCE" + new Date().getTime().toString();
diff --git a/src/pages/index.astro b/src/pages/index.astro
index efef92dab..e270a4000 100644
--- a/src/pages/index.astro
+++ b/src/pages/index.astro
@@ -60,7 +60,7 @@ const env = import.meta.env || process.env;
 							</p>
 							<div class="justify-center flex">
 								<a
-									href="https://docs.credebl.id/en/intro/what-is-credebl/"
+									href=`${envConfig.PLATFORM_DATA.docs}`
 									class="inline-flex justify-center items-center py-3 px-5 text-base font-medium text-center text-white rounded-lg bg-primary-700 hover:bg-primary-800 focus:ring-4 focus:ring-primary-300 dark:focus:ring-primary-900"
 								>
 									Get Started
@@ -1113,7 +1113,8 @@ const env = import.meta.env || process.env;
 									clip-rule="evenodd"></path>
 							</svg>
 						</a>
-						<a href="https://discord.gg/w4hnQT7NJG" class="hover:opacity-50" target="_blank">
+						<a href=`${envConfig.PUBLIC_PLATFROM_DISCORD_SUPPORT}`
+						 class="hover:opacity-50" target="_blank">
 							<svg
 								class="w-6 h-6 text-gray-700 hover:text-gray-900 dark:text-white"
 								aria-hidden="true"
@@ -1127,8 +1128,8 @@ const env = import.meta.env || process.env;
 							</svg>
 						</a>
 						<a
-							href="https://twitter.com/i/flow/login?redirect_after_login=%2Fcredebl"
-							class="dark:text:white hover:opacity-50"
+						href=`${envConfig.PLATFORM_DATA.twitter}`
+						class="dark:text:white hover:opacity-50"
 						>
 							<svg
 								xmlns="http://www.w3.org/2000/svg"

From 81c4df1f5f44b8f2a8c7a93821dee7a202496ea1 Mon Sep 17 00:00:00 2001
From: bhavanakarwade <bhavana.karwade@ayanworks.com>
Date: Mon, 23 Dec 2024 11:30:43 +0530
Subject: [PATCH 2/8] improved error handling for layout component

Signed-off-by: bhavanakarwade <bhavana.karwade@ayanworks.com>
---
 src/app/LayoutCommon.astro   | 35 ++++++++++++++++++-----------------
 src/config/CommonConstant.ts |  2 ++
 2 files changed, 20 insertions(+), 17 deletions(-)

diff --git a/src/app/LayoutCommon.astro b/src/app/LayoutCommon.astro
index 8acefca63..c170ffca4 100644
--- a/src/app/LayoutCommon.astro
+++ b/src/app/LayoutCommon.astro
@@ -3,30 +3,31 @@ import pkg from '../../package.json' assert { type: 'json' };
 import { getFromCookies } from '../api/Auth';
 import { SITE_TITLE } from './constants.js';
 import { envConfig } from '../config/envConfig';
+import { excludeKeys } from '../config/CommonConstant';
 
 const { class: clazz, metaData } = Astro.props;
 
-const initData: any = {};
-
-// Step 1: List of keys that should NOT be exposed to the frontend
-const excludeKeys = ['PUBLIC_CRYPTO_PRIVATE_KEY', 'PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_ID', 'PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_SECRET', 'PUBLIC_ALLOW_DOMAIN'];
-
-// Step 2: Get all environment keys
 const allEnvKeys = [...Object.keys(process.env), ...Object.keys(import.meta.env)];
 
-// Step 3: Separate 'exposed' keys and 'excluded' keys
-const exposedEnvKeys = allEnvKeys.filter((key) => !excludeKeys.includes(key));
-const excludedEnvKeys = allEnvKeys.filter((key) => excludeKeys.includes(key));
+if (allEnvKeys.length === 0) {
+  throw new Error('No environment keys were found in process.env or import.meta.env.');
+}
 
-// Step 4: Store values for all keys in `initData`
-exposedEnvKeys.forEach((item) => {
-    initData[item] = process.env[item] || import.meta.env[item];
-});
+const exposedEnvKeys = allEnvKeys.filter((key) => !excludeKeys.includes(key));
 
-// Step 5: Store 'excluded keys' in a separate object (only for server-side use)
-const excludedEnvData: any = {};
-excludedEnvKeys.forEach((item) => {
-    excludedEnvData[item] = process.env[item] || import.meta.env[item];
+const initData: Record<string, any> = {};
+const excludedEnvData: Record<string, any> = {};
+
+allEnvKeys.forEach((key) => {
+  const value = process.env[key] || import.meta.env[key];
+  
+  if (!value) return; 
+  
+  if (excludeKeys.includes(key)) {
+    excludedEnvData[key] = value;
+  } else {
+    initData[key] = value;
+  }
 });
 
 const sessionToken = getFromCookies(Astro.cookies, 'session');
diff --git a/src/config/CommonConstant.ts b/src/config/CommonConstant.ts
index 9921c11d7..74faa24e9 100644
--- a/src/config/CommonConstant.ts
+++ b/src/config/CommonConstant.ts
@@ -64,6 +64,8 @@ export const emailCredDefHeaders = [
     { columnName: 'Revocable' },
 ];
 
+export const excludeKeys = ['PUBLIC_CRYPTO_PRIVATE_KEY', 'PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_ID', 'PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_SECRET', 'PUBLIC_ALLOW_DOMAIN'];
+
 export const predicatesConditions = [
     { value: '', label: 'Select' },
     { value: '>', label: 'Greater than' },

From 4e2372ed92e477d2d8ece19290054c91b5d91594 Mon Sep 17 00:00:00 2001
From: bhavanakarwade <bhavana.karwade@ayanworks.com>
Date: Mon, 23 Dec 2024 14:09:18 +0530
Subject: [PATCH 3/8] refactor: improve variables initialization logic

Signed-off-by: bhavanakarwade <bhavana.karwade@ayanworks.com>
---
 src/app/LayoutCommon.astro       | 4 +---
 src/config/SocketConfig.ts       | 2 +-
 src/config/ssrApiConfig.ts       | 2 +-
 src/services/axiosIntercepter.ts | 4 ++--
 src/utils/check-session.ts       | 2 +-
 5 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/src/app/LayoutCommon.astro b/src/app/LayoutCommon.astro
index c170ffca4..e3af13efc 100644
--- a/src/app/LayoutCommon.astro
+++ b/src/app/LayoutCommon.astro
@@ -23,9 +23,7 @@ allEnvKeys.forEach((key) => {
   
   if (!value) return; 
   
-  if (excludeKeys.includes(key)) {
-    excludedEnvData[key] = value;
-  } else {
+  if (!excludeKeys.includes(key)) {
     initData[key] = value;
   }
 });
diff --git a/src/config/SocketConfig.ts b/src/config/SocketConfig.ts
index 2a5eef880..e83269398 100644
--- a/src/config/SocketConfig.ts
+++ b/src/config/SocketConfig.ts
@@ -1,7 +1,7 @@
 import { envConfig } from "./envConfig"
 import io from "socket.io-client"
 
-const SOCKET = io(`${envConfig.PUBLIC_BASE_URL}`, {
+const SOCKET = io(`${import.meta.env.PUBLIC_BASE_URL}`, {
     reconnection: true,
     reconnectionDelay: 500,
     reconnectionAttempts: Infinity,
diff --git a/src/config/ssrApiConfig.ts b/src/config/ssrApiConfig.ts
index fba1e96a0..41563b67e 100644
--- a/src/config/ssrApiConfig.ts
+++ b/src/config/ssrApiConfig.ts
@@ -20,7 +20,7 @@ const API = async ({ token, url, method, payload }: IProps) => {
 			method,
 			body: JSON.stringify(payload),
 		};
-		const baseURL = globalThis.baseUrl || envConfig.PUBLIC_BASE_URL || process.env.PUBLIC_BASE_URL;
+		const baseURL = globalThis.baseUrl || import.meta.env.PUBLIC_BASE_URL || process.env.PUBLIC_BASE_URL;
 		const apiURL = baseURL + url;
 		const res = await fetch(apiURL, {
 			...config,
diff --git a/src/services/axiosIntercepter.ts b/src/services/axiosIntercepter.ts
index 32b5a58ba..c4f9181ee 100644
--- a/src/services/axiosIntercepter.ts
+++ b/src/services/axiosIntercepter.ts
@@ -6,7 +6,7 @@ import { getFromLocalStorage, setToLocalStorage } from '../api/Auth';
 import { apiStatusCodes, storageKeys } from '../config/CommonConstant';
 
 const instance = axios.create({
-	baseURL: envConfig.PUBLIC_BASE_URL,
+	baseURL: import.meta.env.PUBLIC_BASE_URL,
 });
 
 const EcosystemInstance = axios.create({
@@ -16,7 +16,7 @@ const EcosystemInstance = axios.create({
 const checkAuthentication = async (sessionCookie: string, request: AxiosRequestConfig) => {
 	const isAuthPage = window.location.href.includes('/authentication/sign-in') || window.location.href.includes('/authentication/sign-up')
 	try {
-		const baseURL = envConfig.PUBLIC_BASE_URL || process.env.PUBLIC_BASE_URL;
+		const baseURL = import.meta.env.PUBLIC_BASE_URL || process.env.PUBLIC_BASE_URL;
 		const config = {
 			headers: {
 				'Content-Type': 'application/json',
diff --git a/src/utils/check-session.ts b/src/utils/check-session.ts
index 1a1a8537a..41a9f4bbc 100755
--- a/src/utils/check-session.ts
+++ b/src/utils/check-session.ts
@@ -33,7 +33,7 @@ export const checkUserSession = async ({
 
 	try {
 		const baseURL =
-			envConfig.PUBLIC_BASE_URL ||
+			import.meta.env.PUBLIC_BASE_URL ||
 			process.env.PUBLIC_BASE_URL;
 		const config = {
 			headers: {

From 5cf0124d15a471a0355f3def40942fafa3ef43f2 Mon Sep 17 00:00:00 2001
From: bhavanakarwade <bhavana.karwade@ayanworks.com>
Date: Mon, 23 Dec 2024 15:27:28 +0530
Subject: [PATCH 4/8] removed hardcoded variables

Signed-off-by: bhavanakarwade <bhavana.karwade@ayanworks.com>
---
 .github/workflows/deploy-dev.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml
index 6067ac888..fba51a224 100644
--- a/.github/workflows/deploy-dev.yml
+++ b/.github/workflows/deploy-dev.yml
@@ -28,7 +28,7 @@ jobs:
 
          echo "PUBLIC_MODE=DEV" > .env
 
-         echo "PUBLIC_BASE_URL=https://devapi.credebl.id" >> .env
+         echo "PUBLIC_BASE_URL=${{ secrets.DEV_PUBLIC_BASE_URL }}" >> .env
 
          echo "PUBLIC_SHOW_NAME_AS_LOGO=true" >> .env
 
@@ -38,7 +38,7 @@ jobs:
 
          echo "PUBLIC_POWERED_BY=Blockster Labs Pvt. Ltd" >> .env
 
-         echo "PUBLIC_PLATFORM_DOCS_URL=https://docs.credebl.id/en/intro/what-is-credebl/" >> .env
+         echo "PUBLIC_PLATFORM_DOCS_URL=https://docs.credebl.id/docs" >> .env
 
          echo "PUBLIC_PLATFORM_GIT=https://github.com/credebl" >> .env
 

From 75314c0c83b329ca93dd406e1689e8d863848fef Mon Sep 17 00:00:00 2001
From: bhavanakarwade <bhavana.karwade@ayanworks.com>
Date: Mon, 23 Dec 2024 17:03:59 +0530
Subject: [PATCH 5/8] added file path in yml file

Signed-off-by: bhavanakarwade <bhavana.karwade@ayanworks.com>
---
 .github/workflows/deploy-dev.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml
index fba51a224..ff71d7151 100644
--- a/.github/workflows/deploy-dev.yml
+++ b/.github/workflows/deploy-dev.yml
@@ -1,9 +1,9 @@
 name: Deploy develop branch to Deno
 on:
   push:
-    branches: develop
+    branches: develop-fixed-dco
   pull_request:
-    branches: develop
+    branches: develop-fixed-dco
 
 jobs:
   deploy:

From f167d356f69c401c7e8438baad717b8db943c855 Mon Sep 17 00:00:00 2001
From: bhavanakarwade <bhavana.karwade@ayanworks.com>
Date: Mon, 23 Dec 2024 17:16:41 +0530
Subject: [PATCH 6/8] refactor: added variable in constants file

Signed-off-by: bhavanakarwade <bhavana.karwade@ayanworks.com>
---
 src/config/CommonConstant.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/config/CommonConstant.ts b/src/config/CommonConstant.ts
index 74faa24e9..047e55258 100644
--- a/src/config/CommonConstant.ts
+++ b/src/config/CommonConstant.ts
@@ -64,7 +64,7 @@ export const emailCredDefHeaders = [
     { columnName: 'Revocable' },
 ];
 
-export const excludeKeys = ['PUBLIC_CRYPTO_PRIVATE_KEY', 'PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_ID', 'PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_SECRET', 'PUBLIC_ALLOW_DOMAIN'];
+export const excludeKeys = ['PUBLIC_BASE_URL', 'PUBLIC_CRYPTO_PRIVATE_KEY', 'PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_ID', 'PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_SECRET', 'PUBLIC_ALLOW_DOMAIN'];
 
 export const predicatesConditions = [
     { value: '', label: 'Select' },

From e05cc5ebe31601ca9cd75a22e5717474192aa91b Mon Sep 17 00:00:00 2001
From: bhavanakarwade <bhavana.karwade@ayanworks.com>
Date: Mon, 23 Dec 2024 18:23:15 +0530
Subject: [PATCH 7/8] fix: signin issue

Signed-off-by: bhavanakarwade <bhavana.karwade@ayanworks.com>
---
 src/app/LayoutCommon.astro       | 1 -
 src/config/CommonConstant.ts     | 2 +-
 src/config/SocketConfig.ts       | 2 +-
 src/config/ssrApiConfig.ts       | 2 +-
 src/pages/user/[user].astro      | 3 ++-
 src/services/axiosIntercepter.ts | 4 ++--
 src/utils/check-session.ts       | 2 +-
 7 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/app/LayoutCommon.astro b/src/app/LayoutCommon.astro
index e3af13efc..bb7c02827 100644
--- a/src/app/LayoutCommon.astro
+++ b/src/app/LayoutCommon.astro
@@ -16,7 +16,6 @@ if (allEnvKeys.length === 0) {
 const exposedEnvKeys = allEnvKeys.filter((key) => !excludeKeys.includes(key));
 
 const initData: Record<string, any> = {};
-const excludedEnvData: Record<string, any> = {};
 
 allEnvKeys.forEach((key) => {
   const value = process.env[key] || import.meta.env[key];
diff --git a/src/config/CommonConstant.ts b/src/config/CommonConstant.ts
index 047e55258..74faa24e9 100644
--- a/src/config/CommonConstant.ts
+++ b/src/config/CommonConstant.ts
@@ -64,7 +64,7 @@ export const emailCredDefHeaders = [
     { columnName: 'Revocable' },
 ];
 
-export const excludeKeys = ['PUBLIC_BASE_URL', 'PUBLIC_CRYPTO_PRIVATE_KEY', 'PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_ID', 'PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_SECRET', 'PUBLIC_ALLOW_DOMAIN'];
+export const excludeKeys = ['PUBLIC_CRYPTO_PRIVATE_KEY', 'PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_ID', 'PUBLIC_KEYCLOAK_MANAGEMENT_CLIENT_SECRET', 'PUBLIC_ALLOW_DOMAIN'];
 
 export const predicatesConditions = [
     { value: '', label: 'Select' },
diff --git a/src/config/SocketConfig.ts b/src/config/SocketConfig.ts
index e83269398..2a5eef880 100644
--- a/src/config/SocketConfig.ts
+++ b/src/config/SocketConfig.ts
@@ -1,7 +1,7 @@
 import { envConfig } from "./envConfig"
 import io from "socket.io-client"
 
-const SOCKET = io(`${import.meta.env.PUBLIC_BASE_URL}`, {
+const SOCKET = io(`${envConfig.PUBLIC_BASE_URL}`, {
     reconnection: true,
     reconnectionDelay: 500,
     reconnectionAttempts: Infinity,
diff --git a/src/config/ssrApiConfig.ts b/src/config/ssrApiConfig.ts
index 41563b67e..fba1e96a0 100644
--- a/src/config/ssrApiConfig.ts
+++ b/src/config/ssrApiConfig.ts
@@ -20,7 +20,7 @@ const API = async ({ token, url, method, payload }: IProps) => {
 			method,
 			body: JSON.stringify(payload),
 		};
-		const baseURL = globalThis.baseUrl || import.meta.env.PUBLIC_BASE_URL || process.env.PUBLIC_BASE_URL;
+		const baseURL = globalThis.baseUrl || envConfig.PUBLIC_BASE_URL || process.env.PUBLIC_BASE_URL;
 		const apiURL = baseURL + url;
 		const res = await fetch(apiURL, {
 			...config,
diff --git a/src/pages/user/[user].astro b/src/pages/user/[user].astro
index 09108b37d..2676742c1 100644
--- a/src/pages/user/[user].astro
+++ b/src/pages/user/[user].astro
@@ -1,10 +1,11 @@
 ---
 import LogoFile from '../../commonComponents/LogoFile';
 import CustomAvatar from '../../components/Avatar';
+import { envConfig } from '../../config/envConfig';
 import { pathRoutes } from '../../config/pathRoutes';
 
 const { user } = Astro.params;
-const baseUrl = process.env.PUBLIC_BASE_URL || import.meta.env.PUBLIC_BASE_URL
+const baseUrl = process.env.PUBLIC_BASE_URL || envConfig.PUBLIC_BASE_URL
 const response = await fetch(`${baseUrl}/users/public-profiles/${user}`);
 const data = await response.json();
 const userData = data?.data;
diff --git a/src/services/axiosIntercepter.ts b/src/services/axiosIntercepter.ts
index c4f9181ee..32b5a58ba 100644
--- a/src/services/axiosIntercepter.ts
+++ b/src/services/axiosIntercepter.ts
@@ -6,7 +6,7 @@ import { getFromLocalStorage, setToLocalStorage } from '../api/Auth';
 import { apiStatusCodes, storageKeys } from '../config/CommonConstant';
 
 const instance = axios.create({
-	baseURL: import.meta.env.PUBLIC_BASE_URL,
+	baseURL: envConfig.PUBLIC_BASE_URL,
 });
 
 const EcosystemInstance = axios.create({
@@ -16,7 +16,7 @@ const EcosystemInstance = axios.create({
 const checkAuthentication = async (sessionCookie: string, request: AxiosRequestConfig) => {
 	const isAuthPage = window.location.href.includes('/authentication/sign-in') || window.location.href.includes('/authentication/sign-up')
 	try {
-		const baseURL = import.meta.env.PUBLIC_BASE_URL || process.env.PUBLIC_BASE_URL;
+		const baseURL = envConfig.PUBLIC_BASE_URL || process.env.PUBLIC_BASE_URL;
 		const config = {
 			headers: {
 				'Content-Type': 'application/json',
diff --git a/src/utils/check-session.ts b/src/utils/check-session.ts
index 41a9f4bbc..1a1a8537a 100755
--- a/src/utils/check-session.ts
+++ b/src/utils/check-session.ts
@@ -33,7 +33,7 @@ export const checkUserSession = async ({
 
 	try {
 		const baseURL =
-			import.meta.env.PUBLIC_BASE_URL ||
+			envConfig.PUBLIC_BASE_URL ||
 			process.env.PUBLIC_BASE_URL;
 		const config = {
 			headers: {

From b068d116062c2877e7653487eedd4705a54ef596 Mon Sep 17 00:00:00 2001
From: bhavanakarwade <bhavana.karwade@ayanworks.com>
Date: Mon, 23 Dec 2024 18:37:07 +0530
Subject: [PATCH 8/8] refactor dev yml file

Signed-off-by: bhavanakarwade <bhavana.karwade@ayanworks.com>
---
 .github/workflows/deploy-dev.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml
index ff71d7151..961831c9e 100644
--- a/.github/workflows/deploy-dev.yml
+++ b/.github/workflows/deploy-dev.yml
@@ -28,7 +28,7 @@ jobs:
 
          echo "PUBLIC_MODE=DEV" > .env
 
-         echo "PUBLIC_BASE_URL=${{ secrets.DEV_PUBLIC_BASE_URL }}" >> .env
+         echo "PUBLIC_BASE_URL=https://devapi.credebl.id" >> .env
 
          echo "PUBLIC_SHOW_NAME_AS_LOGO=true" >> .env