Secrets Exposure

Vulnerable
Solution 1
Solution 2 - API code: pages/api/example-5-secrets-exposure/solution-2.ts

The following API key should not be any value other than "undefined" in the frontend regardless of which user tries to access the page:

process.env.API_KEY: "e235d252-f71d-4bd5-adf5-99b2560d2321"

Show API results fetched using the process.env.API_KEY variable

null

The following users should not contain the "passwordHash" property, regardless of which user tries to access the page:

[
  {
    "id": 1,
    "username": "alice",
    "passwordHash": "$2b$12$rip3gbockwavRttTaMZa.u5JKY1542MOLBI7YGkRXaj83rtocfl3a"
  },
  {
    "id": 2,
    "username": "bob",
    "passwordHash": "$2b$12$0N14zwm7.gFNB9UriJpo9eHqCBSezv1zdvbLL7ql79KYJM50fvo6q"
  }
]