Skip to content

feat: used web3.storage along with fallback to ipfs with same naming convention #32

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
parthraninga wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat: used web3.storage along with fallback to ipfs with same naming convention #32

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
fb36612
dynamic map that renders nearby planted trees
p1rth13 Dec 13, 2025
9f0018e
Alternative for ipfs(pinata)
p1rth13 Dec 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 1 addition & 2 deletions .env.stencil
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
#API KEYS AND SECRETS

PINATA_API_KEY=
PINATA_API_SECRET=
WEB3_STORAGE_TOKEN=
Copy link

@coderabbitai coderabbitai bot Dec 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check that .env is properly ignored
echo "=== Checking .gitignore for .env ==="
if grep -q "^\.env$" .gitignore; then
  echo "✓ .env is in .gitignore"
else
  echo "✗ WARNING: .env is not in .gitignore!"
fi

echo -e "\n=== Checking for any committed .env files ==="
git ls-files | grep "\.env$" || echo "✓ No .env files committed"

echo -e "\n=== Searching for hardcoded tokens in code ==="
rg -i "web3.*storage.*token" -C2 | grep -v "dotenv\|getenv\|env\[" || echo "✓ No hardcoded tokens found"

Repository: StabilityNexus/Treee

Length of output: 391

🏁 Script executed:

# Check for .gitignore existence and content
cat .gitignore | head -30

Repository: StabilityNexus/Treee

Length of output: 604

🏁 Script executed:

# Search for any token management or CI/CD configuration
fd -e "\.yml$" -e "\.yaml$" -o -e "\.json$" | grep -E "(ci|workflow|pipeline|github|gitlab|circleci)" | head -20

Repository: StabilityNexus/Treee

Length of output: 180

🏁 Script executed:

# Look for documentation on token/secret management
fd -e "\.md$" | xargs rg -l "token\|secret\|credential\|environment" | head -10

Repository: StabilityNexus/Treee

Length of output: 46

🏁 Script executed:

# Show full .gitignore
cat .gitignore

Repository: StabilityNexus/Treee

Length of output: 3644

🏁 Script executed:

# Search for CI/CD configuration files with corrected syntax
find . -type f \( -name "*.yml" -o -name "*.yaml" -o -name "Dockerfile" \) | grep -v node_modules | head -20

Repository: StabilityNexus/Treee

Length of output: 135

🏁 Script executed:

# Check the ipfs_services.dart file to see token handling
cat lib/utils/services/ipfs_services.dart | head -50

Repository: StabilityNexus/Treee

Length of output: 994

🏁 Script executed:

# Search for documentation files mentioning environment, tokens, or deployment
find . -name "*.md" -type f | xargs grep -l -i "environment\|token\|deployment\|ci\|secret" 2>/dev/null | head -10

Repository: StabilityNexus/Treee

Length of output: 135

🏁 Script executed:

# Check if .env.stencil exists and verify migration context
ls -la .env* 2>/dev/null && echo "---" && cat .env.stencil

Repository: StabilityNexus/Treee

Length of output: 480

🏁 Script executed:

# Check CI/CD workflow for environment variable handling
cat .github/workflows/flutter.yaml

Repository: StabilityNexus/Treee

Length of output: 818

🏁 Script executed:

# Check README for deployment and token management information
cat README.md | head -100

Repository: StabilityNexus/Treee

Length of output: 4225

🏁 Script executed:

# Search for any deployment or operations documentation
find . -type f \( -name "*deploy*" -o -name "*ops*" -o -name "*operation*" -o -name "CONTRIBUTING*" \) 2>/dev/null

Repository: StabilityNexus/Treee

Length of output: 46

🏁 Script executed:

# Check if there's any documentation about Web3.Storage setup
grep -r "Web3.Storage\|WEB3_STORAGE_TOKEN" . --include="*.md" --include="*.txt" 2>/dev/null | head -20

Repository: StabilityNexus/Treee

Length of output: 150

Fix CI/CD workflow to inject Web3.Storage token via GitHub Secrets instead of using empty template.

The .env.stencil template is properly ignored and not committed, and the code correctly loads the token via flutter_dotenv. However, the CI/CD workflow copies .env.stencil directly without injecting the actual token, meaning builds would run with an empty WEB3_STORAGE_TOKEN.

Address the remaining security gaps:

  1. Update .github/workflows/flutter.yaml to inject WEB3_STORAGE_TOKEN from GitHub Secrets before the build step
  2. Document the Web3.Storage token setup and permissions required (upload-only scope)
  3. Add deployment documentation covering environment setup for staging and production environments, including token rotation procedures
🤖 Prompt for AI Agents 
In .env.stencil around line 3, the template leaves WEB3_STORAGE_TOKEN empty and
the CI workflow currently copies this file without injecting the real secret;
update .github/workflows/flutter.yaml to create or overwrite the env file during
the workflow using the GitHub Secret (e.g. write WEB3_STORAGE_TOKEN=${{
secrets.WEB3_STORAGE_TOKEN }} into the .env used by the build), ensure the
secret is referenced only at runtime and not printed in logs, and add repository
documentation: a short section describing how to create a Web3.Storage token
with upload-only scope, how to add it to GitHub Secrets for staging/production,
and a deployment subsection describing environment setup and token rotation
procedures.

ALCHEMY_API_KEY=

#APPLICATION CONFIGURATION
Expand Down
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,7 @@ flutter run
## 🛠 **Tech Stack**
- **Frontend**: Flutter, Dart
- **Blockchain**: Solidity, Hardhat
- **Storage**: IPFS (for metadata storage)
- **Storage**: Web3.Storage/Storacha (free decentralized IPFS storage)

## 🌿 **Join the Movement**
🌍 Every tree counts! By using the **Tree Planting Protocol**, you contribute to a transparent, verifiable, and sustainable future. Let's make the world greener—one tree at a time.
Expand Down
8 changes: 8 additions & 0 deletions lib/main.dart
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ import 'package:tree_planting_protocol/pages/tree_details_page.dart';
import 'package:tree_planting_protocol/pages/trees_page.dart';
import 'package:tree_planting_protocol/pages/user_profile_page.dart';
import 'package:tree_planting_protocol/pages/mint_nft/mint_nft_coordinates.dart';
import 'package:tree_planting_protocol/pages/nearby_trees_map_page.dart';

import 'package:tree_planting_protocol/providers/wallet_provider.dart';
import 'package:tree_planting_protocol/providers/theme_provider.dart';
Expand Down Expand Up @@ -135,6 +136,13 @@ class MyApp extends StatelessWidget {
},
),
]),
GoRoute(
path: '/nearby-trees',
name: 'nearby_trees',
builder: (BuildContext context, GoRouterState state) {
return const NearbyTreesMapPage();
},
),
GoRoute(
path: RouteConstants.allTreesPath,
name: RouteConstants.allTrees,
Expand Down
Loading