:wrench: Updated salt to come from .env file

backend/.env.sample

@@ -13,6 +13,7 @@ DB_TYPE=mysql
 # Extra pepper for auth encryption
 PEPPER=kosho
 APP_SECRET=mysecret
+APP_SESSION_SALT=m90WEOk24XpKj5ooivemC
 
 
 # Config for local test dB

backend/lib/services/user.js

@@ -16,9 +16,7 @@ apiKey.apiKey = process.env.BREVO_KEY
 const apiInstance = new SibApiV3Sdk.TransactionalEmailsApi()
 
 const hashToken = async token => {
-    // Give it a .env file phrase, NOT RANDOM
-    const salt = crypto.randomBytes(16).toString('base64')
-    // const salt = process.env.salt
+    const salt = process.env.APP_SESSION_SALT
     try {
         return crypto.createHmac('sha256', salt).update(token).digest('hex')
     } catch (err) {
@@ -279,9 +277,7 @@ module.exports = class UserService extends Schmervice.Service {
         }
         // ANOTHER FUNC HERE
         const sessionTokenIsValid = this.validateToken(rawSessionToken)
-        console.log('sessionTokenIsValid :=>', sessionTokenIsValid)
         const accessTokenIsValid = this.validateToken(accessToken)
-        console.log('accessTokenIsValid :=>', accessTokenIsValid)
 
         // Both sessionToken and accessToken are expired
         // createAccessToken()