Remove runtime nil checks for always-initialized components

Since signing_key is now required at config load time, sessMgr, encGen,
and signer are always initialized. Remove unnecessary nil checks that
were runtime failure paths that can no longer be reached.

- handlers.go: Remove conditional init, always create sessMgr/encGen
- auth.go: Remove nil checks for sessMgr
- imageenc.go: Remove nil check for encGen
- service.go: Require signing_key in NewService, remove signer nil checks
- Update tests to provide signing_key

internal/handlers/auth.go

@@ -15,13 +15,6 @@ import (
 // HandleRoot serves the login page or generator page based on authentication state.
 func (s *Handlers) HandleRoot() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		// Check if signing key is configured
-		if s.sessMgr == nil {
-			s.respondError(w, "signing key not configured", http.StatusServiceUnavailable)
-
-			return
-		}
-
 		if r.Method == http.MethodPost {
 			s.handleLoginPost(w, r)
 
@@ -75,10 +68,7 @@ func (s *Handlers) handleLoginPost(w http.ResponseWriter, r *http.Request) {
 // HandleLogout clears the session and redirects to login.
 func (s *Handlers) HandleLogout() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		if s.sessMgr != nil {
-			s.sessMgr.ClearSession(w)
-		}
-
+		s.sessMgr.ClearSession(w)
 		http.Redirect(w, r, "/", http.StatusSeeOther)
 	}
 }
@@ -87,7 +77,7 @@ func (s *Handlers) HandleLogout() http.HandlerFunc {
 func (s *Handlers) HandleGenerateURL() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		// Check authentication
-		if s.sessMgr == nil || !s.sessMgr.IsAuthenticated(r) {
+		if !s.sessMgr.IsAuthenticated(r) {
 			http.Redirect(w, r, "/", http.StatusSeeOther)
 
 			return

internal/handlers/handlers.go

@@ -95,22 +95,21 @@ func (s *Handlers) initImageService() error {
 	s.imgSvc = svc
 	s.log.Info("image service initialized")
 
-	// Initialize session manager and URL generator if signing key is configured
-	if s.config.SigningKey != "" {
-		sessMgr, err := session.NewManager(s.config.SigningKey, !s.config.Debug)
-		if err != nil {
-			return err
-		}
-		s.sessMgr = sessMgr
-
-		encGen, err := encurl.NewGenerator(s.config.SigningKey)
-		if err != nil {
-			return err
-		}
-		s.encGen = encGen
-
-		s.log.Info("session manager and URL generator initialized")
+	// Initialize session manager (signing key is validated at config load time)
+	sessMgr, err := session.NewManager(s.config.SigningKey, !s.config.Debug)
+	if err != nil {
+		return err
 	}
+	s.sessMgr = sessMgr
+
+	// Initialize encrypted URL generator
+	encGen, err := encurl.NewGenerator(s.config.SigningKey)
+	if err != nil {
+		return err
+	}
+	s.encGen = encGen
+
+	s.log.Info("session manager and URL generator initialized")
 
 	return nil
 }

internal/handlers/handlers_test.go

@@ -55,9 +55,10 @@ func setupTestHandler(t *testing.T) *testFixtures {
 	}
 
 	svc, err := imgcache.NewService(&imgcache.ServiceConfig{
-		Cache:     cache,
-		Fetcher:   newMockFetcher(mockFS),
-		Whitelist: []string{goodHost},
+		Cache:      cache,
+		Fetcher:    newMockFetcher(mockFS),
+		SigningKey: "test-signing-key-must-be-32-chars",
+		Whitelist:  []string{goodHost},
 	})
 	if err != nil {
 		t.Fatalf("failed to create service: %v", err)

internal/handlers/imageenc.go

@@ -20,13 +20,6 @@ func (s *Handlers) HandleImageEnc() http.HandlerFunc {
 		ctx := r.Context()
 		start := time.Now()
 
-		// Check if encryption is configured
-		if s.encGen == nil {
-			s.respondError(w, "encrypted URLs not configured", http.StatusServiceUnavailable)
-
-			return
-		}
-
 		// Extract token from URL
 		token := chi.URLParam(r, "token")
 		if token == "" {