refactor: auto-generate session key and store in database
All checks were successful
check / check (push) Successful in 57s
All checks were successful
check / check (push) Successful in 57s
Remove SESSION_KEY env var requirement. On first startup, a cryptographically secure 32-byte key is generated and stored in a new settings table. Subsequent startups load the key from the database. - Add Setting model (key-value table) for application config - Add Database.GetOrCreateSessionKey() method - Session manager initializes in OnStart after database is connected - Remove DevSessionKey constant and SESSION_KEY env var handling - Remove prod validation requiring SESSION_KEY - Update README: config table, Docker instructions, security notes - Update config.yaml.example - Update all tests to remove SessionKey references Addresses owner feedback on issue #15.
This commit is contained in:
@@ -22,10 +22,6 @@ const (
|
||||
EnvironmentDev = "dev"
|
||||
// EnvironmentProd represents production environment
|
||||
EnvironmentProd = "prod"
|
||||
// DevSessionKey is an insecure default 32-byte session key for development.
|
||||
// NEVER use this key in production. It exists solely so that `make dev`
|
||||
// works without requiring SESSION_KEY to be set.
|
||||
DevSessionKey = "0oaEeAhFe7aXn9DkZ/oiSN+QbAxXxcoxAnGX9TADkp8="
|
||||
)
|
||||
|
||||
// nolint:revive // ConfigParams is a standard fx naming convention
|
||||
@@ -46,7 +42,6 @@ type Config struct {
|
||||
MetricsUsername string
|
||||
Port int
|
||||
SentryDSN string
|
||||
SessionKey string
|
||||
params *ConfigParams
|
||||
log *slog.Logger
|
||||
}
|
||||
@@ -126,7 +121,6 @@ func New(lc fx.Lifecycle, params ConfigParams) (*Config, error) {
|
||||
MetricsPassword: envString("METRICS_PASSWORD", "metricsPassword"),
|
||||
Port: envInt("PORT", "port", 8080),
|
||||
SentryDSN: envSecretString("SENTRY_DSN", "sentryDSN"),
|
||||
SessionKey: envSecretString("SESSION_KEY", "sessionKey"),
|
||||
log: log,
|
||||
params: ¶ms,
|
||||
}
|
||||
@@ -145,17 +139,6 @@ func New(lc fx.Lifecycle, params ConfigParams) (*Config, error) {
|
||||
return nil, fmt.Errorf("database URL (DBURL) is required")
|
||||
}
|
||||
|
||||
// In production, require session key
|
||||
if s.IsProd() && s.SessionKey == "" {
|
||||
return nil, fmt.Errorf("SESSION_KEY is required in production environment")
|
||||
}
|
||||
|
||||
// In development mode, fall back to the insecure default key
|
||||
if s.IsDev() && s.SessionKey == "" {
|
||||
s.SessionKey = DevSessionKey
|
||||
log.Warn("Using insecure default session key for development mode")
|
||||
}
|
||||
|
||||
if s.Debug {
|
||||
params.Logger.EnableDebugLogging()
|
||||
}
|
||||
@@ -168,7 +151,6 @@ func New(lc fx.Lifecycle, params ConfigParams) (*Config, error) {
|
||||
"maintenanceMode", s.MaintenanceMode,
|
||||
"developmentMode", s.DevelopmentMode,
|
||||
"dataDir", s.DataDir,
|
||||
"hasSessionKey", s.SessionKey != "",
|
||||
"hasSentryDSN", s.SentryDSN != "",
|
||||
"hasMetricsAuth", s.MetricsUsername != "" && s.MetricsPassword != "",
|
||||
)
|
||||
|
||||
Reference in New Issue
Block a user