refactor: auto-generate session key and store in database
All checks were successful
check / check (push) Successful in 57s
All checks were successful
check / check (push) Successful in 57s
Remove SESSION_KEY env var requirement. On first startup, a cryptographically secure 32-byte key is generated and stored in a new settings table. Subsequent startups load the key from the database. - Add Setting model (key-value table) for application config - Add Database.GetOrCreateSessionKey() method - Session manager initializes in OnStart after database is connected - Remove DevSessionKey constant and SESSION_KEY env var handling - Remove prod validation requiring SESSION_KEY - Update README: config table, Docker instructions, security notes - Update config.yaml.example - Update all tests to remove SessionKey references Addresses owner feedback on issue #15.
This commit is contained in:
@@ -42,7 +42,6 @@ environments:
|
||||
metricsUsername: $ENV:METRICS_USERNAME
|
||||
metricsPassword: $ENV:METRICS_PASSWORD
|
||||
secrets:
|
||||
sessionKey: $ENV:SESSION_KEY
|
||||
sentryDSN: $ENV:SENTRY_DSN
|
||||
|
||||
configDefaults:
|
||||
@@ -81,11 +80,10 @@ func TestEnvironmentConfig(t *testing.T) {
|
||||
isProd: false,
|
||||
},
|
||||
{
|
||||
name: "explicit prod with session key",
|
||||
name: "explicit prod",
|
||||
envValue: "prod",
|
||||
envVars: map[string]string{
|
||||
"SESSION_KEY": "cHJvZC1zZXNzaW9uLWtleS0zMi1ieXRlcy1sb25nISE=",
|
||||
"DBURL": "postgres://prod:prod@localhost:5432/prod?sslmode=require",
|
||||
"DBURL": "postgres://prod:prod@localhost:5432/prod?sslmode=require",
|
||||
},
|
||||
expectError: false,
|
||||
isDev: false,
|
||||
@@ -152,138 +150,3 @@ func TestEnvironmentConfig(t *testing.T) {
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestSessionKeyDefaults(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
environment string
|
||||
sessionKey string
|
||||
dburl string
|
||||
expectError bool
|
||||
expectedKey string
|
||||
}{
|
||||
{
|
||||
name: "dev mode with default session key",
|
||||
environment: "dev",
|
||||
sessionKey: "",
|
||||
expectError: false,
|
||||
expectedKey: DevSessionKey,
|
||||
},
|
||||
{
|
||||
name: "dev mode with custom session key",
|
||||
environment: "dev",
|
||||
sessionKey: "Y3VzdG9tLXNlc3Npb24ta2V5LTMyLWJ5dGVzLWxvbmchIQ==",
|
||||
expectError: false,
|
||||
expectedKey: "Y3VzdG9tLXNlc3Npb24ta2V5LTMyLWJ5dGVzLWxvbmchIQ==",
|
||||
},
|
||||
{
|
||||
name: "prod mode with no session key fails",
|
||||
environment: "prod",
|
||||
sessionKey: "",
|
||||
dburl: "postgres://prod:prod@localhost:5432/prod",
|
||||
expectError: true,
|
||||
},
|
||||
{
|
||||
name: "prod mode with session key succeeds",
|
||||
environment: "prod",
|
||||
sessionKey: "cHJvZC1zZXNzaW9uLWtleS0zMi1ieXRlcy1sb25nISE=",
|
||||
dburl: "postgres://prod:prod@localhost:5432/prod",
|
||||
expectError: false,
|
||||
expectedKey: "cHJvZC1zZXNzaW9uLWtleS0zMi1ieXRlcy1sb25nISE=",
|
||||
},
|
||||
}
|
||||
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
// Create in-memory filesystem with test config
|
||||
fs := afero.NewMemMapFs()
|
||||
|
||||
// Create custom config for session key tests
|
||||
configYAML := `
|
||||
environments:
|
||||
dev:
|
||||
config:
|
||||
environment: dev
|
||||
developmentMode: true
|
||||
dburl: postgres://test:test@localhost:5432/test_dev
|
||||
secrets:`
|
||||
|
||||
// Only add sessionKey line if it's not empty
|
||||
if tt.sessionKey != "" {
|
||||
configYAML += `
|
||||
sessionKey: ` + tt.sessionKey
|
||||
}
|
||||
|
||||
// Add prod config if testing prod
|
||||
if tt.environment == "prod" {
|
||||
configYAML += `
|
||||
prod:
|
||||
config:
|
||||
environment: prod
|
||||
developmentMode: false
|
||||
dburl: $ENV:DBURL
|
||||
secrets:
|
||||
sessionKey: $ENV:SESSION_KEY`
|
||||
}
|
||||
|
||||
require.NoError(t, afero.WriteFile(fs, "config.yaml", []byte(configYAML), 0644))
|
||||
pkgconfig.SetFs(fs)
|
||||
|
||||
// Clean up any existing env vars
|
||||
os.Unsetenv("WEBHOOKER_ENVIRONMENT")
|
||||
os.Unsetenv("SESSION_KEY")
|
||||
os.Unsetenv("DBURL")
|
||||
|
||||
// Set environment variables
|
||||
os.Setenv("WEBHOOKER_ENVIRONMENT", tt.environment)
|
||||
defer os.Unsetenv("WEBHOOKER_ENVIRONMENT")
|
||||
|
||||
if tt.sessionKey != "" && tt.environment == "prod" {
|
||||
os.Setenv("SESSION_KEY", tt.sessionKey)
|
||||
defer os.Unsetenv("SESSION_KEY")
|
||||
}
|
||||
|
||||
if tt.dburl != "" {
|
||||
os.Setenv("DBURL", tt.dburl)
|
||||
defer os.Unsetenv("DBURL")
|
||||
}
|
||||
|
||||
if tt.expectError {
|
||||
// Use regular fx.New for error cases
|
||||
var cfg *Config
|
||||
app := fx.New(
|
||||
fx.NopLogger, // Suppress fx logs in tests
|
||||
fx.Provide(
|
||||
globals.New,
|
||||
logger.New,
|
||||
New,
|
||||
),
|
||||
fx.Populate(&cfg),
|
||||
)
|
||||
assert.Error(t, app.Err())
|
||||
} else {
|
||||
// Use fxtest for success cases
|
||||
var cfg *Config
|
||||
app := fxtest.New(
|
||||
t,
|
||||
fx.Provide(
|
||||
globals.New,
|
||||
logger.New,
|
||||
New,
|
||||
),
|
||||
fx.Populate(&cfg),
|
||||
)
|
||||
require.NoError(t, app.Err())
|
||||
app.RequireStart()
|
||||
defer app.RequireStop()
|
||||
|
||||
if tt.environment == "dev" && tt.sessionKey == "" {
|
||||
// Dev mode with no session key uses default
|
||||
assert.Equal(t, DevSessionKey, cfg.SessionKey)
|
||||
} else {
|
||||
assert.Equal(t, tt.expectedKey, cfg.SessionKey)
|
||||
}
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user