security improvements

2025-06-29 21:59:41 +02:00
parent 7fdda06dba
commit caba5bae70
30 changed files with 3929 additions and 147 deletions
--- a/local/utl/configs/configs.go
+++ b/local/utl/configs/configs.go
@@ -3,6 +3,8 @@ package configs
 import (
 	"log"
 	"os"
+
+	"github.com/joho/godotenv"
 )

 var (
@@ -14,12 +16,14 @@ var (
 )

 func init() {
-	Secret = getEnv("APP_SECRET", "default-secret-for-dev-use-only")
-	SecretCode = getEnv("APP_SECRET_CODE", "another-secret-for-dev-use-only")
-	EncryptionKey = getEnv("ENCRYPTION_KEY", "a-secure-32-byte-long-key-!!!!!!") // Fallback MUST be 32 bytes for AES-256
+	godotenv.Load()
+	// Fail fast if critical environment variables are missing
+	Secret = getEnvRequired("APP_SECRET")
+	SecretCode = getEnvRequired("APP_SECRET_CODE")
+	EncryptionKey = getEnvRequired("ENCRYPTION_KEY")

 	if len(EncryptionKey) != 32 {
-		log.Fatal("ENCRYPTION_KEY must be 32 bytes long")
+		log.Fatal("ENCRYPTION_KEY must be exactly 32 bytes long for AES-256")
 	}
 }

@@ -31,3 +35,13 @@ func getEnv(key, fallback string) string {
 	log.Printf("Environment variable %s not set, using fallback.", key)
 	return fallback
 }
+
+// getEnvRequired retrieves an environment variable and fails if it's not set.
+// This should be used for critical configuration that must not have defaults.
+func getEnvRequired(key string) string {
+	if value, exists := os.LookupEnv(key); exists && value != "" {
+		return value
+	}
+	log.Fatalf("Required environment variable %s is not set or is empty", key)
+	return "" // This line will never be reached due to log.Fatalf
+}