Skip to content

Comments

fix: enforce strong secrets for AUTH and JWT in configuration#471

Merged
alanrsoares merged 2 commits intomainfrom
fix/389-fail-fast-missing-auth-secret
Nov 17, 2025
Merged

fix: enforce strong secrets for AUTH and JWT in configuration#471
alanrsoares merged 2 commits intomainfrom
fix/389-fail-fast-missing-auth-secret

Conversation

@alanrsoares
Copy link
Contributor

@alanrsoares alanrsoares commented Nov 12, 2025

Fail Fast on Missing Secrets (#389, #387)

Part of Epic #388: Outstanding Audit Items

Issues Fixed

Solution

Fail fast validation at startup for both secrets, matching PG_URI pattern.

Changes

  • packages/reader-main/src/config/index.ts: Fail fast on missing/invalid AUTH
  • packages/api-main/src/config.ts: Fail fast on missing JWT, remove auto-generation

Impact

Before: Silent retries, session invalidation on restart
After: Immediate failure with clear errors at startup

@alanrsoares
fix: enforce strong secrets for AUTH and JWT in configuration
b0c38c5 
Updated the configuration logic to throw errors if the AUTH and JWT environment variables are not set or are using default values. This ensures that strong secrets are provided for secure application operation.
@github-project-automation github-project-automation bot moved this to Ready to Build in Dither Community Board Nov 12, 2025
@netlify
Copy link

netlify bot commented Nov 12, 2025
edited
Loading

Deploy Preview for dither-staging ready!

Name Link
🔨 Latest commit f8b0e5f
🔍 Latest deploy log https://app.netlify.com/projects/dither-staging/deploys/6916389c1f283a00086ec86b
😎 Deploy Preview https://deploy-preview-471--dither-staging.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

mazzy89
mazzy89 suggested changes Nov 12, 2025
View reviewed changes
Copy link

@mazzy89 mazzy89 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is required to fix docker compose otherwise apps locally won't start

@alanrsoares alanrsoares requested a review from mazzy89 November 13, 2025 20:45
@github-project-automation github-project-automation bot moved this from Ready to Build to Launch Prep in Dither Community Board Nov 17, 2025
@alanrsoares alanrsoares merged commit 45fceef into main Nov 17, 2025
18 checks passed
@alanrsoares alanrsoares deleted the fix/389-fail-fast-missing-auth-secret branch November 17, 2025 18:54
@github-project-automation github-project-automation bot moved this from Launch Prep to Done in Dither Community Board Nov 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@salmad3 salmad3 Awaiting requested review from salmad3

@luciorubeens luciorubeens Awaiting requested review from luciorubeens

1 more reviewer

@mazzy89 mazzy89 mazzy89 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@alanrsoares alanrsoares

Labels

None yet

Projects

Dither Community Board
Status: No status

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@alanrsoares @mazzy89