apunkt/mike
1
0
Fork 0
mirror of https://github.com/willchen96/mike.git synced 2026-06-08 20:25:13 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #146 from willchen96/require-download-signing-secret

Browse source 
fix: require dedicated download signing secret
This commit is contained in:
cosimoastrada 2026-05-17 01:06:53 +08:00 committed by GitHub
commit 2bbb628891
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

6
backend/src/lib/downloadTokens.ts
View file

@ -10,12 +10,10 @@ import crypto from "crypto";
*/
function getSecret(): string {
const secret =
process.env.DOWNLOAD_SIGNING_SECRET ??
process.env.SUPABASE_SECRET_KEY;
const secret = process.env.DOWNLOAD_SIGNING_SECRET;
if (!secret) {
throw new Error(
"DOWNLOAD_SIGNING_SECRET (or SUPABASE_SECRET_KEY as a fallback) must be set. " +
"DOWNLOAD_SIGNING_SECRET must be set. " +
"Generate a strong random value (e.g. `openssl rand -hex 32`) and set it in the environment.",
);
}