apunkt/mike
1
0
Fork 0
mirror of https://github.com/willchen96/mike.git synced 2026-06-08 20:25:13 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: require dedicated download signing secret

Browse source
This commit is contained in:
willchen96 2026-05-17 01:05:01 +08:00
parent 2f24cae407
commit ea48cdedd5
1 changed files with 2 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

6
backend/src/lib/downloadTokens.ts
View file

@ -10,12 +10,10 @@ import crypto from "crypto";
*/
function getSecret(): string {
const secret =
process.env.DOWNLOAD_SIGNING_SECRET ??
process.env.SUPABASE_SECRET_KEY;
const secret = process.env.DOWNLOAD_SIGNING_SECRET;
if (!secret) {
throw new Error(
"DOWNLOAD_SIGNING_SECRET (or SUPABASE_SECRET_KEY as a fallback) must be set. " +
"DOWNLOAD_SIGNING_SECRET must be set. " +
"Generate a strong random value (e.g. `openssl rand -hex 32`) and set it in the environment.",
);
}