From ea48cdedd5b1b0337b9389e6a5f3c97f95566928 Mon Sep 17 00:00:00 2001 From: willchen96 Date: Sun, 17 May 2026 01:05:01 +0800 Subject: [PATCH] fix: require dedicated download signing secret --- backend/src/lib/downloadTokens.ts | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/backend/src/lib/downloadTokens.ts b/backend/src/lib/downloadTokens.ts index de2240a..71207fc 100644 --- a/backend/src/lib/downloadTokens.ts +++ b/backend/src/lib/downloadTokens.ts @@ -10,12 +10,10 @@ import crypto from "crypto"; */ function getSecret(): string { - const secret = - process.env.DOWNLOAD_SIGNING_SECRET ?? - process.env.SUPABASE_SECRET_KEY; + const secret = process.env.DOWNLOAD_SIGNING_SECRET; if (!secret) { throw new Error( - "DOWNLOAD_SIGNING_SECRET (or SUPABASE_SECRET_KEY as a fallback) must be set. " + + "DOWNLOAD_SIGNING_SECRET must be set. " + "Generate a strong random value (e.g. `openssl rand -hex 32`) and set it in the environment.", ); }