apunkt/mike
1
0
Fork 0
mirror of https://github.com/willchen96/mike.git synced 2026-06-10 20:35:12 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(security): fail fast when download HMAC secret is missing

Browse source 
Resolves the issue where getSecret() silently fell back to the literal
string "dev-secret" when neither DOWNLOAD_SIGNING_SECRET nor
SUPABASE_SECRET_KEY was set. Because the codebase is public, that
fallback let anyone forge valid /download/:token signatures against a
mis-configured deployment.

- Throw at first call instead of returning the hardcoded string, with a
  message pointing the operator at `openssl rand -hex 32`.
- Document DOWNLOAD_SIGNING_SECRET in backend/.env.example so deployers
  following the README know to set it (and that it should be distinct
  from SUPABASE_SECRET_KEY).

Closes #7
This commit is contained in:
Metbcy 2026-05-03 00:12:44 +00:00
parent d9690965b5
commit eb4414092e
2 changed files with 14 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

5
backend/.env.example
View file

@ -1,5 +1,10 @@
PORT=3001
FRONTEND_URL=http://localhost:3000
# HMAC key used to sign /download/:token URLs. Required at startup.
# Generate with: openssl rand -hex 32
# Use a dedicated secret distinct from SUPABASE_SECRET_KEY.
DOWNLOAD_SIGNING_SECRET=replace-with-a-random-32-byte-hex-string
SUPABASE_URL=https://your-project.supabase.co
SUPABASE_SECRET_KEY=your-supabase-service-role-key