apunkt/mike
1
0
Fork 0
mirror of https://github.com/willchen96/mike.git synced 2026-06-08 20:25:13 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
42 commits 2 branches 0 tags 16 MiB
Commit graph

5 commits

Author SHA1 Message Date
willchen96
44e868eb42 Add courtlistener intergration, liquid glass redesign, UI improvements, version control, various fixes 2026-06-06 15:48:47 +08:00
cosimoastrada
0ac2744a8e
Merge pull request #21 from Metbcy/fix/download-secret-fail-fast 
fix(security): fail fast when download HMAC secret is missing (closes #7)
 2026-05-11 02:20:27 +08:00
willchen96
a84c1cc113 docs: improve setup guidance and env examples 2026-05-10 22:36:29 +08:00
Metbcy
eb4414092e fix(security): fail fast when download HMAC secret is missing 
Resolves the issue where getSecret() silently fell back to the literal
string "dev-secret" when neither DOWNLOAD_SIGNING_SECRET nor
SUPABASE_SECRET_KEY was set. Because the codebase is public, that
fallback let anyone forge valid /download/:token signatures against a
mis-configured deployment.

- Throw at first call instead of returning the hardcoded string, with a
  message pointing the operator at `openssl rand -hex 32`.
- Document DOWNLOAD_SIGNING_SECRET in backend/.env.example so deployers
  following the README know to set it (and that it should be distinct
  from SUPABASE_SECRET_KEY).

Closes #7
 2026-05-03 00:12:44 +00:00
willchen96
d9690965b5 Add local repo contents 2026-04-29 19:49:06 +02:00