fix(security): fail fast when download HMAC secret is missing
Resolves the issue where getSecret() silently fell back to the literal string "dev-secret" when neither DOWNLOAD_SIGNING_SECRET nor SUPABASE_SECRET_KEY was set. Because the codebase is public, that fallback let anyone forge valid /download/:token signatures against a mis-configured deployment. - Throw at first call instead of returning the hardcoded string, with a message pointing the operator at `openssl rand -hex 32`. - Document DOWNLOAD_SIGNING_SECRET in backend/.env.example so deployers following the README know to set it (and that it should be distinct from SUPABASE_SECRET_KEY). Closes #7
| Repository | willchen96/mike |
|---|---|
| Author | Metbcy <Amirbredy1@gmail.com> |
| Authored | |
| Parents | d9690965 |
| Stats | 2 files changed , +14 , -4 |
| Part of | Fail fast when the download signing secret is missing |
Capture this commit into my fork
Download a Markdown prompt that tells Claude how to port this
exact commit into your working tree. Run it via
claude -p < capture-commit-eb441409.md
from inside the repo you want the change in.