From 14968bfd4cd34264710e963b86e36e5e8cbeb052 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Z=C3=BCrcher?= Date: Wed, 12 Nov 2025 11:05:04 +0100 Subject: [PATCH] replace static secrets with enviroment variables --- accessHandler.go | 5 +++++ db_test.go | 7 +++++++ handlers/login.go | 6 +++--- 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/accessHandler.go b/accessHandler.go index ccee3cd..b2dbdd7 100644 --- a/accessHandler.go +++ b/accessHandler.go @@ -1,10 +1,15 @@ package AccessHandler import ( + "os" + "gitea.tecamino.com/paadi/access-handler/handlers" "gitea.tecamino.com/paadi/tecamino-logger/logging" ) func NewAccessHandler(path string, logger *logging.Logger) (aH *handlers.AccessHandler, err error) { + logger.Debug("NewAccessHandler", "get enviroment variables") + handlers.ACCESS_SECRET = []byte(os.Getenv("ACCESS_SECRET")) + handlers.REFRESH_SECRET = []byte(os.Getenv("REFRESH_SECRET")) return handlers.NewAccessHandler(path, logger) } diff --git a/db_test.go b/db_test.go index c91f07a..1d780d3 100644 --- a/db_test.go +++ b/db_test.go @@ -16,6 +16,10 @@ import ( ) func TestDatabase(t *testing.T) { + // set enviroment variables + os.Setenv("ACCESS_SECRET", "12345678910111213141516171819202") + os.Setenv("REFRESH_SECRET", "9998979695949392919089888786858") + dbName := "user.db" if _, err := os.Stat(dbName); err == nil { t.Log("remove user.db to start test with empty database") @@ -154,6 +158,9 @@ func TestDatabase(t *testing.T) { } func TestLoginAndAuthorization(t *testing.T) { + os.Setenv("ACCESS_SECRET", "12345678910111213141516171819202") + os.Setenv("REFRESH_SECRET", "9998979695949392919089888786858") + gin.SetMode(gin.TestMode) // Setup your AccessHandler and router diff --git a/handlers/login.go b/handlers/login.go index 4717d57..678ed94 100644 --- a/handlers/login.go +++ b/handlers/login.go @@ -16,9 +16,9 @@ import ( // 🔐 AUTHENTICATION CONSTANTS // ----------------------------- -// JWT secrets (replace "*" with strong random values in production!) -var ACCESS_SECRET = []byte("ShFRprALcXjlosJ2hFCnGYGG3Ce2uRx6") -var REFRESH_SECRET = []byte("pQIjuX6g6Tzf0FEfdScxttT3hlL9NFaa") +// JWT secrets +var ACCESS_SECRET []byte +var REFRESH_SECRET []byte // DOMAIN defines where cookies are valid. Change this in production. var DOMAIN = "localhost"