clone/afilmory
1
0
Fork 0
mirror of https://github.com/Afilmory/afilmory synced 2026-02-01 22:48:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: enforce required state secret for OAuth processing

Browse Source 
- Added a check to ensure AUTH_GATEWAY_STATE_SECRET or CONFIG_ENCRYPTION_KEY is provided, throwing an error if neither is set.
- Updated the configuration parsing to use a resolved state secret variable for clarity and consistency.

Signed-off-by: Innei <tukon479@gmail.com>
This commit is contained in:
Innei
2025-11-30 19:18:13 +08:00
parent 1090aff397
commit 4769673099
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
be/apps/oauth-gateway/src/config.ts
View File

@@ -40,10 +40,16 @@ const envSchema = z.object({
STATE_SECRET: z
.string()
.trim()
.min(1, { message: 'AUTH_GATEWAY_STATE_SECRET or CONFIG_ENCRYPTION_KEY is required for state decoding.' })
.default(process.env.AUTH_GATEWAY_STATE_SECRET ?? process.env.CONFIG_ENCRYPTION_KEY ?? ''),
.min(1, { message: 'AUTH_GATEWAY_STATE_SECRET or CONFIG_ENCRYPTION_KEY is required for state decoding.' }),
})
const resolvedStateSecret = process.env.AUTH_GATEWAY_STATE_SECRET ?? process.env.CONFIG_ENCRYPTION_KEY
if (!resolvedStateSecret) {
throw new Error(
'[oauth-gateway] AUTH_GATEWAY_STATE_SECRET (or CONFIG_ENCRYPTION_KEY) is required to decode OAuth state.',
)
}
const parsed = envSchema.parse({
HOST: process.env.AUTH_GATEWAY_HOST ?? process.env.HOST,
PORT: process.env.AUTH_GATEWAY_PORT ?? process.env.PORT,
@@ -52,7 +58,7 @@ const parsed = envSchema.parse({
CALLBACK_BASE_PATH: process.env.AUTH_GATEWAY_CALLBACK_BASE_PATH,
ALLOW_CUSTOM_HOST: process.env.AUTH_GATEWAY_ALLOW_CUSTOM_HOST,
ROOT_SLUG: process.env.AUTH_GATEWAY_ROOT_SLUG,
STATE_SECRET: process.env.AUTH_GATEWAY_STATE_SECRET ?? process.env.CONFIG_ENCRYPTION_KEY,
STATE_SECRET: resolvedStateSecret,
})
export const gatewayConfig = {