Commit graph

2 commits

Author SHA1 Message Date
opencode
9c62549b50 fix(rmi-backend,audit): jwt_secret is required, fail-fast in prod (P1.5)
Some checks failed
CI / build (push) Failing after 2s
Previously: jwt_secret defaulted to dev-secret-CHANGE-ME so a missing
env var in production would silently boot with a known-public dev HMAC
key — an instant auth bypass for any service verifying JWTs.

Now:
- Field(...) with no default → missing env raises ValidationError at boot
- min_length=32 enforces minimum entropy (rejects dev placeholder too)
- field_validator rejects the literal dev-secret-CHANGE-ME in ENVIRONMENT=prod
  as belt-and-suspenders in case min_length is loosened later

Verified behavior:
- no env, no .env                 -> ValidationError: Field required
- ENVIRONMENT=prod, no JWT_SECRET -> ValidationError: Field required
- prod, JWT_SECRET=dev-secret-... -> ValidationError: string_too_short
- prod, JWT_SECRET=short          -> ValidationError: string_too_short
- prod, JWT_SECRET=<64 hex>       -> OK, len=64

.env.example updated to show the placeholder + generation hint.

Refs AUDIT-2026-Q3.md P1.5.
2026-07-06 17:53:49 +02:00
bde2f3a97d merge: chore/cleanup-remove-bloat-and-secrets into main 2026-07-02 01:24:22 +07:00