fix(review): harden payment, oauth, and migration paths
This commit is contained in:
IanShaw027
@@ -4,6 +4,7 @@ import (
|
||||
"encoding/hex"
|
||||
"fmt"
|
||||
"log/slog"
|
||||
"strings"
|
||||
|
||||
dbent "github.com/Wei-Shaw/sub2api/ent"
|
||||
"github.com/Wei-Shaw/sub2api/internal/config"
|
||||
@@ -19,11 +20,22 @@ type EncryptionKey []byte
|
||||
// When the key is non-empty but invalid (bad hex or wrong length), an error is returned
|
||||
// to prevent startup with a misconfigured encryption key.
|
||||
func ProvideEncryptionKey(cfg *config.Config) (EncryptionKey, error) {
|
||||
if cfg.Totp.EncryptionKey == "" {
|
||||
if cfg == nil {
|
||||
slog.Warn("payment encryption key not configured — encrypted payment config and resume signing will be unavailable")
|
||||
return nil, nil
|
||||
}
|
||||
keyHex := strings.TrimSpace(cfg.Totp.EncryptionKey)
|
||||
if keyHex == "" {
|
||||
slog.Warn("payment encryption key not configured — encrypted payment config will be unavailable")
|
||||
return nil, nil
|
||||
}
|
||||
key, err := hex.DecodeString(cfg.Totp.EncryptionKey)
|
||||
// Reject auto-generated TOTP keys for payment signing.
|
||||
// They change across restarts/instances and can silently break resume-token flows.
|
||||
if !cfg.Totp.EncryptionKeyConfigured {
|
||||
slog.Warn("payment encryption/signing key is not explicitly configured; set TOTP_ENCRYPTION_KEY to enable payment resume tokens")
|
||||
return nil, nil
|
||||
}
|
||||
key, err := hex.DecodeString(keyHex)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("invalid payment encryption key (hex decode): %w", err)
|
||||
}
|
||||
|
||||
62
backend/internal/payment/wire_test.go
Normal file
62
backend/internal/payment/wire_test.go
Normal file
@@ -0,0 +1,62 @@
|
||||
package payment
|
||||
|
||||
import (
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/Wei-Shaw/sub2api/internal/config"
|
||||
)
|
||||
|
||||
func TestProvideEncryptionKeySkipsAutoGeneratedTotpKey(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
cfg := &config.Config{
|
||||
Totp: config.TotpConfig{
|
||||
EncryptionKey: strings.Repeat("a", 64),
|
||||
EncryptionKeyConfigured: false,
|
||||
},
|
||||
}
|
||||
|
||||
key, err := ProvideEncryptionKey(cfg)
|
||||
if err != nil {
|
||||
t.Fatalf("ProvideEncryptionKey returned error: %v", err)
|
||||
}
|
||||
if len(key) != 0 {
|
||||
t.Fatalf("encryption key len = %d, want 0", len(key))
|
||||
}
|
||||
}
|
||||
|
||||
func TestProvideEncryptionKeyUsesConfiguredTotpKey(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
cfg := &config.Config{
|
||||
Totp: config.TotpConfig{
|
||||
EncryptionKey: "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
|
||||
EncryptionKeyConfigured: true,
|
||||
},
|
||||
}
|
||||
|
||||
key, err := ProvideEncryptionKey(cfg)
|
||||
if err != nil {
|
||||
t.Fatalf("ProvideEncryptionKey returned error: %v", err)
|
||||
}
|
||||
if len(key) != 32 {
|
||||
t.Fatalf("encryption key len = %d, want 32", len(key))
|
||||
}
|
||||
}
|
||||
|
||||
func TestProvideEncryptionKeyRejectsConfiguredInvalidLength(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
cfg := &config.Config{
|
||||
Totp: config.TotpConfig{
|
||||
EncryptionKey: "abcd",
|
||||
EncryptionKeyConfigured: true,
|
||||
},
|
||||
}
|
||||
|
||||
_, err := ProvideEncryptionKey(cfg)
|
||||
if err == nil {
|
||||
t.Fatal("expected error for invalid key length")
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user