rideaware/rideaware-api
1
0
Fork 0
Code Issues 15 Pull requests Projects 1 Releases Packages Wiki Activity Actions

feat: make secret key a little more potent

Browse source
This commit is contained in:
Cipher Vance 2025-09-18 21:03:28 -05:00
parent a32b2a4210
commit 56c8d3a786
1 changed files with 17 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

19
main.go
View file

@ -2,6 +2,7 @@ package main
import (
"log"
"net/http"
"os"
"github.com/gin-contrib/cors"
@ -36,8 +37,22 @@ func main() {
r.Use(cors.Default())
// Session middleware
store := cookie.NewStore([]byte(os.Getenv("SECRET_KEY")))
r.Use(sessions.Sessions("session", store))
secret := os.Getenv("SECRET_KEY")
if len(secret) < 32 {
log.Fatal("SECRET_KEY must be at least 32 bytes")
}
authKey := []byte(secret)
encKey := []byte(secret[:32])
store := cookie.NewStore(authKey, encKey)
store.Options(sessions.Options{
Path: "/",
MaxAge: 60 * 80 * 24 * 7, // 7 days
HttpOnly: true,
Secure: os.Getenv("ENV") == "production",
SameSite: http.SameSiteLaxMode,
})
r.Use(sessions.Sessions("rideaware-session", store))
// Health check endpoint
r.GET("/health", func(c *gin.Context) {