You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
* fix(examples): defer auth-guard session setup out of the init hook
The generated app registers the auth provider from its init() hook, before
the env-contract validation runs. The hook called authguard.MustAuthProvider(),
which constructed Sessions eagerly and panicked when GOWDK_AUTH_SESSION_SECRET
was unset or shorter than the required 32 bytes — so a secret misconfiguration
crashed the binary with a stack trace at startup instead of returning the
generated env-contract error.
Replace MustAuthProvider with a lazy AuthProvider that resolves Sessions inside
Principal on the first request, and point the generated hook at it. A missing
or short secret now surfaces as the clean "GOWDK_AUTH_SESSION_SECRET is required"
startup error (verified by running the built binary with the secret unset).
* fix(env): enforce SecretEnv minimum length at build and startup
Follow-up to the lazy auth provider: deferring Sessions() construction meant a
present-but-too-short GOWDK_AUTH_SESSION_SECRET no longer failed at init, and
the env contract only checked for empty secrets — so a weak signing key let the
binary start and only failed the first guarded request.
Add SecretEnv.MinBytes and enforce it in both the build-time env validation
(gowdk.EnvConfig.Validate) and the generated runtime contract
(internal/appgen validateEnvContract), parse it from executable and AST configs
(internal/project), register the new short_secret diagnostic, and set
MinBytes: 32 on the auth-guard example's session and CSRF secrets.
A short secret now fails fast with "GOWDK_AUTH_SESSION_SECRET must be at least
32 bytes" at startup (verified by running the built binary). Tests added for
both the build-time validation and the generated contract.
* fix(config): bounds-check int64->int narrowing for SecretEnv.MinBytes
CodeQL flagged the unchecked int64->int conversion when parsing
SecretEnv.MinBytes from the AST config path. Route it through a new
parseInt helper that clamps out-of-range values to the platform int
range so a malformed config value cannot wrap into a small or negative
length on 32-bit platforms. Add a LoadConfigFile regression test that
enforces MinBytes end-to-end through the AST path.
diagnostics=append(diagnostics, EnvValidationError{Code: "missing_required_secret", Name: name, Message: fmt.Sprintf("%s is required but is not set", name)})
diagnostics=append(diagnostics, EnvValidationError{Code: "short_secret", Name: name, Message: fmt.Sprintf("%s must be at least %d bytes", name, secret.MinBytes)})
Copy file name to clipboardExpand all lines: internal/diagnostics/registry.go
+1Lines changed: 1 addition & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -159,6 +159,7 @@ var Registry = []Code{
159
159
{Code: "route_method_conflict", Area: "routing", Stability: StabilityStable, Severity: SeverityError, Summary: "two generated handlers claim the same method and route pattern"},
160
160
{Code: "secret_env_in_vars", Area: "config", Stability: StabilityStable, Severity: SeverityError, Summary: "secret-looking environment variable is declared as a normal variable"},
161
161
{Code: "secret_env_name_required", Area: "config", Stability: StabilityStable, Severity: SeverityError, Summary: "secret environment contract entry is missing a name"},
162
+
{Code: "short_secret", Area: "config", Stability: StabilityStable, Severity: SeverityError, Summary: "secret environment variable is shorter than its required minimum length"},
162
163
{Code: "spa_disabled", Area: "routing", Stability: StabilityExperimental, Severity: SeverityInfo, Summary: "SPA route binding is disabled for this generated route lane"},
0 commit comments