api/config: disallow JWT_SECRETs shorter than 16 chars

This commit is contained in:
jj 2024-10-20 14:14:47 +00:00
parent 43b3139b4a
commit 4efe6d9350
No known key found for this signature in database

View file

@ -54,6 +54,10 @@ const env = {
const genericUserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36";
const cobaltUserAgent = `cobalt/${version} (+https://github.com/imputnet/cobalt)`;
if (env.sessionEnabled && env.jwtSecret.length < 16) {
throw new Error("JWT_SECRET env is too short (must be at least 16 characters long)");
}
export {
env,
genericUserAgent,