fix: coderabbit suggestions

internal/api/api_test.go

@@ -44,8 +44,8 @@ var handlersConfig = types.HandlersConfig{
 var authConfig = types.AuthConfig{
 	Users:             types.Users{},
 	OauthWhitelist:    "",
-	HMACSecret:        "super-secret-api-thing-for-tests",
+	HMACSecret:        "super-secret-api-thing-for-test1",
-	EncryptionSecret:  "super-secret-api-thing-for-tests",
+	EncryptionSecret:  "super-secret-api-thing-for-test2",
 	CookieSecure:      false,
 	SessionExpiry:     3600,
 	LoginTimeout:      0,

internal/auth/auth.go

@@ -51,7 +51,7 @@ func (auth *Auth) GetSession(c *gin.Context) (*sessions.Session, error) {
 		log.Warn().Err(err).Msg("Invalid session, clearing cookie and retrying")
 
 		// Delete the session cookie if there is an error
-		c.SetCookie(auth.Config.SessionCookieName, "", -1, "/", auth.Config.Domain, auth.Config.CookieSecure, true)
+		c.SetCookie(auth.Config.SessionCookieName, "", -1, "/", fmt.Sprintf(".%s", auth.Config.Domain), auth.Config.CookieSecure, true)
 
 		// Try to get the session again
 		session, err = store.Get(c.Request, auth.Config.SessionCookieName)

internal/utils/utils.go

@@ -418,7 +418,7 @@ func DeriveKey(secret string, info string) (string, error) {
 	hkdf := hkdf.New(hash, []byte(secret), nil, []byte(info)) // I am not using a salt because I just want two different keys from one secret, maybe bad practice
 
 	// Create a new key
-	key := make([]byte, 32)
+	key := make([]byte, 24)
 
 	// Read the key from the HKDF
 	_, err := io.ReadFull(hkdf, key)
@@ -428,7 +428,7 @@ func DeriveKey(secret string, info string) (string, error) {
 	}
 
 	// Verify the key is not empty
-	if bytes.Equal(key, make([]byte, 32)) {
+	if bytes.Equal(key, make([]byte, 24)) {
 		return "", errors.New("derived key is empty")
 	}
 
@@ -436,5 +436,5 @@ func DeriveKey(secret string, info string) (string, error) {
 	encodedKey := base64.StdEncoding.EncodeToString(key)
 
 	// Return the key as a base64 encoded string
-	return encodedKey[:32], nil
+	return encodedKey, nil
 }