fix: encrypt the cookie in sessions (#225)

* fix: encrypt the cookie in sessions * tests: use new auth config in tests * fix: coderabbit suggestions
2025-10-28 12:45:47 +00:00 · 2025-07-04 01:43:36 +03:00
parent 7640e956c2
commit c10bff55de
5 changed files with 63 additions and 6 deletions
--- a/internal/api/api_test.go
+++ b/internal/api/api_test.go
@@ -44,7 +44,8 @@ var handlersConfig = types.HandlersConfig{
 var authConfig = types.AuthConfig{
 	Users:             types.Users{},
 	OauthWhitelist:    "",
-	Secret:            "super-secret-api-thing-for-tests", // It is 32 chars long
+	HMACSecret:        "super-secret-api-thing-for-test1",
+	EncryptionSecret:  "super-secret-api-thing-for-test2",
 	CookieSecure:      false,
 	SessionExpiry:     3600,
 	LoginTimeout:      0,