feat: add message when JWT secret is less than 32 characters long #3628
Conversation
|
IO tests are failing in "no-default config" tests: postgrest/test/io/configs/no-defaults.config Lines 24 to 25 in 40ed349 This is because, while the base64 encoded Also, could this be considered a breaking change or just a feature/fix? PostgREST will fail and won't run or reload the config (if it's already running) when the secret has less than 32 characters. I think this is better because it's mostly an admin issue with the config, not for the end user. |
|
This is related to #3629. When setting, for example, |
I don't think so, the limit was enforced after decoding.
I'd say it's a feature/change, not a fix. PostgREST was able to serve anonymous requests with a short secret, so that technically takes some use-cases away, I'd say. It might even be a breaking change, but that's not really important at this stage, because we have merged a few things already which will require a major version bump anyway. |
Ah I worded it wrongly, that's what I meant to say.
👍 |
laurenceisla
force-pushed
the
fix-jwt-max
branch
2 times, most recently
from
5dc3346
to
81518f6
Compare
breaking change: PostgREST now fails to start or reload the config when the JWT secret is less than 32 characters long.
| decodeLoadFiles :: AppConfig -> IO (Either IOException AppConfig) | ||
| decodeLoadFiles parsedConfig = try $ |
There was a problem hiding this comment.
This handles what's mentioned here #3628 (comment). According to this conversation: #3634 (comment)
Closes #3607 and addresses part of #1840.