A301/a301_server
2
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
d597ef2d468b68c4f58046b6f8a57b0e59455dc9
a301_server/pkg/config/config.go
tolelom d597ef2d46
All checks were successful
Server CI/CD / deploy (push) Successful in 1m31s
Details
fix: 보안·안정성·동시성 개선 3차 
- 입력 검증 강화 (로그인/체인 핸들러 전체)
- boss raid 비관적 잠금으로 동시성 문제 해결
- SSAFY 사용자명 sanitize + 트랜잭션 처리
- constant-time API 키 비교, 보안 헤더, graceful shutdown
- 안전하지 않은 기본값 경고 추가

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-13 21:40:06 +09:00

101 lines
2.8 KiB
Go
Raw Blame History

package config
import (
"log"
"os"
"strconv"
"github.com/joho/godotenv"
)
type Config struct {
AppPort string
DBHost string
DBPort string
DBUser string
DBPassword string
DBName string
RedisAddr string
RedisPassword string
JWTSecret string
RefreshSecret string
JWTExpiryHours int
AdminUsername string
AdminPassword string
BaseURL string
GameDir string
// Chain integration
ChainNodeURL string
ChainID string
OperatorKeyHex string
WalletEncryptionKey string
// Server-to-server auth
InternalAPIKey string
// SSAFY OAuth 2.0
SSAFYClientID string
SSAFYClientSecret string
SSAFYRedirectURI string
}
var C Config
func Load() {
_ = godotenv.Load()
hours, _ := strconv.Atoi(getEnv("JWT_EXPIRY_HOURS", "24"))
C = Config{
AppPort: getEnv("APP_PORT", "8080"),
DBHost: getEnv("DB_HOST", "localhost"),
DBPort: getEnv("DB_PORT", "3306"),
DBUser: getEnv("DB_USER", "root"),
DBPassword: getEnv("DB_PASSWORD", ""),
DBName: getEnv("DB_NAME", "a301"),
RedisAddr: getEnv("REDIS_ADDR", "localhost:6379"),
RedisPassword: getEnv("REDIS_PASSWORD", ""),
JWTSecret: getEnv("JWT_SECRET", "secret"),
RefreshSecret: getEnv("REFRESH_SECRET", "refresh-secret"),
JWTExpiryHours: hours,
AdminUsername: getEnv("ADMIN_USERNAME", "admin"),
AdminPassword: getEnv("ADMIN_PASSWORD", "admin1234"),
BaseURL: getEnv("BASE_URL", "http://localhost:8080"),
GameDir: getEnv("GAME_DIR", "/data/game"),
ChainNodeURL: getEnv("CHAIN_NODE_URL", "http://localhost:8545"),
ChainID: getEnv("CHAIN_ID", "tolchain-dev"),
OperatorKeyHex: getEnv("OPERATOR_KEY_HEX", ""),
WalletEncryptionKey: getEnv("WALLET_ENCRYPTION_KEY", ""),
InternalAPIKey: getEnv("INTERNAL_API_KEY", ""),
SSAFYClientID: getEnv("SSAFY_CLIENT_ID", ""),
SSAFYClientSecret: getEnv("SSAFY_CLIENT_SECRET", ""),
SSAFYRedirectURI: getEnv("SSAFY_REDIRECT_URI", ""),
}
}
// WarnInsecureDefaults logs warnings for security-sensitive settings left at defaults.
func WarnInsecureDefaults() {
if C.JWTSecret == "secret" {
log.Println("WARNING: JWT_SECRET is using the default value — set a strong secret for production")
}
if C.RefreshSecret == "refresh-secret" {
log.Println("WARNING: REFRESH_SECRET is using the default value — set a strong secret for production")
}
if C.AdminPassword == "admin1234" {
log.Println("WARNING: ADMIN_PASSWORD is using the default value — change it for production")
}
if C.WalletEncryptionKey == "" {
log.Println("WARNING: WALLET_ENCRYPTION_KEY is empty — blockchain wallet features will fail")
}
}
func getEnv(key, fallback string) string {
if v := os.Getenv(key); v != "" {
return v
}
return fallback
}
Reference in New Issue View Git Blame Copy Permalink