Files
mygo/docs/development.md
T
ld 5eeb37389b fix(config): harden default JWT secret
Replace known development JWT secret placeholders with an ephemeral runtime secret during config loading.

Return LoadInfo so startup can warn when token persistence depends on a stable configured secret.

Update config docs and tests for default, legacy placeholder, custom, env, and empty secret behavior.
2026-07-05 13:25:44 +08:00

66 lines
1.1 KiB
Markdown

# Development
## Prerequisites
- Go 1.26.2 (pinned in `mise.toml`)
- `mise` (https://mise.jdx.dev) — run `mise install` to install toolchain
## Build
```bash
go build ./...
go build -o mygo .
```
## Test
```bash
go test ./...
go test -v -run TestName ./internal/...
```
## Lint & Format
```bash
go vet ./...
go fmt ./...
```
## Dependencies
```bash
go mod tidy # after adding/removing imports
```
## Config
Server config is loaded via viper from `config.yaml` (defaults in `internal/config/load.go`).
```yaml
server:
host: 0.0.0.0
port: 10086
database:
driver: sqlite3
sqlite:
path: data/mygo.db
storage:
driver: local
local:
path: data/files
jwt:
secret: dev-secret-do-not-use-in-production
access_ttl: 15m
refresh_ttl: 168h
```
Environment variables use `MYGO_` prefix with underscore separators: `MYGO_SERVER_PORT=8080`, `MYGO_JWT_SECRET=...`
The default JWT secret is a development placeholder. At startup, MyGO replaces
it with an ephemeral runtime secret; set a stable `jwt.secret` or
`MYGO_JWT_SECRET` when tokens must survive restarts or when running multiple
instances.