Files
mygo/docs/development.md
T
ld 5eeb37389b fix(config): harden default JWT secret
Replace known development JWT secret placeholders with an ephemeral runtime secret during config loading.

Return LoadInfo so startup can warn when token persistence depends on a stable configured secret.

Update config docs and tests for default, legacy placeholder, custom, env, and empty secret behavior.
2026-07-05 13:25:44 +08:00

1.1 KiB

Development

Prerequisites

  • Go 1.26.2 (pinned in mise.toml)
  • mise (https://mise.jdx.dev) — run mise install to install toolchain

Build

go build ./...
go build -o mygo .

Test

go test ./...
go test -v -run TestName ./internal/...

Lint & Format

go vet ./...
go fmt ./...

Dependencies

go mod tidy     # after adding/removing imports

Config

Server config is loaded via viper from config.yaml (defaults in internal/config/load.go).

server:
    host: 0.0.0.0
    port: 10086

database:
    driver: sqlite3
    sqlite:
        path: data/mygo.db

storage:
    driver: local
    local:
        path: data/files

jwt:
    secret: dev-secret-do-not-use-in-production
    access_ttl: 15m
    refresh_ttl: 168h

Environment variables use MYGO_ prefix with underscore separators: MYGO_SERVER_PORT=8080, MYGO_JWT_SECRET=...

The default JWT secret is a development placeholder. At startup, MyGO replaces it with an ephemeral runtime secret; set a stable jwt.secret or MYGO_JWT_SECRET when tokens must survive restarts or when running multiple instances.