5eeb37389b
Replace known development JWT secret placeholders with an ephemeral runtime secret during config loading. Return LoadInfo so startup can warn when token persistence depends on a stable configured secret. Update config docs and tests for default, legacy placeholder, custom, env, and empty secret behavior.
1.1 KiB
1.1 KiB
Development
Prerequisites
- Go 1.26.2 (pinned in
mise.toml) mise(https://mise.jdx.dev) — runmise installto install toolchain
Build
go build ./...
go build -o mygo .
Test
go test ./...
go test -v -run TestName ./internal/...
Lint & Format
go vet ./...
go fmt ./...
Dependencies
go mod tidy # after adding/removing imports
Config
Server config is loaded via viper from config.yaml (defaults in internal/config/load.go).
server:
host: 0.0.0.0
port: 10086
database:
driver: sqlite3
sqlite:
path: data/mygo.db
storage:
driver: local
local:
path: data/files
jwt:
secret: dev-secret-do-not-use-in-production
access_ttl: 15m
refresh_ttl: 168h
Environment variables use MYGO_ prefix with underscore separators: MYGO_SERVER_PORT=8080, MYGO_JWT_SECRET=...
The default JWT secret is a development placeholder. At startup, MyGO replaces
it with an ephemeral runtime secret; set a stable jwt.secret or
MYGO_JWT_SECRET when tokens must survive restarts or when running multiple
instances.