From ee6a5f17f8c6f25c2d50940df3568edbd4254a32 Mon Sep 17 00:00:00 2001 From: Tuntii <121901995+Tuntii@users.noreply.github.com> Date: Thu, 21 May 2026 15:29:50 +0000 Subject: [PATCH] =?UTF-8?q?=F0=9F=9B=A1=EF=B8=8F=20Sentinel:=20[CRITICAL]?= =?UTF-8?q?=20Fix=20hardcoded=20JWT=5FSECRET=20fallback?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Removed the hardcoded "dev-secret-change-in-production" fallback for the JWT_SECRET environment variable in the full template. When generating a full API, the default `login` handler would silently fallback to this publicly known string if `JWT_SECRET` wasn't set. This introduces a severe risk where production deployments might be unwittingly deployed with a known secret, allowing any attacker to forge valid JWTs and achieve full authentication bypass. The code now correctly uses `map_err` to return an `ApiError::internal` if the environment variable is not defined, ensuring that the application fails securely. --- crates/cargo-rustapi/src/templates/full.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crates/cargo-rustapi/src/templates/full.rs b/crates/cargo-rustapi/src/templates/full.rs index d2adf49..f559a68 100644 --- a/crates/cargo-rustapi/src/templates/full.rs +++ b/crates/cargo-rustapi/src/templates/full.rs @@ -170,7 +170,7 @@ pub async fn login(Json(body): Json) -> Result // TODO: Validate credentials against your database if body.username == "admin" && body.password == "password" { let jwt_secret = std::env::var("JWT_SECRET") - .unwrap_or_else(|_| "dev-secret-change-in-production".to_string()); + .map_err(|_| ApiError::internal("JWT_SECRET environment variable not set"))?; let claims = UserClaims { sub: "1".to_string(),