Trek_CN/server
jubnl 44e5f07f59
fix: persist encryption key to disk regardless of resolution source
Previously, when the JWT secret was used as a fallback encryption key,
nothing was written to data/.encryption_key. This meant that rotating
the JWT secret via the admin panel would silently break decryption of
all stored secrets on the next restart.

Now, whatever key is resolved — env var, JWT secret fallback, or
auto-generated — is immediately persisted to data/.encryption_key.
On all subsequent starts, the file is read directly and the fallback
chain is skipped entirely, making JWT rotation permanently safe.

The env var path also writes to the file so the key survives container
restarts if the env var is later removed.
2026-04-01 10:03:46 +02:00
..
public Merge branch 'perf-test' of https://github.com/jubnl/TREK into dev 2026-03-31 23:10:02 +02:00
scripts feat: add encryption key migration script and document it in README 2026-04-01 09:35:32 +02:00
src fix: persist encryption key to disk regardless of resolution source 2026-04-01 10:03:46 +02:00
.env.example fix: add SSRF protection for link preview and Immich URL 2026-04-01 07:59:03 +02:00
package-lock.json Merge branch 'pr-125' 2026-03-30 23:10:34 +02:00
package.json Merge branch 'pr-125' 2026-03-30 23:10:34 +02:00
reset-admin.js Stabilize core: better-sqlite3, versioned migrations, graceful shutdown 2026-03-22 17:52:24 +01:00
tsconfig.json some fixes 2026-03-30 06:59:24 +02:00