From 6a123170a132b70dff0b633e9d919ae8a3e6a18a Mon Sep 17 00:00:00 2001
From: ZhenYi <434836402@qq.com>
Date: Mon, 27 Apr 2026 13:59:31 +0800
Subject: [PATCH] fix: harden session key derivation from APP_SESSION_SECRET

- Reject secrets shorter than 32 bytes (fall back to generated key)
- Use SHA-256 hash instead of naive byte cycling to derive the key
  (cycling "password" to 64 bytes gave extremely low entropy)
---
 apps/app/src/main.rs | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/apps/app/src/main.rs b/apps/app/src/main.rs
index 19e4192..0608d58 100644
--- a/apps/app/src/main.rs
+++ b/apps/app/src/main.rs
@@ -107,8 +107,18 @@ where
 
 fn build_session_key(cfg: &AppConfig) -> anyhow::Result<Key> {
     if let Some(secret) = cfg.env.get("APP_SESSION_SECRET") {
-        let bytes: Vec<u8> = secret.as_bytes().iter().cycle().take(64).copied().collect();
-        return Ok(Key::from(&bytes));
+        if secret.len() < 32 {
+            tracing::warn!(
+                secret_len = secret.len(),
+                "APP_SESSION_SECRET is too short (<32 bytes), using generated key instead"
+            );
+            return Ok(Key::generate());
+        }
+        use sha2::{Digest, Sha256};
+        let mut hasher = Sha256::new();
+        hasher.update(secret.as_bytes());
+        let hash = hasher.finalize();
+        return Ok(Key::from(hash.as_slice()));
     }
     Ok(Key::generate())
 }