fix: harden session key derivation from APP_SESSION_SECRET

- Reject secrets shorter than 32 bytes (fall back to generated key)
- Use SHA-256 hash instead of naive byte cycling to derive the key
  (cycling "password" to 64 bytes gave extremely low entropy)

apps/app/src/main.rs

@@ -107,8 +107,18 @@ where
 
 fn build_session_key(cfg: &AppConfig) -> anyhow::Result<Key> {
     if let Some(secret) = cfg.env.get("APP_SESSION_SECRET") {
-        let bytes: Vec<u8> = secret.as_bytes().iter().cycle().take(64).copied().collect();
+        if secret.len() < 32 {
-        return Ok(Key::from(&bytes));
+            tracing::warn!(
+                secret_len = secret.len(),
+                "APP_SESSION_SECRET is too short (<32 bytes), using generated key instead"
+            );
+            return Ok(Key::generate());
+        }
+        use sha2::{Digest, Sha256};
+        let mut hasher = Sha256::new();
+        hasher.update(secret.as_bytes());
+        let hash = hasher.finalize();
+        return Ok(Key::from(hash.as_slice()));
     }
     Ok(Key::generate())
 }