fix(crypto): validare fail-fast a cheii Fernet la startup

O cheie AUTOPASS_CREDS_KEY setata dar invalida (format Fernet gresit)
arunca ValueError abia la primul encrypt_creds -> 500 brut pe
POST /v1/prezentari, fara mesaj util (cazul reprodus din client VFP).

crypto.validate_creds_key() valideaza cheia, apelata in main.lifespan:
o cheie invalida opreste pornirea cu mesaj clar + comanda de generare,
in loc sa explodeze la prima cerere. Cheie nesetata = OK (model efemer).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Claude Agent
2026-06-23 13:55:12 +00:00
parent 5dc963a02c
commit 90603609a1
2 changed files with 26 additions and 0 deletions

View File

@@ -25,6 +25,7 @@ from .api.v1.import_router import router as import_v1_router
from .api.v1.integrare_router import router as integrare_v1_router
from .api.v1.router import router as api_v1_router
from .config import get_settings
from .crypto import validate_creds_key
from .db import get_connection, init_db, queue_depth, read_heartbeat
from .security import install_log_redaction
from .web.routes import router as web_router
@@ -37,6 +38,9 @@ from .web.session import AdminRequired, LoginRequired
@asynccontextmanager
async def lifespan(app: FastAPI):
install_log_redaction()
# Fail-fast: o cheie Fernet setata dar invalida opreste pornirea cu mesaj clar,
# in loc de 500 brut la primul POST /v1/prezentari (cazul reprodus din VFP).
validate_creds_key()
init_db()
yield