fix(crypto): validare fail-fast a cheii Fernet la startup
O cheie AUTOPASS_CREDS_KEY setata dar invalida (format Fernet gresit) arunca ValueError abia la primul encrypt_creds -> 500 brut pe POST /v1/prezentari, fara mesaj util (cazul reprodus din client VFP). crypto.validate_creds_key() valideaza cheia, apelata in main.lifespan: o cheie invalida opreste pornirea cu mesaj clar + comanda de generare, in loc sa explodeze la prima cerere. Cheie nesetata = OK (model efemer). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -25,6 +25,7 @@ from .api.v1.import_router import router as import_v1_router
|
||||
from .api.v1.integrare_router import router as integrare_v1_router
|
||||
from .api.v1.router import router as api_v1_router
|
||||
from .config import get_settings
|
||||
from .crypto import validate_creds_key
|
||||
from .db import get_connection, init_db, queue_depth, read_heartbeat
|
||||
from .security import install_log_redaction
|
||||
from .web.routes import router as web_router
|
||||
@@ -37,6 +38,9 @@ from .web.session import AdminRequired, LoginRequired
|
||||
@asynccontextmanager
|
||||
async def lifespan(app: FastAPI):
|
||||
install_log_redaction()
|
||||
# Fail-fast: o cheie Fernet setata dar invalida opreste pornirea cu mesaj clar,
|
||||
# in loc de 500 brut la primul POST /v1/prezentari (cazul reprodus din VFP).
|
||||
validate_creds_key()
|
||||
init_db()
|
||||
yield
|
||||
|
||||
|
||||
Reference in New Issue
Block a user