validate config before startup

README.md

@@ -62,6 +62,15 @@ flowchart TD
     LB --> |Forward| FN
 ```
 
+### Configuration
+
+The server is configured using the environment variables. The configuration values are provided by the Azure Function App service after the application is deployed to the cloud service. The configuration values are stored in the Azure Function App service and are not exposed to the public.
+
+The required values are:
+- `DB_SALT_KEY` - used in the encryption of content but not hashing
+- `COOK_AUTH_KEY` - used for cookie authentication
+- `COOK_ENC_KEY` - used to encrypt the cookie contents
+
 ### Storage models
 
 There are only two things that are stored in the database: users and messages. The user is the one who creates the message and the message is the content that is shared with the anonymous users online.

internal/configuration/config.go

@@ -11,6 +11,7 @@ const keyCookieAuth = "COOK_AUTH_KEY"
 const keyCookieEnc = "COOK_ENC_KEY"
 const envTest = "test"
 const testKey = "12345678123456781234567812345678"
+const requiredKeyLen = 32
 
 type ConfigReader struct {
 	isProd bool
@@ -26,36 +27,47 @@ func NewConfigReader() *ConfigReader {
 	return &ConfigReader{isProd: isProd}
 }
 
+func (c *ConfigReader) IsValid() (bool, []string) {
+	invalidVars := []string{}
+	for _, k := range []string{keySalt, keyCookieAuth, keyCookieEnc} {
+		if len(c.getKey(k, false)) != requiredKeyLen {
+			invalidVars = append(invalidVars, k)
+		}
+	}
+	return len(invalidVars) == 0, invalidVars
+}
+
 func (c *ConfigReader) IsProd() bool {
 	return c.isProd
 }
 
 func (c *ConfigReader) GetSalt() string {
-	return c.getKey(keySalt)
+	return c.getKey(keySalt, true)
 }
 
 func (c *ConfigReader) GetCookieAuth() string {
-	return c.getKey(keyCookieAuth)
+	return c.getKey(keyCookieAuth, true)
 }
 
 func (c *ConfigReader) GetCookieEnc() string {
-	return c.getKey(keyCookieEnc)
+	return c.getKey(keyCookieEnc, true)
 }
 
-func (c *ConfigReader) getKey(name string) string {
+func (c *ConfigReader) getKey(name string, assert bool) string {
 	var k string
 	if !c.isProd {
 		k = testKey
 	} else {
 		k = os.Getenv(name)
 	}
-	checkKeyLength(name, k)
+	if assert {
+		assertKeyLength(name, k)
+	}
 	return k
 }
 
-func checkKeyLength(name, val string) {
-	requiredLen := 32
-	if len(val) != requiredLen {
-		panic(fmt.Sprintf("%s must be %d characters in length", name, requiredLen))
+func assertKeyLength(name, val string) {
+	if len(val) != requiredKeyLen {
+		panic(fmt.Sprintf("%s must be %d characters in length", name, requiredKeyLen))
 	}
 }

internal/configuration/config_test.go

@@ -6,6 +6,19 @@ import (
 	"github.com/ivarprudnikov/secretshare/internal/configuration"
 )
 
+func TestConfigValidation(t *testing.T) {
+	defaultConfig := configuration.NewConfigReader()
+	if ok, vars := defaultConfig.IsValid(); ok {
+		t.Fatalf("There should be invalid vars %v", vars)
+	}
+
+	t.Setenv("SERVER_ENV", "test")
+	testConfig := configuration.NewConfigReader()
+	if ok, vars := testConfig.IsValid(); !ok {
+		t.Fatalf("Test env must have a ll valid vars %v", vars)
+	}
+}
+
 func TestIfSetsProdEnv(t *testing.T) {
 
 	defaultConfig := configuration.NewConfigReader()

server.go

@@ -28,6 +28,9 @@ func main() {
 	slog.SetDefault(logger)
 
 	config := configuration.NewConfigReader()
+	if valid, vars := config.IsValid(); !valid {
+		log.Fatalf("Invalid config: %v", vars)
+	}
 	sessions := sessions.NewCookieStore([]byte(config.GetCookieAuth()), []byte(config.GetCookieEnc()))
 	messages := storage.NewMemMessageStore(config.GetSalt())
 	users := storage.NewMemUserStore(config.GetSalt())