fix(security): Q2 Chunk 1 — 密钥外部化与启动强制检查

- default.toml 敏感值改为占位符，强制通过环境变量注入 - 启动时拒绝默认 JWT 密钥和数据库 URL - 移除 super_admin_password 硬编码 fallback - 移除 From<AppError> for AuthError 反向映射，5 处调用点改为显式 map_err - .gitignore 添加 .test_token 和测试产物
2026-04-17 17:42:19 +08:00
parent 2bd274b39a
commit 39a12500e3
10 changed files with 43 additions and 42 deletions
--- a/crates/erp-server/src/main.rs
+++ b/crates/erp-server/src/main.rs
@@ -186,6 +186,20 @@ async fn main() -> anyhow::Result<()> {
    // Load config
    let config = AppConfig::load()?;

+    // ── 安全检查：拒绝默认密钥 ──────────────────────────
+    if config.jwt.secret == "__MUST_SET_VIA_ENV__" || config.jwt.secret == "change-me-in-production" {
+        tracing::error!(
+            "JWT 密钥为默认值，拒绝启动。请设置环境变量 ERP__JWT__SECRET"
+        );
+        std::process::exit(1);
+    }
+    if config.database.url == "__MUST_SET_VIA_ENV__" {
+        tracing::error!(
+            "数据库 URL 为默认占位值，拒绝启动。请设置环境变量 ERP__DATABASE__URL"
+        );
+        std::process::exit(1);
+    }
+
    // Initialize tracing
    tracing_subscriber::fmt()
        .with_env_filter(