Ensure the app does not even start if OTP_SECRET is not set (#6557)

* Ensure the app does not even start if OTP_SECRET is not set * Remove PAPERCLIP_SECRET (it's not used by anything, actually) Imports are for internal consumption and the url option isn't even used correctly, so we can remove the hash stuff from them

Ensure the app does not even start if OTP_SECRET is not set (#6557)
5cc71668 · Eugen Rochko · GitHub · f0a1b1a1 · 5cc71668 · 5cc71668
--- a/.env.production.sample
+++ b/.env.production.sample
@@ -33,7 +33,6 @@ LOCAL_DOMAIN=example.com

 # Application secrets
 # Generate each with the `RAILS_ENV=production bundle exec rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose)
-PAPERCLIP_SECRET=
 SECRET_KEY_BASE=
 OTP_SECRET=


--- a/app/models/import.rb
+++ b/app/models/import.rb
@@ -26,7 +26,7 @@ class Import < ApplicationRecord

  validates :type, presence: true

-  has_attached_file :data, url: '/system/:hash.:extension', hash_secret: ENV['PAPERCLIP_SECRET']
+  has_attached_file :data
  validates_attachment_content_type :data, content_type: FILE_TYPES
  validates_attachment_presence :data
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -44,7 +44,7 @@ class User < ApplicationRecord
  ACTIVE_DURATION = 14.days

  devise :two_factor_authenticatable,
-         otp_secret_encryption_key: ENV['OTP_SECRET']
+         otp_secret_encryption_key: ENV.fetch('OTP_SECRET')

  devise :two_factor_backupable,
         otp_number_of_backup_codes: 10

--- a/lib/tasks/mastodon.rake
+++ b/lib/tasks/mastodon.rake
@@ -23,7 +23,7 @@ namespace :mastodon do
      prompt.say('Single user mode disables registrations and redirects the landing page to your public profile.')
      env['SINGLE_USER_MODE'] = prompt.yes?('Do you want to enable single user mode?', default: false)

-      %w(SECRET_KEY_BASE PAPERCLIP_SECRET OTP_SECRET).each do |key|
+      %w(SECRET_KEY_BASE OTP_SECRET).each do |key|
        env[key] = SecureRandom.hex(64)
      end