30 lines
983 B
Go
30 lines
983 B
Go
package config
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
"strings"
|
|
)
|
|
|
|
// validateNoBypassFlagsInProduction vérifie qu'aucun flag de bypass n'est activé en production (audit 1.7)
|
|
func validateNoBypassFlagsInProduction(env string) error {
|
|
envNorm := strings.ToLower(strings.TrimSpace(env))
|
|
if envNorm != "production" && envNorm != "prod" {
|
|
return nil // Pas en production, pas de vérification
|
|
}
|
|
var violations []string
|
|
if os.Getenv("BYPASS_CONTENT_CREATOR_ROLE") == "true" {
|
|
violations = append(violations, "BYPASS_CONTENT_CREATOR_ROLE=true")
|
|
}
|
|
if os.Getenv("CSRF_DISABLED") == "true" {
|
|
violations = append(violations, "CSRF_DISABLED=true")
|
|
}
|
|
if os.Getenv("DISABLE_RATE_LIMIT_FOR_TESTS") == "true" {
|
|
violations = append(violations, "DISABLE_RATE_LIMIT_FOR_TESTS=true")
|
|
}
|
|
if len(violations) > 0 {
|
|
return fmt.Errorf("security: bypass flags are not allowed in production: %s. Remove these environment variables before deploying",
|
|
strings.Join(violations, ", "))
|
|
}
|
|
return nil
|
|
}
|