mirror of
https://github.com/rcourtman/Pulse.git
synced 2026-05-15 01:07:32 +00:00
accecdb50b
This is the proper architectural fix for #685. The previous commit was a bandaid that prevented unnecessary .env writes. This commit addresses the root cause: dual-source-of-truth for API tokens (.env vs api_tokens.json). Changes: 1. Startup Migration (config.go:896-951): - When loading config, if API_TOKEN/API_TOKENS exist in .env but not in api_tokens.json, automatically migrate them - Migrated tokens are named "Migrated from .env (prefix)" for clarity - Logs a deprecation warning: API_TOKEN/API_TOKENS in .env are deprecated - Leaves .env untouched (safe for existing deployments) 2. Config Watcher Changes (watcher.go:338-424): - Only load tokens from .env if api_tokens.json is EMPTY - Once api_tokens.json has records, it becomes the authoritative source - .env changes no longer trigger token overwrites when api_tokens.json exists - Logs debug message when ignoring env tokens Result: - Existing deployments: env tokens automatically migrated to api_tokens.json - UI-created tokens: never overwritten by .env changes - Dark mode toggle: no longer triggers token reload from .env - Backward compatible: fresh installs with API_TOKEN in .env still work - Migration path: users can safely keep API_TOKEN in .env, it will be ignored Future improvement: Add UI warning when API_TOKEN/API_TOKENS still present in .env, prompting users to rotate tokens via the UI. |
||
|---|---|---|
| .. | ||
| api_tokens.go | ||
| api_tokens_test.go | ||
| client_helpers.go | ||
| config.go | ||
| credentials.go | ||
| docker_metadata.go | ||
| export.go | ||
| guest_metadata.go | ||
| import_transaction.go | ||
| oidc.go | ||
| persistence.go | ||
| persistence_fail_test.go | ||
| persistence_test.go | ||
| registration.go | ||
| watcher.go | ||