Load or generate signing key from file

server/internal/db/db.go

@@ -71,7 +71,6 @@ type SessionStore interface {
 // SystemStore defines the methods for interacting with system settings and stats in the database
 type SystemStore interface {
 	GetSystemStats() (*UserStats, error)
-	EnsureJWTSecret() (string, error)
 	GetSystemSetting(key string) (string, error)
 	SetSystemSetting(key, value string) error
 }

server/internal/db/system.go

@@ -6,11 +6,6 @@ import (
 	"fmt"
 )
 
-const (
-	// JWTSecretKey is the key for the JWT secret in the system settings
-	JWTSecretKey = "jwt_secret"
-)
-
 // UserStats represents system-wide statistics
 type UserStats struct {
 	TotalUsers      int `json:"totalUsers"`
@@ -18,34 +13,6 @@ type UserStats struct {
 	ActiveUsers     int `json:"activeUsers"` // Users with activity in last 30 days
 }
 
-// EnsureJWTSecret makes sure a JWT signing secret exists in the database
-// If no secret exists, it generates and stores a new one
-func (db *database) EnsureJWTSecret() (string, error) {
-	log := getLogger().WithGroup("system")
-
-	// First, try to get existing secret
-	secret, err := db.GetSystemSetting(JWTSecretKey)
-	if err == nil {
-		return secret, nil
-	}
-
-	// Generate new secret if none exists
-	newSecret, err := generateRandomSecret(32) // 256 bits
-	if err != nil {
-		return "", fmt.Errorf("failed to generate JWT secret: %w", err)
-	}
-
-	// Store the new secret
-	err = db.SetSystemSetting(JWTSecretKey, newSecret)
-	if err != nil {
-		return "", fmt.Errorf("failed to store JWT secret: %w", err)
-	}
-
-	log.Info("new JWT secret generated and stored")
-
-	return newSecret, nil
-}
-
 // GetSystemSetting retrieves a system setting by key
 func (db *database) GetSystemSetting(key string) (string, error) {
 	var value string

server/internal/db/system_test.go

@@ -1,7 +1,6 @@
 package db_test
 
 import (
-	"encoding/base64"
 	"fmt"
 	"strings"
 	"testing"
@@ -118,33 +117,6 @@ func TestSystemOperations(t *testing.T) {
 		}
 	})
 
-	t.Run("EnsureJWTSecret", func(t *testing.T) {
-		// First call should generate a new secret
-		secret1, err := database.EnsureJWTSecret()
-		if err != nil {
-			t.Fatalf("failed to ensure JWT secret: %v", err)
-		}
-
-		// Verify the secret is a valid base64-encoded string of sufficient length
-		decoded, err := base64.StdEncoding.DecodeString(secret1)
-		if err != nil {
-			t.Errorf("secret is not valid base64: %v", err)
-		}
-		if len(decoded) < 32 {
-			t.Errorf("secret length = %d, want >= 32", len(decoded))
-		}
-
-		// Second call should return the same secret
-		secret2, err := database.EnsureJWTSecret()
-		if err != nil {
-			t.Fatalf("failed to get existing JWT secret: %v", err)
-		}
-
-		if secret2 != secret1 {
-			t.Errorf("got different secret on second call")
-		}
-	})
-
 	t.Run("GetSystemStats", func(t *testing.T) {
 		// Create some test users and sessions
 		users := []*models.User{