From a7b8cbb4cd18a2bdbececfcbdfd57cb1397d19b9 Mon Sep 17 00:00:00 2001
From: sk1982 <sk1982@noreply.gitea.tendokyu.moe>
Date: Sun, 7 Apr 2024 06:16:55 -0400
Subject: [PATCH] add secret length verification in production

---
 src/instrumentation.ts | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/instrumentation.ts b/src/instrumentation.ts
index 5831b74..8d1a499 100644
--- a/src/instrumentation.ts
+++ b/src/instrumentation.ts
@@ -16,6 +16,11 @@ export async function register() {
 				console.error('[FATAL] insecure secret detected, please set NEXTAUTH_SECRET variable to a random string');
 				process.exit(1);
 			}
+
+			if (secret.length < 32) {
+				console.error('[FATAL] secret is too short, please set it to a random string that is at least 32 characters long');
+				process.exit(1);
+			}
 		}
 
 		let url: URL;