From e48f3b5ecef90add57256c8663eb7b72a841a394 Mon Sep 17 00:00:00 2001
From: Bastian Masanek <bastian.masanek@experimenta.science>
Date: Sat, 1 Nov 2025 16:22:00 +0100
Subject: [PATCH] Refactor session encryption variable names for consistency

- Changed `NUXT_SESSION_SECRET` to `NUXT_SESSION_PASSWORD` across configuration files and documentation to align with the usage in nuxt-auth-utils.
- Updated related comments and documentation to reflect the new variable name, ensuring clarity for developers and users.
---
 .env.example               |  3 ++-
 docs/ARCHITECTURE.md       |  2 +-
 docs/CIDAAS_INTEGRATION.md | 10 +++++-----
 docs/TESTING.md            |  2 +-
 nuxt.config.ts             |  2 +-
 5 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/.env.example b/.env.example
index d43ce54..8d201c3 100644
--- a/.env.example
+++ b/.env.example
@@ -35,7 +35,8 @@ REDIS_PASSWORD=
 # SESSION ENCRYPTION (nuxt-auth-utils)
 # ==============================================
 # Generate with: openssl rand -hex 32
-NUXT_SESSION_SECRET=generate-with-openssl-rand-hex-32
+# This variable is automatically used by nuxt-auth-utils for session encryption
+NUXT_SESSION_PASSWORD=generate-with-openssl-rand-hex-32
 
 # ==============================================
 # CIDAAS (OAuth2/OIDC Authentication)
diff --git a/docs/ARCHITECTURE.md b/docs/ARCHITECTURE.md
index 7deb5d7..14471d5 100644
--- a/docs/ARCHITECTURE.md
+++ b/docs/ARCHITECTURE.md
@@ -1323,7 +1323,7 @@ CIDAAS_JWKS_URL=https://experimenta.cidaas.de/.well-known/jwks.json
 CIDAAS_REDIRECT_URI=https://my.experimenta.science/api/auth/callback
 
 # Session Encryption Secret (generate with: openssl rand -hex 32)
-NUXT_SESSION_SECRET=<64-char-hex-secret>
+NUXT_SESSION_PASSWORD=<64-char-hex-secret>
 ```
 
 **Cidaas Admin Panel Setup:**
diff --git a/docs/CIDAAS_INTEGRATION.md b/docs/CIDAAS_INTEGRATION.md
index ee27df7..f2ff3a2 100644
--- a/docs/CIDAAS_INTEGRATION.md
+++ b/docs/CIDAAS_INTEGRATION.md
@@ -221,7 +221,7 @@ CIDAAS_REDIRECT_URI=http://localhost:3000/api/auth/callback  # Dev
 # CIDAAS_REDIRECT_URI=https://my.experimenta.science/api/auth/callback  # Production
 
 # Session Encryption Secret (generate with: openssl rand -hex 32)
-NUXT_SESSION_SECRET=your-64-character-hex-secret-here
+NUXT_SESSION_PASSWORD=your-64-character-hex-secret-here
 ```
 
 **Erstelle `.env.example`** (für Git - ohne echte Secrets):
@@ -237,7 +237,7 @@ CIDAAS_TOKEN_URL=https://experimenta.cidaas.de/token-srv/token
 CIDAAS_USERINFO_URL=https://experimenta.cidaas.de/users-srv/userinfo
 CIDAAS_JWKS_URL=https://experimenta.cidaas.de/.well-known/jwks.json
 CIDAAS_REDIRECT_URI=http://localhost:3000/api/auth/callback
-NUXT_SESSION_SECRET=generate-with-openssl-rand-hex-32
+NUXT_SESSION_PASSWORD=generate-with-openssl-rand-hex-32
 ```
 
 **Session Secret generieren:**
@@ -276,10 +276,10 @@ export default defineNuxtConfig({
     },
 
     // Session configuration
+    // Note: nuxt-auth-utils automatically reads NUXT_SESSION_PASSWORD from process.env
     session: {
       maxAge: 60 * 60 * 24 * 30, // 30 days in seconds
       name: 'experimenta-session',
-      password: process.env.NUXT_SESSION_SECRET,
     },
 
     // Public keys (auch Client-seitig verfügbar)
@@ -2295,7 +2295,7 @@ CIDAAS_JWKS_URL=https://experimenta.cidaas.de/.well-known/jwks.json
 CIDAAS_REDIRECT_URI=https://my.experimenta.science/api/auth/callback
 
 # Generate new secret for production!
-NUXT_SESSION_SECRET=<64-char-hex-secret>
+NUXT_SESSION_PASSWORD=<64-char-hex-secret>
 
 NODE_ENV=production
 ```
@@ -2316,7 +2316,7 @@ services:
     environment:
       - CIDAAS_CLIENT_ID=/run/secrets/cidaas_client_id
       - CIDAAS_CLIENT_SECRET=/run/secrets/cidaas_client_secret
-      - NUXT_SESSION_SECRET=/run/secrets/session_secret
+      - NUXT_SESSION_PASSWORD=/run/secrets/session_secret
 
 secrets:
   cidaas_client_id:
diff --git a/docs/TESTING.md b/docs/TESTING.md
index 1d55bd0..ffe9a50 100644
--- a/docs/TESTING.md
+++ b/docs/TESTING.md
@@ -218,7 +218,7 @@ test:
 **Problem:** Session-related tests fail unexpectedly
 
 **Solutions:**
-1. Verify `NUXT_SESSION_SECRET` is set in `.env`
+1. Verify `NUXT_SESSION_PASSWORD` is set in `.env`
 2. Clear Redis cache: `docker-compose -f docker-compose.dev.yml restart redis`
 3. Check session expiration settings in `nuxt.config.ts`
 
diff --git a/nuxt.config.ts b/nuxt.config.ts
index 33be8f0..37d721b 100644
--- a/nuxt.config.ts
+++ b/nuxt.config.ts
@@ -69,10 +69,10 @@ export default defineNuxtConfig({
     },
 
     // Session configuration
+    // Note: nuxt-auth-utils automatically reads NUXT_SESSION_PASSWORD from process.env
     session: {
       maxAge: 60 * 60 * 24 * 30, // 30 days in seconds
       name: 'experimenta-session',
-      password: process.env.NUXT_SESSION_SECRET || '',
     },
 
     // Test credentials (for automated testing only)