Refactor session encryption variable names for consistency

- Changed `NUXT_SESSION_SECRET` to `NUXT_SESSION_PASSWORD` across configuration files and documentation to align with the usage in nuxt-auth-utils. - Updated related comments and documentation to reflect the new variable name, ensuring clarity for developers and users.
2 months ago · e48f3b5ece
5 changed files with 10 additions and 9 deletions
--- a/.env.example
+++ b/.env.example
@ -35,7 +35,8 @@ REDIS_PASSWORD=
 # SESSION ENCRYPTION (nuxt-auth-utils)
 # ==============================================
 # Generate with: openssl rand -hex 32
-NUXT_SESSION_SECRET=generate-with-openssl-rand-hex-32
+# This variable is automatically used by nuxt-auth-utils for session encryption
+NUXT_SESSION_PASSWORD=generate-with-openssl-rand-hex-32

 # ==============================================
 # CIDAAS (OAuth2/OIDC Authentication)
--- a/docs/ARCHITECTURE.md
+++ b/docs/ARCHITECTURE.md
@ -1323,7 +1323,7 @@ CIDAAS_JWKS_URL=https://experimenta.cidaas.de/.well-known/jwks.json
 CIDAAS_REDIRECT_URI=https://my.experimenta.science/api/auth/callback

 # Session Encryption Secret (generate with: openssl rand -hex 32)
-NUXT_SESSION_SECRET=<64-char-hex-secret>
+NUXT_SESSION_PASSWORD=<64-char-hex-secret>
 ```

 **Cidaas Admin Panel Setup:**
--- a/docs/CIDAAS_INTEGRATION.md
+++ b/docs/CIDAAS_INTEGRATION.md
@ -221,7 +221,7 @@ CIDAAS_REDIRECT_URI=http://localhost:3000/api/auth/callback  # Dev
 # CIDAAS_REDIRECT_URI=https://my.experimenta.science/api/auth/callback  # Production

 # Session Encryption Secret (generate with: openssl rand -hex 32)
-NUXT_SESSION_SECRET=your-64-character-hex-secret-here
+NUXT_SESSION_PASSWORD=your-64-character-hex-secret-here
 ```

 **Erstelle `.env.example`** (für Git - ohne echte Secrets):
@ -237,7 +237,7 @@ CIDAAS_TOKEN_URL=https://experimenta.cidaas.de/token-srv/token
 CIDAAS_USERINFO_URL=https://experimenta.cidaas.de/users-srv/userinfo
 CIDAAS_JWKS_URL=https://experimenta.cidaas.de/.well-known/jwks.json
 CIDAAS_REDIRECT_URI=http://localhost:3000/api/auth/callback
-NUXT_SESSION_SECRET=generate-with-openssl-rand-hex-32
+NUXT_SESSION_PASSWORD=generate-with-openssl-rand-hex-32
 ```

 **Session Secret generieren:**
@ -276,10 +276,10 @@ export default defineNuxtConfig({
    },

    // Session configuration
+    // Note: nuxt-auth-utils automatically reads NUXT_SESSION_PASSWORD from process.env
    session: {
      maxAge: 60 * 60 * 24 * 30, // 30 days in seconds
      name: 'experimenta-session',
-      password: process.env.NUXT_SESSION_SECRET,
    },

    // Public keys (auch Client-seitig verfügbar)
@ -2295,7 +2295,7 @@ CIDAAS_JWKS_URL=https://experimenta.cidaas.de/.well-known/jwks.json
 CIDAAS_REDIRECT_URI=https://my.experimenta.science/api/auth/callback

 # Generate new secret for production!
-NUXT_SESSION_SECRET=<64-char-hex-secret>
+NUXT_SESSION_PASSWORD=<64-char-hex-secret>

 NODE_ENV=production
 ```
@ -2316,7 +2316,7 @@ services:
    environment:
      - CIDAAS_CLIENT_ID=/run/secrets/cidaas_client_id
      - CIDAAS_CLIENT_SECRET=/run/secrets/cidaas_client_secret
-      - NUXT_SESSION_SECRET=/run/secrets/session_secret
+      - NUXT_SESSION_PASSWORD=/run/secrets/session_secret

 secrets:
  cidaas_client_id:
--- a/docs/TESTING.md
+++ b/docs/TESTING.md
@ -218,7 +218,7 @@ test:
 **Problem:** Session-related tests fail unexpectedly

 **Solutions:**
-1. Verify `NUXT_SESSION_SECRET` is set in `.env`
+1. Verify `NUXT_SESSION_PASSWORD` is set in `.env`
 2. Clear Redis cache: `docker-compose -f docker-compose.dev.yml restart redis`
 3. Check session expiration settings in `nuxt.config.ts`

--- a/nuxt.config.ts
+++ b/nuxt.config.ts
@ -69,10 +69,10 @@ export default defineNuxtConfig({
    },

    // Session configuration
+    // Note: nuxt-auth-utils automatically reads NUXT_SESSION_PASSWORD from process.env
    session: {
      maxAge: 60 * 60 * 24 * 30, // 30 days in seconds
      name: 'experimenta-session',
-      password: process.env.NUXT_SESSION_SECRET || '',
    },

    // Test credentials (for automated testing only)