refactor(share): remove GALLERY_SECRET, use plaintext + SHA-256 integrity for .infiplot files
The encrypted .infiplot format (AES-256-GCM via GALLERY_SECRET) provided no meaningful security — the payload is AI-generated story content with no credentials or PII, and the project is open source. Replace with plaintext + SHA-256 integrity check (format v2). Story share is now always enabled without requiring a server secret. - galleryCrypto.ts: AES-256-GCM → plaintext + SHA-256 hash; remove secret param - 4 API routes: remove GALLERY_SECRET guard and 503 fallback - story-unpack: forward specific error messages (v1 compat, hash mismatch) - gallery/page.tsx: remove stale AES-GCM comment - AGENTS.md: document gallery-pack/gallery-unpack routes - .env.example, wrangler.jsonc: remove GALLERY_SECRET references Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
+4
-10
@@ -155,16 +155,10 @@ NEXT_PUBLIC_UMAMI_WEBSITE_ID=
|
||||
# Blank → track on all hosts. e.g. infiplot.com,www.infiplot.com
|
||||
NEXT_PUBLIC_UMAMI_DOMAINS=
|
||||
|
||||
# ---- 7. Gallery share files (optional — leave blank to disable) ----
|
||||
# Server-side secret used to AES-256-GCM encrypt a played session into a
|
||||
# binary `.infiplot` share file the player can send to a friend. Friends drop
|
||||
# the file into /gallery; the server decrypts and renders the same interactive
|
||||
# replay. GCM's built-in auth tag also gives tamper-detection for free.
|
||||
# Blank → "导出分享文件" is hidden, only the same-browser localStorage flow
|
||||
# remains. Set to any high-entropy string ≥ 32 chars (e.g. `openssl rand -hex 32`).
|
||||
# WARNING: rotating this secret invalidates every share file ever issued
|
||||
# (decryption will fail with "文件校验失败"). Only change when you're OK with that.
|
||||
GALLERY_SECRET=
|
||||
# ---- 7. Gallery share files ----
|
||||
# Story share (`.infiplot` files) is always enabled — no secret needed.
|
||||
# Files use SHA-256 integrity checks instead of encryption because the
|
||||
# payload is AI-generated story content, not sensitive data.
|
||||
|
||||
# ---- 8. Auth · Supabase (optional — leave blank to disable) -------
|
||||
# Sign up at https://supabase.com, create a project, copy the URL and
|
||||
|
||||
Reference in New Issue
Block a user