Skip to content

Enhance authentication configuration for production mode#2232

Merged
Thushani-Jayasekera merged 5 commits into
wso2:mainfrom
Thushani-Jayasekera:improve-sec
Jul 2, 2026
Merged

Enhance authentication configuration for production mode#2232
Thushani-Jayasekera merged 5 commits into
wso2:mainfrom
Thushani-Jayasekera:improve-sec

Conversation

@Thushani-Jayasekera

Copy link
Copy Markdown
Contributor
  • Introduced validateAuthConfig function to enforce authentication requirements when demo mode is disabled.
  • Added checks for file-based authentication and JWT settings to ensure compliance with production standards.
  • Updated LoadConfig to provide clearer error messages regarding JWT secret key generation in demo mode.
  • Implemented self-signed certificate generation restrictions based on demo mode status.

- Introduced `validateAuthConfig` function to enforce authentication requirements when demo mode is disabled.
- Added checks for file-based authentication and JWT settings to ensure compliance with production standards.
- Updated `LoadConfig` to provide clearer error messages regarding JWT secret key generation in demo mode.
- Implemented self-signed certificate generation restrictions based on demo mode status.
@coderabbitai

coderabbitai Bot commented Jun 20, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Warning

Review limit reached

@Thushani-Jayasekera, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 34 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 9c8378e3-12da-49f2-8013-1fa6f3029552

📥 Commits

Reviewing files that changed from the base of the PR and between 0dce8f4 and b790c11.

📒 Files selected for processing (2)
  • platform-api/src/config/config.go
  • platform-api/src/internal/server/server.go
📝 Walkthrough

Walkthrough

Configuration loading and server startup now enforce stricter production requirements gated by a new demoMode() check based on the APIP_DEMO_MODE environment variable. When demo mode is disabled, LoadConfig requires an explicit AUTH_JWT_SECRET_KEY instead of auto-generating one, StartPlatformAPIServer validates that file-based authentication is disabled and at least one real authentication mode (IDP or JWT) is enabled with signature validation required, and Server.Start rejects startup if real TLS certificates are not mounted, disallowing self-signed certificate generation outside demo mode.

Sequence Diagram(s)

sequenceDiagram
  participant Operator
  participant LoadConfig
  participant StartPlatformAPIServer
  participant validateAuthConfig
  participant ServerStart

  Operator->>LoadConfig: load configuration
  LoadConfig->>LoadConfig: check demoMode, JWT secret
  LoadConfig-->>Operator: error or config with secret
  Operator->>StartPlatformAPIServer: start server
  StartPlatformAPIServer->>validateAuthConfig: validate auth settings
  validateAuthConfig-->>StartPlatformAPIServer: error or success
  StartPlatformAPIServer->>ServerStart: initialize TLS and start
  ServerStart->>ServerStart: check demoMode, cert files
  ServerStart-->>Operator: error or running server
Loading

Suggested reviewers: pubudu538, renuka-fernando, malinthaprasan, tharindu1st

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning The description omits the required template sections such as Purpose, Goals, Approach, tests, security checks, and environment. Rewrite the PR description using the repository template and fill in the required sections, including purpose, goals, approach, tests, security checks, and environment.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly summarizes the main change: production-mode authentication configuration hardening.
Docstring Coverage ✅ Passed Docstring coverage is 80.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (1)
platform-api/src/config/config.go (1)

351-359: 🎯 Functional Correctness | 🔵 Trivial | ⚡ Quick win

Consider consolidating demo-mode parsing on this helper.

The inline demo-mode check for the encryption-key path (Lines 323-324) treats only "false"/"0" as production, so any other non-empty value (e.g. a typo) falls through to demo behavior. This helper instead treats only ""/"true"/"1" as demo and everything else as production. Reusing demoMode() in that block would make the truthiness semantics consistent across both paths.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@platform-api/src/config/config.go` around lines 351 - 359, The encryption-key
path is using its own demo-mode parsing and ends up treating any non-empty
non-false-like value as demo, which is inconsistent with demoMode(). Update that
block to reuse demoMode() instead of duplicating the APIP_DEMO_MODE check so the
same semantics apply everywhere. Keep the change localized around the
encryption-key handling and the demoMode helper in config.go.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@platform-api/src/config/config.go`:
- Around line 313-314: The warning in the JWT secret generation path is logging
the generated secret value and uses inconsistent naming. Update the slog.Warn
call in the config initialization flow to log only that an ephemeral JWT secret
was generated, without including the secret as a structured field. Also align
the message/field naming with the actual config key, AUTH_JWT_SECRET_KEY, to
match the existing error handling and avoid confusion.

---

Nitpick comments:
In `@platform-api/src/config/config.go`:
- Around line 351-359: The encryption-key path is using its own demo-mode
parsing and ends up treating any non-empty non-false-like value as demo, which
is inconsistent with demoMode(). Update that block to reuse demoMode() instead
of duplicating the APIP_DEMO_MODE check so the same semantics apply everywhere.
Keep the change localized around the encryption-key handling and the demoMode
helper in config.go.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: b119801e-6b3e-4bfa-ad48-b69211f2e269

📥 Commits

Reviewing files that changed from the base of the PR and between 0266185 and 0dce8f4.

📒 Files selected for processing (2)
  • platform-api/src/config/config.go
  • platform-api/src/internal/server/server.go

Comment thread platform-api/src/config/config.go Outdated
@Thushani-Jayasekera Thushani-Jayasekera merged commit 5d6f336 into wso2:main Jul 2, 2026
7 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants