From 2a8176b91cff44b1eb4f58fb3ccdcfe2a30b032f Mon Sep 17 00:00:00 2001
From: Tom Butcher <thomasbutcher15@gmail.com>
Date: Sun, 14 Dec 2025 00:03:04 +0000
Subject: [PATCH] Added checks to session secret.

---
 src/config.js | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/src/config.js b/src/config.js
index c60407e..7254c7e 100644
--- a/src/config.js
+++ b/src/config.js
@@ -27,22 +27,26 @@ function loadConfig() {
 
     const envConfig = config[NODE_ENV];
 
+    // Ensure auth config exists
+    if (!envConfig.auth) {
+      envConfig.auth = {};
+    }
+    if (!envConfig.auth.keycloak) {
+      envConfig.auth.keycloak = {};
+    }
+
     // Override secrets with environment variables if available
     if (process.env.KEYCLOAK_CLIENT_SECRET) {
-      if (!envConfig.auth) {
-        envConfig.auth = {};
-      }
-      if (!envConfig.auth.keycloak) {
-        envConfig.auth.keycloak = {};
-      }
       envConfig.auth.keycloak.clientSecret = process.env.KEYCLOAK_CLIENT_SECRET;
     }
 
+    // Session secret must be set - use env var or throw error
     if (process.env.SESSION_SECRET) {
-      if (!envConfig.auth) {
-        envConfig.auth = {};
-      }
       envConfig.auth.sessionSecret = process.env.SESSION_SECRET;
+    } else if (!envConfig.auth.sessionSecret) {
+      throw new Error(
+        'SESSION_SECRET environment variable is required. Please set SESSION_SECRET in your environment.'
+      );
     }
 
     return envConfig;