From b361f46afa76f2df7b6c66cb0ac69aae04bd18ec Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Veikko=20Lintuj=C3=A4rvi?= <veikko@lintujarvi.fi>
Date: Wed, 4 Mar 2026 00:09:19 +0200
Subject: [PATCH] Read admin password from env var in production

---
 api/App/Program.cs       |   7 +++++++
 api/App/appsettings.json |   9 ++-------
 api/Database/klapi.db    | Bin 28672 -> 28672 bytes
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/api/App/Program.cs b/api/App/Program.cs
index 5eb51fd..af7e8e9 100644
--- a/api/App/Program.cs
+++ b/api/App/Program.cs
@@ -25,6 +25,13 @@ public class Program
         var authOptions = builder.Configuration.GetSection("Auth").Get<AuthOptions>()
             ?? throw new InvalidOperationException("Auth configuration was not found.");
 
+        if (builder.Environment.IsProduction())
+        {
+            authOptions.Admin.Password =
+                Environment.GetEnvironmentVariable("KLAPI_ADMIN_PASSWORD")
+                ?? throw new InvalidOperationException("Admin password must be set in production environment using KLAPI_ADMIN_PASSWORD environment variable.");
+        }
+
         if (string.IsNullOrWhiteSpace(authOptions.SigningKey) || authOptions.SigningKey.Length < 32)
         {
             throw new InvalidOperationException("Auth:SigningKey must be at least 32 characters long.");
diff --git a/api/App/appsettings.json b/api/App/appsettings.json
index baa5594..0dc4bd3 100644
--- a/api/App/appsettings.json
+++ b/api/App/appsettings.json
@@ -12,15 +12,10 @@
     "Issuer": "klapi-api",
     "Audience": "klapi-ui",
     "SigningKey": "change-this-to-a-long-random-32-char-minimum-key",
-    "AllowedOrigins": [
-      "http://localhost:5173",
-      "http://127.0.0.1:5173",
-      "http://localhost:4173",
-      "http://127.0.0.1:4173"
-    ],
+    "AllowedOrigins": ["https://klapi.tietokonepaja.fi"],
     "Admin": {
       "Username": "admin",
-      "Password": "changeme",
+      "Password": "<set in env var KLAPI_ADMIN_PASSWORD>",
       "DisplayName": "Administrator"
     }
   },
diff --git a/api/Database/klapi.db b/api/Database/klapi.db
index f92d99284b528e8d5f40947a482605fbd5ce2739..727013118f5c26623985a1f28df86474184f82a9 100644
GIT binary patch
delta 222
zcmZp8z}WDBae_1>-$WT_M!t;+OZYjM_$M>)pWvUoSx}&zzuuUMi$RjpRhkzF3d>Us
zjf{;9jLdWmjDaY`$k58r%*xnA&&a~i!rag#s<1pIvDnDajFF2$mcvyRq$#l&D3oGo
zgrUvIT+h(l+`!P-I0|U0p%Kt@UIqpRCjQ3^{9l0t7;F|7xX7<Az{IS|=#!uAUyz#T
skzZO=%*4saEY28OoC;)e0TnXx|7PI-4RrB)es%^17G_RHrbP}00K20yp8x;=

delta 76
zcmZp8z}WDBae_1>+e8^>Mz)O!OZb@>1U3sAyyBlYL4b>wfq{XM|0@IkSFn%}11BT1
UIAdsWYEdy07f=qNbdiGr040_b0ssI2