chore(config): make admin_token a secret

NathanFlurry · MasterPtato · commit 59cc47b89858 · 2025-09-25T10:51:53.000-07:00
diff --git a/packages/common/config/src/config/auth.rs b/packages/common/config/src/config/auth.rs
@@ -1,16 +1,10 @@
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 
+use crate::secret::Secret;
+
 #[derive(Debug, Clone, Serialize, Deserialize, JsonSchema)]
 #[serde(deny_unknown_fields)]
 pub struct Auth {
-	pub admin_token: String,
-}
-
-impl Default for Auth {
-	fn default() -> Self {
-		Auth {
-			admin_token: "admin".to_string(),
-		}
-	}
+	pub admin_token: Secret<String>,
 }
diff --git a/packages/common/config/src/config/mod.rs b/packages/common/config/src/config/mod.rs
@@ -100,7 +100,7 @@ pub struct Root {
 impl Default for Root {
 	fn default() -> Self {
 		Root {
-			auth: Some(Auth::default()),
+			auth: None,
 			guard: None,
 			api_public: None,
 			api_peer: None,
diff --git a/packages/core/guard/server/src/routing/runner.rs b/packages/core/guard/server/src/routing/runner.rs
@@ -57,7 +57,7 @@ pub async fn route_request(
 		};
 
 		// Validate token
-		if token != auth.admin_token {
+		if token != auth.admin_token.read() {
 			return Err(rivet_api_builder::ApiForbidden.build());
 		}
 	}

Original file line number	Diff line number	Diff line change
`@@ -57,7 +57,7 @@ pub async fn route_request(`
`57`	`57`	`};`
`58`	`58`
`59`	`59`	`// Validate token`
`60`		`- if token != auth.admin_token {`
	`60`	`+ if token != auth.admin_token.read() {`
`61`	`61`	`return Err(rivet_api_builder::ApiForbidden.build());`
`62`	`62`	`}`
`63`	`63`	`}`