Fix: nested runtime panic in AuthConfig::from_env()

Root cause: AuthConfig::from_env() was creating a new tokio runtime with Runtime::new() inside an existing runtime during initialization. Impact: Botserver crashed with "Cannot start a runtime from within a runtime" panic right after CORS layer initialization. Fix: Use new_current_thread() + std:🧵:spawn pattern (same as get_database_url_sync fix) to create an isolated thread for async operations. Files: src/security/auth_api/config.rs 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-03 14:02:08 -03:00 · 2026-04-03 14:02:08 -03:00 · f097f000d8
commit f097f000d8
parent 61642343a8
1 changed files with 29 additions and 20 deletions
--- a/src/security/auth_api/config.rs
+++ b/src/security/auth_api/config.rs
@ -1,3 +1,5 @@
+use anyhow::anyhow;
+
 #[derive(Debug, Clone)]
 pub struct AuthConfig {
    pub require_auth: bool,
@ -54,13 +56,21 @@ impl AuthConfig {

        if let Ok(secret) = std::env::var("VAULT_TOKEN") {
            if !secret.is_empty() {
-                let rt = tokio::runtime::Runtime::new().ok();
-                if let Some(rt) = rt {
                let sm = crate::core::shared::utils::get_secrets_manager_sync();
                if let Some(sm) = sm {
-                        if let Ok(secrets) =
-                            rt.block_on(sm.get_secret(crate::core::secrets::SecretPaths::JWT))
-                        {
+                    let sm_clone = sm.clone();
+                    let (tx, rx) = std::sync::mpsc::channel();
+                    std::thread::spawn(move || {
+                        let rt = tokio::runtime::Builder::new_current_thread()
+                            .enable_all()
+                            .build();
+                        let result = match rt {
+                            Ok(rt) => rt.block_on(sm_clone.get_secret(crate::core::secrets::SecretPaths::JWT)),
+                            Err(e) => Err(anyhow::anyhow!("Failed to create runtime: {}", e)),
+                        };
+                        let _ = tx.send(result);
+                    });
+                    if let Ok(Ok(secrets)) = rx.recv() {
                        if let Some(s) = secrets.get("secret") {
                            config.jwt_secret = Some(s.clone());
                        }
@ -78,7 +88,6 @@ impl AuthConfig {
                }
            }
        }
-        }

        config
    }