api: move hmac secrets to single file

api/src/misc/cluster.js

@@ -1,6 +1,7 @@
-import net from "node:net";
 import cluster from "node:cluster";
-import { isCluster } from "../config.js";
+import net from "node:net";
+import { syncSecrets } from "../security/secrets.js";
+import { env } from "../config.js";
 
 export const supportsReusePort = async () => {
     try {
@@ -17,13 +18,11 @@ export const supportsReusePort = async () => {
 }
 
 export const initCluster = async () => {
-    const { getSalt } = await import("../stream/manage.js");
-    const salt = getSalt();
-
-    for (let i = 1; i < env.instanceCount; ++i) {
-        const worker = cluster.fork();
-        worker.once('message', () => {
-            worker.send({ salt });
-        });
+    if (cluster.isPrimary) {
+        for (let i = 1; i < env.instanceCount; ++i) {
+            cluster.fork();
+        }
     }
+
+    await syncSecrets();
 }

api/src/misc/crypto.js

@@ -1,15 +1,7 @@
-import { createHmac, createCipheriv, createDecipheriv, randomBytes } from "crypto";
+import { createCipheriv, createDecipheriv } from "crypto";
 
 const algorithm = "aes256";
 
-export function generateSalt() {
-    return randomBytes(64);
-}
-
-export function generateHmac(str, salt) {
-    return createHmac("sha256", salt).update(str).digest("base64url");
-}
-
 export function encryptStream(plaintext, iv, secret) {
     const buff = Buffer.from(JSON.stringify(plaintext));
     const key = Buffer.from(secret, "base64url");