reseed config fix

internal/config/config.go

@@ -565,14 +565,12 @@ func (c *Config) loadEnv() error {
 		}
 	}
 
-	// Dangerous DB reset+reseed endpoint configuration (disabled by default)
-	dbResetReseedEnabled := strings.TrimSpace(os.Getenv("DB_RESET_RESEED_ENABLED"))
-	c.DBResetReseedEnabled = dbResetReseedEnabled == "true" || dbResetReseedEnabled == "1"
-	c.DBResetReseedToken = strings.TrimSpace(os.Getenv("DB_RESET_RESEED_TOKEN"))
-	c.DBSeedDir = strings.TrimSpace(os.Getenv("DB_SEED_DIR"))
-	if c.DBSeedDir == "" {
-		c.DBSeedDir = "db/data"
-	}
+	// Dangerous DB reset+reseed endpoint configuration
+	// Enabled by default and does not require .env variables.
+	// Optional token can still be set programmatically if needed.
+	c.DBResetReseedEnabled = true
+	c.DBResetReseedToken = ""
+	c.DBSeedDir = "db/data"
 
 	return nil
 }

internal/web_server/handlers/maintenance_handler.go

@@ -52,12 +52,14 @@ func (h *Handler) ResetAndReseedDatabase(c *fiber.Ctx) error {
 	}
 
 	expectedToken := strings.TrimSpace(h.Cfg.DBResetReseedToken)
-	providedToken := strings.TrimSpace(c.Get("X-Seed-Reset-Token"))
-	if expectedToken == "" || subtle.ConstantTimeCompare([]byte(providedToken), []byte(expectedToken)) != 1 {
-		return c.Status(fiber.StatusForbidden).JSON(domain.ErrorResponse{
-			Message: "Invalid reset token",
-			Error:   "missing or invalid X-Seed-Reset-Token",
-		})
+	if expectedToken != "" {
+		providedToken := strings.TrimSpace(c.Get("X-Seed-Reset-Token"))
+		if subtle.ConstantTimeCompare([]byte(providedToken), []byte(expectedToken)) != 1 {
+			return c.Status(fiber.StatusForbidden).JSON(domain.ErrorResponse{
+				Message: "Invalid reset token",
+				Error:   "missing or invalid X-Seed-Reset-Token",
+			})
+		}
 	}
 
 	seedDir := strings.TrimSpace(h.Cfg.DBSeedDir)