Server keys in etc/, bind in docker compose

- bin/gen-server-keys.sh: generate Ed25519 keypair to etc/server-service.{pub,key,env}
- main.go: read keys from file (ADMIN_PUBLIC_KEY_FILE) when env empty
- docker-compose: env_file etc/server-service.env, mount etc/
- bin/up.sh: auto-run gen-server-keys if etc/server-service.env missing
- ErrRegistrationNotConfigured for clearer 503 when keys not set
- etc/README.md, etc/.gitignore
- bin/gen-admin-key.sh for one-off key gen
- .env.example

Made-with: Cursor

cmd/api/main.go

@@ -4,6 +4,7 @@ import (
 	"log"
 	"net/http"
 	"os"
+	"strings"
 	"time"
 
 	"momswap/backend/internal/app"
@@ -16,6 +17,16 @@ func main() {
 	adminPublicKey := os.Getenv("ADMIN_PUBLIC_KEY")
 	servicePublicKey := getEnv("SERVICE_PUBLIC_KEY", adminPublicKey)
 
+	if adminPublicKey == "" {
+		adminPublicKey = readKeyFile(getEnv("ADMIN_PUBLIC_KEY_FILE", "etc/server-service.pub"))
+	}
+	if servicePublicKey == "" {
+		servicePublicKey = readKeyFile(getEnv("SERVICE_PUBLIC_KEY_FILE", "etc/server-service.pub"))
+	}
+	if servicePublicKey == "" {
+		servicePublicKey = adminPublicKey
+	}
+
 	memory := store.NewMemoryStore()
 	service := app.NewService(memory, app.Config{
 		ChallengeTTL: 5 * time.Minute,
@@ -37,3 +48,11 @@ func getEnv(key, fallback string) string {
 	}
 	return v
 }
+
+func readKeyFile(path string) string {
+	b, err := os.ReadFile(path)
+	if err != nil {
+		return ""
+	}
+	return strings.TrimSpace(string(b))
+}