sec: save readonly byte array instead string

Security/Services/OAuthService.cs

@@ -20,6 +20,8 @@ namespace Mirea.Api.Security.Services;
 
 public class OAuthService(ILogger<OAuthService> logger, Dictionary<OAuthProvider, (string ClientId, string Secret)> providers, string secretKey)
 {
+    public required ReadOnlyMemory<byte> SecretKey { private get; init; }
+
     private static readonly Dictionary<OAuthProvider, OAuthProviderUrisData> ProviderData = new()
     {
         [OAuthProvider.Google] = new OAuthProviderUrisData
@@ -101,9 +103,9 @@ public class OAuthService(ILogger<OAuthService> logger, Dictionary<OAuthProvider
         return userInfo?.MapToInternalUser();
     }
 
-    private static string GetHmacString(RequestContextInfo contextInfo, string secretKey)
+    private string GetHmacString(RequestContextInfo contextInfo)
     {
-        var hmac = new HMACSHA256(Encoding.UTF8.GetBytes(secretKey));
+        var hmac = new HMACSHA256(SecretKey.ToArray());
         return Convert.ToBase64String(hmac.ComputeHash(
             Encoding.UTF8.GetBytes($"{contextInfo.Fingerprint}_{contextInfo.Ip}_{contextInfo.UserAgent}")));
     }