From 8afac6a29bed3b4a6ffbcec50e36e8b2407a6147 Mon Sep 17 00:00:00 2001 From: Brian Buller Date: Fri, 26 Jan 2018 11:47:13 -0600 Subject: [PATCH] Remove hardcoded session secret --- main.go | 17 ++++++++++++++--- model_sitedata.go | 8 ++++++++ 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/main.go b/main.go index 0baff41..7894aea 100644 --- a/main.go +++ b/main.go @@ -61,9 +61,7 @@ type menuItem struct { Icon string } -var sessionSecret = "JCOP5e8ohkTcOzcSMe74" - -var sessionStore = sessions.NewCookieStore([]byte(sessionSecret)) +var sessionStore *sessions.CookieStore var r *mux.Router var m *model @@ -88,6 +86,9 @@ func main() { initialize() + // We should have a session secret by now, initialize the store + sessionStore = sessions.NewCookieStore([]byte(m.site.sessionSecret)) + r = mux.NewRouter() r.StrictSlash(true) @@ -220,6 +221,16 @@ func initialize() { } else { fmt.Println("No Jam Name Specified") } + + if m.site.sessionSecret == "" { + reader := bufio.NewReader(os.Stdin) + fmt.Println("A good session secret is like a good password") + fmt.Print("Create New Session Secret: ") + sessSc, _ := reader.ReadString('\n') + sessSc = strings.TrimSpace(sessSc) + m.site.sessionSecret = sessSc + assertError(m.site.SaveToDB()) + } } func loggingHandler(h http.Handler) http.Handler { diff --git a/model_sitedata.go b/model_sitedata.go index 4d7467c..6150a40 100644 --- a/model_sitedata.go +++ b/model_sitedata.go @@ -24,6 +24,8 @@ type siteData struct { m *model mPath []string // The path in the db to this site data changed bool + + sessionSecret string } // NewSiteData returns a siteData object with the default values @@ -73,6 +75,9 @@ func (s *siteData) LoadFromDB() error { s.ServerDir = serverDir } s.changed = false + if secret, _ := s.m.bolt.GetValue(s.mPath, "session-secret"); strings.TrimSpace(secret) != "" { + s.sessionSecret = secret + } return nil } @@ -102,6 +107,9 @@ func (s *siteData) SaveToDB() error { return err } s.changed = false + if err = s.m.bolt.SetValue(s.mPath, "session-secret", s.sessionSecret); err != nil { + return err + } return nil }