Remove hardcoded session secret

main.go

@@ -61,9 +61,7 @@ type menuItem struct {
 	Icon     string
 }
 
-var sessionSecret = "JCOP5e8ohkTcOzcSMe74"
+var sessionStore *sessions.CookieStore
-
-var sessionStore = sessions.NewCookieStore([]byte(sessionSecret))
 var r *mux.Router
 var m *model
 
@@ -88,6 +86,9 @@ func main() {
 
 	initialize()
 
+	// We should have a session secret by now, initialize the store
+	sessionStore = sessions.NewCookieStore([]byte(m.site.sessionSecret))
+
 	r = mux.NewRouter()
 	r.StrictSlash(true)
 
@@ -220,6 +221,16 @@ func initialize() {
 	} else {
 		fmt.Println("No Jam Name Specified")
 	}
+
+	if m.site.sessionSecret == "" {
+		reader := bufio.NewReader(os.Stdin)
+		fmt.Println("A good session secret is like a good password")
+		fmt.Print("Create New Session Secret: ")
+		sessSc, _ := reader.ReadString('\n')
+		sessSc = strings.TrimSpace(sessSc)
+		m.site.sessionSecret = sessSc
+		assertError(m.site.SaveToDB())
+	}
 }
 
 func loggingHandler(h http.Handler) http.Handler {

model_sitedata.go

@@ -24,6 +24,8 @@ type siteData struct {
 	m       *model
 	mPath   []string // The path in the db to this site data
 	changed bool
+
+	sessionSecret string
 }
 
 // NewSiteData returns a siteData object with the default values
@@ -73,6 +75,9 @@ func (s *siteData) LoadFromDB() error {
 		s.ServerDir = serverDir
 	}
 	s.changed = false
+	if secret, _ := s.m.bolt.GetValue(s.mPath, "session-secret"); strings.TrimSpace(secret) != "" {
+		s.sessionSecret = secret
+	}
 	return nil
 }
 
@@ -102,6 +107,9 @@ func (s *siteData) SaveToDB() error {
 		return err
 	}
 	s.changed = false
+	if err = s.m.bolt.SetValue(s.mPath, "session-secret", s.sessionSecret); err != nil {
+		return err
+	}
 	return nil
 }