Merge pull request #30 from br0xen/master
Remove hardcoded session secret
This commit is contained in:
commit
f6b72a4286
17
main.go
17
main.go
@ -61,9 +61,7 @@ type menuItem struct {
|
||||
Icon string
|
||||
}
|
||||
|
||||
var sessionSecret = "JCOP5e8ohkTcOzcSMe74"
|
||||
|
||||
var sessionStore = sessions.NewCookieStore([]byte(sessionSecret))
|
||||
var sessionStore *sessions.CookieStore
|
||||
var r *mux.Router
|
||||
var m *model
|
||||
|
||||
@ -88,6 +86,9 @@ func main() {
|
||||
|
||||
initialize()
|
||||
|
||||
// We should have a session secret by now, initialize the store
|
||||
sessionStore = sessions.NewCookieStore([]byte(m.site.sessionSecret))
|
||||
|
||||
r = mux.NewRouter()
|
||||
r.StrictSlash(true)
|
||||
|
||||
@ -220,6 +221,16 @@ func initialize() {
|
||||
} else {
|
||||
fmt.Println("No Jam Name Specified")
|
||||
}
|
||||
|
||||
if m.site.sessionSecret == "" {
|
||||
reader := bufio.NewReader(os.Stdin)
|
||||
fmt.Println("A good session secret is like a good password")
|
||||
fmt.Print("Create New Session Secret: ")
|
||||
sessSc, _ := reader.ReadString('\n')
|
||||
sessSc = strings.TrimSpace(sessSc)
|
||||
m.site.sessionSecret = sessSc
|
||||
assertError(m.site.SaveToDB())
|
||||
}
|
||||
}
|
||||
|
||||
func loggingHandler(h http.Handler) http.Handler {
|
||||
|
@ -24,6 +24,8 @@ type siteData struct {
|
||||
m *model
|
||||
mPath []string // The path in the db to this site data
|
||||
changed bool
|
||||
|
||||
sessionSecret string
|
||||
}
|
||||
|
||||
// NewSiteData returns a siteData object with the default values
|
||||
@ -73,6 +75,9 @@ func (s *siteData) LoadFromDB() error {
|
||||
s.ServerDir = serverDir
|
||||
}
|
||||
s.changed = false
|
||||
if secret, _ := s.m.bolt.GetValue(s.mPath, "session-secret"); strings.TrimSpace(secret) != "" {
|
||||
s.sessionSecret = secret
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -102,6 +107,9 @@ func (s *siteData) SaveToDB() error {
|
||||
return err
|
||||
}
|
||||
s.changed = false
|
||||
if err = s.m.bolt.SetValue(s.mPath, "session-secret", s.sessionSecret); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user